Sensitive [optional: insert company logo] TRANSPORT S ECURITY PROGRAM (TSP) FOR [INSERT ORGANISATION ’S LEGAL NAME] A Regulated Air Cargo Agent (RACA) regulated under the Aviation Transport Security Act 2004 Legal name of RACA: [INSERT ORGANISATION’S LEGAL NAME] Trading or operating as: [Insert trading / operating names] ACN/ARBN: [Insert Australian Company Number or Australian Registered Body Number as applicable] ABN: [Insert Australian Business Number if held] [READ AND DELETE THIS TEXT BOX BEFORE SUBMITTING TSP] Your completed TSP must accurately reflect the specific security measures and procedures employed by your organisation. Before starting your TSP, please read the accompanying guidance for RACAs developing a TSP. Disclaimer The Australian Government has prepared this document with due care. However, it is made available on the understanding that the Australian Government is not providing legal advice and that users of this guidance exercise their own skill and care with respect to its use and seek independent advice if necessary. The Australian Government takes no responsibility for any errors, omissions or changes to the information that may occur and disclaims any responsibility and liability to any person, organisation or the environment in respect of anything done, or omitted to be done, in reliance upon information contained in this guidance. The information contained is guidance material only. The information in no way overrides Commonwealth or State legislation. Aviation industry participants should refer to the Aviation Transport Security Act 2004 and the Aviation Transport Security Regulations 2005 before submitting TSPs for approval. Under regulation 2.06 of the Aviation Transport Security Regulations 2005 it is an offence to disclose any information about the content of an aviation industry participant’s TSP without the consent of the participant. SCT05-06 (September 2015) Sensitive TSP – [RACA trading name] Sensitive Contents Document Revision Record.................................................................................................................... iv Key References ...................................................................................................................................... v Definitions [s9; r1.03 and others] .................................................................................................................................... v Glossary of acronyms and terms...................................................................................................................................... v 1 GENERAL OBLIGATIONS ........................................................................................................................ 1 1.1 1.2 1.3 Program scope and objectives [r2.48] ............................................................................................ 1 Local security risk context statement [r2.49] .................................................................................. 1 Quality control [r2.53] ................................................................................................................... 1 1.3.1 Audits [r2.53(1)(a)-(b)].......................................................................................................................................... 1 1.3.2 TSP reviews [r2.53(1)(c)-(d)] ................................................................................................................................. 2 1.4 1.5 2 Information security [s16(2)(e); r2.51(4); r2.52(3)] ......................................................................... 3 Security of passwords, keys and access devices [r2.55(1)(f)] ........................................................... 3 OPERATIONAL DETAILS ......................................................................................................................... 5 2.1 2.2 Sites and facilities covered by this TSP [s16(2)(f); r2.54] ................................................................. 5 Security management [s16(2)(a); r2.52(1); r2.58] ........................................................................... 5 2.2.1 2.2.2 2.2.3 2.2.4 2.3 Organisational structure and security management arrangements [r2.52(1)(a)] ................................................ 5 Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58] ........................................................................... 5 Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58] ............................................................... 5 Contractors [r2.52(1)(b); r2.58] ............................................................................................................................ 7 Consultation and communication [s16(2)(b),(g); r2.52(2)] ............................................................... 7 2.3.1 Consultation to develop this TSP [s16(2)(g)] ........................................................................................................ 7 2.3.2 Communication and consultation within the organisation [r2.52(2)(a)] .............................................................. 7 2.3.3 Communication and consultation with the operator of a security controlled airport at which the Organisation has a facility [r2.52(2)(b)] ........................................................................................................................... 7 2.3.4 Communication and consultation with relevant third parties [r2.52(2)(d)] ......................................................... 8 2.4 3 Implementation of security measures and procedures [r2.55(2)] .................................................... 8 PHYSICAL SECURITY AND ACCESS CONTROL MEASURES [R2.54(1)(D); R2.55] ................................................... 9 3.1 Physical security of sites and facilities [r2.54(1)(d); r2.55(1)(e)] ...................................................... 9 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.2 Building security ................................................................................................................................................... 9 Perimeter security ................................................................................................................................................ 9 Signage.................................................................................................................................................................. 9 CCTV coverage ...................................................................................................................................................... 9 Alarms ................................................................................................................................................................. 10 Access control measures for sites and facilities [r2.54(1)(d); r2.55(1)(e)] ....................................... 10 3.2.1 Access control ..................................................................................................................................................... 10 3.2.2 Identification ...................................................................................................................................................... 11 3.3 3.4 3.5 4 Access control measures for airside and security zones [r2.55(1)(b)-(d)] ....................................... 11 Maintenance of security equipment [r2.55(1)(g)] ......................................................................... 11 Physical security of cargo transport vehicles [r2.55(1)(h)] ............................................................. 12 CARGO SECURITY AND EXAMINATION [R2.51; R2.55(1)(I)]......................................................................... 13 4.1 Cargo security [r2.51(1); r2.51(2); r2.52(3)] .................................................................................. 13 4.1.1 Cargo Records [r2.52(3)] ..................................................................................................................................... 13 The following measures and procedures are used for the keeping of accurate records of cargo in the Organisation’s possession or under the Organisation’s control: ................................................................................... 13 4.1.2 Deter and detect unauthorised explosives [r2.51(1)]......................................................................................... 13 SCT05-06 (September 2015) Sensitive Page ii TSP – [RACA trading name] Sensitive 4.1.3 Ensuring the security of cargo at all times [r2.51(2)] ......................................................................................... 13 4.2 Cargo examination [s16(2)(c); r2.51(1A); r2.55(1)(i)] ..................................................................... 13 4.2.1 Methods, techniques and equipment for examination of cargo [s16(2)(c); r2.51(1A); r2.55(1)(i)] ................... 13 5 REGULAR CUSTOMERS [R2.60] ............................................................................................................ 15 5.1 5.2 5.3 6 Maintaining a regular customer list [r2.60(a)] .............................................................................. 15 Regular customer undertaking [r2.60(b)] ..................................................................................... 