Archive for the ‘C-TPAT’ Category

Avoiding Pitfalls When Conducting Foreign Supply Chain Security Audits

Thursday, April 15th, 2010

 by Barry Brandman

 Here are two reasons why supply chain security should be taken seriously:

 1. If your safeguards look considerably better on paper than they work in reality, your company faces the risk of having illegal narcotics or a weapon of mass destruction smuggled into the United States via one of your shipments.

 2. The other risk you face is that when C-TPAT inspectors validate your foreign suppliers and logistics providers, they may find your controls woefully inadequate and lower your tier level or even remove you from the C-TPAT program.

If you want to protect your import shipments from theft, smuggling and terrorism, you’ll need to have a diligent auditing process in place. Aside from it being a C-TPAT requirement, it’s also one of the most critical components of your security program.

One of the primary objectives when performing a comprehensive security audit is to separate fact from fiction.

Prior to conducting one of our C-TPAT compliance audits at a foreign distribution center, we had been assured that all their security controls were being diligently followed and our client’s product was extremely well protected.

Prior to our arrival, this consolidator had informed us that they had complete video coverage throughout their facility, tight control over inbound and outbound goods and that our clients’ product was always kept in a highly secured segregated area.

What we observed however was quiet different. Not only were the CCTV camera views providing terrible clarity, but our client’s goods were not being monitored from the time they were taken off an inbound truck to the time they were eventually reloaded for transport to the Hong Kong seaport. There were numerous “blind spots” where our client’s product could have been tampered with and completely avoided observation by their video system

We found that their digital hard drive was much too small, only archiving recorded video for 7 days – an inadequate period of time in the event that a post event investigation was required in the future.

We also exposed loopholes with their cargo handling practices. Inbound truck security seals for example, were being removed by anyone working on the receiving dock rather than by more senior personnel (which is what their policy called for). Consequently, we found that many workers did not take the time to verify that the seal number on an arriving truck matched the manifest (another major policy violation).

We also found that the seals used on outbound trucks were left exposed in an open box on the shipping dock, fully accessible to all employees, vendors and outside truckers. Because the shipping crew didn’t use seals in numerical sequence, these exposed seals could have been stolen and then reattached to a truck’s cargo doors after a driver left their facility.

Insofar as our client’s product being segregated “in a highly secured area”, we observed that the fencing was only 8’ high and had no ceiling to protect against employees simply climbing over it. We also found that  the keypad code to this area hadn’t been changed in nearly nine months and was known to most of the workforce (including those without clearance to this area). Additionally, we determined that the alarm system was only being armed at the end of each workday, even when there was no work being performed in this area for hours at a time.

These issues, as well as an array of other security loopholes that were exposed, were promptly addressed and remedied. However, had this audit not been performed, our client’s risk factor would have remained unnecessarily high.

Training is another important component, yet it’s frequently not provided when an on site assessment is performed. During a recent C-TPAT training program we conducted for a foreign manufacturer, we asked if anyone knew whether bolt seals could be circumvented. Ninety percent of those in attendance responded that it was impossible to manipulate them. The problem here is that bolt seals can in fact be circumvented a number of ways and if those responsible for seal integrity think they’re foolproof, they’ll never recognize and expose breaches when they do occur.

When evaluating the quality of a foreign site’s security program, it’s’ also important to avoid “getting lost in the translation.” Because C-TPAT focuses on imports, working with foreign companies is commonplace.

Cultural differences and language barriers can result in misleading responses and faulty conclusions. It’s for this reason that we deliberately ask the same questions several times (although they are worded differently) in our supply chain security questionnaires sent out to foreign suppliers and logistics providers. When respondents answer yes on page one and no on page five to the same question, we know that they either didn’t understand what we were asking or weren’t providing us with accurate responses.

It’s also a good idea to confirm questionnaire responses through follow up e-mails and conference calls. More often than not, we receive feedback that differs from many of the original answers that were provided to us.

Is it a case of some foreign firms wanting to look more secure than they really are for their U.S. based customers? Or, did the respondents have different interpretations of words or phrases, resulting in inaccurate feedback?

Whatever the reason, you can’t afford to be inadvertently or deliberately misled if you want to know that your supply chain is in fact as secure as it needs to be.

