Book a Demo
Book a Demo
Book a Demo

CTPAT & SCAN – Supply Chain Security & Due Diligence

Overview of CTAPT-SCAN – Supply Chain Security & Due Diligence

The Customs Trade Partnership Against Terrorism (CTPAT) and SCAN (Supply Chain Assurance Network) frameworks establish internationally recognised requirements for securing global supply chains, with a particular focus on:

  • business partner due diligence
  • cargo and transport security
  • risk assessment and supply chain mapping
  • cybersecurity controls
  • detection of illicit and high-risk activities

CTPAT is administered by U.S. Customs and Border Protection (CBP) and defines the Minimum Security Criteria (MSC) applicable to organisations operating within international supply chains. SCAN provides a structured audit methodology aligned to these requirements, ensuring consistent and evidence-based assessment.

BRAND enables organisations to implement and demonstrate compliance with both CTPAT and SCAN through a structured, risk-based supplier due diligence system.

CTPAT & SCAN Requirements

The core requirements of CTPAT and SCAN are defined through the MSC, including (but not limited to):

Risk Assessment & Supply Chain Mapping (MSC 2.1 – 2.3)

Organisations must conduct and document a comprehensive risk assessment covering all supply chain activities, including:

  • identification of threats and vulnerabilities
  • mapping of cargo movement from origin to destination
  • inclusion of indirect business partners (e.g. brokers, 3PLs)
  • identification of high-risk points such as “cargo at rest”

Business Partner Screening & Monitoring (MSC 3.1 – 3.8)

A documented, risk-based process must be in place for:

  • screening new business partners
  • verifying legitimacy, financial standing, and operational capability
  • assessing participation in CTPAT or equivalent AEO programmes
  • ongoing monitoring and re-evaluation based on risk

The MSC also requires due diligence to address subcontracting and indirect supply chain risks.

Trade-Based Money Laundering & Suspicious Activity (MSC 3.1)

Organisations are expected to identify and mitigate risks related to:

  • trade-based money laundering (TBML)
  • suspicious or inconsistent transactions
  • abnormal routing, pricing, or documentation

Social Compliance (MSC 3.9)

Supply chains must demonstrate controls to ensure goods are not produced using prohibited forms of labour, including forced or indentured labour.

Cybersecurity Controls (MSC 4.1 – 4.13)

Comprehensive cybersecurity measures must be implemented, including:

  • protection against malware and system intrusion
  • controlled access to IT systems
  • vulnerability testing and system monitoring
  • secure handling of data and remote access

Cargo & Transportation Security (MSC Section 5)

Controls must be in place to secure cargo throughout the supply chain, including:

  • inspection of containers and conveyances
  • seal control and verification
  • protection of cargo during storage and transit

BRAND – Enabling CTPAT & SCAN Compliance

BRAND provides a structured approach to implementing these requirements across complex supply chains.

Supplier Due Diligence Questionnaire

BRAND incorporates a CTPAT and SCAN-aligned supplier assessment questionnaire, specifically developed to reflect MSC requirements.

 

The questionnaire includes:

  • risk assessment and supply chain mapping
  • business partner screening and monitoring
  • cargo and transport security controls
  • cybersecurity and data protection
  • identification of suspicious activity indicators

Each question is mapped to relevant MSC clauses, ensuring alignment with both CTPAT expectations and SCAN audit methodologies.

Risk-Based Scoring Model

The BRAND assessment uses a risk-based scoring methodology, designed to reflect the intent of CTPAT and SCAN.

  • Suppliers are assessed against defined criteria
  • Scores are calculated from 100% downward, based on identified gaps
  • High-risk deficiencies result in increased scoring deductions
  • Critical control failures trigger automatic risk escalation

This approach ensures that:

  • higher-risk suppliers are clearly identified
  • gaps are prioritised based on impact
  • due diligence is aligned with regulatory expectations

Evidence-Based Assessment

 

Unlike standard supplier questionnaires, BRAND requires:

  • supporting documentation for all key controls
  • validation of responses against defined criteria
  • structured, auditable records of supplier compliance

This supports alignment with SCAN requirements for:

  • evidence-based auditing
  • consistency of assessment
  • traceability of decisions

Ongoing Monitoring & Risk Management

BRAND supports continuous due diligence through:

  • periodic reassessment of suppliers
  • tracking of corrective actions
  • monitoring of changes in risk profile
  • identification of emerging risks across the supply chain

This enables organisations to meet CTPAT expectations for:

  • ongoing monitoring (MSC 3.7)
  • dynamic risk management (MSC 2.3)

Integration with Audit & Verification

The BRAND platform can be integrated with independent audit activities, enabling:

  • targeted audits based on supplier risk
  • validation of high-risk suppliers
  • alignment with SCAN audit methodology

This ensures a consistent approach from self-assessment through to independent verification.

Summary

BRAND provides a structured, scalable solution for managing supply chain security and due diligence in line with CTPAT and SCAN requirements.

By combining:

  • a clause-aligned assessment framework
  • a risk-based scoring model
  • evidence-driven evaluation

organisations can demonstrate robust, defensible supply chain due diligence aligned to international best practice.

Book a Demo
Learn More About BRAND for CTPAT-SCAN
Scroll to Top