15 Receiving cargo from a regular customer [r2.60(c)] ...................................................................... 15 CARGO SECURITY RESPONSES [S16(2)(D); R2.51(3); R2.57] ....................................................................... 16 6.1 6.2 Measures and procedures for the handling and treatment of suspect cargo [r2.51(3)] .................. 16 Measures and procedures in the event of a heightened security alert [s16(2)(d); r2.57] ................ 16 ANNEX A: CLEARING CARGO ..................................................................................................................... 17 Introduction......................................................................................................................................... 17 Notes on treatment of cargo [s44B(2)] .................................................................................................. 17 Notes on dealing with cargo [s44B(3)] .................................................................................................. 17 Notes on regular customers.................................................................................................................. 17 Receiving Cargo Tables ......................................................................................................................... 17 Supporting Tables: ............................................................................................................................... 20 ATTACHMENT A: SIGNED STATEMENT [S16(1) AND R2.05] ................................................................................ 22 ATTACHMENT B: LOCAL SECURITY RISK CONTEXT STATEMENT [R2.49] .................................................................. 23 General threats and generic security risk events of relevance to the Organisation ...................................................... 23 People, assets, infrastructure and operations that need to be protected .................................................................... 24 ATTACHMENT C: LIST OF SITES AND FACILITIES COVERED BY THIS TSP [R2.54(1)] ................................................... 25 ATTACHMENT D: ORGANISATIONAL STRUCTURE AND SECURITY MANAGEMENT ARRANGEMENTS [R2.52(1)(A)] ............ 26 ATTACHMENT E: CONSULTATION UNDERTAKEN AS PART OF THE DEVELOPMENT OF THIS TSP [S16(2)(G)] ...................... 27 ATTACHMENT F: REGULAR CUSTOMER UNDERTAKING [R2.60(B)] ....................................................................... 28 ACCOMPANYING DOCUMENT 1: DETAILS OF SITES AND FACILITIES COVERED BY THIS TSP [R2.54(2)]........................... 29 ACCOMPANYING DOCUMENT 2: TIMETABLE FOR IMPLEMENTATION OF SECURITY MEASURES AND PROCEDURES [R2.55(2)(B)] ........................................................................................................................... 30 ACCOMPANYING DOCUMENT 3: MEASURES AND PROCEDURES IN THE EVENT OF A HEIGHTENED SECURITY ALERT [R2.57] .. 31 Aviation security incident response [r2.57(2)(a)] .......................................................................................................... 31 Reporting aviation security breaches [r2.57(2)(b)] ........................................................................................................ 32 Evacuation and emergency management [r2.57(2)(c)] ................................................................................................. 32 Special security directions [r2.57(2)(d)] ......................................................................................................................... 33 Staff security awareness [r2.57(2)(e)]............................................................................................................................ 33 Contingency Plans [r2.57(2)(f)] ...................................................................................................................................... 33 FINAL CHECKS PRIOR TO SUBMISSION ............................................................................................................ 35 SCT05-06 (September 2015) Sensitive Page iii TSP – [RACA trading name] Sensitive Document Revision Record Updates, revisions and alterations to this TSP are recorded below in the TSP Revision Record. Authority to make updates and alterations to this record is restricted to the Security Contact Officer (SCO) and [Insert title of any other authorised person if relevant] who is/are authorised by the Organisation to effect such changes. Note: ‘Nature of revision’ includes initial submission and any alteration (minor amendment) etcetera. If the type of revision is an alteration, you should note which part of the TSP the alteration affected. TSP REVISION RECORD Version number Nature of revision Revision date Page(s) affected Section(s) affected 1.0 Initial submission dd/mm/yy All All SCT05-06 (September 2015) Sensitive Actioned by (name, title) Name, title Action date Approved dd/mm/yy Page iv TSP – [RACA trading name] Sensitive Key References All section (s) references in this TSP are to sections of the Aviation Transport Security Act 2004 (the Act) and all references to regulations (r) are to the Aviation Transport Security Regulations 2005 (the Regulations). Definitions [s9; r1.03 and others] Definitions are provided in the Act and the Regulations. Key definitions are found in s9 of the Act and r1.03 of the Regulations. The Act and Regulations are available at www.comlaw.gov.au. Glossary of acronyms and terms The following list includes definitive acronyms used in this TSP. Term Meaning AACA Accredited Air Cargo Agent Act, the Aviation Transport Security Act 2004 Cargo Goods (other than baggage or stores) that are transported by air, or are intended or are reasonably likely to be transported by air ChOCS Chain of Custody Statement Cleared Cargo Cargo that has received clearance and has been dealt with in accordance with the Regulations, including cargo that is received by a RACA with both a Security Declaration and ChOCS Department, the The Australian Government department responsible for the administration of the Act and the Regulations Diplomatic Bag An item that is a diplomatic bag for the purposes of the Diplomatic Privileges and Immunities Act 1967 Exempt Items Items of cargo that can be cleared without examination because the Secretary has issued a notice under s44B(2)(b) of the Act International Cargo International cargo means cargo that is destined for a foreign country and that is not transhipped cargo LSRCS Local Security Risk Context Statement Organisation, the The RACA, named in this TSP, to whom this TSP applies OTS Office of Transport Security RACA Regulated Air Cargo Agent Regulated Business Regulated business means a RACA, AACA or an operator of a prescribed air service Regulations, the Aviation Transport Security Regulations 2005 SCO Security Contact Officer Secretary, the The Secretary of the Department SSD Special Security Direction TSP Transport Security Program Uncleared Cargo Cargo that is not cleared cargo, including cargo that is received by a RACA without both a Security Declaration and ChOCS SCT05-06 (September 2015) Sensitive Page v TSP – [RACA trading name] Sensitive 1 General Obligations This TSP has been made in accordance with the obligations of a RACA as set out in s12 of the Act and r2.03(a) of the Regulations. This TSP applies to the RACA identified and named on the cover of this document (the Organisation). A signed statement, to the effect that the Organisation believes this TSP gives effect to its obligations set out in section 16(1) of the Act, is provided at Attachment A. 1.1 Program scope and objectives [r2.48] This TSP applies measures and procedures to all cargo that is in the possession of this RACA or under the control of this RACA and at each site or facility that is covered by this TSP. It sets out the measures and procedures to be used to examine, handle, store and transport cargo in a secure manner and make arrangements for the secure movement of cargo. This includes measures and procedures to: a) prevent an act of unlawful interference with aviation; b) safeguard against unlawful interference with aviation by ensuring the security of cargo handled (or for which arrangements are made) by all parties covered by this TSP; and c) increase public confidence in aviation security arrangements. 1.2 Local security risk context statement [r2.49] A statement outlining the local security risk context for the Organisation is provided at Attachment B. The statement has been developed in the context of: the location of the Organisation’s sites and facilities; seasonal and operational factors relevant to the Organisation and its environment; general threats and generic security risk events to people, assets, infrastructure and operations; and an outline of the people, assets, infrastructure and operations that need to be protected. 