C-TPAT 5 Step Risk Assessment Process Guide
C-TPAT5 Step Risk AssessmentProcessGuideC-TPAT Training SeminarMarch 2010
Table of ContentsPage5 Step Risk Assessment Process - Introduction3Definition of Terms4Security Risk Rating65 Step Risk Assessment Process Overview8AttachmentsStep 1 - Attachment AExample of Mapping Cargo Flow and Business PartnersStep 2 – Conducting a Threat AssessmentAttachment B Sample Risk Assessment Resource ListAttachment C Sample Threat Assessment91012Step 3 - Attachment DSample Vulnerability Assessment13Step 4 – Attachment ESample Risk Assessment Action Plan/Follow-up19Step 5 - Attachment FDocumenting Risk Assessment Process202C-TPAT Training SeminarMarch 2010
5 Step Risk Assessment ProcessIntroductionIn order to assist C-TPAT Partners with conducting a risk assessment of theirinternational supply chain(s) in accordance with C-TPAT minimum security criteria, the5 Step Risk Assessment Process is recommended.This reference guide contains some of the basic tools, resources, and examples C-TPATpartners should consider using when conducting a risk assessment on their internationalsupply chain(s). The information contained herein is intended to serve as a guide, and isnot “all inclusive” of what should be included in an international supply chain securityrisk assessment.The 5 Step Risk Assessment Process includes:1. Mapping Cargo Flow and Identifying Business Partners (directly or indirectlycontracted)2. Conducting a Threat Assessment focusing on: Terrorism, Contraband Smuggling,Human Smuggling, Organized Crime, and conditions in a country/region whichmay foster such threats and rate threat – High, Medium, Low3. Conducting a Vulnerability Assessment in accordance with C-TPAT MinimumSecurity Criteria and rate vulnerability – High, Medium, Low4. Preparing an Action Plan5. Documenting How Risk Assessments are ConductedIt is understood that some C-TPAT members may have numerous supply chains whichmay present a monumental task when conducting a comprehensive security riskassessment of their international supply chains. Therefore, it is recommended forC-TPAT members to identify their “High Risk” supply chains by conducting a threatassessment at the point of origin/region and where the cargo is routed/transshipped, andthen conduct a comprehensive security vulnerability assessment of those supply chains.Conversely, if supply chains involve a limited number of business partners or relatedbusiness partners, their supply chain security risk assessment may not require suchextensive efforts.3C-TPAT Training SeminarMarch 2010
Risk Assessment ProcessDefinition of TermsThe definition of terms below is intended as a guide when examining the roles of partiesinvolved in the international supply chain.Instruments of International Traffic (IIT): Containers, trailers, flatbeds, unit loaddevices (ULDs), lift vans, cargo vans, shipping tanks, bins, skids, pallets, caul boards,cores for textile fabrics, or other specialized containers arriving (loaded or empty) in useor to be used in the shipment of merchandise in international trade.International Supply Chain Security: Encompasses securing all of the followingprocesses from the cargo’s point of origin (factory/farm) until its arrival and distributionin the United States: Procurement, Production, Packing, Staging/Storing,Loading/Unloading, Transportation, and Document Preparation.International Supply Chain Security Risk Assessment: Process of identifying thesecurity threats, vulnerabilities, and weaknesses throughout the international supply chainand prescribing corrective actions with follow-up procedures to ensure weaknesses havebeen mitigated.Loading/Unloading: Placing cargo in/on or taking cargo out/off of an IIT, includingcontainers, trailers, vessels, planes etc.Mapping Cargo Flow/Parties Involved: Method of identifying all parties involved andtheir prospective roles in the following processes throughout the international supplychain: Procurement, Production, Packing, Staging/Storing, Loading/Unloading, andDocument Preparation of cargo destined for the United States. All partners involved bothdirectly and indirectly in exportation/movement of the goods from the point of origin tothe importer’s distribution center must be included. Some examples of parties involvedin the international flow of cargo include, but are not limited to, the following: factories farms suppliers export packing facilities buying/selling agents trading companies freight forwarders non-vessel operated common carriers (NVOCCs) inland truck/rail carriers warehouse/consolidation/deconsolidation facilities feeder vessels rail depots trailer/container yards shipyards4C-TPAT Training SeminarMarch 2010
