Which statement best defines security governance in a CTPAT program?

• A. It focuses exclusively on IT security policies.
• B. It is primarily the responsibility of line supervisors in a single facility.
• C. It involves leadership oversight, policies, and accountability for security across the supply chain.
• D. It is limited to warehouse perimeter fencing.

Answer: (C)

Security governance in a CTPAT program is about how security is directed and managed across the entire supply chain, with senior leadership setting policies, assigning responsibilities, and measuring performance. It’s not limited to IT policies, a single facility, or a single physical control like fences. The strongest statement captures that governance requires leadership oversight, formal policies, and accountability that span multiple entities—suppliers, carriers, facilities—so security is coordinated, consistent, and based on risk. This approach enables alignment with business goals, clear roles and responsibilities, ongoing monitoring, and continuous improvement of security across the supply chain.