Language selection

Government of Canada / Gouvernement du Canada

Search

Sign in

Sign in

Partners in Protection Program: Minimum security requirements

From: Canada Border Services Agency

Changes are coming in 2024. Please contact pip-pep@cbsa-asfc.gc.ca for a copy of the upcoming new requirements.

The following are some of the security requirements your company must meet, at minimum, to be considered for the Partners in Protection (PIP) program.

Physical security and access controls

As an applicant, you must put in place measures that secure your buildings. Including measures that monitor and control the outside and inside perimeters.

For example:

  • have procedures to control access to facilities, conveyances, loading docks, and cargo areas
  • show how you will prevent, detect, and deter unmanifested (that is, undeclared) material and unauthorized personnel
  • apply physical barriers to cargo handling areas and storage facilities, both in Canada and abroad
  • include the physical security measures throughout your supply chain, as applicable

Having effective access controls helps to:

  • prevent unauthorized entry into facilities
  • protect company assets
  • maintain control of employees, visitors, and individuals

Facilities

Buildings must be constructed of materials that resist unlawful entry. Structures must be inspected and repaired on a regular basis. All external doors, windows, gates, and fences must have locking devices. Cargo handling and storage facilities must have physical barriers and/or deterrents that guard against unauthorized access.

Key control

Management or security personnel must control the issuance of all locks and keys.

Lighting

You must have enough lighting inside and outside the facility. This includes:

  • entrances and exits
  • cargo handling/storage areas
  • fence lines parking areas

Communications

Have a way to contact internal security personnel and local law enforcement officials. Test the communications system on a regular basis and have a backup for it.

Parking

Do not let employees or visitors park their personal vehicles in or next to cargo handling/storage areas.

Fencing

Perimeter fencing should enclose the areas around cargo handling/storage facilities. They need to be of a height and type that will prevent unauthorized access. Put fencing inside a cargo handling facility to separate domestic, international, high-value, and hazardous cargo. Have all fencing inspected regularly for integrity and damage.

Signage

Signage should exist to:

  • direct conveyances and persons to appropriate areas
  • prevent or deter unauthorized personnel from accessing restricted areas

Gates and gate houses

Gates used by vehicles and/or personnel must be guarded and/or monitored. Only have as many gates as you need for proper access and safety.

Alarm systems and video surveillance

Use alarm systems and video surveillance to monitor premises. This also prevents unauthorized access to cargo handling/storage areas. Have signage posted around the facility indicating the use of surveillance equipment.

After-hours access

For companies that do not operate 24/7, provide details of after-hours access.

Physical access controls

Access controls:

  • prevent unauthorized entry into facilities
  • protect company assets
  • maintain control of employees and visitors

Each access point must have controls that identify all employees, visitors, and vendors. Prevent unauthorized access to shipping areas, loading docks, and cargo areas.

Employees

An employee ID system must be in place to control who has access to what parts of the facilities. Only give employees access to the secure areas needed to do their jobs. Company management or security personnel must control how employee, visitor, and vendor ID badges are issued and removed. Document procedures for the issuance, removal, and change of access devices (examples: keys and key cards).

Visitors

Visitors must present photo ID for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary ID. To the extent possible, contractors and visitors should only have access to public areas of the company's critical infrastructure. The activities of visitors in or around such infrastructure should be monitored.

Challenging and removing unauthorized persons and vehicles

Procedures must be in place to identify, challenge, and address unauthorized or unidentified persons and vehicles.

Deliveries (including mail)

All vendors must present proper vendor and photo ID for documentation purposes. Have arriving packages and mail screened whenever possible before it gets disseminated.

Procedural security

You must have security measures in place around the transportation, handling, customs clearance, and storage of cargo in the supply chain. Applicants must ensure that business partners develop security processes consistent with PIP security criteria. This is to enhance the integrity of the shipment at its point of origin up to its final destination. Conduct periodic reviews of your business partners' processes and facilities based on risk. These processes and facilities should maintain the security standards required by the PIP member.

