The Customs-Trade Partnership Against Terrorism (CTPAT) rolled out the onset of virtual validations earlier this year. So what does this mean for member companies?
We received a tremendous amount of questions regarding the new structure and best practices during our Preparing for Virtual Validation Webinar last month. Our team of Former CTPAT Supply Chain Security Specialist collaborated with CBP Officials and CTPAT Directors to provide you with the essential answers and background knowledge to start preparing for your upcoming validation. Here’s all you need to know:
What personnel need to attend a CTPAT virtual validation?
It is recommended that a representative from each necessary department be present during the validation. By doing this, the department head is able to answer any questions relevant to their department. The department heads should be present during the entire validation and log in on their own device to minimize background noise and distractions.
Is the virtual validation just the CTPAT Security Profile?
During the validation, your SCSS will verify that the information you have submitted for your CTPAT security profile has been implemented into the company. To ensure implementation, CBP will ask to see documentation of your company’s processes and procedures. Further, you SCSS will verify relevant logs, ID, seals, and other relevant along with historical documents during the validation. This is best achieved through screen sharing but can also be done by simply holding up relevant documents to the camera. The most important thing is to make sure that one way or another you are prepared to share relevant documents in a timely fashion during the virtual validation.
What is different between preparing for a virtual validation from a classic, "normal" validation?
One of the main differences in preparation for a virtual validation versus an in-person validation is the preparation for a virtual validation is much more thorough. When preparing for a virtual validation, communicate/agree on the meeting platform with CBP, test the platform, have all recent and historical documents available, request a validation agenda, and performing a walk-through of the validation process with the agenda. The other best practice is assigning a company lead to serve as the main conduit and ideally allow for all your company participants to call in from their own office/device as it is easier to control the conversation (microphones) this way. It is not required for you to provide videos and photos of your company’s processes; however, it is recommended. Pre-recording videos or taking photos of key areas such as loading docks, main entrance, and employee access points will provide CBP with a first-hand perspective of your facility.
What is the difference between the Annual CTPAT Security Check and the Validation?
The main difference between the annual security check and the virtual validation is that the virtual validation is used to ensure that the information you have submitted within your security profile is implemented into your company’s procedures and processes. Your SCSS will verify this by asking to see documentation of your company’s processes and procedures. Further, you SCSS will verify relevant logs, ID, seals, and other relevant along with historical documents during the validation. This is best achieved through screen sharing but can also be done by simply holding up relevant documents to the camera.
I just accepted a new position that will include CTPAT and virtual validations. Can you give examples? Best Practices? Anything that will help a "newbie" on this issue?
Many of the best practices for virtual validations lie within preparation. A few of these include communicating your company’s streaming platform to CBP, testing the platform, having all recent and historical documents available, requesting a validation agenda, and performing a walk-through of the validation process with the agenda. The other best practice is assigning a company lead to serve as the main conduit. If you are concerned about your company’s upcoming validation, CT Strategies offers a virtual validation support service where former CTPAT Supply Chain Security Specialists and Directors will review your security profile, perform a mock validation, work with you to fill any gaps in your security that might lead to a failed validation, and support you through attendance at your CTPAT validation to provide live support in case of unexpected issues. We also offer CTPAT courses that are designed to guide member through various aspects of the program.
Where are you seeing the most gaps in security process improvements?
The new MSC sections are giving companies the most problems, importers more than any other entity type. The new MSC sections include Security Vision & Responsibility, Cybersecurity, and Agriculture Security. To demonstrate your company’s commitment to Security Vision & Responsibility, CTPAT knowledge should flow from the top-down. As for Agriculture Security, it needs to be incorporated into 7/17-point inspection and business partner vetting procedures. All MSC sections must include evidence of implementation for your company’s processes and procedures. We recommend implementing CTPAT MSC training to thoroughly understand what the New MSC means for your company.
What practices will be audited? Is there any documentation we need to present prior to the Audit?
During the validation, your SCSS will verify that the information you have submitted for your CTPAT security profile has been implemented into the company. To ensure implementation, CBP will ask to see documentation of your company’s processes and procedures. Further, you SCSS will verify relevant logs, ID, seals, and other relevant along with historical documents during the validation. This is best achieved through screen sharing but can also be done by simply holding up relevant documents to the camera. The most important thing is to make sure that one way or another you are prepared to share relevant documents in a timely fashion during the virtual validation.
Since the validation is done by the SCSS what is CT Strategies role in validations? We did not have an outside support company involved in our validation.
