Maintaining and improving CTPAT compliance

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.

October 5, 2023 - In our fourth installment, titled CTPAT training, we focus on the mandatory Customs-Trade Partnership Against Terrorism (CTPAT) security training requirements for employees, including security awareness, instruction on adhering to CTPAT security guidelines, and familiarization with the organization's security policies and procedures.

As we continue with part five of our series, we’ll highlight maintaining compliance with the program's guidelines and cover tips and tricks for the revalidation process including:

  • Virtual and in-person revalidation.
  • How to prepare for a revalidation.
  • What to expect during a revalidation.
  • What types of practices companies should have in place to achieve Tier III status.

As globalization continues to increase, supply chain security has become a critical issue for companies worldwide. CTPAT is a voluntary program created by US Customs and Border Protection (CBP) to improve the security of the supply chains of participating organizations. The CTPAT program offers benefits such as expedited processing of cargo, reduced inspections, and enhanced relationships with CBP. However, to maintain these benefits, companies must adhere to the program's guidelines and undergo a revalidation process every few years.


The CTPAT revalidation process typically occurs every four years and involves a review to determine whether a company's supply chain security practices meet the program's guidelines. The revalidation process includes:

  • An application.
  • A security profile review.
  • Domestic and international site visits.

The site visits may be conducted virtually or in person depending on the company's location, size, and other factors. BSI has seen an increase in virtual validation visits for international sites, especially for companies that have Tier III certification in the CTPAT program. Companies must demonstrate that they are adhering to the program's guidelines, including maintaining effective security practices, maintaining accurate and complete documentation, and monitoring and reporting any security-related incidents.

Noncompliance can result in the loss of program benefits, including expedited processing of cargo and reduced inspections, which can lead to delays and increased costs.


To prepare for revalidation, companies should:

  • Find out whether there have been any changes or updates to the program's guidelines.
  • Undergo a comprehensive review of their supply chain security practices and documentation to ensure that they align with those guidelines.
  • Identify any potential gaps and take immediate steps to address them.
  • Work with the site or sites selected for evaluation to ensure that they are prepared.
  • Finally, communicate with supply chain partners to ensure a clear understanding of the program's requirements to verify their compliance.

Virtual revalidation

During a virtual revalidation, companies should be prepared to demonstrate adherence to the program's guidelines through documentation and interviews and have all relevant documentation readily available and accessible during the virtual site visit. BSI has found that there is greater emphasis on security-related documentation, such as visitor and driver logs, trailer and container inspection logs, and seal logs, during virtual validations.

Additionally, companies should ensure that the appropriate personnel are available for interviews and can answer questions related to their supply chain security practices.

Tier III

To achieve Tier III status, the highest level of CTPAT participation, companies should have robust supply chain security practices in place. These practices should include security risk assessments, security training, and security protocols for suppliers and partners. Companies should also monitor and report any security-related incidents and have procedures in place to address them promptly. BSI encourages CTPAT members to highlight best practices, including the use of software to automate the assessment process, to CBP during their revalidation. Use of BSI’s SCREEN software has been cited as a best practice during CTPAT validations and revalidations.

Maintaining compliance with the CTPAT program's guidelines is critical to maintaining program benefits.

In part six, the final installment of our CTPAT series, BSI’s Security & Resilience experts will focus on best practices and cover some of the key strategies that successful CTPAT participants have used to enhance their supply chain security and streamline operations and provide recommendations for organizations on how to implement these best practices.

Also read our Supply Chain Risk Insights Report series as Tony Pelli weighs in on the benefits of supplier diversification to reduce risks within your supply chain. Catch up on the entire series with part one: What is CTPAT and what are its benefits.

For more BSI insights on other EHS and Digital Trust topics, visit our Experts Corner. For real-time updates on top supply chain issues, register for BSI’s Connect SCREEN tool; this platform provides daily analysis on the latest and most relevant global supply chain trends.