Process mapping

Your goods, and the documents that go with them, flow through your international supply chain in some way. Show or write this process step-by-step.

Shipping and receiving (drivers)

Drivers delivering or receiving cargo must be positively identified before cargo is received or released. A designated security representative or employee should supervise the introduction or removal of cargo.

Cargo tracking

Procedures should be in place to track the timely movement of incoming and outgoing cargo.

Cargo reconciliation

Arriving cargo must be reconciled against information on the cargo manifest. The manifest should:

  • describe the cargo accurately
  • show the weights, labels, marks, and piece counts to be verified

Measures must be in place to detect and report cargo shortages and overages. Resolve discrepancies and investigate them as needed.

Security sweeps

Assess the security of areas in your company's control within the supply chain. Do this at random without announcing it.

Reporting anomalies or suspicious cargo activity

Notify the CBSA when anomalies get detected or when illegal activities are suspected. Or notify other law enforcement agencies, as needed.

Cargo document processing

Put in place procedures that will ensure:

  • all information used in the clearing of cargo is:
    • legible
    • complete
    • accurate
    • protected (so that it does not get mixed up with erroneous information)
  • the integrity of cargo received from abroad:
    • procedures must be in place so that information received from business partners is timely and reported accurately
  • the information in the carrier's cargo manifest (i.e. bill of lading):
    • reflects the information provided to the carrier by the shipper or its agent
    • is filed with the CBSA in a timely manner
  • computer access and information is safeguarded

Container, trailer and rail car security

All shipping containers, trailers, and rail cars used to import or export goods must be secure. Put in place procedures to properly seal them when they are stuffed or packed. Seals protect the containers from unauthorized material and/or persons getting into them.

Companies should maintain an open dialogue with the CBSA on areas of common concern. That way both sides can benefit from advancements in industry standards and container integrity technologies.

Cargo integrity

Procedures must be in place on how to use seals on containers, trailers, and rail cars. Seal procedures should cover each of the following actions:

  • attaching
  • replacing
  • recording
  • tracking
  • verifying

Describe the security measures your company has on loaded and empty containers, trailers, and rail cars used in the transport of international cargo.

Container, trailer and rail car inspections

Put in place procedures to verify the physical integrity of the trailer, rail car, and container structure prior to stuffing and packing. Include steps like:

  • checking that the door locking mechanisms are reliable
  • searching for signs of tampering

It's best to have a seven-point inspection process for all containers. The inspection should cover the following areas:

  • front wall
  • left side
  • right side
  • outside and undercarriage
  • floor
  • ceiling and roof
  • inside and outside doors

Container, trailer and rail car seals

To protect cargo, it's best to have:

  • high-security seals that meet or exceed the ISO/PAS 17712 standard
  • other devices designed to prevent tampering with cargo

Your foreign business partners should have an internal policy on processing cargo with these seals or devices.

Written procedures must cover the following:

  • how seals are to be controlled and attached to loaded containers
  • how to recognize compromised seals and/or containers
  • when necessary, how to report security issues to the CBSA and other appropriate foreign authorities
  • that only designated employees should distribute container seals for integrity purposes

Container, trailer and rail car storage

Prevent unauthorized access and manipulation by:

  • storing containers, trailers, and rail cars properly
  • having procedures on how to report and deter unauthorized entry

Data and document security

Ensure there is no unauthorized access to computers and equipment. Do this by having:

  • a well-defined physical security policy
  • a system controlling access to any office or secure area
  • measures that protect electronic assets:
    • tell employees to protect passwords and computer access

Cargo manifest and forms

Prevent the loss or unauthorized use of documents. Your company must have procedures for storing:

  • forms (used and unused)
  • related cargo documentation

IT security

Protect against unauthorized access to and misuse of information. Follow these guidelines when creating your procedures:

  • give employees their own accounts to the system:
    • ask employees to change passwords often
  • protect trade-sensitive data:
    • use necessary IT policies and have back-up system
  • train employees on the measures you want them to follow

Company policies on IT violations

A process must be in place to identify IT violations. The process should cover:

  • improper access
  • tampering with or altering business data

All system violators must be subject to appropriate disciplinary actions.

