top of page


The Five Step Risk Assessment Process includes:


  1. Mapping Cargo/Data Flow and Control and Identifying Business Partners (whether directly or indirectly contracted) and how cargo moves throughout the supply chain to include modes of transportation (air, sea, rail, or truck) and nodes (country of origin, transit points).

  2. Conducting a Threat Assessment focusing on Terrorism, Contraband Smuggling, Human Smuggling, Agricultural and Public Safety Threats, Organized Crime, and conditions in a country/region which may foster such threats, and ranking those threats.

  3. Conducting a Vulnerability Assessment in accordance with the C-TPAT Minimum Security Criteria. A vulnerability assessment includes identifying what the Partner has that a terrorist or criminal might desire. For brokers this might be data; for importers, manufacturers, and exporters, this might be access to cargo and company information. Then, identifying weaknesses in company procedures that would allow a terrorist or criminal to gain access to these processes, data, or cargo.

  4. Preparing a Written Action Plan to Address Vulnerabilities. This includes mechanisms to record identified weaknesses, who is responsible for addressing the issues, and due dates. Reporting results to appropriate company officials and employees on completed follow up and changes is also essential.

  5. Documenting the Procedure for How Risk Assessments are Conducted, to Include Reviewing and Revising the Procedure Periodically. The process itself should be reviewed and updated as needed at least annually, and a Risk Assessment should be conducted — and documented — at least annually, more frequently for highway carriers and high risk supply chains.

“The key to building a
successful Risk Assessment Process
is to ensure it is unique to your company’s
business model and practices.”

“Knowing your supply chain is key to security”

bottom of page