C-TPAT Part II: strategies for obtaining and keeping C-TPAT certification
Obtaining—and keeping—C-TPAT certification got harder last March, when the Bureau of Customs and Border Protection introduced new and stiffer standards, which apply to new applicants and current C-TPAT members alike.
Barry Brandman is president of Danbee Investigations, a Midland Park, N.J., company that provides investigative, loss prevention and security consulting services to many of the top names in the logistics industry. He has been a guest speaker for the Department of Homeland Security, CSCMP, and WERC, and is the author of Security Best Practices: Protecting Your Distribution Center From Inventory Theft, Fraud, Substance Abuse, Cybercrime and Terrorism. You can reach him via e-mail at
or (201) 652-5500.
Editor's note: This is the second installment in a two-part series on C-TPAT, the Customs-Trade Partnership Against Terrorism. Part One looked at the origins and evolution of the security initiative, under which U.S. importers agree to continuously police their own supply chains in return for a host of benefits, including reduced cargo inspections. This installment discusses strategies for obtaining—and keeping—C-TPAT certification.
C-TPAT may have its critics (see "it may not be perfect, but C-TPAT's here to stay," DC VELOCITY, November 2005), but that hasn't slowed its momentum. As of last April, more than 9,000 importers had applied for C-TPAT certification. And new applications pour in every month.
But obtaining (and keeping) that certification got harder last March, when the Bureau of Customs and Border Protection (CBP) introduced new and stiffer standards. These new standards, which apply to new applicants and current C-TPAT members alike, mean they must now be able to confirm, among other things, that foreign suppliers, vendors and contractors are performing seven-point container inspections, documenting their procedures for issuing keys, changing passwords, and an array of other best security practices.
As part of the program, CBP requires C-TPAT members to prepare a Security Profile that outlines the steps they're taking and to conduct ongoing internal audits to ensure that their employees, vendors, suppliers and trading partners actually follow enhanced policies and procedures. Though it doesn't require existing members to provide proof of compliance, CBP isn't relying entirely on the honor system either. For that, it has established what it calls a "validation" process, whereby CBP supply chain security specialists meet with company representatives, and visit foreign and domestic sites to verify that everyone in a company's supply chain is following the practices outlined in the member's Security Profile. If the inspections reveal significant problems, CBP can suspend or even revoke the importer's benefits.
To avoid putting your C-TPAT certification at risk, you must establish an ongoing program to assess how well your security program is being carried out and identify new areas of risk that require remedial action.
But who should conduct this assessment? Many times, companies assign this task to logistics or customs compliance personnel, who tend to use boilerplate security checklists to identify vulnerabilities. That's a dangerous practice. This is no ordinary compliance task; an in-depth security assessment requires specialized expertise.
By definition, the global supply chain is a sprawling network of domestic and foreign partners that manufacture, pack, load, consolidate and transport merchandise to the United States. Each of those partners follows a unique set of processes, and those varied processes represent almost limitless potential for security breaches. Auditors who don't have an in-depth understanding of the various ways to circumvent security safeguards have no hope of identifying all these risks or knowing how to remedy them effectively. Whether you opt to use in-house resources or bring in an outside security specialist, make sure you're using a qualified and knowledgeable professional with extensive experience in logistics security.
Avoid the traps
Deciding who will conduct their security assessments isn't the only problem importers face, however. There are plenty of other ways to get tripped up in the process. What follows are some tips on avoiding several common missteps:
Make sure nothing gets lost in translation. When working with partners in foreign countries, there's always the danger that cultural differences and language barriers will lead to miscommunication. To prevent that, we use customized supply chain security questionnaires that ask key questions several different ways, each worded differently. If respondents answer "yes" and "no" to the same question, that's a signal that they either didn't understand the question or weren't providing accurate responses.
It's also a good idea to confirm the information these partners provide through follow-up e-mails and conference calls. More often than not, we find that the feedback foreign companies provide during these exchanges differs from their original answers. That's not to say they're deliberately trying to mislead us; it may be a simple case of misinterpretation arising from language differences. But whatever the cause, you can't afford to be misled. Foreign suppliers tend to be one of the most vulnerable links in the supply chain today; it's imperative that nothing gets lost in translation.
