C-TPAT Minimum Security Requirements

Nogales, AZ- C-TPAT, which stands for Customs Trade Partnership Against Terrorism, was established in 2001 with the intention of being a strong layer within U.S. Customs and Border Protection’s (CBP) multi-layered cargo enforcement defensive system. C-TPAT is a voluntary partnership program which is recognized by CBP as being one of the highest levels of supply-chain security.

Today, more than 11,000 certified partners from the trade community have been accepted into the program. Those partner include U.S. imports/exports, U.S./Mexico/Canada highway carriers, licensed U.S. brokers, U.S./Mexican/Canadian manufactures, etc. Each of these sectors eligible for the C-TPAT program must go through and complete strict oversight requirements which identifies security gaps and has an implemented best practices regarding security.

Because members who participate in the C-TPAT program are considered to be low-risk, these sectors can be exempt or partake in a variety of benefits including: A reduction of CBP examinations, front of the line inspections for carriers, shorter wait times at the border, and probably most important- stronger supply-chain security.

Because Divine Flavor is a registered member of the C-TPAT program, the company is required to work with suppliers who are also volunteers of the program or, at least meet the minimum security requirements of C-TAPT.

The following link discusses some eligibility requirements for being a foreign manufacture:




For a CTPAT Member’s supply chain security program to become and remain effective, it must have the support of a company’s upper management. Instilling security as an integral part of a company’s culture and ensuring that it is a companywide priority is in large part the responsibility of the company’s leadership.

  • Promoting a work culture of security
  • Building a robust supply-chain security program
  • Creating a written and documented program
  • Having a team knowledgeable of the CTPAT program and its requirements


The continuing threat of terrorist groups and criminal organizations targeting supply chains underscores the need for Members to assess existing and potential exposure to these evolving threats. CTPAT recognizes that when a company has multiple supply chains with numerous business partners, it faces greater complexity in securing those supply chains. When a company has numerous supply chains, it should focus on geographical areas/supply chains that have higher risk. When determining risk within their supply chains, Members must consider various factors such as the business model, geographic location of suppliers, and other aspects that may be unique to a specific supply chain.

  • Documenting risk in the supply-chain and conducting an assessment
  • Mapping out the movement of cargo
  • Review annually
  • Having written procedures


CTPAT Members engage with a variety of business partners, both domestically and internationally. For those business partners who directly handle cargo and/or import/export documentation, it is crucial for the Member to ensure that these business partners have appropriate security measures in place to secure the goods throughout the international supply chain.

  • Screen new business partners
  • Being a valid member of the CTPAT Program or Authorized Economic Operator (AEO) with a Mutual Recognition Agreement (MRA) with the United States.
  • Exercise due diligence and confirm outsourced partners are also screened.
  • Working with Cargo carriers which either have CTPAT or meet the minimum requirements


In today’s digital world, cybersecurity is the key to safeguarding a company’s most precious assets – intellectual property, customer information, financial and trade data, and employee records, among others. With increased connectivity to the internet comes the risk of a breach of a company’s information systems.

This threat pertains to businesses of all types and sizes. Measures to secure a company’s information technology (IT) and data are of paramount importance, and the listed criteria provide a foundation for an overall cybersecurity program for Members. Cybersecurity is the activity or process that focuses on protecting computers, networks, programs, and data from unintended or unauthorized access, change or destruction. It is the process of identifying, analyzing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an acceptable level, considering costs and benefits taken.

  • Must have written procedures on how to protect information technology (IT).
  • Having sufficient software to defend IT systems against threats (viruses, spyware, etc.)
  • Regularly test IT for vulnerabilities and test for abuse of policies (Check cyber security annually)
  • Restrict users or have certain user limited to access private company information.
  • Having protection for remote access. Provide users usernames/passwords/VPNs


Smuggling schemes often involve the modification of conveyances and Instruments of International Traffic (IIT), or the hiding of contraband inside IIT. This criteria category covers security measures designed to prevent, detect, and/or deter the altering of IIT structures or surreptitious entry into them, which could allow the introduction of unauthorized material or persons.