1.3 Quality control [r2.53] The following quality control procedures are employed by the Organisation: 1.3.1 Audits [r2.53(1)(a)-(b)] The Organisation will conduct audits of security measures and procedures to ensure that measures and procedures described in this TSP, as required under the Act and Regulations, have been implemented. Audits will be scheduled as follows: [insert details of how audits are scheduled]. Audits will be conducted as follows: Set out details of the procedures for conducting an audit at your organisation. For example: Audits will be systematic and will assess the implementation of this TSP and all security measures detailed within it. All audits will include consideration of and, where required, consultation on the following: results from any previous audits and TSP reviews; measures set out in the TSP; any results from drills and/or exercises conducted; and SCT05-06 (September 2015) Sensitive Page 1 TSP – [RACA trading name] Sensitive any relevant aviation security incidents. Particular consideration will also be given to whether the security measures and procedures are being applied as per the TSP and, if not, what corrective action will be taken. Consideration may also be given to: [please specify as appropriate for the Organisation – for example options for continuous improvement in regard to security measures and procedures]. Findings and recommendations will be presented to [full title of the vetting authority within your organisation, such as the CEO, or the Operations Manager] and to [full title of any security committee or other body which will view the reports] for consideration, and implemented as appropriate. 1.3.2 TSP reviews [r2.53(1)(c)-(d)] A review of this TSP will be conducted if: there is a change in the security threat level for air cargo or the Organisation; an aviation security incident occurs; there is a major change in the operational profile of the Organisation; a change in ownership or organisational structure; or directed by the Department to do so. [please specify any additional circumstances as appropriate for your organisation – for example after each security audit]. Reviews will involve input from a variety of sources including consultation with all parties affected by this TSP. Set out details of the procedures for reviewing your TSP, including a process for consultation. For example: All reviews will assess the current security measures and procedures to consider if they are adequate to meet the requirements of the current local security risk context statement set out in Attachment B. They will include consideration of and, where required, consultation on the following: results from any previous audits and reviews; any change to Transport Security Advisories or the Aviation Security Risk Context Statement issued by the Department in relation to cargo; any changes to the local risk context; any changes in TSP coverage; any results from drills and/or exercises conducted; any relevant aviation security incidents; and any changes in the regulatory requirements. Particular consideration will also be given to whether the security measures and procedures set out in the TSP remain appropriate and proportionate in relation to the local risk context statement and operational requirements. Findings and recommendations will be presented to [full title of the vetting authority within your organisation, such as the CEO, or the Operations Manager] and to [full title of any security committee or other body which will view the reports] for consideration, and implemented as appropriate. This may require an amendment to, or revision of, this TSP. SCT05-06 (September 2015) Sensitive Page 2 TSP – [RACA trading name] Sensitive 1.4 Information security [s16(2)(e); r2.51(4); r2.52(3)] The following security information requires protection against unauthorised access, amendment and disclosure: this TSP; any attachments or accompanying documents to this TSP; security measures to be applied to cargo; aircraft operator and flight information for cargo, prior to that cargo being received by the Organisation; security compliance information (e.g. findings from audits conducted by the Department); results, records and reports of any audit or review carried out in accordance with the TSP, the Act or Regulations; [any other – please specify] Access to this security information is restricted to persons who have a ‘need to know’, and requires authorisation from [specify position/role]. [Specify position/role] is responsible for: the protection of the TSP; determining who has access to the TSP; the approval of electronic access to the TSP; the distribution, return and destruction of all TSP copies; the recording of the movement of all TSP copies; determining who is authorised to amend the TSP; and managing access, amendment and disclosure of other security information within the Organisation. Security information will be protected against unauthorised access, amendment and disclosure through the following measures and procedures: Insert your measures and procedures. For example: Security information will be identified and classified appropriately. Records of authorised disclosure of security information will be retained. Physical copies of security information are securely stored in [type of container/location] at [insert location]. Only [specify] is authorised to remove them from the container, and a register of all requests and approvals in maintained. Electronic copies are stored on a computer system that is restricted to authorised personnel only. 1.5 Security of passwords, keys and access devices [r2.55(1)(f)] Set out how and where passwords, security codes or access devices are used as a security measure in your organisation. The management and control of all passwords, access codes, access devices and keys [specify] is the responsibility of [specify]. SCT05-06 (September 2015) Sensitive Page 3 TSP – [RACA trading name] Sensitive Records of all security passwords, access codes, keys and access devices issued is kept by the [specify]. These records are secured [specify the receptacle, location, and the method to secure the record]. Security passwords / access codes are changed: Insert your measures and procedures. For example: every three to twelve months OR [specify timeframe]; when any staff with security access leave; and / or when a security incident involving unauthorised access to security areas and security zones has been determined by the SCO to have compromised access control security. Audits of keys and access devices are conducted [specify how often and by whom] to ensure that: Insert your measures and procedures. For example: nominated staff have their correct passwords and access devices; staff with access to security information or zones and areas still require it; any loss of keys or access device has been reported, recorded and investigated; and keys and access devices that are held in storage have been issued and returned correctly. SCT05-06 (September 2015) Sensitive Page 4 TSP – [RACA trading name] Sensitive 2 Operational Details 2.1 Sites and facilities covered by this TSP [s16(2)(f); r2.54] A list of all sites that operate on behalf of the Organisation and all facilities that are covered by this TSP, including other aviation industry participants operating under this TSP, are set out in Attachment C. Further details for sites and facilities covered by this TSP are set out in Accompanying Document 1. Note: under the Regulations, the TSP must only cover an aviation industry participant that is an agent or subsidiary of the Organisation, or has a contract with the Organisation to provide a service for the movement or handling of cargo or the making of arrangements for the movement or handling of cargo. 2.2 Security management [s16(2)(a); r2.52(1); r2.58] 2.2.1 Organisational structure and security management arrangements [r2.52(1)(a)] The Organisation’s structure, and the arrangements for managing security at each of our facilities, are set out in Attachment D. 2.2.2 Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58] The SCO is responsible for facilitating the development, implementation, review and maintenance of this TSP. The SCO is also responsible for the maintenance of the administration of security measures and procedures contained in this TSP. Specific responsibilities include: liaising with other aviation industry participants in relation to aviation security matters; liaising with the Department to ensure compliance with all aviation security regulatory requirements, change in the Department’s threat assessment, and any Special Security Directives or Compliance Control Directions; Set out any additional responsibilities for the SCO in your organisation. For example: ensuring employees, contractors or other persons with aviation security related roles have sufficient knowledge, skills and training to perform their duties; ensuring staff are briefed on all security-related matters in relation to the Organisation’s facilities; ensuring the appropriate protection of all security information against unauthorised access, amendment and disclosure; ensuring the integrity of all preventive security measures and arranging maintenance as required; overseeing the serviceability of all security equipment; Maintaining the Regular Customer List; reporting and monitoring aviation security incidents, including threats and breaches; and attending relevant aviation security meetings. The knowledge, skills and other requirements to fulfil the security-related aspects of this position are: Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements. Note: under the Regulations, the RACA must appoint a SCO and the RACA must provide security awareness training for the relevant staff to enable them to properly perform the security related aspects of their positions. 