CT Strategies is a dynamic small business that provides strategic consulting services to revolutionize border management operations around the world. Our network of global trade and customs experts offers innovative solutions to complex cross-border challenges. Because of our extensive CTPAT expertise, with over 50 years of CTPAT experience in our company, we offered to host the Webinar to assist CBP with providing valuable information about Virtual Validations to CTPAT members. Additionally, we have been performing virtual validations for an Authorized Economic Operator (AEO) program where we have been able to identify best practices in this space. We also offer a virtual validation support service where former CTPAT Supply Chain Security Specialists and Directors will review your security profile, perform a mock validation, work with you to fill any gaps in your security that might lead to a failed validation, and support you through attendance at your CTPAT validation to provide live support in case of unexpected issues.
Will first time CTPAT validations be done physically or virtually?
For new CTPAT members, a validation will be conducted in-person. After having your first in-person validation, subsequent validations can be performed virtually based on risk.
Are there any pitfalls in virtual validations? In your experience, what is needed to be improved in the process?
The weak part is the obvious difference which is that the SCSSs cannot physically walk around your facility to get a first-hand perspective. The CTPAT program is mitigating this by only conducting virtual validations on companies which they have deemed (through their internal risk assessment process) to be of lower risk. No virtual environment can truly replace an in-person visit but through good coordination and preparedness, a virtual validation can be quite comprehensive and successful.
My CTPAT validation is coming up. What are the basic things that I should prepare with?
There are a number of ways you can prepare for a virtual validation, a few of these include communicating/agreeing on the meeting platform with CBP, testing the platform, having all recent and historical documents available, requesting a validation agenda, and performing a walk-through of the validation process with the agenda. The other best practice is assigning a company lead to serve as the main conduit and ideally allow for all your company participants to call in from their own office/device as it is easier to control the conversation (microphones) this way. It is not required for you to provide videos and photos of your company’s processes; however, it is recommended. Pre-recording videos or taking photos of key areas such as loading docks, main entrance, and employee access points will provide CBP with a first-hand perspective of your facility.
If our company is already validated, can it still be requested to do the virtual validation? is this needed? or will it be requested for the next renewal process?
If your company has already had an in-person validation, it is possible for you to request a virtual validation. However, determining which companies will be validated in-person will occur on a case-by-case basis and based on CTPAT’s risk assessment. In the future, virtual validations will remain an important tool for CTPAT. While the shift will occur back to in-person validations in many cases, for low risk or smaller companies, virtual validations are likely to remain the reality. You should contact your designated SCSS to determine how the recent changes may affect your company.
How does the on site walkaround work in the virtual validation?
There are several ways this could occur. If you have CCTV cameras that you can give a Supply Chain Security Specialist (SCSS) access to during virtual validation this is an easy and convenient option. Otherwise, we recommend creating a video of the facilities to play during the validation, as well as providing blueprints and any other images that you think may be relevant. You could also utilize a mobile camera to physically walk through the facility during virtual validation, but we strongly recommend that you prepare ahead of time with a more time-efficient option.
Do we need to submit documents while in the meeting or after meeting?
Documentation of processes and procedures should be submitted into the security profile prior to the validation. During the validation, CBP will also ask to see a variety of documents to ensure that the information in your security profile is being implemented into the company. Your SCSS will verify relevant logs, ID, seals, and other relevant along with historical documents during the validation. This is best achieved through screen sharing but can also be done by simply holding up relevant documents to the camera. The most important thing is to make sure that one way or another you are prepared to share relevant documents in a timely fashion during the virtual validation.
When virtual validation, do we have to show video or picture of the facility?
It is not required for you to provide videos and photos of your company’s processes; however, it is recommended. Pre-recording videos or taking photos of key areas such as loading docks, main entrance, and employee access points will provide CBP with a first-hand perspective of your facility.
Will the CTPAT virtual inspection of our foreign partner be conducted with language translator support?
If there is a language barrier, your company should organize to have a translator present during the validation. The language barrier should also be communicated to your SCSS prior to the validation. Ensure that CBP is aware that you will be using a translator throughout the assessment.
How will the virtual validations be scheduled?
Validations will be scheduled through your designated SCSS. You will first receive a letter providing you with notice of your validation. Following the letter, your SCSS will reach out and provide your company with details regarding date and time of the validation.
Will there be a capability to have participants in the validation attend virtually from different offices?
Yes, during the virtual validation you can have employees attend virtually from different offices. All participants should join on their own device, even if they are located in the same office. Additionally, it is recommended that a representative from each relevant department be present.
Now that C-TPAT and PIP can be harmonized will one validation take care of both?
The short answer is, yes. PIP is also conducting virtual validations but at a slower pace than CTPAT is. You should contact your assigned CTPAT SCSS for more information.
If you are concerned about your company’s upcoming validation, CT Strategies offers a virtual validation support service where former CTPAT Supply Chain Security Specialists and Directors will review your security profile, perform a mock validation, work with you to fill any gaps in your security that might lead to a failed validation, and support you through attendance at your CTPAT validation to provide live support in case of unexpected issues. We also offer CTPAT courses that are designed to guide member through various aspects of the program.