local drayage companies international air/rail/sea/truck carriers Customs brokers.Packing: Encompasses both packing the goods for export into non-reusable containersand reusable instruments of international traffic (IIT). It includes but is not limited toplacing goods in/on pallets, cartons, cardboard boxes, crates, bins, or other specializedcontainers. It also entails bundling, wrapping, shrink-wrapping, and other types ofpackaging.Procurement: Ordering products or services from business partners in the internationalsupply chain. Raw materials that go into making the exported products are excludedfrom this process. These products only pertain to finished cargo/raw material that will beexported to the United States. Services include indirect procurement methods for goodsshipped to the United States such as buying agents and trading companies.Production: Making, growing/harvesting, or assembling products to be exported to theUnited States.Risk Rating: Assigning numerical values to threats and vulnerabilities identified duringa supply chain security risk assessment (e.g. 1-Low, 2-Medium, and 3-High).Staging/Storing: Placing products and/or IITs at a location of “rest” prior to or duringmovement to the United States. This includes any warehousing/consolidation/deconsolidation ofgoods and/or facilities where goods wait to be loaded onto another transit mode such as a raildepot or shipyard in the country of origin or other countries the goods may transit through on theway to the United States.Supply Chain Security Action Plan: Identifies security weaknesses and vulnerabilitiesfound during the risk assessment process for a business partner. The plan assignsresponsibility for corrective actions/mitigation strategies (internal and external),establishes deadlines/timeframes, documents evidence of actions taken, outlinesprocesses used to verify actions have been taken, and delineates the final outcome.Transportation: Movement of cargo throughout the international supply chain.Transporting the goods for export to the United States includes any domestic legs of thegoods’ journey in the country of origin to the Port of Export, from the Port of Export toany countries that the goods may transit through, to the US Port of Entry, and to the USdomestic distribution center.5C-TPAT Training SeminarMarch 2010
Security Risk RatingEach C-TPAT partner is responsible for establishing its own overall Security Risk RatingSystem based on its business model. It is understood that businesses use variousmethodologies for rating risk within their international supply chains. However, thefollowing “Risk Ratings” are recommended when examining security threats andvulnerabilities within the international supply chain.Threat AssessmentThere are many “Open Sources” which provide information on threats within theinternational supply chain. After conducting research, it is recommended to assign athreat risk rating based on the following.1 - Low Risk - No recent incidents/intelligence/information2 - Medium Risk – No recent incidents/some intelligence/information on possible activity3 - High Risk – Recent incidents and intelligence/informationA Score of 3 in any of the following areas would deem the supply chain “High Risk”1)2)3)4)TerrorismContraband SmugglingHuman SmugglingOrganized CrimeVulnerability AssessmentOne method that may be used to conduct a vulnerability assessment is sending securitysurveys to Business Partners who are not eligible or do not participate in the C-TPATprogram. Security surveys should be based on the process performed by the businesspartner in the international supply chain (e.g. Procurement, Production, Packing, Storage,Loading/Unloading, Transportation, and Document Preparation). Questions should askthe business partner to describe security measures used, and not only be “Yes/No”questions. The survey should address whether or not a system of checks, balances, andaccountability are in place, particularly in areas of Securing Instruments of InternationalTraffic, Tracking and Monitoring Cargo, Seal Security, and Business Partner Screening(sub-contracted).The following is a recommended risk rating of vulnerabilities for C-TPAT minimumsecurity criteria categories: Business Partner Requirements, Securing Instruments ofInternational Traffic, Procedural Security, Physical Security, Physical Access Controls,Personnel Security, Security and Threat Awareness Training, and InformationTechnology Security.6C-TPAT Training SeminarMarch 2010
