U. S. Customs and Border Protection (CBP) states that a C-TPAT participant (Tier 1) will undergo a validation phase (Tier 2) within one year after becoming C-TPAT certified by its Supply Chain Security Specialist (SCSS).
The validation process consists of six (6) components:
1) The SCSS schedules a visit with the company.
2) The company prepares for the validation review by the SCSS.
3) The SCSS visits the company's domestic facility and the Company's foreign facility (if applicable), as well as one of the foreign suppliers and consolidators (if applicable).
4) A validation report is issued by the SCSS.
5) The company responds in writing to the validation report.
6) The SCSS responds to the company's written validation response.
The C-TPAT validation is not an audit. CBP will provide C-TPAT participants with a minimum of 30 days advance notice prior to the beginning of the validation process. Prior to validation, a SCSS will contact the C-TPAT participant to determine:
1) The type of supporting documentation that is needed; and
2) Which domestic facilities (corporate office, ware-houses (private and/or third party) and distribution centers) and foreign suppliers and stuffing facilities (if less than full containers are shipped by the foreign suppliers) will be inspected.
The SCSS uses the C-TPAT validation process to determine if the participant's approved security profile reflects the company's security conditions based on CBP's current requirements.
Tier 1 C-TPAT applicants can be become validated by conducting the following analysis of the supply chain:
1) Review the participant's approved security profile to ensure:
A. It is compliant with CBP's current requirements.
B. The security profile is factually accurate.
C. Determine if any of the company's current security conditions has changed due to the following:
I. Present and future commitments made by the C-TPAT participant during the application phase have not materialized or have not or cannot be maintained.
II. The company has physically moved, created a new division, acquired a new company or ownership of the company has changed. New management may not be aware of the C-TPAT program.
III. The company is not conducting due diligence reviews of their customers, service providers and their foreign suppliers by, at a minimum, sending out questionnaires and making necessary security recommendations.
IV. The company is not conducting thorough background checks on prospective employees as well as criminal checks on both prospective and existing employees.
V. The company has instituted new systems, such as a new computer, or new security measurers and programs.
2) Create or revise written procedures where necessary.
3) Prepare each department for the validation with CBP.
4) Review the security status of the foreign suppliers and consolidation/stuffing facilities as well as prepare them for the visit by CBP. NJA will act as liaison between your company's C-TPAT team and your SCSS. We will work with you in coordinating CBP's visit to your foreign business partner's facilities with your company representative or agent. We are also available to be present for CBP's validation visit, both domestic and foreign.
At the conclusion of the validation visit, the SCSS will hold an informal wrap-up meeting, whereby the SCSS will review the issues and concerns at the facility. Within a few months, you will receive a validation visit report, whereby “Recommendations/and or Actions Required" for your operation (as well as the operations of your business partners visited) will be formalized in greater detail. We will help you interpret this report and determine what is recommended and what is required, based on CBP's present criteria.
We will also assist you in instituting the policies, procedures or remedies required or recommended. Please note that although your business partner may be a C-TPAT member, they are not exempt from receiving formal recommendations/requirements from CBP, which affects your validation.
You have ninety (90) days to respond to any “Recommendations/and or Actions Required" which are noted in the validation report. The response must be on company letterhead and uploaded to the “Document Exchange" section of the portal. In addition, an email of such action must be forwarded to your SCSS advising the SCSS that it has been completed. Once your SCSS receives your plan, the SCSS will review the plan and address any questions.
If the company has not responded within the 90 day response period, it will be suspended from the C-TPAT program and thus lose the C-TPAT benefits that were awarded to it as a Tier 1 member. This can result in the C-TPAT participant losing present and potential future customers, where C-TPAT certification is a requirement to conduct business. In addition, there may also be an increase in inspections and audits.
After the validation phase, you will go will undergo a revalidation every three years from the date of the previous foreign validation. In addition, the Tier 1/Tier 2 C-TPAT member will undergo an annual security self- assessment approximately one year after becoming C-TPAT certified.
Ronald Jaspan is the President of Norman Jaspan Associates, Inc. , NormanJaspanAssociates.com , a 75 year old management consulting firm that specializes in safeguarding company assets, developing shortage controls, evaluating systems and formulating educational training programs.