C-TPAT Participants Encouraged to Report Suspicious Activities and Security Breaches
A May 1 message from U.S. Customs and Border Protection suggests that participants in the Customs-Trade Partnership Against Terrorism need to improve their reporting of suspicious activities, anomalies and security breaches. The message appears designed to reassure participants that such reporting will not result in negative consequences. CBP notes that it is working to ensure that this practice is also required and encouraged by Mexico’s supply chain security program, the New Scheme of Certified Companies, as it is by Canada’s Partners in Protection Program.
CBP states that if a C-TPAT partner reports suspicious activities, anomalies or security breaches prior to CBP’s discovery, the company will not be immediately suspended from the program. The goal of C-TPAT is to secure the international supply chain through cooperation and information sharing, the message states, and such reporting demonstrates that the partner’s security procedures are functioning. While reporting a breach will result in an immediate joint review of the totality of circumstances, a swift and proactive response to a breach is a factor considered during that review. If CBP determines that the C-TPAT partner exhibited due diligence, followed its established security procedures and has proactively enhanced its security practices following the incident, the company will not be suspended from the program. However, if the review indicates that the partner failed to meet the minimum security criteria, follow its own established security procedures or adequately address the security vulnerabilities that led to the breach, a suspension may be necessary until CBP can ensure that all potential security vulnerabilities are addressed.
According to CBP, C-TPAT members should have documented procedures in place so that company representatives and staff are aware of how to report a suspicious activity, anomaly or security breach to company management, business partners associated with the shipment, and CBP. Keeping in mind that personnel and public safety are paramount, participants should immediately contact the appropriate CBP port of entry and/or other appropriate law enforcement agencies with information related to the shipment and the reasons for concern. In the event the CBP port of entry cannot be reached, calls should be placed to the 1-800-BE ALERT (1-800-232-5378) hotline. If possible, the shipment should be returned to the point of origin or a pre-designated location for safety and verification. In addition, the company’s assigned supply chain security specialist should be notified as soon as practical of the event and any subsequent follow-up action that may have been taken and/or is being considered.
The message also identifies some recommended practices and procedures. For example, C-TPAT company drivers frequently request to be sent for a secondary exam due to their self-developed risk indicators; e.g., they were directed to pick up a trailer at a first time or unknown location. C-TPAT members also routinely test their contingency plans and “what if” scenarios as a means of proactively addressing the possibility of a compromise. Regular verifications of security plans and practical exercises enable companies to react quickly in the event of an incident, CBP states.