At the 2017 Customs Trade Partnership Against Terrorism (CTPAT) Conference in Detroit, Michigan, U.S. Customs and Border Protection (CBP) announced plans to strengthen the existing “minimum security criteria (MSC) for the program and adding new criteria to reflect evolving security threats. The updated, modernized MSC will include the following:
• Cybersecurity (elevated firewall performance, test affirmation of resistance to attempted hacking, etc.)
• Prevention of money laundering
• Emphasis on corporate responsibility of senior management to use their influence, support, and resources to be more visible in the management of the company’s CTPAT program
• Agricultural security
CBP officials reported that updates to CTPAT’s MSC reflect information gained from their security validations and post-incident analyses, as well as input from program participants. One effort will be to bolster existing criteria in areas with particular risks and vulnerabilities, such as highway carriers, physical security, and personnel. CBP will also focus on adding new criteria to address threats and concerns that have emerged due to changes in the modern supply chain. The surge in e-commerce, for example, highlighted a need for new cybersecurity criteria. USDA-regulated products will have a new focus on terrorist activity, due to threats from terrorist organizations to smuggle weapons inside pallets, in addition to targeting food products for contamination. CBP is currently engaging with the trade community on the MSC update and plans to seek public comment before finalizing any changes. A multi-year phased implementation of the new, updated criteria could begin in late 2018.
Also in development for CTPAT 2018 is a new framework for CTPAT best practices that will provide participants with more flexibility in obtaining Tier 3 status, which provides the most benefits to CTPAT members. CBP has created a plan for evaluating company practices to determine if they constitute “best practices”. This approach differs from the current system that sets forth lists of specific best practices, which have become increasingly cumbersome and outdated. The new framework includes the following five elements:
1. Senior management support of a corporate philosophy and culture to promote security
2. Innovative technology, processes, and procedures to enhance and improve security
3. Documented processes to ensure consistency and continuity
4. Checks, balances, accountability, and testing, including auditing, to ensure reliability of security measures
5. Evidence of implementation to show that minimum security criteria have been met and validated
Companies may be able to gain Tier 3 status by showing that their existing practices meet the above criteria, rather than having to comply with practices specifically prescribed by CBP. The framework is currently being pilot tested and should be rolled out in 2018. The new CTPAT logo, acronym, and slogan are shown below. Read from original posting.