--- name: c-tpat-security-profile title: C-TPAT Security Profile description: 'Drafts a U.S. C-TPAT Security Profile for CBP submission covering physical, personnel, procedural, conveyance, and IT security domains. Use when preparing C-TPAT enrollment, certification, validation, or recertification profiles, or assembling a CBP-ready security narrative. Trigger: C-TPAT, CBP security profile, supply chain security, trusted trader, customs validation.' author: CaseMark author_url: https://github.com/CaseMark/skills/tree/main/skills/legal/c-tpat-security-profile license: Apache-2.0 version: 0.1.0 execution_mode: open jurisdiction: us practice: regulatory language: en --- # C-TPAT Security Profile Produces a CBP-ready C-TPAT Security Profile grounded in documented, verifiable practices aligned with CBP Minimum Security Criteria. ## Gather Inputs 1. **Corporate identifiers** — legal name, EIN, DUNS, HQ, facility list, C-TPAT account/tier if enrolled 2. **Supply chain map** — roles (importer/broker/forwarder), trade lanes, origin countries, products, volume 3. **Security governance** — org chart, C-TPAT coordinator, reporting lines, authority 4. **Policies & SOPs** — physical, personnel, procedural, conveyance, IT security procedures 5. **Risk assessment artifacts** — methodology, frequency, recent assessments, mitigation plans 6. **Training records** — onboarding, refresher, role-based, attendance logs 7. **Business partner vetting** — questionnaires, audits, certifications, corrective actions 8. **Incident logs** — security events, seal discrepancies, investigations, remediation 9. **Validation history** — prior CBP validations, findings, corrective actions ## Profile Sections Draft each section using only verifiable, current practices. Never use future-tense promises. ### 1. Document Control Version, date, preparer, approver, confidentiality marking. ### 2. Company Overview & Eligibility Legal name, EIN, DUNS, HQ, facilities, C-TPAT account/tier, supply chain role, import volume, primary origins, product categories. ### 3. Governance & Organization - C-TPAT coordinator — name, title, authority, reporting line - Security team roles — physical, IT, compliance, operations - Executive sponsor and review cadence ### 4. Risk Assessment Method Framework, frequency, trigger events, scope, risk scoring, documentation approach. ### 5. Physical Security - [ ] Perimeter controls (fencing, barriers, lighting) - [ ] CCTV coverage map and retention - [ ] Access controls for all zones - [ ] Visitor management - [ ] Loading dock controls - [ ] Alarm/monitoring response - [ ] Guard force staffing and training ### 6. Personnel Security - [ ] Pre-employment screening scope - [ ] Enhanced checks for sensitive roles - [ ] Contractor/temp worker controls - [ ] Security awareness training - [ ] Termination and access revocation procedures - [ ] Re-screening policy ### 7. Procedural Security & Supply Chain Integrity - [ ] Business partner vetting and re-assessment - [ ] Receiving procedures and discrepancy handling - [ ] Cargo storage access controls - [ ] Shipping documentation accuracy checks - [ ] Recordkeeping controls ### 8. Conveyance Security Seven-point inspection for containers/trailers: front wall, left side, right side, floor, ceiling/roof, inside/outside doors, outside/undercarriage. Document with logs and photos. Apply equivalent protocols for rail/other modes. ### 9. Seal Control - [ ] High-security seals meet ISO 17712 - [ ] Seal inventory control - [ ] Authorized applicators identified - [ ] Seal number logging - [ ] Verification at transfer points - [ ] Discrepancy escalation procedure ### 10. IT Security Cover access control (MFA/RBAC), network security (firewalls/IDS/segmentation), data protection (encryption/backup/DR), patch management, and incident response. ### 11. Compliance & Continuous Improvement - [ ] Annual self-assessments - [ ] Corrective actions tracked with owners/dates - [ ] CBP updates monitoring - [ ] Training refresh cadence ### 12. Recordkeeping & Validation Readiness - [ ] Evidence repository organized and indexed - [ ] Retention periods documented - [ ] Validation visit readiness plan ### 13. Statement of Commitment Include signature block: "[Company] affirms its commitment to maintaining C-TPAT security standards, continuous improvement, and full cooperation with CBP validation activities." With signature, title, and date lines. ### 14. Appendices Org chart, facility diagrams, sample inspection/seal logs, training records, risk assessment summary. ## Pitfalls - **Unverifiable claims** — never assert certifications or tier status without supporting documentation - **Omitted facilities/lanes** — profile must cover all facilities and trade lanes; gaps trigger CBP scrutiny - **Inconsistency** — cross-check facts across sections; contradictions undermine credibility - **Uncertain citations** — mark any unverified regulatory references with `[VERIFY]` - **Confidentiality** — align markings with company policy and CBP submission expectations ---