CTPAT Risk Assessment Policy
The facility conducts an overall risk assessment (RA) to identify where security vulnerabilities may exist to identify threats, assess risks, and incorporate sustainable measures to mitigate vulnerabilities.
The overall risk assessment (RA) is made up of two key parts.
- The first part is a self-assessment of supply chain security practices, procedures, and policies within the facilities that it controls to verify its adherence to CTPAT’s minimum-security criteria and an overall management review of how it is managing risk.
- The second part of the RA is the ctpat risk assessment which conducted by Five Step Risk Assessment guide which will be documented or map the movement of cargo throughout its supply chain from the point of origin to the importer’s distribution center. Also in mapping, all business partners’ involvement will be included in both directly and indirectly in the exportation/movement of the goods. This portion of the RA includes the identification of geographical threat(s) based on the Member’s business model and role in the supply chain. The Method of leveling risk between low, medium, and high will be used to look at the possible impact of each threat on the supply chain.
- Cargo moves in and out of transport facilities and noting if the cargo is “at rest” at one of these locations for an extended period of time will be included.
- The facility conducts and documents the amount of risk in supply chains (current business partners like material suppliers, manufacturers, logistics service providers and service providers like as contractors and seasonal employees if any) on a regular basis. Also, conduct and document when selecting a new business partner in supply chains. When developing a process to map supply chains, high-risk areas are the first to be considered. When documenting the movement of all cargo, the facility will consider all applicable involved parties – including those who will only be handling the import/export documents such as customs brokers and others that may not directly handle the cargo but may have operational control such as Non-Vessel Operated Common Carriers (NVOCCs) or Third-Party Logistics Providers (3PLs). If any portion of the transport is subcontracted, this will also be considered because the more layers of indirect parties, the greater the risk involved.
- CTPAT Risk assessments will be reviewed quarterly, or more frequently as risk factors dictate.
