.archCTPAT-ThirdPartyLogisticsProviders(3PLs)-MSC-November2019.pdf资源-CSDN文库

需积分: 9 143 浏览量 2022-11-17 01:04:39 上传评论收藏 441KB PDF 举报

资源详情

资源评论

CTPAT Minimum Security Criteria – 3PLs| November 2019

Page 1

Minimum Security Criteria – Third Party Logistics Providers (3PLs)

November 2019

Note: Criteria ID numbers may not be sequential. ID numbers not listed are not applicable to 3PLs.

First Focus Area: Corporate Security

1. Security Vision & Responsibility – For a CTPAT Member’s supply chain security program to become and remain

effective, it must have the support of a company’s upper management. Instilling security as an integral part of a

company’s culture and ensuring that it is a companywide priority is in large part the responsibility of the company’s leadership.

ID Criteria Implementation Guidance

Must /

Should

1.1

In promoting a culture of security, CTPAT Members should

demonstrate their commitment to supply chain security and

the CTPAT Program through a statement of support. The

statement should be signed by a senior company official and

displayed in appropriate company locations.

Statement of support should highlight the importance of protecting the

supply chain from criminal activities such as drug trafficking, terrorism,

human smuggling, and illegal contraband. Senior company officials who

should support and sign the statement may include the president, CEO,

general manager, or security director. Areas to display the statement of

support include the company's website, on posters in key areas of the

company (reception; packaging; warehouse; etc.), and/or be part of

company security seminars, etc.

Should

1.2

To build a robust Supply Chain Security Program, a company

should incorporate representatives from all of the relevant

departments into a cross-functional team.

These new security measures should be included in existing

company procedures, which creates a more sustainable

structure and emphasizes that supply chain security is

everyone's responsibility.

Supply Chain Security has a much broader scope than traditional security

programs. It is intertwined with Security, in many departments such as

Human Resources, Information Technology, and Import/Export offices.

Supply Chain Security programs built on a more traditional, security

department-based model may be less viable over the long run because

the responsibility to carry out the security measures are concentrated

among fewer employees, and, as a result, may be susceptible to the loss

of key personnel.

Should

July 2019

CTPAT Minimum Security Criteria – 3PLs| November 2019

Page 2

ID Criteria Implementation Guidance

Must /

Should

1.3

The supply chain security program must be designed with,

supported by, and implemented by an appropriate written

review component. The purpose of this review component is

to document that a system is in place whereby personnel are

held accountable for their responsibilities and all security

procedures outlined by the security program are being

carried out as designed. The review plan must be updated as

needed based on pertinent changes in an organization’s

operations and level of risk.

The goal of a review for CTPAT purposes is to ensure that its employees

are following the company’s security procedures. The review process

does not have to be complex. The Member decides the scope of reviews

and how in-depth they will be - based on its role in the supply chain,

business model, level of risk, and variations between specific

locations/sites.

Smaller companies may create a very simple review methodology;

whereas, a large multi-national conglomerate may need a more extensive

process, and may need to consider various factors such as local legal

requirements, etc. Some large companies may already have a staff of

auditors that could be leveraged to help with security reviews.

A Member may choose to use smaller targeted reviews directed at

specific procedures. Specialized areas that are key to supply chain

security such as inspections and seal controls may undergo reviews

specific to those areas. However, it is useful to conduct an overall

general review periodically to ensure that all areas of the security

program are working as designed. If a member is already conducting

reviews as part of its annual review, that process could suffice to meet

this criterion.

For members with high-risk supply chains (determined by their risk

assessment), simulation or tabletop exercises may be included in the

review program to ensure personnel will know how to react in the event

of a real security incident.

Must

1.4

The Company’s Point(s) of Contact (POC) to CTPAT must be

knowledgeable about CTPAT program requirements. These

individuals need to provide regular updates to upper

management on issues related to the program, including the

progress or outcomes of any audits, security related

exercises, and CTPAT validations.