1 - Low Risk - Meets all applicable Minimum Security Criteria (Musts and Shoulds)2 - Medium Risk - Meets all applicable “Musts” Minimum Security Criteria, but does notmeet all “Shoulds”3 - High Risk – Does not meet all “Must” Minimum Security CriteriaFor example,1) If all “Musts” for Procedural Security were met, the risk rating for that categorywould be “1-Low risk.”2) If all “Musts” were met for Procedural Security and “Shoulds” were not met, therating would be “2-Medium Risk.”3) If one “Must” is not met for Procedural Security, then it would be rated a “3-HighRisk,” because a supply chain security measure is only as strong as its weakestlink.Post Incident Analysis and Risk RatingBased on a study conducted by the C-TPAT Program in June 2009 on factors whichcontributed to Security Breaches, the following data should be taken into considerationwhen conducting a Security Vulnerability Assessment.34% Conveyance Security: Conveyances not inspected35% Business Partner Requirements: Failure to Screen Business Partners41% Instruments of International Traffic (containers, trailers, pallets, etc.not secured/properly inspected prior to loading44% Seal Controls: Lack of Seal Procedures53% Transportation Monitoring: Inadequate Transportation Monitoring68% Security Procedures not followed (lack of checks, balances, accountability)90% - Involved “trucks” as the mode of transportation for breached cargo7C-TPAT Training SeminarMarch 2010
5 Step Risk Assessment ProcessStep12ProcessDescriptionMap Cargo Flow andBusiness PartnersIdentify ALL parties involved in the followingprocesses:1) Procurement2) Production3) Packing4) Storage5) Loading/Unloading6) Transportation7) Document PreparationConduct Threat AssessmentIdentify and rate the risk of threat (High, Medium,Low) for the country and region for eachinternational supply chain, using the following (at aminimum):1) Terrorism (political, bio, agro, cyber)2) Contraband Smuggling3) Human Smuggling4) Organized Crime5) Conditions fostering above threatsFor all business partners in the international supplychain (directly contracted or sub-contracted):3Conduct VulnerabilityAssessment4Prepare Action Plan5Document How RiskAssessments are ConductedMethods1) Request information from supply chain partners2) Review documentation (BOLs, manifests,invoices, etc.) to determine routing3) On site visits/audits of the supply chain1)Open source internet information (governmentand private organizations)Representative/Contacts “on the ground” atoriginLaw enforcement (foreign/domestic), local state,federal/nationalTrade and security organizationsAssigned C-TPAT SCSS2)3)4)5)See Attachment A:Example of Mapping Cargo Flow,Identifying Business Partners, andProcessesSee Attachments B:Threat Assessment Resource ListAttachment C:Threat Assessment ExampleSVI Number/C-TPAT MembershipMembership in “Mutual Recognition Program”Security SurveysSite visits by company representativeSite visits by overseas personnel/agentsBusiness reportsSecurity certifications covering C-TPATminimum-security criteria8) 3rd party supply chain security assessmentsSee Attachment D:Vulnerability AssessmentUsing C-TPATMinimum-Security CriteriaEstablish a corrective action plan to address gaps orvulnerabilities found in business partner’s securityprograms.1) Word Document2) Excel Spreadsheet3) Project Management SoftwareSee Attachment E:Action Plan and Follow-UpA description of the company’s approach, policies,and procedures for conducting an internationalsupply chain security risk assessment.1) Document company’s Policy for conductingInternational Supply Chain Security RiskAssessment2) Document Procedures used to conductInternational Supply Chain Security RiskAssessmentsSee Attachment F – DocumentingRisk Assessment Process, Policies,and Procedures1) Identify the process they perform2) Verify partners meet applicable minimumsecurity criteria3) Rate their compliance within eachapplicable minimum-security criteriacategory (High, Medium, Low)1)2)3)4)5)6)7)Resources8
Attachment A - Example of Cargo Flow and Partners - Ocean Cargo - LCLStep 1 - Sample - Map Cargo Flow, Identify Partners, and ProcessesNotes: Ensure partners map out all variations of a supply chain - For example, FCL vs. LCL; From one factory to various ports of export; From one factory using different modes oftransportation (Air vs. Sea); Any other potential variations that would alter the movement of cargo or the individuals involved in the process. Always remember - "Freight at Rest isFreight at Risk".Sub-contracting increases risk within a supply chain, particularly where security requirements have not been conveyed or verified.Days Cargois "AtRest" atthis stageTransportModePartnerProcessCargo Movement - if applicableKnown Details About ProviderXYZ ManufacturerProduction, Packing,Document PreparationPoint of DepartureLocation: City 123, Country Origin; Years doingbusiness with - 22; Family Owned and Operated0N/AExport Broker/FFPrepares