I’ve recently returned from a visit to our offices in China where I was able to attend a C-TPAT audit with our Supplier Development Manager, Jean Champlain.
A C-TPAT audit isn’t quite as common as a general QMS or ISO 9001 evaluation, but the information generated has significant value when you understand the scope.
“C‐TPAT (Customs-Trade Partnership Against Terrorism) seeks to safeguard the world’s vibrant trade industry from terrorists, maintaining the economic health of the U.S. and its neighbors. The partnership develops and adopts measures that add security but do not have a chilling effect on trade, a difficult balancing act.”
When we go on-site for a security audit, here’s the agenda:
- Opening Meeting
- Initial Factory Tour
- General Information
- Size of the factory, number of employees, hours of operations, shift details, etc.
- Business Partner Requirements
- Status as C-TPAT member, contracted carriers, etc.
- Container / Trailer Requirements
- Procedures to verify physical integrity, storage, seals, etc.
- Personnel Security
- Pre-employment verification, criminal background checks, identification, etc.
- Procedural Security
- Procedures, accuracy, delivery, etc.
- Physical Security
- Schedule, protective barriers, building construction, inspections, logs, alarms, etc.
- Information Technology Security
- Automated systems, passwords, policies, training, etc.
- Security Training & Threat Awareness
- Programs, frequency, confidentiality, etc.
- Closing Meeting (Review)
The factory is notified in advanced and requested to have all written procedures and examples of supporting documentation readily available for each question. We ask that individual questions be assigned to various departments/individuals within the company. All elements are evaluated based on what is done for the client’s parts/products regardless of what is done for other customers. The score for each question is assessed according to the following:
- Have the processes requiring control been identified and established?
- How is the quality system documented, and are the processes appropriately described in the procedures?
- Have the procedures been implemented and maintained as documented?
- Are the procedures effective in providing the required results?
Complies with requirements: Has objective evidence to support the question, and has a written procedure (when required).
Improvement needed: Has objective evidence but procedure needs improvement, or maybe no written procedure or lacking objective evidence to support the question.
Non-conformance: No objective evidence to support the question (regardless of procedure) or lacking some objective evidence and no written procedure.
The score is based on the percent of questions that conform to requirements, percent that needs improvement and percent that have a major non-conformance.
The factory I visited with Champlain was quite organized, and our auditor carefully went through everything and completed a detailed checklist that relates to each item. Several representatives from the factory presented evidence and answered questions throughout the day. During the closing meeting, we reviewed the findings and discussed a few points for corrective action.
Improvement plans include:
- Detailed description of action plan
- Name of person responsible for improvement activity
- Date when the improvement will be completed
In the end, C-TPAT reviews all aspects of the manufacturer’s security management system and provides invaluable feedback that is used in sourcing decisions. Ask us for an example report, or let us know if you have questions or want to schedule an audit!