2.2.3 Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58] SCT05-06 (September 2015) Sensitive Page 5 TSP – [RACA trading name] Sensitive The roles and responsibilities of security officers and other persons assigned particular security duties and responsibilities are as follows: Insert as relevant to your organisation. For example: Senior Security Officers/Security Officers Senior Security Officers / Security Officers are supervised by and report to [specify]. Their duties and responsibilities require them to: Manage day to day security issues; brief staff on security-related matters such as changes in the security environment when directed by [specify]. [Report / investigate / compile] all security breaches, threats or aviation incident reports for [specify]. They also assist the Operations Manager / Security Manager / SCO in: the development, implementation, review and maintenance of the Organisation’s TSP; liaison with other aviation industry participants in relation to aviation security matters; providing feedback to SCO / other regarding application and effectiveness of security measures in the Organisation’s TSP; and the coordination with the Department’s staff to ensure regulatory compliance. The knowledge, skills and other requirements for the security-related aspects of these positions are: Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements. Cargo Receipt Officers The roles and responsibilities of a Cargo Receipt Officer are as follows: Receive and inspect cargo consignments from consignors and other regulated businesses in accordance with measures set out in this TSP; Check security documentation for consignments; and Report to SCO / other regarding suspect cargo or any security issues or incidents. The knowledge, skills and other requirements for the security-related aspects of these positions are: Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements. Cargo Examination Officers Conduct cargo examination in accordance with this TSP, relevant air cargo examination notices and examination equipment instructions; Report to SCO / other regarding suspect cargo or any security issues or incidents. The knowledge, skills and other requirements for the security-related aspects of these positions are: Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements. Note: under the Regulations, the RACA must provide security awareness training for the relevant staff to enable them to properly perform the security related aspects of their positions. SCT05-06 (September 2015) Sensitive Page 6 TSP – [RACA trading name] 2.2.4 Sensitive Contractors [r2.52(1)(b); r2.58] Select from the options below as appropriate for your operations. The Organisation does not have any arrangements or contracts with any private or secondary businesses to undertake security roles at the Organisation’s facilities. OR The Organisation has a contract with [specify] to undertake the following security relevant duties and responsibilities: Insert as relevant to your organisation. For example: open and inspect each site and facility before daily commencement of operations; secure each site and facility after the daily conclusion of operations to ensure that all persons have vacated and there are no unattended items; lock, alarm and/or patrol site and facility building(s); monitor CCTV and respond to any suspicious behaviour or incidents; monitor the alarms and respond to any activation of the alarm system; and perform regular / irregular patrols of the area surrounding each site and facility. The knowledge, skills and other requirements for the security-related aspects of these positions are: [Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.] Note: under the Regulations, the RACA must provide security awareness training for the relevant staff (including contractors) to enable them to properly perform the security related aspects of their positions. 2.3 Consultation and communication [s16(2)(b),(g); r2.52(2)] 2.3.1 Consultation to develop this TSP [s16(2)(g)] Details of the consultation undertaken in developing this TSP can be found at Attachment E. 2.3.2 Communication and consultation within the organisation [r2.52(2)(a)] The [specify position/role] is responsible for ensuring ongoing and effective communication within the organisation and within each site covered by the TSP for the purpose of coordinating security-related activities. The mechanisms used to communicate and consult within the organisation are: Insert as relevant to your organisation. For example: A weekly email to all staff and contractors. Meetings or phone calls as required. 2.3.3 Communication and consultation with the operator of a security controlled airport at which the Organisation has a facility [r2.52(2)(b)] The Organisation does not have any sites or facilities at any security controlled airports. OR The [specify position/role] is responsible for ensuring ongoing and effective communication between the organisation and the operator of any security controlled airport at which the Organisation has a facility for the purpose of coordinating security-relevant activities. The mechanisms used to communicate and consult with these airport operators are: SCT05-06 (September 2015) Sensitive Page 7 TSP – [RACA trading name] Sensitive Insert as relevant to your organisation. For example: 2.3.4 Quarterly attendance of Airport Security Committee meetings. Communication and consultation with relevant third parties [r2.52(2)(d)] The [specify position/role] is responsible for ensuring ongoing and effective communication between the organisation and relevant third parties, such as police or aircraft operators, for the purpose of coordinating security-relevant activities. The mechanisms used to communicate and consult with these third parties are: Insert as relevant to your organisation. For example: Industry meetings [specify]; Quarterly meetings of the Airport Security Committee, which includes representatives of the police, all aircraft operators, airport tenants and lessees. 2.4 Implementation of security measures and procedures [r2.55(2)] All measures described in this TSP have been implemented. OR The measures and procedures that have not yet been implemented, and a timetable for implementation is set out at Accompanying Document 2. SCT05-06 (September 2015) Sensitive Page 8 TSP – [RACA trading name] Sensitive 3 Physical Security and Access Control Measures [r2.54(1)(d); r2.55] 3.1 Physical security of sites and facilities [r2.54(1)(d); r2.55(1)(e)] 3.1.1 Building security The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours. All buildings where cargo is handled are of sound construction and deter unauthorised access. Access points and potential access or insertion points, such as windows, vents and sky lights, for buildings where cargo is handled are monitored or secured against unauthorised access or insertion of objects at all times. All building access points are closed, secured and deter unauthorised access when not in use and out of hours. 3.1.2 Perimeter security The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours. All areas where cargo is handled are secured by fencing that will deter unauthorised access of persons or vehicles. Access gates for areas where cargo is handled are monitored or secured against unauthorised access of persons or vehicles at all times. All access gates to the site and secure areas are closed, secured and deter unauthorised access when not in use and out of hours. The site perimeter is patrolled [specify frequency] by security guards out of hours. 3.1.3 Signage The following security measures and procedures apply to all sites OR [specify sites]. Signage to advise of authorised personnel only at all secure area access points; Signage to advise ID cards must be worn in all secure areas; Signage reminding employees to challenge and report any unauthorised persons or suspicious behaviour in secure areas; Signage informing customers that: 3.1.4 cargo will be subject to security and clearing procedures; and it is illegal to consign as cargo, without authorisation, an explosive or an explosive device, displayed in cargo consignment areas. CCTV coverage The Organisation does not use CCTV. OR The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours. The following areas are monitored by CCTV: site access points; building access points; SCT05-06 (September 2015) Sensitive Page 9 TSP – [RACA trading name] Sensitive cargo handling areas; cargo storage areas; office and administration areas; and overnight parking areas for cargo transport vehicles. The CCTV monitoring station for the Organisation is located at [specify location] and operates [specify the hours of operation]. CCTV is monitored by [specify role/position]. CCTV recordings are retained for a period of [specify]. The Organisation will provide a copy of the recordings to law enforcement authorities upon request, if appropriate. Staff responsible for CCTV monitoring will report any security incident as soon as practicable to the SCO and, if necessary or appropriate, to the local law enforcement agency. 3.1.5 Alarms The Organisation does not use alarms. OR The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours. The following areas are monitored by a back-to-base alarm system out of hours: site access points; building access points; cargo handling areas; cargo storage areas; office and administration areas; and overnight parking areas for cargo transport vehicles. The response to an alarm out of hours is: Insert measures and procedures for investigating, assessing and responding to an alarm. 