Documentationfor ExportN/AUnknownNAN/AForeign InlandCarrier ABCInland TransporationPicks up cargo from factory andConsolidator EFG0TruckConsolidatorLMNOPUnloading, Storage,LoadingUnloads cargo from inland truck carrier,stores LCL, loads with other customers'cargoLocation: City 123, Country Origin; Contracted byfactory - in Business 22 years; Parent CompanyC-TPAT in USALocation City 123, Country Origin; Contracted byfactory - in business 2 years2N/AInland Carrier JKLInland TransporationPicks up cargo from consolidator andtransports to Port of ExportLocation: City 123, Country Origin; Contracted byfactory; in business 22 years; Parent CompanyC-TPAT in USA0TruckPort Terminal OriginStorageReceives and stores container in containeryard until ready to go on vesselLocation: City 456, Country Origin; operated bygovernment body; MTSA/ISPS Compliant4N/ASea CarrierTransportationTransports cargo from port of ladingLocation: City 456; Country Origin;Parent Company C-TPAT in USA3VesselPort Terminal Transit CountryStorageReceives offloaded container at country oftransshipmentLocation: City 183, Transit Country; unknown;Unknown MTSA/ISPS Compliant10N/ASea CarrierTransportationTransports cargo from country oftransshipmentLocation: City, New Country; unknown10VesselPort Terminal - USAStorageUnloads cargo from Sea Carrier's vesseland stores until domestic transport picks upLocation: City 42, USA ; MTSA/ISPS Compliant2N/ADomestic DrayageCarrier Picks upTransportationPicks up cargo from loading, Storage,LoadingReceives LCL Cargo, consolidates, ships todestinationLocation: City 42, USA - Cross dock facility1N/ALong Haul CarrierTransportationTransports cargo to distribution centerLocation: City, USA - Unknown0TruckU.S. DistributionCenter/ConsigneeUnloadingReceives cargoLocation: City 53, USA2N/A9If entity physicallyhandles cargo, whoselects them as aprovider?
Attachment BRISK ASSESSMENT RESOURCE LIST*Customs & Border Protection: www.cbp.govCIA – The World Fact Book: factbook/Information Technology Security: http://www.us-cert.gov/nav//nt01/Federal Trade Commission – Identity Theft/Data ft/Licensed Freight Forwarders/NVOCC/OTI/Terminal Operators:http://www.fmc.gov/U.S. Department of State - Terrorist Threats/Country Information:http://travel.state.gov/travel/cis pa tw/pa/pa 1161.htmlFederal Motor Carrier Safety Administration – Check safety-security.htmManufacturer Seal Requirements – U.S./Mexico FAST:http://www.customs.gov/xp/cgov/trade/cargo security/ctpat/fast/us mexico/mexicomanuf/manuf seal requirements.xmlGlobal Security Newswire is now available: http://gsn.nti.org/gsn/7 Signs of Terrorism: State Dept. Overseas Security Advisory Council: www.osac.govNational Cargo Security Association: www.tncsa.orgFBI Infrastructure Security: www.infragard.netInternational Chamber of Commerce: www.icc-ccs.orgCargo Security Alliance: www.securecargo.orgU.S. Department of Commerce: www.commerce.govInternational Maritime Organization: www.imo.org10
Department of Transportation: www.phmsa.dot.govASIS International: www.asisonline.orgWorld Bank: Web.worldbank.orgTransported Asset Protection Association: www.tapaonline.orgBusiness Alliance for Secure Commerce: www.wbasco.orgDepartment of Homeland Security Crisis Management Planning: www.ready.govInformation Systems Audit and Control Association: www.isaca.orgDepartment of Homeland Security: www.dhs.govInternational Container Owners Association: www.containerownersassociation.orgU.S. Postal Service: erSupply Chain Information Sharing and /*Note: C-TPAT partners should also consult with local law enforcement whenconducting threat assessments. In addition, there are many private for profitorganizations who offer security risk assessment services.This list is not all inclusive and is not meant to be an endorsement of any organizationor service.11
Attachment CStep 2: Sample Threat Assessment1 - Low Risk - No recent activity/intelligence/information2 - Medium Risk – No recent incidents/some intelligence/information on possible activity3 - High Risk – Recent incidents and intelligence/informationNote: For C-TPAT Purposes a "3" for any of the Threat Risk Factors below would result in a "High Risk" rating for the supply chainPartner: Factory-Supplier ABCLocation: Country X, Y, ZRegion: Region J-KThreat Risk FactorRisk Rating:1-Low - - NA/No2-Medium3-High –Incidents/Information ActivitySourceTerrorism (Political, Bio, Agro, Cyber)32009, 2010 - Recent domestic bombingsand violence against U.S. based interestsName of news publication, government site, opensource information, intel service, etc.Contraband Smuggling32005-Present - location known fornarcotics exports and weapons smugglingName of news publication, government site, opensource