Posted in C-TPAT, Home, Supply Chain Security | No Comments »

Annual C-TPAT Conference

Friday, March 26th, 2010

by Barry Brandman

Last week I attended the Customs-Trade Partnership Against Terrorism annual conference in Anaheim, California. This much anticipated event sold out within hours of being announced on the Customs & Border Protection website.

This annual conference not only provides certified member companies with the opportunity to learn about the state of the program and interact with senior government officials, but also receive a briefing about changes that will be taking place with the C-TPAT program.

The roster of speakers was impressive, and included David Aguilar, the acting Deputy Commissioner of U.S. Customs & Border Protection, Bradd Skinner, Director of the C-TPAT program, Kevin Weeks, Director of Field Operations for CBP’s Los Angeles office, as well as Richard Dinucci, CBP’s Director of Cargo Control. Director Skinner discussed an array of topics, including the C-TPAT program’s growth, up 7.8% in 2009 and expected to exceed 10,000 member companies this year.

Conference sessions also featured speakers from the private sector, who provided insight from the industry perspective.

I was asked to give a presentation on “Tools, Technologies and Processes – Innovative Industry Solutions to Security Challenges.” I focused on areas within the foreign supply chain where we have uncovered significant risk and gave specific examples of why many corporate security programs look much better on paper than they actually operate on a day-to-day basis. I also explained several of the most important safeguards of a world class supply chain asset protection program, including how to design state-of-the-art intrusion detection and video systems, as well as how to get the most from GPS tracking technology and cargo security Best Practices.

There is no question that the C-TPAT program has become respected worldwide, with many countries developing their own supply chain security programs modeled on C-TPAT standards. Other countries like Japan, Canada and Jordan have already entered into mutual recognition programs with the United States, which is beneficial for the government as well as the trade community.

I believe that C-TPAT is a critical component of our homeland security efforts. This government–industry cooperative program proves that when these two sectors work together effectively towards a common objective, very significant results can be achieved.

Posted in C-TPAT, Home, Supply Chain Security, Uncategorized | No Comments »

2010 Supply Chain Security Webinar

Thursday, February 25th, 2010

by Barry Brandman

Today, I participated as a guest speaker for the 2010 Supply Chain Security Webinar.

This program focused on strategies for minimizing supply chain security risk, a growing concern for manufacturers, distributors, and transportation companies. Along with myself, experts from Cisco, Powers International, Customs & Trade Solutions, Accenture, as well as the National Custom Brokers & Forwarders Association and the Air Forwarders Association gave presentations.

My session was entitled, “Are Your Profits Quietly Being Stolen – What Every Supply Chain Company Should Know.” One of the areas I focused on was seven of the biggest myths about distribution center security. I explained why, for example, common misconceptions such as “If we sustain a theft due to a faulty intrusion detection system, our alarm company will be responsible” and “Our camera system will keep our workers honest” have caused companies significant loss.

I also explained some of the essential components of a successful loss prevention program and why it’s so important to realistically assess your safeguards so you can uncover weaknesses before others have the opportunity to exploit them.

One of the ever present concerns for logistics executives is collusion between inside personnel and truckers. With cargo crime estimated between $20-40 billion a year, companies are eager to learn which methods and technologies can effectively prevent and detect this type of criminal activity. As a result, I made it a point to provide some proactive solutions that have dramatically reduced this costly problem for many of our clients.

Posted in Blue Collar Crime, C-TPAT, Home, Supply Chain Security, Uncategorized | No Comments »

A 9/11 Reality Check: Is Your Supply Chain Really Secure & C-TPAT Compliant?

Friday, September 11th, 2009

by Barry Brandman

During a recent trip to mainland China, I inspected the security at a large manufacturing complex on behalf of a client. Prior to my arrival, I had been advised by one of their U.S. based Vice Presidents that he was confident I would not find anything lacking because they had just undergone “an official” supply chain security audit by a local compliance company who gave them an outstanding evaluation.

After conducting my assessment of this facility, I advised their on site management team that their security policies, procedures and technology were not even close to being C-TPAT compliant. I explained for example, that their personnel were not conducting proper container inspections prior to loading exports destined for the States, and that their finished goods department (which consisted of a building without doors), had product staged for hours at a time with no monitoring of any kind. They also were not bothering to place security seals on their loaded export containers until they reached the Hong Kong border (a two hour trip from their site). Consequently, their U.S. bound shipments, as well as the containers they used, had no real chain of custody.