3.2 Access control measures for sites and facilities [r2.54(1)(d); r2.55(1)(e)] 3.2.1 Access control The following measures are used to control access to all sites OR [specify sites] and include security procedures for out of hours. Insert your measures and procedures. For example: Access to sites and facilities is permitted 24 hours a day, 7 days a week OR limited to operational hours; Access to the following areas is restricted to authorised persons who have a legitimate purpose and displaying appropriate identification: Cargo handling areas, Cargo storage areas, Security information storage areas; SCT05-06 (September 2015) Sensitive Page 10 TSP – [RACA trading name] Sensitive Access to secure areas is controlled by [specify method of control e.g. swipe cards / guards / locks] Authorised persons are not permitted to bring personal bags, packages or non-essential items into cargo handling areas. Spot checks will be periodically conducted by [specify]. All staff are required to challenge any person in a restricted area who is not known to be authorised or is not displaying appropriate identification. 3.2.2 Identification The following measures are used to manage staff and visitor identification procedures to all sites OR [specify sites]. Insert your measures and procedures. For example: All staff (including contractors) who access cargo handling areas, handle cargo or transport cargo are required to have an identification card; All staff (including contractors) must display their identification card when in cargo handling areas or when transporting cargo; Identification cards are tamper-resistant and include the employee’s name and photograph, the Organisation’s name and an expiry date. Identification cards are valid for no more than two years; Identification cards are recovered when expired or when employment ends. Records for the issue and recovery of all identification cards are kept and maintained by [specify]; Temporary identification cards may be provided for: New employees, Short-term contractors, and Employees whose identification card is temporarily unavailable. Temporary identification cards are valid for a single day only; and Visitor cards may be provided for visitors who need access to cargo handling areas or security information storage areas. Visitor identification cards are valid for a single day only and must be reclaimed when the visitor leaves the site. Visitors must be escorted in cargo handling areas and other secure areas at all times. 3.3 Access control measures for airside and security zones [r2.55(1)(b)-(d)] The Organisation does not access airside areas or airport security zones. OR The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours. Measures to deter and detect unauthorised access include: Insert your measures and procedures. For example: Compliance with airport security measures, including ID checks for personnel accessing airside or airport security zones; Monitor relevant access points during operational periods; and Secure and alarm relevant access points out of hours. 3.4 Maintenance of security equipment [r2.55(1)(g)] SCT05-06 (September 2015) Sensitive Page 11 TSP – [RACA trading name] Sensitive The following measures are used to maintain security equipment at all sites OR [specify sites]. Insert your measures and procedures. For example: All security equipment is maintained according to the manufacturer’s instructions; All security equipment is calibrated by [specify role/position] according to the manufacturer’s instructions; and [Specify role/position] is responsible for managing and recording details of equipment maintenance procedures, maintenance checks and calibration checks. 3.5 Physical security of cargo transport vehicles [r2.55(1)(h)] The following measures are used to secure cargo transport vehicles at all sites OR [specify sites] and include security procedures for out of hours. Insert your measures and procedures. For example: All vehicles used to transport cargo are of sound condition and deter unauthorised access; Passenger and cargo areas of vehicles used to transport cargo are kept locked when unattended or not in use; Vehicles used to transport cargo are parked in secure areas and/or monitored out of hours; Vehicles used to transport cargo are inspected for unauthorised access, tampering or insertion of unauthorised objects: daily prior to use; and After any period left unattended in an unsecured area. SCT05-06 (September 2015) Sensitive Page 12 TSP – [RACA trading name] Sensitive 4 Cargo security and examination [r2.51; r2.55(1)(i)] 4.1 Cargo security [r2.51(1); r2.51(2); r2.52(3)] 4.1.1 Cargo Records [r2.52(3)] The following measures and procedures are used for the keeping of accurate records of cargo in the Organisation’s possession or under the Organisation’s control: Insert your measures and procedures. For example: 4.1.2 [cargo record keeping procedures] Deter and detect unauthorised explosives [r2.51(1)] The following measures and procedures are used to deter and detect the unauthorised carriage, as cargo, of explosives that could facilitate an act of unlawful interference with aviation: Insert your measures and procedures. For example: All cargo that is received by the Organisation is checked on receipt for signs of tampering or that it may be suspect cargo, in accordance with the procedures set out in Annex A. All uncleared cargo is treated in accordance with the procedures set out in Annex A and receives clearance. A Security Declaration is issued for all cargo that receives clearance. Cleared cargo is: Cargo for which the Organisation issued a Security Declaration; or Cargo that was received by the Organisation with both a Security Declaration and a ChOCS. Cleared cargo is kept secure at all times and dealt with in accordance with the procedures set out in Annex A. A ChOCS is issued for all cleared cargo. Any cargo that shows signs of tampering or that it may contain unauthorised explosives or is examined and cannot be cleared is treated as suspect cargo in accordance with this TSP and is not provided to another regular business. The following procedures will have effect during equipment failure or unserviceability: Insert your measures and procedures. For example: 4.1.3 [specify contingency procedures if security equipment fails] Ensuring the security of cargo at all times [r2.51(2)] The following measures and procedures are used to ensure the security of cargo at all times: Insert your measures and procedures. For example: All cargo is kept secure while in the possession of the Organisation by ensuring that it is accompanied, monitored, or kept in a secure area at all times. Access to cargo is restricted to authorised persons only in accordance with the access control procedures set out in this TSP. Any cargo that is found to have not been kept secure at all times is rechecked for tampering and unauthorised explosives and treated as uncleared cargo until it subsequently receives clearance. 4.2 Cargo examination [s16(2)(c); r2.51(1A); r2.55(1)(i)] 4.2.1 Methods, techniques and equipment for examination of cargo [s16(2)(c); r2.51(1A); r2.55(1)(i)] SCT05-06 (September 2015) Sensitive Page 13 TSP – [RACA trading name] Sensitive The methods, techniques and equipment for examination of cargo for all sites OR [specify sites] is set out in Annex A and in any notices issued to the Organisation under regulation 4.41J. SCT05-06 (September 2015) Sensitive Page 14 TSP – [RACA trading name] Sensitive 5 Regular Customers [r2.60] 5.1 Maintaining a regular customer list [r2.60(a)] The following procedures apply to the Organisation’s regular customer list: Insert your measures and procedures. For example: Customers may become regular customers by their inclusion on the Organisation’s regular customer list. Customers may only be added to the regular customer list by [specify role/position]. To be eligible to be added to the regular customer list, the customer must sign a regular customer undertaking, and evidence must be provided that the customer: is the regular customer of another RACA; or has an established credit rating; and has consigned cargo at least three times without incident. For each regular customer, the regular customer list must include: the customer’s name and contact details; why the customer was included on the list; and the date of the customer’s inclusion on the list. 5.2 Regular customer undertaking [r2.60(b)] The form of the regular customer undertaking can be found at Attachment F. 5.3 Receiving cargo from a regular customer [r2.60(c)] The procedures for receiving cargo from a regular customer, including procedures to identify people who represent such a customer, can be found in Annex A. SCT05-06 (September 2015) Sensitive Page 15 TSP – [RACA trading name] Sensitive 6 Cargo security responses [s16(2)(d); r2.51(3); r2.57] 6.1 Measures and procedures for the handling and treatment of suspect cargo [r2.51(3)] [Specify position/role] is responsible for determining whether an item is suspect cargo and the appropriate response. If there is any concern that an item may cause unlawful interference with aviation, or contain an unauthorised explosive or explosive device, items will be considered suspect cargo. Following the identification of suspect cargo, the following actions will be taken: Insert your measures and procedures. For example: The area around the item or vehicle will be cleared; Employees and customers will be instructed to clear the area or evacuate and not interfere with or approach the suspect cargo; State or Territory police will be contacted immediately; Consideration will be given to whether local site operations can continue safely and whether to temporarily alter or cease local operations; The Department and any other relevant government agencies will be notified when practicable; The instructions of police and government agencies will be followed; and Procedures regarding the discovery of an explosive device will be followed if the item is identified as an unauthorised explosive. 