information, intel service, etc.Human Smuggling12000-2005 - numerous incidents ofhuman smuggling; none since 2005Name of news publication, government site, opensource information, intel service, etc.Organized Crime11998-2003 - Drug cartels operatingthroughout country/ regionName of news publication, government site, opensource information, intel service, etc.Conditions within a country which may foster anyof the aforementioned threats (e.g. poverty, socialunrest, political instability).2Demographics - 35% population lives inpoverty; a few social movementsunderway with anti-western sentimentsName of news publication, government site, opensource information, intel service, etc.Other: Theft, Pilferage, Hijacking, Piracy, IPR,Piracy22007 – Incidents of piracy along shippingroute; none reported since late 2007Name of news publication, government site, opensource information, intel service, etc.Overall Threat Risk Rating 312
Vulnerability AssessmentAttachment DPartner Name:Supply Chain Process: TransportationSecurity Point Of Contact:Phone Number:E-mail Address:Country Location:Region:Instruments of International Traffic Used:Sample Risk Ratings: 1 - Low Meets/Exceeds all Minimum Security Criteria (MSC - Musts and Shoulds) 2-Medium Meets "Musts" not all "Shoulds" 3 - Does not meet all "Musts" criteria N/A - Not applicable. Note:If a "Must" criterion is not met in a category, the score for the entire category should be "3".Processes/Roles Performed (including responsibility for sub-contracting) - Note: 1 business partner may perform multiple roles: For example, the factory may not only produce, but they may pack, load, and transportcargo. The key is to ensure that each process is secured in the supply chain.Effective Security System Meeting all MSC Oversight Accountability Checks and BalancesSupply Chain ProcessTransportation/Movement - (Note: 85% Cargodisruption occurs in transit)C-TPAT SecurityCriteria Determine asapplicable toprocessC-TPAT Sub-Criteria(Note-Some applicable subcriteria may not be listed must be tailored for eachsupply chain)Business PartnerRequirements Sub ContractingScreens sub-contractedsourceMMustSShouldMethod to yRiskRatingCategoryRiskRatingMDoes not verifyreferences. Contractswith lowest bidderUnknown businesspartner/securityprocedures3313Best Practices Identified
Transportation/Movement -cont'dSecuringInstruments ofInternationalTrafficC-TPAT Certified (ifeligible)MDoes not verifyFailure to adhere toC-TPAT MSC3Verifies adherence to CTPAT Criteria (if noteligible)MDoes not verifyFailure to adhere toC-TPAT MSC3Participate in securityprogram administered byforeign customsadministrationSDoes not verifyFailure to adhere toC-TPAT MSC3Sub-contractingrequirementsMDoes not have anyNo leverage toenforce C-TPATMSC331Transportation MonitoringMVisitDoes not activelymonitor GPS toknow where driversare at all times; subcontractor proceduresunknownSeal Inspections in transitMReviewed Drivers'LogsNone3Container inspections intransitWritten proceduresstipulating how seals arecontrolled and affixed meeting all C-TPATrequirementsMReviewed drivers'Inspection Sheets posttripNone1MReviewed writtenprocedures submittedand found incompliance with CTPATNone114
ProceduralSecurityProcedures to reportanomalies to lawenforcementMReviewed writtenproceduresNone1Ensure accurate, complete,legible informationMDocumentedProcedures reviewedand verifiedNone1Documents/Informationprotected against exchange,loss, erroneous informationMDocumentedProcedures reviewedand verifiedNone11Physical Security(as applicable)Process to resolve overages,shortagesMDocumentedProcedures reviewedand verifiedNone1Procedures to ensureinformation is reportedaccurately and timelyMDocumentedProcedures reviewedand verifiedNone1External Fences / BarriersSSite VisitNone1Internal Fences / BarriersSN/AN/AN/AGates/Gate HousesMSite VisitNone1152
ParkingSSite VisitNone1Building ConstructionMSite VisitNone1Locking DevicesMSite VisitNone1LightingMSite VisitNone1Video SurveillanceSN/AN/AN/AAlarm SystemsSSite VisitNo alarm system Intrusion may goundetected despiteguard on duty3Restricted Access toconveyance and containerduring transitPhysical AccessControlsEmployee Access Controls16
Visitor Access ControlsVendor / Contractor AccessControlsDelivery Access ControlsChallenging and RemovingUnauthorized PersonsAccess Device Control(Badges, Keys, etc.) issuance/ removal by managementand must be documentedAccess TerminationProceduresCompliant with MTSA /ISPSPersonnel SecurityScreen prospectiveemployees who transportcargo17
