Partners in Protection
Before you apply: Check that your company meets security standards

From: Canada Border Services Agency

The Partners in Protection (PIP) program helps Canadian businesses strengthen their supply chain security. Companies that are eligible for the PIP program must meet standards related to corporate security, cargo and conveyance security, physical security, and supply chain partner security. This page walks you through the requirements for each area that makes up the security profile.

Provide clear answers to every question in the security profile that is found in the Trusted Trader Portal. You must submit evidence (documents or pictures) to support your application.

On this page

• Corporate security
• Cargo and conveyance security
• Physical security
• Supply chain partner security

Corporate security

This area is about protecting your business from risks and making sure your staff and systems are secure.

Corporate security focuses on:

• risk assessments
• business continuity planning
• personnel screening
• security education
• cybersecurity

The requirements for this area emphasize risk assessments and aim to increase accountability across departments. To do this, your business must:

• implement a system of checks and balances
• expand your cybersecurity protocols
• train your personnel on supply chain security

Provide documents in your application showing that your company maintains a written risk assessment document and reviews it routinely (at least once per year). Clearly show:

• what risk areas the document covers (physical security, partners, especially third party logistics providers, contracted IT providers, or cleaning)
• a description of what your company would do if something interrupts trade
• how your company would keep people safe, continue operations, and communicate within your company, with supply chain partners, and with the CBSA (letting us know when you detect anything suspicious)

You will also need to prepare a statement of support signed by company leadership that shows your company’s commitment to secure trade and to preventing:

• smuggling
• drug trafficking
• terrorism
• human smuggling
• money laundering
• the trade of illegal goods

Display this document at company locations and discuss it during meetings and trainings.

Know your risks: Regularly check for security risks in your operations and take steps to reduce them.

You may increase the frequency of your supply chain review if the following happens:

• the threat level of a specific country you trade with increases
• a security breach at or involving your company
• changes to your supply chain partners
• changes to the corporate structure or ownership, such as a merger

Screen your staff: Make sure employees go through background checks and ID verification.

Train your team: Teach staff about supply chain security and how to spot suspicious activity.

Provide documents in your application showing how your company prepares employees to:

• identify risks (for example, theft, smuggling, pests)
• handle security incidents
• apply cybersecurity practices
• carry out seals control
• identify money laundering warning signs

Provide documents in your application showing how your company makes sure that employees understand:

• their own security responsibilities, as well as common issues and concerns that can occur
• how to recognize internal conspiracies at work
• the threats that criminal organizations pose to the supply chain and how to recognize them

Provide evidence in your application that clearly documents your training program. This should include:

• a written training plan
• how often training is carried out (at least annually)
• a log or record of who was trained and when

Protect your data: Use strong passwords, limit access to sensitive systems, and keep computers physically secure.

Provide documents in your application showing that your company has:

• firewalls, antivirus software
• password policies (for example, changed every 60 days)
• secure access for remote workers (like using a Virtual Private Network)
• inventory and secure disposal of devices
• a cyberattack response plan
• policies to remove access when an employee leaves

Stay accountable: Put systems in place to make sure security rules are followed across your organization.

Cargo and conveyance security

This area focuses on keeping goods safe while they’re being moved.

Cargo and conveyance security focuses on the physical movement and handling of the goods throughout the supply chain.

The PIP program requires:

• documented inspections of conveyances and instruments of international trade (IIT)
• staging and loading cargo
• security seal protocols
• security procedures and includes new criteria that aim to prevent the contamination of IIT from agricultural pests

Inspect containers and vehicles: Use a 7-point inspection method to check for tampering or damage.

Provide documents in your application showing your company’s:

• written policies describing where trucks or trailers are parked
• security features like fences, cameras, locks, perimeter lighting, trained canine units
• policy stating that repairs must follow manufacturer guidelines
• procedures to check repairs for evidence of tampering
• checklist for inspections (for example, 7-point for containers, 17-point for trailers)
• procedures for regular inspections after long stops

Only use high security International Standardization Organization (ISO) 17712 approved seals: You must seal containers with high-security seals and keep records of seal numbers. Apply seals yourself; don’t rely on third parties to ensure seals are properly attached.

Provide documents in your application showing that your company:

• has a written sealing policy
• records the types of seals used (bolt, cable, etc.), who can access them, and how the number of seals is tracked
• has procedures for seals that are broken or which don’t match records
• has a written plan for audits
• keeps records showing completed audits

Watch for pests: Take steps to prevent agricultural pests from getting into shipments.