Emphasize the need for candor. It's not only foreign partners who may provide misleading information, of course. Domestic partners and even personnel at your own facilities may be reluctant to expose and document inadequacies in their security practices and programs. Your challenge will be to convince everyone to be open about security weaknesses. Let them know that while there's no shame in exposing vulnerabilities, the failure to disclose a known security breach could result in your supply chain's being compromised.
Provide in-depth, focused training. The new C-TPAT criteria require that importers establish a threat awareness and security training program. This isn't a quick overview of the basics; this should be exceedingly specialized instruction. Your security depends on workers' ability to recognize potential threats—whether terrorists' plots or internal conspiracies. In order to do this, they'll need detailed information so they'll know specifically what to look for.
It appears that some companies have a long way to go when it comes to threat awareness training. That became evident to us recently when we went out to conduct a C-TPAT training seminar that focused on security seals, one of the most important components of a supply chain security program. During that session, we asked the attendees whether they thought bolt seals could be circumvented. Ninety percent said no, bolt seals were tamperproof; the remaining 10 percent told us they suspected that bolt seals could be compromised, but they had no idea how. That was a troubling response. Bolt seals can, in fact, be circumvented. But if the people responsible for seal integrity don't know that (or don't know how), they're unlikely to detect a breach.
See for yourself
If you want to keep your certification, you will need to have an ongoing security auditing program in place for your facilities as well as those of your supply chain partners. Aside from its being a C-TPAT requirement, it's also a very sound practice.
A C-TPAT compliance audit we conducted at a Hong Kong consolidator confirmed the wisdom of performing adherence audits. Prior to our audit, company representatives had assured us that their personnel diligently followed all of the security procedures we asked them to establish. Among other claims, they told us that their facility had "complete video coverage throughout [its] warehouse" and that our client's goods were "always kept in a segregated, highly secured area."
But when we audited this facility, we found otherwise. Take the "complete" video coverage, for example. True, the facility had a CCTV system in place, but the camera views were of poor clarity and too broad to be of much use. And the video coverage was anything but complete; we found that our client's goods were not monitored from the time they arrived to the time they were reloaded for shipment to the Hong Kong seaport. We also discovered that the system's digital hard drive could archive only seven days'worth of footage, making it impossible to investigate any event that dated back more than a week.
We also uncovered problems with the consolidator's shipment verification practices. For example, although its security policy dictated that only senior personnel would remove an inbound truck's security seal, we found that in reality, seals were being removed by whoever happened to be working on the receiving dock. As a result, workers did not always take the time to verify that the seal number on an inbound shipment matched the manifest (another policy violation).
Things were no better with the seals used for outbound trucks. We found that these seals often sat unguarded on the shipping dock, fully accessible to employees, vendors and truckers. Because the shipping crew had stopped using seals in numerical sequence, it would have been easy for a driver to steal one of these seals and reattach it to a truck's doors after it left the facility, concealing the fact that the trucker later accessed the truck's cargo area without authorization.
As for the consolidator's claims that it was segregating our client's product in a "highly secured area," we found that the fencing was only eight feet high and had no ceiling to keep intruders from climbing over. We also found that the keypad code to this area hadn't been changed in nearly nine months and was known to most of the workforce (including those without clearance to this area). And the alarm system wouldn't have been much help. We determined that the alarm was only being armed at the end of the workday, even though the area was frequently left unoccupied for hours at a time.
Once we notified the consolidator of these and other security loopholes, it remedied them promptly. But this experience points up how easily your inventory can be exposed to unnecessary risks.
If your company is a C-TPAT-certified company, it's your responsibility to make sure your security safeguards are as good in reality as they appear to be on paper. It's no secret that shipments to certified companies stand a much lower chance of being opened and inspected by CBP inspectors. That makes shipments to C-TPATcertified companies precisely the ones terrorist cells are most likely to target—underscoring the importance of identifying loopholes in your supply chain safeguards before others have the opportunity to exploit them. Doing anything less could jeopardize your C-TPAT certification and expose your company to the catastrophic ramifications of having a weapon of mass destruction smuggled into your supply chain.