Aware of the procedures toaddress a situation and reportitSecurity andThreat AwarenessTrainingSpecialized training sealcontrols, container, andconveyance inspectionsDispatcher tracking /monitoringThreat Awareness TrainingInformationTechnology(As applicable)Restricted access toautomated transportationmonitoring systems (GPS);Password Changes, etc.OversightSystem to Audit / Test allsecurity measures related totransportation process18
Attachment EStep 4 - Sample Risk Assessment - Action Plan and Follow-UpSupply Chain Partner Name: Factory XYZSite/Location:Point Of Contact Name:Supply Chain ProcessPhone tive nloading/Stuffing/SealingStorage/Staging Product, Conveyance,Container, ShippingInstruments (Pallets,Boxes, Bags, ineEvidenceActionTakenVerifiedBy andDateOutcome
Attachment FStep 5DocumentingRisk Assessment Process(Policy & Procedures)A company’s documented risk assessment process (e.g. policies and procedures) shouldcontain at minimum the following information:1) Date Risk Assessment Process established2) Identify parties responsible for keeping the process up-to-date, including “backup” persons3) When risk assessments must be conducted (e.g. new supplier or service provideroverseas)4) How often risk assessments must be conducted (e.g. as circumstances dictate or ata minimum annually for most C-TPAT partners (quarterly basis– highwaycarriers)5) Required frequency of review/updates to process/policies/procedures (e.g.annually, bi-annually, as needed, etc. to the risk assessment policy/procedure)6) How Threat Assessments of the International Supply Chain are to be conducted(e.g. sources used to determine threat – see examples on Threat AssessmentResource sheet provided)7) How Vulnerability Assessments on the International Supply Chain are to beconducted (e.g. send surveys, site visits, C-TPAT Status, participation in a foreignsupply chain security program)8) How follow-up is conducted on “action items” (e.g. site visits may be required insome cases, in others documentation/photographs may be submitted)9) Process for training key individuals who are responsible for the processes10) Management oversight and accountability for ensuring the process is carried outconsistently and effectively20
Packing: Encompasses both packing the goods for export into non-reusable containers and reusable instruments of international traffic (IIT). It includes but is not limited to placing goods in/on pallets, cartons, cardboard boxes, crates, bins, or other specialized containers. It also entails bundling, wrapping, shrink-wrapping, and other types of
Finally, C-TPAT highway carriers have a competitive advantage over non-C-TPAT Partners since most C-TPAT Partner importers require that those business partners in the supply chain which are eligible for C-TPAT membership -such as highway carriers- become and remain C-TPAT certified in order to do business with them. 76 73 72 81 206 209 208 207
Finally, C-TPAT highway carriers have a competitive advantage over non-C-TPAT Partners since most C-TPAT Partner importers require that those business partners in the supply chain which are eligible for C-TPAT membership -such as highway carriers- become and remain C-TPAT certified in order to do business with them. 76 73 72 81 206 209 208 207
C-TPAT membership (i.e., signing and submitting the C-TPAT Memorandum of Understanding) has been a prerequisite for ISA eligibility since the inception of the program 22 months ago, however, until now, C-TPAT Certification was not a requirement. According to Rees, C-TPAT Certification occurs after CBP reviews and approves a C-TPAT member’s
“The C-TPAT program clearly understands there are a wide variety of business models”), companies applying to C-TPAT would be smart to hew as closely as possible to the five steps to increase their chances of getting certified, and companies already in C-TPAT should do the same to avoid putting their certification at risk.
C-TPAT Partner Application for Importers Instructions . importer security questionnaire).Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT
ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE Page 1 of 7 AbbVie is a participant in the U.S. Customs supply chain security program called the Customs-Trade Partnership Against Terrorism (C-TPAT). Participation in C-TPAT
of the C-TPAT process. Tier One: At time of approval of C-TPAT Executive Summary Tier Two: At the time of passing C-TPAT Validation Process Tier Three: At the time of passing Validation and exceeding the minimum Criteria and adopting industry Best Practices.
C-TPAT and security incidents around world Webinar training for partner on C-TPAT updates, conveyance inspections, security In depth business partner screening – need IRS number, complete C-TPAT security questionnaire, credit references, site visits, all information completed and verified at least three months prior to conducting business
