United States/ regulatory/ C-TPAT Security Profile

C-TPAT Security Profile

Drafts a U.S. C-TPAT Security Profile for CBP submission covering physical, personnel, procedural, conveyance, and IT security domains. Use when preparing C-TPAT enrollment, certification, validation, or recertification profiles, or assembling a CBP-ready security narrative. Trigger: C-TPAT, CBP security profile, supply chain security, trusted trader, customs validation.

ID: us.regulatory.c-tpat-security-profile Version: 0.1.0 License: Apache-2.0 Author: CaseMark Language: en Added: 2026-05-27

Try via MCP GitHub

⬇ Download

C-TPAT Security Profile

Produces a CBP-ready C-TPAT Security Profile grounded in documented, verifiable practices aligned with CBP Minimum Security Criteria.

Gather Inputs

Corporate identifiers — legal name, EIN, DUNS, HQ, facility list, C-TPAT account/tier if enrolled
Supply chain map — roles (importer/broker/forwarder), trade lanes, origin countries, products, volume
Security governance — org chart, C-TPAT coordinator, reporting lines, authority
Policies & SOPs — physical, personnel, procedural, conveyance, IT security procedures
Risk assessment artifacts — methodology, frequency, recent assessments, mitigation plans
Training records — onboarding, refresher, role-based, attendance logs
Business partner vetting — questionnaires, audits, certifications, corrective actions
Incident logs — security events, seal discrepancies, investigations, remediation
Validation history — prior CBP validations, findings, corrective actions

Profile Sections

Draft each section using only verifiable, current practices. Never use future-tense promises.

1. Document Control

Version, date, preparer, approver, confidentiality marking.

2. Company Overview & Eligibility

Legal name, EIN, DUNS, HQ, facilities, C-TPAT account/tier, supply chain role, import volume, primary origins, product categories.

3. Governance & Organization

C-TPAT coordinator — name, title, authority, reporting line
Security team roles — physical, IT, compliance, operations
Executive sponsor and review cadence

4. Risk Assessment Method

Framework, frequency, trigger events, scope, risk scoring, documentation approach.

5. Physical Security

[ ] Perimeter controls (fencing, barriers, lighting)
[ ] CCTV coverage map and retention
[ ] Access controls for all zones
[ ] Visitor management
[ ] Loading dock controls
[ ] Alarm/monitoring response
[ ] Guard force staffing and training

6. Personnel Security

[ ] Pre-employment screening scope
[ ] Enhanced checks for sensitive roles
[ ] Contractor/temp worker controls
[ ] Security awareness training
[ ] Termination and access revocation procedures
[ ] Re-screening policy

7. Procedural Security & Supply Chain Integrity

[ ] Business partner vetting and re-assessment
[ ] Receiving procedures and discrepancy handling
[ ] Cargo storage access controls
[ ] Shipping documentation accuracy checks
[ ] Recordkeeping controls

8. Conveyance Security

Seven-point inspection for containers/trailers: front wall, left side, right side, floor, ceiling/roof, inside/outside doors, outside/undercarriage. Document with logs and photos. Apply equivalent protocols for rail/other modes.

9. Seal Control

[ ] High-security seals meet ISO 17712
[ ] Seal inventory control
[ ] Authorized applicators identified
[ ] Seal number logging
[ ] Verification at transfer points
[ ] Discrepancy escalation procedure

10. IT Security

Cover access control (MFA/RBAC), network security (firewalls/IDS/segmentation), data protection (encryption/backup/DR), patch management, and incident response.

11. Compliance & Continuous Improvement

[ ] Annual self-assessments
[ ] Corrective actions tracked with owners/dates
[ ] CBP updates monitoring
[ ] Training refresh cadence

12. Recordkeeping & Validation Readiness

[ ] Evidence repository organized and indexed
[ ] Retention periods documented
[ ] Validation visit readiness plan

13. Statement of Commitment

Include signature block: "[Company] affirms its commitment to maintaining C-TPAT security standards, continuous improvement, and full cooperation with CBP validation activities." With signature, title, and date lines.

14. Appendices

Org chart, facility diagrams, sample inspection/seal logs, training records, risk assessment summary.

Pitfalls

Unverifiable claims — never assert certifications or tier status without supporting documentation
Omitted facilities/lanes — profile must cover all facilities and trade lanes; gaps trigger CBP scrutiny
Inconsistency — cross-check facts across sections; contradictions undermine credibility
Uncertain citations — mark any unverified regulatory references with [VERIFY]
Confidentiality — align markings with company policy and CBP submission expectations

Related Skills

United States · regulatory

FDA 510(k) Premarket Notification

Drafts FDA 510(k) Premarket Notification submissions demonstrating substantial equivalence under 21 CFR Part 807. Supports Traditional, Special, and …

CaseMark 2026-05-27

United States · regulatory

Adverse Event Reporting Policy

Drafts an Adverse Event Reporting Policy compliant with 21 CFR 312.32 (IND safety reporting), 21 CFR 314.80 (postmarketing), and ICH E2A, with multi-…

CaseMark 2026-05-27

United States · regulatory

Client Advisory Summary

Drafts U.S. regulatory client advisory summaries translating legal developments into actionable risk and compliance guidance. Use when a client needs…

CaseMark 2026-05-27

United States · regulatory

AML Compliance Program

Drafts board-ready Anti-Money Laundering compliance programs for U.S. financial institutions under BSA/FinCEN requirements. Covers CIP, CDD, EDD, SAR…

CaseMark 2026-05-27

United States · regulatory

Annual Report for State Charity Bureau

Generates a cross-referenced U.S. nonprofit annual filing package for state charity-bureau registration. Produces Full Compliance Package, Form-Field…

CaseMark 2026-05-27