Provide documents in your application showing that your company has clear, written procedures for:

• wood packaging (must comply with International Standards for Phytosanitary Measures No. 15 (ISPM 15) rules)
• carrying out visual inspections of cargo and conveyances for pests or dirt

Check drivers and cargo: Make sure drivers are properly identified and cargo matches the shipping documents.

Provide documents in your application showing that your company:

• has a system for keeping loads separate
• checks for all types of labels used
• has a process for checking counts, weights, and paperwork
• has written steps for handling differences between documents and cargo
• uses a Global Positioning System (GPS) tracking systems (where applicable)
• keeps logs showing where vehicles were and when
• has procedures for checking no unauthorized stops or cargo loading
• uses tarps, straps, or other security measures for flatbed loads
• provides a set of instructions drivers use to check along the route
• has a written policy for less than truckload (LTL) security
• places limits on who can access keys or lock codes
• has procedures for checking seals to make sure they match the paperwork and do not appear to have been tampered with

Report anything suspicious: If you see something unusual, report it to CBSA or local authorities.

In your application, provide a written plan for who to notify at the CBSA, police, etc. that includes up-to-date contact information.

Physical security

This area is about keeping your buildings and property safe from unauthorized access.

Physical security consists of both physical security controls and physical access controls.

Physical security controls include:

• securing facilities by using fencing, gates, and lighting
• having guidelines for how authorized staff must use intrusion alarms, security cameras, and any other security technology that secures company facilities

Physical access controls are necessary to prevent unauthorized access to facilities and include the positive identification of employees, visitors, and vendors at all points of entry.

Secure your facility: Use appropriate security measures, such as fences, gates, locks, lights, and cameras to protect your site.

Provide documents in your application showing:

• how you control access to facilities, conveyances, loading docks, and cargo areas
• how you prevent, detect, and deter undeclared material and unauthorized personnel
• the physical barriers to cargo handling areas and storage facilities, both in Canada and abroad
• any physical security measures that your supply chain partners use, if you are aware of them

Control access: Only allow authorized people into secure areas. Use ID badges and visitor logs, where appropriate.

Provide documents in your application showing that your company:

• ensures that employees only have access to the secure areas needed to do their jobs
• ensures that management or security personnel control how employee, visitor, and vendor ID badges are issued and removed
• has procedures for issuing, removing, and changing access to security devices (for example, keys and key cards)

Escort visitors: Make sure visitors are accompanied and wear temporary ID.

Provide documents in your application showing:

• how your company checks and documents government-issued ID (passport, driver’s licence)
• how visitors are escorted around sensitive areas and with who
• how your company identifies, challenges, and addresses unauthorized or unidentified persons and vehicles

Manage parking: Keep personal vehicles away from cargo areas. Describe in your application how you manage and document parking at your facilities.

Use alarms and cameras: Where this makes sense for your business operations, install monitored alarm systems and video surveillance.

Provide documents in your application showing:

• written procedures for how alarm systems and video surveillance, if you use them, must be used (for example, footage should be saved for at least 30 days) and how often their performance is tested
• a procedure to ensure video footage is reviewed yearly
• clear rules for who can access cameras or alarm systems
• any contracts with third-party security providers

Limit after-hours access: Have clear rules for who can enter the facility outside regular hours.

Supply chain partner security

This area is about making sure your business partners also follow good security practices.

Most companies applying for the PIP Program work with a variety of domestic and international supply chain partners. Applicants to the PIP Program must demonstrate they have a rigorous process for selecting, screening, and monitoring their supply chain partners. This is to ensure that sound security measures are in place and that all parties in the supply chain follow them. Supply chain partners must also be screened for activity related to trade-based money laundering and terrorist funding.

Choose your business partners carefully: Screen your business partners to make sure they meet security standards.

Watch for financial risks: Check for signs of money laundering or terrorist financing by your business partners. This can include but are not limited to inconsistent customer profiles, incorrect pricing, goods discrepancies, and shipping from high risk areas. These checks must be done every year.

Know your supply chain: Map out how goods and documents move through your supply chain.

Review regularly: Visit partner facilities and check their security practices based on risk.

Provide documents in your application showing that your company:

• has a process for reviewing risks (every year or sooner if something changes)
• addresses any changes made based on those reviews and how

Secure storage and seals: Make sure your business partners follow proper procedures for storing and sealing goods.