6.2 Measures and procedures in the event of a heightened security alert [s16(2)(d); r2.57] The Organisation has a number of additional security measures and procedures available for implementation in the event of a heightened security alert. These measures and procedures are detailed at Accompanying Document 3. Measures for heightened security alerts may be implemented: when the Australian Government formally raises a national counter-terrorism alert level; when specific threats are directed towards the Organisation; in response to an aviation security incident; in response to the issuance of an SSD; or as otherwise advised by the Department. SCT05-06 (September 2015) Sensitive Page 16 TSP – [RACA trading name] Sensitive ANNEX A: Clearing Cargo Introduction This Annex (version 3.2) details the basic security measures for cargo to receive clearance. This includes the receipt, examination and treatment of cargo. This Annex also details the requirements for dealing with cargo in order to clear cargo and maintain its cleared status. This Annex forms part of the TSP and, where any discrepancies exist, security measures detailed within this Annex take precedence over measures detailed elsewhere within the TSP. Notes on treatment of cargo [s44B(2)] Cargo has been treated in accordance with this TSP if the receipt, ID and examination requirements set out in Tables 1.1 and 1.2 have been met and a Security Declaration has been issued (if required). Notes on dealing with cargo [s44B(3)] Cargo has been dealt with in accordance with this TSP if the cargo is: checked on receipt and not suspect cargo and not tampered with; kept secure at all times; and continues to show no signs of tampering, suspect cargo or containing unauthorised explosives for the entire time it is in the possession of the RACA. Indications that cargo has been tampered with may include oil stains and damage or cuts in packaging or wrapping. Signs that cargo is suspect cargo may include unusual smells, excessive postage or if the weight exceeds the normal weight for the consignment type or any other indications of potential explosives. Notes on regular customers All cargo from Regular Customers must be received by a Regulated Business directly from the regular customer in order to maintain cleared cargo status. Receiving Cargo Tables Records of identification are to be retained for a period of 30 days. Examination will be conducted in accordance with the Table 1.5 titled ‘Examination Methods’. Any changes to examination of cargo will be by written notice issued by the Secretary of the Department, or delegate, and will occur independently of the requirements of this TSP. A Notice listing those items that are exempt from examination is issued from time to time by the Department. SCT05-06 (September 2015) Sensitive Page 17 TSP – [RACA trading name] Sensitive Table 1.1: Uncleared cargo that is received by RACA without a Security Declaration Cargo Type 1 2 3 4 Items ≤ 250 gm and ≤ 5 mm thick Domestic cargo items > 250gm and/or > 5mm thick International exempt items > 250 gm and/or > 5mm thick International non-exempt items > 250gm and/or > 5mm thick SCT05-06 (September 2015) Received From Check ID of sender Record ID of sender Examination of cargo required (refer to Table 1.3) (refer to Table 1.4) (refer to Table 1.5) Documentation to be issued (refer to Table 1.6) Unregulated No No No No Regular Customer No No No No Regulated Business No No No No Unregulated No No No No Regular Customer No No No No Regulated Business No No No No Unregulated Yes Yes No Security Declaration and Chain of Custody Statement Regular Customer Yes No No Security Declaration and Chain of Custody Statement Regulated Business Yes Yes No Security Declaration and Chain of Custody Statement Unregulated Yes Yes Yes Security Declaration and Chain of Custody Statement Regular Customer Yes No No Security Declaration and Chain of Custody Statement Regulated Business Yes Yes Yes Security Declaration and Chain of Custody Statement Sensitive Page 18 TSP – [RACA trading name] Sensitive Table 1.2: Cleared cargo that is received by a RACA with a Security Declaration and Chain of Custody Statement Please note that once cargo is cleared it can only retain its cleared status if transported and handled by a regulated business in accordance with their Security Program. When passing on cleared cargo a Regulated Business must issue a Chain of Custody Statement as evidence that cleared cargo has been held securely at all times whilst in the regulated business’s possession. Cargo that is transported or handled by a non-regulated business after clearance is no longer cleared and will require re-examination. Cargo Type 1 Items ≤ 250 gm and ≤ 5 mm thick Received From Check ID of sender (refer to table 1.3) Domestic cargo items > 250gm and/or > 5mm thick 3 Regular Customer N/A (Refer to Table 1.1) No International non-exempt items > 250gm and/or > 5mm thick No No N/A (Refer to Table 1.1) Regular Customer N/A (Refer to Table 1.1) No No No No Unregulated N/A (Refer to Table 1.1) Regular Customer N/A (Refer to Table 1.1) No No No Chain of Custody Statement (existing Security Declaration is still valid) Unregulated N/A (Refer to Table 1.1) Regular Customer N/A (Refer to Table 1.1) Regulated Business SCT05-06 (September 2015) No Unregulated Regulated Business 4 Documentation to be issued (refer to table 1.6) N/A (Refer to Table 1.1) Regulated Business International exempt items > 250 gm and/or > 5mm thick Examination of cargo required (refer to table 1.5) Unregulated Regulated Business 2 Record ID of sender (refer to table 1.4) No Sensitive No No Chain of Custody Statement (existing Security Declaration is still valid) Page 19 TSP – [RACA trading name] Sensitive Supporting Tables: Table 1.3: Required Identification Document: The following are the only forms of valid identification documents that are permitted for the purposes of preparing cargo for clearance: An Australian photographic drivers licence; An Australian passport; A foreign passport supported by a second form of identification (that may not appear on this list); A photo credit or debit card issued by an authorised deposit-taking institution; A photographic identification card issued by an Australian government body (including Australian State/Territory bodies). Appropriate identification that satisfies the sender represents the Regular Customer. Table 1.4: Recording Identification: In order to clear cargo a RACA is required to identify the person sending the cargo. If required to do so you must sight a Required Identification Document, and record the following details: The senders name; The type of Identification Document (e.g. drivers’ licence); The issuing body (e.g. NSW RTA); and The unique identification number shown on the Identification Document. Where the sender is a corporation a Required Identification Document of an authorised representative of the sender (e.g. an employee) must be sighted and recorded. Table 1.5: Examination Methods: Each examination will be conducted in accordance with one of the methods shown below: Physical Examination – The contents of the cargo will be searched as thoroughly as is practical to verify that the contents are consistent with any available description and that no unauthorised explosive or incendiary device appears to be included in the cargo (Note: this includes but is not limited to a visual assessment of the cargo). Explosive Trace Detection – The use and maintenance of Explosive Trace Detection equipment will be in accordance with the manufacturers’ instructions, the equipments operational limitations and any advice or notice issued by the Department of Infrastructure and Transport. X-Ray – The use and maintenance of X-Ray equipment will be in accordance with the manufacturers’ instructions, the equipments operational limitations and any advice or notice issued by the Department of Infrastructure and Transport. Seven day secure hold – cargo is held securely for a period of seven days prior to transfer. SCT05-06 (September 2015) Sensitive Page 20 TSP – [RACA trading name] Sensitive Table 1.6: Cargo Security Documentation: Security Declaration: A Security Declaration is issued by a RACA to indicate that cargo has received clearance through being: a) examined or, where an exemption notice has been issued, the cargo is exempt from examination; and b) treated in accordance with the RACA’s TSP. The Security Declaration must: a) identify the cargo (such as reference to a Consignment number, Master Air Waybill or equivalent document that specifically identifies the cargo); b) state the name of the RACA issuing the Security Declaration; c) state the name and contact details of the individual issuing the Security Declaration on behalf of the RACA; d) state the time and date the Security Declaration is issued; and e) declare the cargo has received clearance. Chain of Custody Statement: