Which of the following is a requirement for IT infrastructure in CTPAT?

Regular testing of IT infrastructure is required because security controls must be validated continually as systems change and new threats emerge. Ongoing testing—including vulnerability assessments, configuration reviews, and incident-response readiness—ensures firewalls, access controls, encryption, and other protections actually work in practice and stay up to date. This proactive approach helps identify and remediate weaknesses before attackers exploit them, aligning with CTPAT’s emphasis on maintaining robust IT security across the supply chain. Outsourcing testing alone doesn’t guarantee internal controls are actually effective; making testing optional or never testing would leave critical infrastructure unverified and vulnerable.