States across the Southeast woke up today to find that the immediate weather impacts from Hurricane Helene are done, but the impacts to people, businesses, and the supply chain continue to be a major headache, according to Everstream Analytics.
The primary problem is the collection of massive power outages caused by the storm’s punishing winds and rainfall, now affecting some 2 million customers across the Southeast region of the U.S.
One organization working to rush help to affected regions since the storm hit Florida’s western coast on Thursday night is the American Logistics Aid Network (ALAN). As it does after most serious storms, the group continues to marshal donated resources from supply chain service providers in order to store, stage, and deliver help where it’s needed.
Support for recovery efforts is coming from a massive injection of federal aid, since the White House declared states of emergency last week for Alabama, Florida, Georgia, North Carolina, and South Carolina. Affected states are also supporting the rush of materials to needed zones by suspending transportation requirement such as certain licensing agreements, fuel taxes, weight restrictions, and hours of service caps, ALAN said.
E-commerce activity remains robust, but a growing number of consumers are reintegrating physical stores into their shopping journeys in 2024, emphasizing the need for retailers to focus on omnichannel business strategies. That’s according to an e-commerce study from Ryder System, Inc., released this week.
Ryder surveyed more than 1,300 consumers for its 2024 E-Commerce Consumer Study and found that 61% of consumers shop in-store “because they enjoy the experience,” a 21% increase compared to results from Ryder’s 2023 survey on the same subject. The current survey also found that 35% shop in-store because they don’t want to wait for online orders in the mail (up 4% from last year), and 15% say they shop in-store to avoid package theft (up 8% from last year).
“Retail and e-commerce continue to evolve,” Jeff Wolpov, Ryder’s senior vice president of e-commerce, said in a statement announcing the survey’s findings. “The emergence of e-commerce and growth of omnichannel fulfillment, particularly over the past four years, has altered consumer expectations and behavior dramatically and will continue to do so as time and technology allow.
“This latest study demonstrates that, while consumers maintain a robust
appetite for e-commerce, they are simultaneously embracing in-person shopping, presenting an impetus for merchants to refine their omnichannel strategies.”
Other findings include:
• Apparel and cosmetics shoppers show growing attraction to buying in-store. When purchasing apparel and cosmetics, shoppers are more inclined to make purchases in a physical location than they were last year, according to Ryder. Forty-one percent of shoppers who buy cosmetics said they prefer to do so either in a brand’s physical retail location or a department/convenience store (+9%). As for apparel shoppers, 54% said they prefer to buy clothing in those same brick-and-mortar locations (+9%).
• More customers prefer returning online purchases in physical stores. Fifty-five percent of shoppers (+15%) now say they would rather return online purchases in-store–the first time since early 2020 the preference to Buy Online Return In-Store (BORIS) has outweighed returning via mail, according to the survey. Forty percent of shoppers said they often make additional purchases when picking up or returning online purchases in-store (+2%).
• Consumers are extremely reliant on mobile devices when shopping in-store. This year’s survey reveals that 77% of consumers search for items on their mobile devices while in a store, Ryder said. Sixty-nine percent said they compare prices with items in nearby stores, 58% check availability at other stores, 31% want to learn more about a product, and 17% want to see other items frequently purchased with a product they’re considering.
Ryder said the findings also underscore the importance of investing in technology solutions that allow companies to provide customers with flexible purchasing options.
“Omnichannel strength is not a fad; it is a strategic necessity for e-commerce and retail businesses to stay competitive and achieve sustainable success in 2024 and beyond,” Wolpov also said. “The findings from this year’s study underscore what we know our customers are experiencing, which is the positive impact of integrating supply chain technology solutions across their sales channels, enabling them to provide their customers with flexible, convenient options to personalize their experience and heighten customer satisfaction.”
Transportation industry veteran Anne Reinke will become president & CEO of trade group the Intermodal Association of North America (IANA) at the end of the year, stepping into the position from her previous post leading third party logistics (3PL) trade group the Transportation Intermediaries Association (TIA), both organizations said today.
