Downloaded 09JUN2011 from http://www.cbp.gov/xp/cgov/trade/cargo_security/ctpat/supply_chain/

In order to assist C-TPAT Partners with conducting a risk assessment of their international supply chain(s) in accordance with C-TPAT minimum security criteria, the 5 Step Risk Assessment Process is recommended.

This reference guide contains some of the basic tools, resources, and examples C-TPAT partners should consider using when conducting a risk assessment on their international supply chain(s). The information contained herein is intended to serve as a guide, and is not “all inclusive” of what should be included in an international supply chain security risk assessment.

The 5 Step Risk Assessment Process includes:

1. Mapping Cargo Flow and Identifying Business Partners (directly or indirectly contracted)
2. Conducting a Threat Assessment focusing on: Terrorism, Contraband Smuggling, Human Smuggling, Organized Crime, and conditions in a country/region which may foster such threats and rate threat – High, Medium, Low
3. Conducting a Vulnerability Assessment in accordance with C-TPAT Minimum Security Criteria and rate vulnerability – High, Medium, Low
4. *** Preparing an Action Plan ****
   
5. Documenting How Risk Assessments are Conducted

It is understood that some C-TPAT members may have numerous supply chains which may present a monumental task when conducting a comprehensive security risk assessment of their international supply chains. Therefore, it is recommended for C-TPAT members to identify their “High Risk” supply chains by conducting a threat assessment at the point of origin/region and where the cargo is routed/transshipped, and then conduct a comprehensive security vulnerability assessment of those supply chains. Conversely, if supply chains involve a limited number of business partners or related business partners, their supply chain security risk assessment may not require such extensive efforts.