CTPAT expects the designated POC to be a proactive individual who

engages and is responsive to his or her Supply Chain Security Specialist.

Members may identify additional individuals who may help support this

function by listing them as contacts in the CTPAT Portal.

Must

CTPAT Minimum Security Criteria – 3PLs| November 2019

Page 3

2. Risk Assessment – The continuing threat of terrorist groups and criminal organizations targeting supply chains underscores the need

for Members to assess existing and potential exposure to these evolving threats. CTPAT recognizes that when a company has multiple

supply chains with numerous business partners, it faces greater complexity in securing those supply chains. When a company has

numerous supply chains, it should focus on geographical areas/supply chains that have higher risk.

When determining risk within their supply chains, Members must consider various factors such as the business model, geographic

location of suppliers, and other aspects that may be unique to a specific supply chain.

Key Definition: Risk – A measure of potential harm from an undesirable event that encompasses threat, vulnerability, and

consequence. What determines the level of risk is how likely it is that a threat will happen. A high probability of an occurrence will

usually equate to a high level of risk. Risk may not be eliminated, but it can be mitigated by managing it – lowering the vulnerability or

the overall impact on the business.

ID Criteria Implementation Guidance

Must /

Should

2.1

CTPAT Members must conduct

and document the amount of

risk in their supply chains.

CTPAT Members must conduct

an overall risk assessment (RA)

to identify where security

vulnerabilities may exist. The

RA must identify threats,

assess risks, and incorporate

sustainable measures to

mitigate vulnerabilities. The

member must take into

account CTPAT requirements

specific to the member’s role in

the supply chain.

The overall risk assessment (RA) is made up of two key parts. The first part is a self-assessment of

the Member’s supply chain security practices, procedures, and policies within the facilities that it

controls to verify its adherence to CTPAT’s minimum-security criteria, and an overall management

review of how it is managing risk.

The second part of the RA is the international risk assessment. This portion of the RA includes the

identification of geographical threat(s) based on the Member's business model and role in the supply

chain. When looking at the possible impact of each threat on the security of the member’s supply

chain, the member needs a method to assess or differentiate between levels of risk. A simple

method is assigning the level of risk between low, medium, and high.

CTPAT developed the Five Step Risk Assessment guide as an aid to conducting the international risk

assessment portion of a member’s overall risk assessment, and it can be found on U.S. Customs and

Border Protection’s website at

https://www.cbp.gov/sites/default/files/documents/C-

TPAT%27s%20Five%20Step%20Risk%20Assessment%20Process.pdf.

For Members with extensive supply chains, the primary focus is expected to be on areas of higher

risk.

Must

CTPAT Minimum Security Criteria – 3PLs| November 2019

Page 4

ID Criteria Implementation Guidance

Must /

Should

2.3

Risk assessments must be

reviewed annually, or more

frequently as risk factors

dictate.

Circumstances that may require a risk assessment to be reviewed more frequently than once a year

include an increased threat level from a specific country, periods of heightened alert, following a

security breach or incident, changes in business partners, and/or changes in corporate

structure/ownership such as mergers and acquisitions etc.

Must

2.4

CTPAT Members should have

written procedures in place

that address crisis

management, business

continuity, security recovery

plans, and business

resumption.

A crisis may include the disruption of the movement of trade data due to a cyberattack, a fire, or a

carrier driver being hijacked by armed individuals. Based on risk and where the Member operates or

sources from, contingency plans may include additional security notifications or support; and how to

recover what was destroyed or stolen to return to normal operating conditions.

Should

3. Business Partners – CTPAT Members engage with a variety of business partners, both domestically and internationally. For those

business partners who directly handle cargo and/or import/export documentation, it is crucial for the Member to ensure that these

business partners have appropriate security measures in place to secure the goods throughout the international supply chain. When

business partners subcontract certain functions, an additional layer of complexity is added to the equation, which must be

considered when conducting a risk analysis of a supply chain.