Personnel security

Have a program in place to screen current and prospective employees.

Conduct background checks on a regular basis on employees working in security-sensitive positions.

Take note of when unusual changes happen. For example, changes to an employee's social and economic situation.

Verify applications before hiring

Before you hire a new employee, verify the information in their application. This includes things like employment history and references. Companies must maintain a permanent employee list.

Employee background checks

Conduct background checks and investigations on prospective employees. Follow foreign, federal, and local regulations. Once employed, perform periodic checks and reinvestigations when needed.

Terminated or departing employees

Companies must have procedures in place to remove ID cards and facility or system access for terminated or departing employees. Also ensure that all company property is returned.

Security training and awareness

Put in place a security awareness program for employees. The program should:

  • inform and regularly remind them of security responsibilities, issues, and concerns
  • provide methods to recognize internal conspiracies
  • foster awareness of the threats posed by criminal organizations in the supply chain

Corporate security policies

We encourage companies to establish threat awareness programs to enhance border security. This will help people recognize security threats (such as contraband and human smuggling) at each point in the supply chain.

Security awareness

Inform employees of the company procedures on security. Encourage employees to take part in security controls. Keep records of who attended security meetings.

Security policy manual

Develop and maintain a security policy manual for the company. The manual should contain details on how the company secures cargo under its control.

Business partner requirements

Sometimes a company will contract out parts of its international supply chain. Companies that do this must work with their business partners on security. Strong security measures will achieve a globally effective and secure supply chain.

Business partners that are not eligible for PIP must have their compliance verified with PIP security criteria. The company who is the PIP member should have a risk assessment process in place. This is to make sure that non-PIP member business partners follow the requirements of the PIP program.

Selection criteria

Companies must have written and verifiable processes for the selection of business partners such as manufacturers, product suppliers, vendors, and carriers.

Satisfying the business partner security requirements

International supply chain business partners must show that they meet your company's supply chain security obligations.

Businesses that are not eligible for PIP can still show they meet the security criteria. Here are some examples of acceptable forms of proof:

  • written or electronic confirmation
  • contractual obligations
  • a letter from the business partner's authorized company officer attesting to compliance
  • a completed supply chain security profile
  • a written statement saying they meet these criteria or another country's supply chain security criteria, such as:
    • the U.S. Customs-Trade Partnership Against Terrorism (or CTPAT)
    • an equivalent World Customs Organization accredited security program administered by a foreign customs authority (that is, an Authorized Economic Operator)

Business partners: Point of origin

Your business partners must develop security procedures that are in line with the security criteria of the PIP program. This enhances the integrity of the shipment at the point of origin.

You should conduct risk assessments of your business partners' procedures and facilities on a regular basis. Also, business partners should maintain your company's security standards.

Business partners: Other international selection criteria

Use a risk-based approach when choosing your business partners. Base your decision on whether they are:

  • financially sound
  • able to meet contractual security requirements
  • able to identify and correct security deficiencies as needed

Supply chain security planning

Have company policies and procedures to:

  • perform a risk assessment of your supply chain
  • identify gaps and weaknesses
  • put in place strategies to mitigate risks

Determining risk

Your company should have measures to identify, analyze, and mitigate supply chain security risks. In your measures, include how to recognize high-risk loads or suspicious cargo shipments.

Compliance with security profile

Your company's security profile should be re-assessed on a regular basis. Put procedures in place to make sure this happens.

Contingency planning

Contingency plans should be in place to ensure the continuation of trade in the event of an emergency/security situation. Describe what contingency plans your company has in place.

Other security measures

Note that companies may have other security measures that were not mentioned.

Date modified: