1 / 28

C-TPAT

C-TPAT. WHAT IS C-TPAT?. Customs-Trade Partnership Against Terrorism (C-TPAT) C-TPAT is a joint government-business initiative to build cooperative relationships that strengthen overall supply chain and border security. SUPPLY CHAIN SECURITY: MISSION.

shania
Download Presentation

C-TPAT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. C-TPAT

  2. WHAT IS C-TPAT? Customs-Trade Partnership Against Terrorism (C-TPAT) C-TPAT is a joint government-business initiative to build cooperative relationships that strengthen overall supply chain and border security.

  3. SUPPLY CHAIN SECURITY: MISSION • Ensure global security efforts are compliant with various regulations helping to protect NOL’s people, assets, brand name, and competitive position. • Influence regulatory direction by playing an active role with various industry groups. • Support both corporate and regional efforts to meet security requirements in a cost-effective manner. • Communicate the importance of security both internally and externally.

  4. C-TPAT FACTS • Over 1,000 companies are certified • Status is maintained through account manages assigned by Customs & Border Protection • C-TPAT affords opportunities for expedited customs clearance and also becomes a competitive issue for importers

  5. INFOSEC MISSION STATEMENT Information Security's mission is to protect NOL Group company assets, our reputation, our people, our clients, and our vital business information and processes by identifying risks and working collaboratively to design and implement secure computing solutions.

  6. RESPONSIBILITIES • Setting and communicating security policies • Raising security awareness • Managing security control points • Developing and maintaining a security architecture • Setting user provisioning guidelines

  7. RESPONSIBILITIES (CONT.) • Identifying and assessing security risks • Monitoring system access, network activity, and general policy compliance • Leading and conducting incident responses • Partnering with business and IT groups to design and implement secure solutions

  8. OBJECTIVES Visibility Provide insight and record activity as it happens on the network and within systems Control At appropriate points create the ability to control the behavior of users and systems

  9. GUIDING PRINCIPLES Least Privilege Provide only the necessary level of access to do the job Unique IDs with activity logging Every user or process shall be uniquely identifiable and their activity recorded Defense in depth Provide layers of protection that limit the impact of a compromise in a single protection system Protection in proportion to importance Provide controls and protection appropriate for the sensitivity of the information and in accordance with legal requirements

  10. Identity Management • Mostly username/password • Some certificates where applicable • Evaluating token based solutions Security Program Security Control Points • Structure environment for natural control points • Use least privilege model • Log heavily and monitor constantly Policies and Standards • Top level and specific policies in place • Platform standards tailored from vendor references • ISO 17799 used for guiding efforts Assessments and Audits • Internal risk and vulnerability assessments quarterly • New system review prior to introduction • Periodic third party penetration tests to validate • Annual financial and security audits

  11. SECURITY AWARENESS • New hire orientation • Employees sign and acknowledge security policy • Annual renewal of policy acknowledgement being deployed • Intranet portal and email are used for routine messages and announcements

  12. APPLICABLE MARITIME REGULATIONS • ISPS Code Parts A and B(International Code for the Security of Ships and Port Facilities) • Maritime Transportation Safety Act Interim Final Rules(U.S. Congress / U.S. Coast Guard) • U.S. Customs Super Carrier Agreement

  13. VESSEL SECURITY PLANS: REGULATORY COMPLIANCE • Vessel security plans are drafted to be in compliance with requirements in NVIC 10-02, and the ISPS Code • Security plans will be revised to comply with the MTSA Interim Final Rules • Vessels carry a copy of, and comply with, the U.S. Customs Sea Carrier Security Manual • Vessels meet the requirements as a designated “Super Carrier” under the Sea Carrier Initiative

  14. VESSEL / TERMINAL INTERFACE Dockside security includes: • Gangway security/gangway log • Positive ID verification of visitors/vendors/crew • Advance visitor/vendor/crew lists • Illumination of pier and waterside of vessel • Inspection of vessel stores and mail • Procedures for reporting and handling non-conformities • Scheduled mooring and tugs • Supervised cargo loading and discharge operations • Scaleable security based on threat levels I, II, III

  15. VESSEL SEARCH CHECKLIST • Search performed prior to arrival at first U.S. port • Search of deck, engine, and steward departments • Coast Guard Sea Marshals may perform additional security sweeps Search List: • Stowaways • Contraband items • Narcotics • Undeclared/Suspicious Items • Signs of tampering • Signs of Sabotage • Other

  16. MTSA INTERIM FINAL RULES • Vessel security plans must be submitted no later than December 29, 2003. • Compliance with MTSA regulations and mandatory provisions by July 2004 deadline. • Vessels to be fitted with: • AIS (Automatic Identification System) • Vessel Alarm System • CSR (Continuous Synopsis Record) • Designated Security Officers: • Company security officers • On board ship security officers

  17. STRUCTURED APPROACH TO SHIP SECURITY • Conducted security assessments in accordance with NVIC 10-02 and the ISPS Code • Conducted a gap analysis of the ISPS Code and the MTSA Interim Final Rules • Revised draft of ship security plans in accordance with MTSA Interim Final Rules • Worked with our unions to develop CSO/SSO training courses, and will send office and shipboard personnel for the training • Work with hardware developers and vendors to acquire the best/most cost effective security technology on the market (e.g. AIS)

  18. OTHER SECURITY MEASURES • Vendor pre-approval process • 96 hour pre-arrival notice sent to National Vessel Movement Center to advise advance crew list and hazmat cargo • U.S. Coast Guard performs background checks before issuance of Merchant Mariner Document • Drug and alcohol background checks are performed to screen for past violations • Secret security clearance for senior managers involved with U.S. Military Sealift Command Vessels

  19. PHYSICAL SECURITY • Facility Security Plans compliant with local and industry standards and regulations. • Traditional physical security infrastructure includes perimeter fencing, exterior and interior illumination, restricted area signage, intrusion alarms, CCTV, etc. • Future security enhancements: • Intrusion detection systems • CCTV waterside • Pedestrian access controls

  20. PROCEDURAL SECURITY – BOOKING CONTROLS • Managed by APL’s Compliance USA Team • Compiles reports to prevent and capture restricted shipments based on: • U.S. Trade Sanction List – Iran, Iraq, Sudan, N. Korea, Burma, and other countries • Blocked Companies/Persons review • Traditional financial/credit checks performed by Finance • Further automation is planned

  21. VENDOR/SUPPLIER COMPLIANCE • Cargo booked timely & accurately • Cartons of good quality, taped, labeled and sorted upon loading at vendors facility or CFS facility • Cargo delivered to the consolidator in accordance with the booking, with a cbm measurement +/-5% or 1 cbm of cbm’s booked

  22. VENDOR/SUPPLIER COMPLIANCE • Documentation received on a timely & accurate basis • Vendor compliance program audited on an on-going basis • Non-compliance issues reported and evaluated • Penalties for non-compliance

  23. PROCEDURAL SECURITY – HIGH SECURITY SEAL • Use of the high security seal industry standard • HS Seals affixed to loads inbound to U.S. • HS Seal checks performed at various foreign ports Industry Challenges: • U.S. exports • Seal verification • Trans-shipment locations

  24. SERVICE PROVIDER REQUIREMENTS • Security letter sent to primary US and foreign service vendors, outlining C-TPAT Security Recommendations • Similar directive to be broadcast to secondary vendors • Contract language to be incorporated into future agreements

  25. SERVICE PROVIDER CONTRACTS Proposed contract language (Introduction): “The Operator agrees to develop and implement a sound plan to enhance security procedures in accordance with Customs-Trade Partnership Against Terrorism program (C-TPAT). These are general minimum requirements for Terminal security that the Operator agrees to meet and maintain.”

  26. SECURITY AWARENESS TRAINING • Intranet – Global Security Homepage • Global Security e-mail broadcasts to employees • Security guard training • GST 5 training for ILWU to include terminal security • Joint APL/APLL – Customer security action teams • Security Awareness Program in development • Future extensive training as dictated by IMO and MTSA

  27. INTERNAL SECURITY AWARENESS Global Security on Intranet

  28. SECURITY SELF-ASSESSMENTS

More Related