A Chain of Custody Statement is provided by each Regulated Business (the Issuer) to another Regulated Business to whom they are passing the cleared cargo, stating that the Issuer has dealt with the cleared cargo by preventing unauthorised access and holding the cleared cargo in a manner that makes tampering with the cleared cargo obvious. The Chain of Custody Statement must: a) identify the cargo (such as reference to a Consignment number, Master Air Waybill or equivalent document that specifically identifies the cargo); b) state the name of the Regulated Business issuing the Chain of Custody Statement; c) state the name and contact details of the individual issuing the Chain of Custody Statement on behalf of the Regulated Business; d) state the time and date the Chain of Custody Statement is issued; e) state whether the Regulated Business received a Security Declaration for the cargo when the Regulated Business took possession of the cargo; f) if the Regulated Business received a Security Declaration for the cargo when taking possession of the cargo, the Chain of Custody Statement must state that the cargo has been held securely at all times in accordance with the Regulated Business’s TSP or AACA security program; and g) if the Regulated Business did not receive a Security Declaration for the cargo when taking possession of the cargo, then Chain of Custody Statement must state that the RACA issued a Security Declaration for the cargo and that the cargo has been held securely at all times after the cargo received clearance in accordance with the Regulated Business’s TSP. For cleared cargo to maintain its cleared status, it must be accompanied by a Security Declaration and a Chain of Custody Statement at all times. If you did not receive both a Security Declaration and a Chain of Custody Statement when taking possession of cargo, treat the cargo as uncleared cargo and remove any security documentation. SCT05-06 (September 2015) Sensitive Page 21 TSP – [RACA trading name] Sensitive Attachment A: Signed statement [s16(1) and r2.05] [Optional: Insert Organisation’s logo] [Insert Organisation’s legal name here]: is aware of its general responsibility to contribute to the maintenance of aviation security; has developed an integrated, responsible and proactive approach to managing aviation security within the Organisation; is aware of, and has the capacity to meet, the specific legislative obligations; and has taken into account relevant features of its operation in developing activities and strategies for managing aviation security within the Organisation. [insert Organisation’s legal name here] believes that this TSP gives effect to all of the above obligations. Signature : Title : (Chief Executive Officer or authorised representative) Date : SCT05-06 (September 2015) Sensitive Page 22 TSP – [RACA trading name] Sensitive Attachment B: Local security risk context statement [r2.49] Provide a statement outlining the local security risk context for the Organisation, including consideration of its location, and seasonal and operational factors. For example: The Organisation employs [number] of staff and contractors and cargo is handled at [number] of sites in Australia and operate facilities that handle cargo at the following airports [list sites on airports]. The Organisation regularly handles the following types of cargo from [regular customers / other businesses / freight forwarders / other regulated businesses only / unknown individuals]: [list types of cargo handled by the Organisation]; The Organisation uses [its own drivers and vehicles / contract drivers / couriers / an AACA / another regulated business] to transport cargo to [another freight forwarder / an express freight forwarder / a CTO / an airline]. The Organisation handles cargo to [Australia only / all countries / countries that might be the target of terrorism or unlawful interference with aviation]. The Organisation [conducts technological examination of cargo / clears cargo from regular customers only / does not clear cargo]. The Organisation understands that the National Terrorism Public Alert Level in Australia remains at a HIGH, and that this means that a terrorist attack is likely. We acknowledge that this threat is likely to continue for the foreseeable future, and that airports and aircraft have been the target of previous attacks. The Organisation understands the importance of ensuring that its measures and procedures are suitable to protect its employees, contractors and the broader aviation industry. In preparing this TSP, and in establishing and implementing measures and procedures to address aviation security issues, we particularly considered the following threats of relevance (set out below) and the people, assets and infrastructure that we need to protect. General threats and generic security risk events of relevance to the Organisation Source of Risk Risk Event Improvised explosive device (IED) consigned in cargo IED consigned as cargo by known or unknown sender. IED device consigned as a piece of cargo; IED device disguised as a piece of cargo (e.g. a fake laptop); IED device concealed within a piece of cargo; IED device concealed within an object consigned as cargo (e.g. printer cartridges); IED inserted into cargo IED placed into cargo for loading on an aircraft by intruder, trusted insider or visitor. IED device placed in cargo item; IED device placed in cargo consolidation; IED device placed in cargo palette, ULD or other container; IED device placed directly into aircraft cargo hold; Computer network Deliberate disruption of websites or IT systems to cause loss or compromise of attack information relevant to aviation security. Hoax threats Hoax threats used to deliberately cause disruption to services/distract emergency responders. Theft of business assets This could include theft of aircraft, ground handling equipment, maintenance equipment, cargo etc Forced entry to terminal building may damage security systems; SCT05-06 (September 2015) Sensitive Page 23 TSP – [RACA trading name] Source of Risk Sensitive Risk Event Damage to or theft of assets may put security of travellers and aircraft at risk. Acts of vandalism or arson This might include deliberate damage to cargo or facilities, graffiti etc Could threaten the effectiveness of security systems such as CCTV; could involve consequential damage to access control systems such as fences. Could also involve individuals with access, or unauthorised access to locations. Trusted insider May be an employee, contractor or visitor. Could involve any of the following: Tampering with cargo; facilitating or overlooking the transfer or movement of IEDs in cargo. Facilitating the passage of an IEDs through examination or clearance; causing loss or disruption to computers or networks; inappropriate use of ID to access secure areas without authorisation, or give access to a secure area to another individual; tailgating to avoid access being detected; and/or tampering with security systems. Terrorist surveillance This may include the following techniques: visual surveillance, from a distance; visual surveillance, from a static location (e.g. parked vehicle) near facilities; vehicle drive-by or on foot; scanning websites looking for security information. Attackers may also undertake dry runs. This may involve: threat-testing response time and methods by using false suspect cargo; testing security screening systems. People, assets, infrastructure and operations that need to be protected People The following people are to be protected under this TSP: Organisation employees and contractors; Drivers; Consignors/Visitors; and Airport staff and the travelling public. Assets Assets to be protected under this TSP include: Cargo containers and handling equipment; Cargo handling vehicles and cargo transport vehicles; Administrative assets; assets and technology used for screening and clearing purposes; and assets which may be required in an emergency. Infrastructure Infrastructure to be protected under this TSP includes: buildings under the control of the Organisation; fences and other structures under the control of the Organisation; and airport facilities under the control of the Organisation. SCT05-06 (September 2015) Sensitive Page 24 TSP – [RACA trading name] Sensitive Attachment C: List of Sites and Facilities Covered by this TSP [r2.54(1)] Listed below are all sites that operate on behalf of the Organisation and all facilities covered by this TSP: Site/facility name Address Suburb/town State Postcode Add rows as required Under the Regulations, for each facility that is located at a security controlled airport, the RACA must give the airport operator: (a) the RACA’s contact details, including contact details for the security contact officer; and (b) details of the procedures to check the identity of persons who are authorised to have access to the facility. A failure to notify the Secretary in writing within seven (7) days of becoming aware of any changes to the details in these tables may be an offence under the Regulations. SCT05-06 (September 2015) Sensitive Page 25 TSP – [RACA trading name] Sensitive Attachment D: Organisational Structure and Security Management Arrangements [r2.52(1)(a)] Insert text and/or a diagram clearly articulating your organisational structure and security management arrangements here. SCT05-06 (September 2015) Sensitive Page 26 TSP – [RACA trading name] Sensitive