John C. McNulty Customs Broker Inc.

249 E. Ocean Blvd. Suite#801

Long Beach, CA 90802

Tel# 562-628-9700

Fax# 562-628-9447

E-mail:

2017

Dear Valued Business Partners:

As a certified and validated participant in the Customs-Trade Partnership Against Terrorism (CTPAT), John C. McNulty Customs Broker is dedicated to the goal of securing the international supply chain. As part of our commitment to secure the supply chain, from point of origin to point of distribution, John C. McNulty Customs Broker requires that all of its business partners also share in its commitment to security by demonstrating that they have adopted security standards that meet or exceed the guidelines required by the U.S. Customs and Border Protection (CBP) for CTPAT. John C. McNulty Customs Broker recognizes that the international supply chain utilizes a multitude of business models and allows for customization and flexibility of security standards based on the situations our partners face.

Due to our status as a participant of the CTPAT program, an essential qualification for our business partners is that they must comply with the guidelines and standard practices of the CTPAT program. John C. McNulty Customs Broker will reconsider its relationship with any partners who have not established adequate security procedures.

In order to verify our partners’ commitment to our goals, we ask that you complete this questionnaire. We apologize for any inconvenience that may cause to our partners, but we hope we have your understanding and cooperation in our efforts to secure our supply chain.

Completion of this verification will certify that:

1) Your company is already a certified or validated participant in the CTPAT program; or if you are not a participant, that your company has adopted a security program that fulfills the

standards outlined by U.S. Customs & Border Protection ; or belong to an equivalent security program accredited by the World Customs Organization and administered by a foreign customs authority.

2) Your company understands that compliance with a security programs based on CTPAT requirements is a strict requirement in conducting business with John C. McNulty Customs Broker.

3)Your company agrees to visits by John C. McNulty Customs Broker and/or CBP personnel in order to verify your compliance with your security program

John C. McNulty Customs Broker assures that any information given by your company as part of this security questionnaire will be treated as confidential information.

Thank you for your cooperation.

Best Regards,

John C. McNulty Customs Broker

.

Please reply to us;Fax to 562-628-9447 Tel# 562-628-9700

OR

Mail to: John C. McNulty Customs Broker Inc.

249 E. Ocean Blvd. Suite 801

Long Beach, CA 90802

CTPAT Participation Verification

1. Has your company been certified/validated by CTPAT?YES/NO

2. Has your company applied for CTPAT but not yet been certified?YES/NO

3. Does your company participate in any of the following security program(s)? (Circle as appropriate)

Carrier Initiative Program (CIP)

Super Carrier Initiative Program (SCIP)

Business Anti-Smuggling Coalition (BASC)

Other:______

4. Does your company participate in supply chain security programs administered by foreign

authorities?

Please list the name of the program(s):

______

______

______

______

5. Does your company have and maintain written security standards? YES/NO

a. If yes, will you be willing to share these standards with John C. McNulty Customs Broker?

(Please send us copy of your security standards)

b. If no, John C. McNulty Customs Broker expects that your security procedures fulfill the

requirements outlined with the attached security guidelines

.

6. CTPAT MINIMUM SECURITY GUIDELINES RECEIVED YES/ NO

Name:______

Title:______

Company Name: _____

Signature/Date:______

Security Guidelines

The Following guidelines are provided to John C. McNulty Customs Broker’s business partners in order to provide partners with an outline for their security programs. This list does not represent a complete list nor does it represent guidelines that partners must implement. John C. McNulty Customs Broker recognizes that partners use a variety of models and face varying degrees of security risks. Partners may tailor their own security programs to meet their own demands, but all security programs must fulfill the requirements outlined in Customs and border Protection’s CTPAT security criteria.

The following guidelines identify a number of security standards. Security standards with the word “must” are mandatory requirements, while the standards with the world “should” represent recommendations.

  1. Physical Security

A. Buildings must be constructed of materials that resist unauthorized entry and

protect against outside intrusion.

B. Externals and internal doors, windows gates, fences, etc., must have adequate

Locking mechanism.

  1. Alarm or anti-theft systems should be installed.
  2. Adequate lighting inside and outside the facilities and in parking areas must be provided.
  3. Shipping/loading docks and cargo areas must be distinctly separate and apart from parking areas for private vehicles. Private parking areas must be monitored for suspicious vehicles.
  4. Fencing should enclose cargo handling and storage areas. There should be fencing segregating types of cargo such as hazardous, international, domestic or high value. Fencing must be regularly checked for damage and integrity.
  5. If gates or gatehouses are present to control entry and exit, they must be manned or monitored.
  1. Physical Access Controls
  2. Access to the facility must be restricted to authorized personnel.
  3. There must be a procedure to identify employees.
  4. Visitors must be logged in when they enter the facility. Visitors should display visible identification and be escorted while on site.
  5. Vendors must be required to present valid identification when making deliveries/visits.
  6. Deliveries, parcels and mail should be routinely screened before dissemination.
  7. Access to secure areas, such as locked or sensitive areas must be controlled.
  8. Dissemination of sensitive information/materials must be limited to employees on a “need-to-know” basis determined by their job responsibilities.
  9. Unauthorized persons must be identified, challenged and removed from the facility.
  1. Container Security
  2. A 7-point inspection procedure should be used when containers arrive at your facilities. (Describe procedure.)
  3. Seals meeting or exceeding the current PAS ISO 17712 regulations must be used to seal containers.
  4. Access to seals should be limited to authorized personnel.
  5. A Reporting procedure must be implemented to report compromised seals and containers.
  6. When storing containers, containers must be held in secure areas to prevent unauthorized access.
  7. When receiving loaded containers, seals and container numbers should be verified. Removed seals should be secured to prevent misuse.

IV.Conveyance Security

Conveyance must be secured against the introduction of unauthorized personnel and materials.

V.Personnel Security

  1. Potential employees must be screened and applicant information such as employment history, references, credit, etc., should be verified prior to employment.
  2. Periodic background checks should be conducted on employees.
  3. Access to facilities and company information must be removed for terminated employees.
  1. Procedural Security
  2. All documentation must be legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information.
  3. Information, such as cargo manifests, provided from business partners must be accurate and timely.
  4. Departing cargo must be checked against purchase/delivery orders. Arriving cargo must be reconciled against information on the cargo manifest.
  5. Drivers delivering or receiving cargo must be properly identified prior receipt or release of cargo.
  6. Shortages, overages or other discrepancies must be reported, investigated and resolved. Upon the detection of illegal or suspicious activities, the proper authorities should be notified.
  1. Security Training and Threat Awareness
  2. Training program should be implemented to make your employees more aware of threats posed at each point of the supply chain.
  3. Incentives or other encouragement should be provided to employees who participate in security controls.
  4. Materials on recognizing internal conspiracies, maintaining cargo and information integrity and preventing unauthorized access should be distributed to employees.
  5. Employees must be trained in how to properly respond to various security situations and/or breaches in security.
  1. Information Technology Security
  2. Automated system must be based on individual accounts that require periodic changes of passwords.
  3. IT security policies, procedures or standards must be installed and IT security training provided to employees.
  4. Automated data systems must incorporate security features that prevent unauthorized access and limits access to sensitive information/data,
  5. System must have security features that prevent the tampering or altering of business data and other abuses of IT.
  6. Disciplinary procedures must be implemented for employees who violate security policies or procedures.
  1. Business Partner Requirements
  2. A written and verifiable process for screening and selecting business partners must be maintained.
  3. Standards for security should be provided to all business partners.
  4. Reviews of the performance of business partners should be conducted in order to verity compliance with security standards.