Supply Chain Security:

Providing Guidance and Resolving Data Problems Could Improve Management of the Customs-Trade Partnership Against Terrorism Program

GAO-17-84: Published: Feb 8, 2017. Publicly Released: Feb 8, 2017.

Additional Materials:


Jennifer Grover
(202) 512-7141


Office of Public Affairs
(202) 512-4800

What GAO Found

Staff from U.S. Customs and Border Protection's (CBP) Customs-Trade Partnership Against Terrorism (C-TPAT) program have faced challenges in meeting C-TPAT security validation responsibilities because of problems with the functionality of the program's data management system (Portal 2.0). In particular, since the system was updated in August 2015, C-TPAT staff have identified instances in which the Portal 2.0 system incorrectly altered C-TPAT members' certification or security profile dates, requiring manual verification of member data and impairing the ability of C-TPAT security specialists to identify and complete required security validations in a timely and efficient manner. While the focus of CBP's staff was initially on documenting and addressing Portal 2.0 problems as they arose, the staff have begun to identify root causes that led to the Portal 2.0 problems. For example, CBP staff cited unclear requirements for the system and its users' needs, coupled with inadequate testing, as factors that likely contributed to problems. In response, CBP staff have outlined recommended actions, along with timeframes for completing the actions. The staff stated that they will continue to work on identifying and addressing potential root causes of the Portal problems through 2017. C-TPAT officials told us that despite the Portal 2.0 problems, they have assurance that required security validations are being tracked and completed as a result of record reviews taking place at field offices. However, these field office reviews were developed in the absence of standardized guidance from C-TPAT headquarters. While the current validation tracking processes used by field offices do account for security validations conducted over the year, standardizing the process used by field offices for tracking required security validations could strengthen C-TPAT management's assurance that its field offices are identifying and completing the required security validations in a consistent and reliable manner.

CBP cannot determine the extent to which C-TPAT members are receiving benefits because of data problems. Specifically, since 2012, CBP has compiled data on certain events or actions it has taken regarding arriving shipments—such as examination and hold rates and processing times—for both C-TPAT and non-C-TPAT members through its Dashboard data reporting tool. However, on the basis of GAO's preliminary analyses and subsequent data accuracy concerns cited by C-TPAT program officials, GAO determined that data contained in the Dashboard could not be relied on for accurately measuring C-TPAT member benefits. Also, CBP has likely relied on such questionable data since it developed the Dashboard in 2012, and, thus, cannot be assured that C-TPAT members have consistently received the benefits that CBP has publicized. C-TPAT officials stated that they are analyzing the Dashboard to finalize an action plan to correct the data concerns. It is too soon to tell, though, whether this process will fully address the accuracy and reliability issues. Despite these issues, C-TPAT officials are exploring new member benefits, and industry officials we met with generally spoke positively of the C-TPAT program.

Why GAO Did This Study

The economic well-being of the United States depends on the movement of millions of cargo shipments throughout the global supply chain—the flow of goods from manufacturers to retailers or other end users. However, cargo shipments can present security concerns. CBP is responsible for administering cargo security and facilitating the flow of legitimate commerce. CBP has implemented several programs as part of a risk-based approach to supply chain security. One such program, C-TPAT, is a voluntary program in which CBP staff validate that members' supply chain security practices meet minimum security criteria. In return, members are eligible to receive benefits, such as a reduced likelihood their shipments will be examined.

This report assesses the extent to which (1) CBP is meeting its security validation responsibilities, and (2) C-TPAT members are receiving benefits. GAO reviewed information on security validations, member benefits, and other program documents. GAO also interviewed officials at CBP headquarters and three C-TPAT field offices chosen for their geographical diversity; as well as select C-TPAT members and trade industry officials.

What GAO Recommends

GAO is recommending that CBP develop (1) standardized guidance for field offices regarding the tracking of information on security validations, and (2) a plan with milestones and completion dates to fix the Dashboard so the C-TPAT program can produce accurate data on C-TPAT member benefits. DHS concurred with GAO's recommendations.

For more information, contact Jennifer Grover at (202) 512-7141 or

Recommendations for Executive Action

  1. Status: Open

    Comments: On April 28, 2017, CBP officials provided documentation--a common worksheet, instructions, and related standard operating procedures for C-TPAT field offices to use in tracking and reporting information to headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch, which is responsible for overseeing these efforts, about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. The BBP liaison informed us that C-TPAT officials are to provide the additional evidence by the end of September 2017.

    Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  2. Status: Open

    Comments: On July 28, 2017, CBP provided us with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. CBP staff informed us that the steps being taken to address this recommendation are to continue through the end of the 2017. In the interim, we are reviewing the documents CBP provided to determine what, if any, additional information we may need to assess progress in addressing this recommendation.

    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection


Explore the full database of GAO's Open Recommendations »

Feb 15, 2018

Feb 7, 2018

Feb 1, 2018

Jan 16, 2018

Jan 10, 2018

Dec 14, 2017

Dec 7, 2017

Dec 4, 2017

Nov 30, 2017

Nov 8, 2017

Looking for more? Browse all our products here