Skip to content
Home » Answered: Your Top 5 FAQs About CTPAT Security Questionnaires

Answered: Your Top 5 FAQs About CTPAT Security Questionnaires

See Transcription of the Video below in case you want to read and not watch!

Sending, collecting, and documenting Security Questionnaires are all critical steps in successfully completing your CTPAT Annual Assessment…however, new MSC guidelines on how to handle them correctly are notoriously hazy. Today, Veroot is here to answer the top five most frequently asked questions we receive on the topic.


The CBP requires that you properly vet all business partners in your supply chain. There are really two methods of doing this: the first is to go on site and perform an audit, and the second – which is much easier and therefore much more popular among participants – is to send out a security questionnaire. This method allows you skip a full-blown site visit, while still ensuring all key stakeholders in your supply chain are meeting MSC requirements.

After you send out the questionnaires and receive completed versions back from your business partners, it’s your job to review them and make any adjustments necessary to maintain CTPAT compliance. This usually means providing an action plan to any parties who are not meeting all the minimum security criteria.


The answer is given by the CBP’s regulations which state: “When a CTPAT Member outsources or contracts elements of its supply chain, the Member must exercise due diligence (via visits, questionnaires, etc.) to ensure these business partners have security measures in place that meet or exceed CTPAT’s Minimum Security Criteria (MSC).”

What that means from an actionable standpoint depends on your industry. For example, an importer needs to send surveys to manufacturers, suppliers, companies that play a part in transporting the product being imported (ground, ocean, air, etc.), and any third parties who handle digital information about those shipments (IT providers, brokers, etc.). A consolidator CTPAT member needs to send them to all parties involved in the logistics supply chain. This includes highway carriers, air carriers, ocean carriers, warehouse providers, and – again – any companies that handle digital information related to the shipment (IT providers, brokers, etc.).

Essentially, any entity involved in your supply chain needs to receive and complete a security questionnaire to provide you with documented confirmation that they’re following the requirements outlined in your CTPAT standard operating procedures.

A question we always get is “Well how far down do we need to go?” For instance, an importer may order from a master distributor – so in this case does the importer need to send a questionnaire to all the suppliers of that distributor? There is certainly some common sense involved because if you go all the way down the supply chain, you’ll eventually end up talking to raw material providers which could be hundreds of steps down the chain. So we always advise CTPAT members to at least send questionnaires to all first level suppliers that show up in their ordering systems and on bills of lading. Certainly this would include master distributors and any direct suppliers because they are clearly involved in the supply chain. If the goods are purchased through distributor, yet has a major impact on your business or you promote their products, it is always best practice to develop a relationship with the supplier directly and include them in your annual security questionnaire process. What you want to be able to show the CBP is sample shipment paperwork from beginning to end – and make sure everyone on the shipping paperwork is properly vetted via your questionnaire process.


The short answer is “maybe,” and here’s why: CBP doesn’t specifically mention clients in their new MSC requirements, but if the nature of your business requires you to take some form of responsibility for the goods being shipped after a client interacts with them (in other words, if the client plays a part in your supply chain), you need to send them a security questionnaire.

For some people, that may sound like a turnoff to participating in the program…but don’t think so negatively! You could, in fact, make a strong argument that requiring customers to complete the security questionnaire actually adds value to the services you provide for them. Sure, it takes a little bit of time and energy to fill out the document – which might not sound appealing since they’re paying you to work for them – but think about how reassuring it would be as a client to know that filling out that survey is part of a larger effort to prove at a government-approved level just how secure your supply chain is. You are effectively demonstrating that if someone chooses to work with you, there is little-to-no risk of their freight being damaged or disrupted as long as it is part of your supply chain.

We recommend pitching CTPAT the security questionnaire as a valuable service feature instead of a nuisance. You could say something like, “Hey, listen. This questionnaire is something we have to do as part of an agreement with the U.S. government to prove we have a secure supply chain. It’s gonna take you _________ minutes to fill out, but we require clients to complete it because it helps us ensure that the freight we’re responsible for is virtually guaranteed to reach its final destination intact and on-time.”


This one is pretty straightforward: send them on an annual basis. To maintain your CTPAT membership in good standing, Customs and Border Protection requires that you perform an Annual Risk Assessment that gets submitted to your assigned Supply Chain Security Specialist in order to pass your yearly CTPAT Renewal. We recommend time-stamping the security questionnaires when you send them out then finding a way to remind yourself to go through the process again every year.


If you need help managing your Security Questionnaires or any other part of your Annual Assessment, Veroot has a CTPAT-specific software to automate all these processes and ultimately save you about 85%-90% of the time you’d spend completing everything manually. To learn more about how our platform can help, just visit