Key Definition: Business Partner – A business partner is any individual or company whose actions may affect the chain of custody

security of goods being imported to or exported from the United States via a CTPAT Member’s supply chain. A business partner may

be any party that provides a service to fulfil a need within a company’s international supply chain. These roles include all parties

(both directly and indirectly) involved in the purchase, document preparation, facilitation, handling, storage, and/or movement of

cargo for, or on behalf, of a CTPAT Importer or Exporter Member. Two examples of indirect partners are subcontracted carriers and

overseas consolidation warehouses – arranged for by an agent/logistics provider.

CTPAT Minimum Security Criteria – 3PLs| November 2019

Page 5

ID Criteria Implementation Guidance

Must /

Should

3.1

CTPAT Members must have a written, risk

based process for screening new business

partners and for monitoring current

partners. A factor that Members should

include in this process is checks on activity

related to money laundering and terrorist

funding. To assist with this process, please

consult CTPAT’s Warning Indicators for

Trade-Based Money Laundering and

Terrorism Financing Activities.

The following are examples of some of the vetting elements that can help determine if a

company is legitimate:

• Verifying the company’s business address and how long they have been at that

address;

• Conducting research on the internet on both the company and its principals;

• Checking business references; and

• Requesting a credit report.

Examples of business partners that need to be screened are direct business partners

such as manufacturers, product suppliers, pertinent vendors/service providers, and

transportation/logistics providers. Any vendors/service providers that are directly

related to the company’s supply chain and/or handle sensitive information/equipment

are also included on the list to be screened; this includes brokers or contracted IT

providers. How in-depth to make the screening depends on the level of risk in the

supply chain.

Must

3.3

Written screening processes must include

indicators to identify shipments or

customers that might not be legitimate. If

a higher risk factor is flagged when

screening a shipment/customer, the carrier

must complete a more in depth review. If

the vetting leads to substantial doubt to

the veracity of the shipment/customer, the

carrier must notify U.S. Customs and

Border Protection of its suspicions.

Some of the warning signs could be willing to pay above the standard rate, in cash;

having little knowledge of the commodity to be shipped; being evasive; minimal contact

information (cell phone, P.O. box); new business/no business history, etc.

Must

剩余44页未读，继续阅读

评论收藏

内容反馈

.archCTPAT-ThirdPartyLogisticsProviders(3PLs)-MSC-November2019.p...

评论0

最新资源

.archCTPAT-ThirdPartyLogisticsProviders(3PLs)-MSC-November2019.p...

评论0

最新资源

相关推荐

ieee 802.3-2005 version

802.3-2005_section2 EPON协议标准

PLS.rar_PLS-DA_pls_pls-svr_偏最小二乘_偏最小二乘 matlab

S7-200西门子PLC例程源码100例合集.zip

e16608-SQLPlus Release Notes Release 11.2.0.4-4.pdf

IEEE Std 802.3-2012(section 2)

IEEE Std 802.3-2012-section2

11.zip_DA算法_matlab PLS-DA_pls_pls da_pls-da算法

IEEE Std 802.3-2012(section 3)

WPRO.VN-QUAN-LY-BAO-HANH-BANG-EXCEL_MANAGEMENT_

pls.rar_K-pls分析_PLS数据

基于误差的LS-SVM与PLS相结合的非线性建模

ga-pls.rar_GA_GA-PLS是什么_ga-pls_pls_偏最小二乘

PSO_SVM and PLS_PSO-SVM.m_PSO_pls_pls.m_SVM_

plscv.rar_K._PLS 交叉验证_PLS-交叉验证_k-folder_pls交叉验证

setuptools-0.7.win-amd64-py2.7.msi

goggul.pls-crx插件

PLS_Manual_3_5.rar_PLS-TOOLBOX_PLS_Toolbox_pls_pls toolbox

PLS-VIO.pdf

化学计量学软件Unscrambler9.7-PLS1红外光谱分析建模-PCAPLS2PLS1.pdf

ieee 802.3 part3-2008 edition