Meanwhile, TIA today announced that insider Christopher Burroughs would fill Reinke’s shoes as president & CEO. Burroughs has been with TIA for 13 years, most recently as its vice president of Government Affairs for the past six years, during which time he oversaw all legislative and regulatory efforts before Congress and the federal agencies.
Before her four years leading TIA, Reinke spent two years as Deputy Assistant Secretary with the U.S. Department of Transportation and 16 years with CSX Corporation.
Two European companies are among the most recent firms to put autonomous last-mile delivery to the test with a project in Bern, Switzerland, that debuted this month.
Swiss transportation and logistics company Planzer has teamed up with fellow Swiss firm Loxo, which develops autonomous driving software solutions, for a two-year pilot project in which a Loxo-equipped, Planzer parcel delivery van will handle last-mile logistics in Bern’s city center.
The project coincides with Swiss regulations on autonomous driving that are expected to take effect next spring.
Referred to as “Planzer–Dynamic Micro-Hub w LOXO,” the project aims to address both sustainability issues and traffic congestion in urban areas.
The delivery vehicle, a Volkswagen ID. Buzz battery-electric minivan, will feature Loxo’s Level 4 Digital Driver navigation software, a highly automated solution that allows driverless operation. The van was retrofitted to include space for two swap boxes for parcel storage.
During the two-year pilot phase, Loxo’s Digital Driver will navigate a commercial vehicle several times a day from Planzer’s railway center to various logistics points in Bern's city center. There, the parcels will be reloaded onto small electric vehicles and delivered to end customers by Planzer’s parcel delivery staff.
Following the completion of the pilot phase, Planzer and Loxo will build on the program for rollout in other Swiss cities, the companies said.
The partners said the project addresses the increasing requirements of urban supply chains and aims to ensure the “scalability of their disruptive solution.” With largely emission-free delivery, it contributes to greater levels of sustainability for the city as a living space, they also said.
“The uniqueness of this project lies in the fact that it will have a direct impact on society,” Planzer’s CEO and Chairman Nils Planzer said in a statement announcing the project. “We didn't just want to integrate automated technology into existing systems, we wanted to develop a completely new concept and a new business model.”
As the hours tick down toward a “seemingly imminent” strike by East Coast and Gulf Coast dockworkers, experts are warning that the impacts of that move would mushroom well-beyond the actual strike locations, causing prevalent shipping delays, container ship congestion, port congestion on West coast ports, and stranded freight.
However, a strike now seems “nearly unavoidable,” as no bargaining sessions are scheduled prior to the September 30 contract expiration between the International Longshoremen’s Association (ILA) and the U.S. Maritime Alliance (USMX) in their negotiations over wages and automation, according to the transportation law firm Scopelitis, Garvin, Light, Hanson & Feary.
The facilities affected would include some 45,000 port workers at 36 locations, including high-volume U.S. ports from Boston, New York / New Jersey, and Norfolk, to Savannah and Charleston, and down to New Orleans and Houston. With such widespread geography, a strike would likely lead to congestion from diverted traffic, as well as knock-on effects include the potential risk of increased freight rates and costly charges such as demurrage, detention, per diem, and dwell time fees on containers that may be slowed due to the congestion, according to an analysis by another transportation and logistics sector law firm, Benesch.
The weight of those combined blows means that many companies are already planning ways to minimize damage and recover quickly from the event. According to Scopelitis’ advice, mitigation measures could include: preparing for congestion on West coast ports, taking advantage of intermodal ground transportation where possible, looking for alternatives including air transport when necessary for urgent delivery, delaying shipping from East and Gulf coast ports until after the strike, and budgeting for increased freight and container fees.
Additional advice on softening the blow of a potential coastwide strike came from John Donigian, senior director of supply chain strategy at Moody’s. In a statement, he named six supply chain strategies for companies to consider: expedite certain shipments, reallocate existing inventory strategically, lock in alternative capacity with trucking and rail providers , communicate transparently with stakeholders to set realistic expectations for delivery timelines, shift sourcing to regional suppliers if possible, and utilize drop shipping to maintain sales.