  • Cargo/Trucks, also known as Conveyances and Instruments of International Traffic (IIT) must be stored in a secure area to prevent unauthorized personnel.
  • Must have written procedures for security and agricultural inspections
  • Ensuring inspections are being carried out. See example:
  • Alerting Business Partners of any threats to the shipment


The sealing of trailers and containers, to include continuous seal integrity, continues to be a crucial element of a secure supply chain. Seal security includes having a comprehensive written seal policy that addresses all aspects of seal security; using the correct seals per CTPAT requirements; properly placing a seal on an IIT, and verifying that the seal has been affixed properly.

  • Must have a written high-security seal procedure.
  • Control access to seals (Inventory, distributing, tracking (Seal log).
  • Sealing each container sent to a CTPAT member.
  • Seals used are the ISO 17712 ( CTPAT Standard).
  • Notifying CTPAT partners when seals are broken for inspection.


Procedural Security encompasses many aspects of the import-export process, documentation, and cargo storage and handling requirements. Other vital procedural criteria pertain to reporting incidents and notification to pertinent law enforcement. Additionally, CTPAT often requires that procedures be written because it helps maintain a uniform process over time. Nevertheless, the amount of detail needed for these written procedures will depend upon various elements such as a company’s business model or what is covered by the procedure.

  • When cargo is stored overnight, secure measures must be taken to prevent unauthorized access.
  • Cargo/shipping containers must be inspected for pest continuously.
  • Loading and unloading must be supervised by a manager or security staff member
  • There must be procedures in place for properly manifesting product being shipped.
  • Brokers or agents must verify BOLs/Manifest are properly recorded and accurate.


  • Agriculture is the largest industry and employment sector in the U.S. It is also an industry threatened by the introduction of foreign animal and plant contaminants such as soil, manure, seeds, and plant and animal material which may harbor invasive and destructive pests and diseases. Eliminating contaminants in all conveyances and in all types of cargo may decrease CBP cargo holds, delays, and commodity returns or treatments. Ensuring compliance with CTPAT’s agricultural requirements will also help protect a key industry in the U.S. and the overall global food supply

    • CTPAT Members must have written procedures to prevent pest and to include wood compliance with the packing materials.
    • International standards for Phytosanitary Measures.


Cargo handling and storage facilities, Instruments of International Traffic storage areas, and facilities where import/export documentation is prepared in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access.

  • Offices and facilities must have physical barriers to prevent unauthorized access.
  • Gates where employees/guest enter/exit must be monitored frequently.
  • Private parking shall not be adjacent to cargo parking
  • Facilities and offices have adequate lighting outside the facility and in the parking section.
  • Cameras are highly recommended and encouraged.

Access controls prevent unauthorized access into facilities/areas, help maintain control of employees and visitors, and protect company assets. Access controls include the positive identification of all employees, visitors, service providers, and vendors at all points of entry.

  • Identification badges and special keys to access the facility/offices.
  • Drivers delivering packages must be identified before delivering.
  • Visitors must be screened and show identification.
  • Using security guards and having written policies for this.


A company’s human resource force is one of its most critical assets, but it may also be one of its weakest security links. The criteria in this category focus on issues such as employee screening and pre-employment verifications. Many security breaches are caused by internal conspiracies, which is where one or more employees collude to circumvent security procedures aimed at allowing an infiltration of the supply chain. Therefore, Members must exercise due diligence to verify that employees filling sensitive positions are reliable and trustworthy. Sensitive positions include staff working directly with cargo or its documentation, as well as personnel involved in controlling access to sensitive areas or equipment. Such positions include, but are not limited to, shipping, receiving, mailroom personnel, drivers, dispatch, security guards, any individuals involved in load assignments, tracking of conveyances, and/or seal controls.

  • Screen employees before hire (Background checks, employment history, etc.)
  • Have an employee code of conduct policy in place.


CTPAT’s security criteria are designed to form the basis of a layered security system. If one layer of security is overcome, another layer should prevent a security breach, or alert a company to a breach. Implementing and maintaining a layered security program needs the active participation and support of several departments and various personnel. One of the key aspects to maintaining a security program is training. Educating employees on what the threats are and how their role is important in protecting the company’s supply chain is a significant aspect to the success and endurance of a supply chain security program. Moreover, when employees understand why security procedures are in place, they are much more likely to adhere to them.

  • Establish a training and company atmosphere which focuses on safety and preventing threats to the work place.
  • Conduct refresher trainings annually.

For more information, please contact:
Michael DuPuis
Public Relations Coordinator
+1 (520)-281-8328