Which domains are typically evaluated during a CTPAT validation?

• A. Environmental compliance, labor standards, safety, quality, and waste.
• B. Legal compliance, tax, corporate governance, risk management, and auditing.
• C. Physical security, procedural security, personnel security, information security, and security operations related to cargo.
• D. Marketing, finance, HR, IT, and operations.

Answer: (C)

CTPAT validation focuses on protecting the supply chain through five security domains that directly affect how cargo is safeguarded. Physical security covers protecting facilities, yards, and access points with guards, gates, lighting, and surveillance. Procedural security ensures formal, documented processes for handling and moving shipments, including chain-of-custody and screening procedures. Personnel security emphasizes screening and training for staff and partners to reduce insider risk. Information security guards the data and IT systems used to manage shipments, including secure communication and access controls. Security operations related to cargo involve monitoring, incident response, audits, and coordination with carriers and authorities to address security events. The other groupings describe general compliance or business functions rather than the specific security focus of CTPAT.