They asked me to read the report they had received from this compliance company and give them my thoughts. I pointed out an array of observations and conclusions in the report that were factually inaccurate. They agreed that the report had limited value and admitted that the people who conducted the audit didn’t appear to know much about supply chain security. The weaknesses I had uncovered they said, were not examined or discussed during that audit. Yet, they were advised that they were successfully meeting C-TPAT criteria and awarded with an excellent numerical rating.

Is this an uncommon occurrence? Unfortunately, it’s not. After the C-TPAT program came into existence, it didn’t take long for a number of companies with little or no core competency in asset protection to magically transform themselves into supply chain security experts overnight. Despite the fact that they possessed scant knowledge of security technology and many had never conducted investigations into inventory theft, cargo crime, sabotage, fraud, smuggling or workplace substance abuse, these “experts” began aggressively advertising to overseas companies, promising them C-TPAT complaint security programs. 

Some have even taken it a step further. During an audit at a Hong Kong consolidator, the general manager took me into his private office and proudly displayed their C-TPAT membership certificate hanging on the wall. When I asked if his company had any presence in the United States he replied no. Upon closer examination of his certificate, it was apparent that the certificate had not been produced by U.S. Customs and Border Protection.

I then proceeded to review their physical and procedural security safeguards and found them deficient in a number of areas. I explained that his loss prevention program required a good deal of improvement, and began discussing needed remedial action. He replied that if his security was inadequate, why was it that he was granted C-TPAT certification? At that point, I broke the bad news that his certificate was not legitimate and that his business entity wasn’t even eligible for C-TPAT membership. He was clearly shaken and replied, “But I paid over $6000 U.S. to this firm to become a member!”

Motivated by the opportunity to turn a quick dollar, a number of firms continue to prey on uninformed companies who have a sincere desire to either join the C-TPAT program or become C-TPAT compliant.

This problem transcends how I personally regard the ethics of these firms guilty of misrepresentation. Far more important are the significant risks that are created by companies that are performing superficial audits and providing bogus certifications.

Experts agree that the most vulnerable links in the supply chain are usually found on foreign soil. These are the likely places where terrorists will attempt to smuggle a chemical, biological or nuclear weapon inside a carton, pallet, container or trailer, which will then be sent to the United States. This is why Customs and Border Protection sends out C-TPAT Supply Chain Security Specialists who perform foreign validations every three years.

While these formal validations serve an important purpose, they typically only provide CBP with a very limited glimpse of an importer’s supply chain. The C-TPAT representatives may only have the opportunity to evaluate less than 10% of an importers entire network.

As previously stated, these validations only take place once every three years, a time frame where a company’s security program can easily develop gaping holes.

Plus, the C-TPAT validation team will always provide advance notice when they will be arriving and what facilities they intend to inspect. Consequently, when they are on site they may not be seeing a true representation of how the protective safeguards really operate on a day to day basis.

This is why CBP mandates that C-TPAT certified companies must conduct comprehensive self assessments of their supply chain security. These audits should identify weaknesses, recommend solutions to strengthen those areas that are vulnerable, as well as provide awareness training for key personnel. These audits should also result in detailed action plans, complete with time tables for completion of the needed remedial work.

However, when these audits consist of little more than individuals with questionable experience and expertise merely “pencil-whipping” generic checklists, this process becomes little more than a meaningless exercise.

Despite having significant vulnerabilities in their asset protection controls, after receiving these superficial audit reports and bogus certifications, foreign companies oftentimes then operate under the assumption that their supply chains are extremely secure. This false sense of security can be compared to wearing a defective bullet proof vest that won’t stop a 38 caliber round. While you may feel well protected, when actually tested the consequences could prove catastrophic.

U.S. importers cannot afford to rely on cosmetic, ineffective security programs. The first time their supply chain is victimized may not only lead to the suspension or revocation of C-TPAT membership, but could also result in significant financial loss, irreparable harm to their reputation, and most concerning, the opportunity for another major act of terrorism inside the United States. As we reflect on 9/11, let us remain committed to never allowing history to repeat itself.

Posted in C-TPAT, Supply Chain Security | No Comments »