The U.S. Customs and Border Protection, a division of the Department of Homeland Security, operates the Customs-Trade Partnership Against Terrorism, or C-TPAT. The purpose of the C-TPAT program is to verify that companies have adequate security measures in place in their supply chain to prevent terrorists or their weapons from entering the United States. The C-TPAT audit checklist gives companies a list of processes that may be vulnerable to terrorist infiltration.
Facilities that wish to receive a C-TPAT certification must show that they have security plans in place. Companies can fail to receive a certificate if they lack a documented security improvement action plan or if they do not update their procedures for improving their facility security on a regular bases. Companies also must outline potential security vulnerabilities and any relevant actions they plan to take to eliminate those vulnerabilities.
The C-TPAT audit checklist also helps companies verify that they have adequate checks in place on their personnel. Processes can include background checks on job applicants, including criminal background checks, verification of employment history and contacting previous employers and references. Other procedures include employee training on security measures, establishing processes for the disbursement and retrieval of employee identification cards and the display of a written list of security policies.
The physical security checklist allows facility managers to assess the steps the company takes to restrict hands-on access to its materials. Physical security procedures can range from access to locks and gates to the installation and monitoring of surveillance cameras and alarm systems. The checklist also includes examining the facility for signs of disrepair. For instance, a damaged container may leak toxic chemicals, while a damaged fence may allow easier access to thieves or terrorists.
While companies rely on corporate databases to track their customers, vendors and internal processes, these systems are also vulnerable to attack from terrorists, identity thieves and anarchist hackers. The C-TPAT checklist gives companies guidelines in checking their information security measures. These procedures include how the company disburses its passwords, the installation of software and hardware tools to prevent unauthorized access and its methods for recovering lost or stolen data.