Attachment E: Consultation undertaken as part of the development of this TSP [s16(2)(g)] The following aviation industry participants contributed to the development of this TSP: Organisation Title / Relationship Consultation Undertaken e.g. your organisation e.g. all levels of management and staff supervision e.g. considered and discussed the various security-related roles and responsibilities within the organisation. e.g. security measures and procedures to be implemented in accordance to this TSP. e.g. reporting responsibilities of staff. e.g. ABC Airways e.g. RPT operator e.g. procedures and requirements for loading cargo. e.g. XYZ Cargo e.g. freight operator e.g. procedures and requirements for loading cargo. [Other consulted organisations] Add rows as required SCT05-06 (September 2015) Sensitive Page 27 TSP – [RACA trading name] Sensitive Attachment F: Regular Customer Undertaking [r2.60(b)] [Optional: Insert customer logo] [Insert customer’s legal name here] (the customer): agrees to be placed on the regular customer list of [Organisation’s name]. undertakes to take appropriate security measures to prevent the unauthorised carriage of an explosive or an explosive device; undertakes that at time of consignment, cargo will: have secure, undamaged packaging; appear not to have been tampered with; be accompanied by documentation that identifies the customer as the consignor of the cargo; and be presented by a person who can be verified as a representative of the customer; is aware that cargo will be subject to security and clearing procedures; and is aware that it is illegal to consign as cargo, without authorisation, an explosive or an explosive device. Signature : Title : (Chief Executive Officer or authorised representative) Date : SCT05-06 (September 2015) Sensitive Page 28 TSP – [RACA trading name] Sensitive Accompanying Document 1: Details of Sites and Facilities Covered by this TSP [r2.54(2)] Detailed below are all sites that operate on behalf of the Organisation and all facilities covered by this TSP: Site/facility name: Site/facility name or identifying description Address: Street address of site/facility Located on an airport Yes / No If yes, is it a security controlled airport Yes / No If located on an airport, name of airport and a description of airside and landside operations This site/facility is located at [airport trading name]. The airside operations at this airport are [location and description]. The landside operations at this airport are [location and description]. Operations conducted at this site/facility include: handling cargo consolidating cargo loading cargo onto road vehicles loading cargo onto aircraft (CTO operations) examining cargo storing cargo after hours parking cargo transport vehicles after hours Proportion of cargo handled at this site that is domestic cargo None / Some / Most / All Proportion of cargo handled at this site that is international cargo None / Some / Most / All Hours of operation Days e.g. Mon-Fri Hours e.g. 24h Days e.g. Sat Hours e.g. 0800h – 1200h Days e.g. Sun Hours e.g. closed Add additional pages as required Under the Regulations, for each facility that is located at a security controlled airport, the RACA must give the airport operator: (a) the RACA’s contact details, including contact details for the security contact officer; and (b) details of the procedures to check the identity of persons who are authorised to have access to the facility. A failure to notify the Secretary in writing within seven (7) days of becoming aware of any changes to the details in these tables may be an offence under the Regulations. SCT05-06 (September 2015) Sensitive Page 29 TSP – [RACA trading name] Sensitive Accompanying Document 2: Timetable for implementation of security measures and procedures [r2.55(2)(b)] Detailed below are security measures and/or procedures yet to be implemented at by the Organisation. Site(s) Measure or Procedure not yet implemented e.g. Swipe card access installed to replace the key lock on all entry doors All sites Implementation date (no later than) DD/MM/YY Delete this document if all of the measures and procedures referred to in your TSP have been implemented. SCT05-06 (September 2015) Sensitive Page 30 TSP – [RACA trading name] Sensitive Accompanying Document 3: Measures and procedures in the event of a heightened security alert [r2.57] The Organisation has a number of additional security measures and procedures available for implementation in the event of a heightened security alert. These measures are: Insert your measures and procedures. For example: an increase in the number of security personnel / guards; increased frequency of patrols; implement 7-day hold on all cargo; examine 100% of cargo (including cargo from regular customers); 24-hour watches; hiring commercial flood lights; request assistance from the relevant law enforcement agency; changes to parking arrangements in the vicinity of the site or facility and/or inspection of vehicles and changes to the vehicular parking areas; changes to cargo delivery arrangements; and increased monitoring or reduction of access points. All of these measures can be applied almost immediately, and are able to be sustained for an extended period. Aviation security incident response [r2.57(2)(a)] Insert your measures and procedures for responding to an aviation security incident. For example: If an aviation security incident, including a threat or breach of security, is identified by the Organisation or any member of staff, the [specify] and the SCO are to be informed immediately. The SCO is to inform: all relevant authorities including the local State / Territory Police and the Australian Federal Police; and any relevant aviation industry participants facing immediate threat. The SCO is to ensure: staff are fully aware of circumstances; information is passed on; and evidence is preserved (unless otherwise directed by a relevant authority e.g. for safety reasons). The SCO is then to: document or record all information from staff with knowledge of the incident; provide an analysis of the incident for company action; be prepared to provide information to assist relevant authorities; and if requested, consider providing company resources to assist relevant authorities. All Organisation staff are to: SCT05-06 (September 2015) Sensitive Page 31 TSP – [RACA trading name] Sensitive assist the SCO and the Site/Facility Manager in precautionary/preparatory actions; and comply with all requests and procedures from relevant emergency authorities. Reporting aviation security breaches [r2.57(2)(b)] The Organisation has a range of procedures for reporting aviation security breaches, including threats to aviation security. The nature of the threat and the seriousness of the breach will dictate who will be advised and the appropriate level of escalation. These procedures are as follows: Insert your measures and procedures. For example: the [specify] and the SCO are to be informed immediately; the SCO is responsible for recording the breach, and for recording and response activities taken; the Department will be notified of any security breaches on case by case OR monthly basis. Where appropriate, an aviation security breach that relates to the Organisation will also be reported to: the Secretary; the relevant State or Territory [specify] police force; the Australian Federal Police; any regulated business that is impacted; any airport operator that is impacted; and any aircraft operator that is impacted. Contact numbers and email addresses for incident reporting are available to all staff via: our induction training; our procedures manual; and are prominently displayed in all offices. Reports made by phone will be followed up in writing within 24 hours. Evacuation and emergency management [r2.57(2)(c)] The following actions apply to a threat to or breach of security including: a bomb threat; a failure of critical security equipment; [specify further as relevant]. Any of these incidents may result in the Organisation doing some or all of the following: Insert your measures and procedures. For example: securing and evacuating the affected site/facility; refusing to receive any further cargo; [specify further as relevant]. We will also comply with any requests from relevant emergency authorities. SCT05-06 (September 2015) Sensitive Page 32 TSP – [RACA trading name] Sensitive Following any of the incidents referred to above, a full internal investigation and report will be made for review by [specify] and, if required, changes to operating procedures will be implemented and this TSP updated accordingly. Special security directions [r2.57(2)(d)] [Specify position/role] is responsible for implementing and ensuring compliance with any special security direction (SSD) issued by the Secretary to the Organisation. Insert your procedures for responding to an SSD given by the Secretary here. For example: Upon receipt of an SSD, the [position identified above] will determine the most effective way to implement the SSD in consultation with the Organisation’s senior management. The Organisation’s senior management will consider which of the various parties who may be affected by the SSD will need to be informed, including: employees and staff; consignors; relevant regulated businesses; law enforcement agencies; and local fire and emergency agencies. The Organisation’s senior management will also determine the most effective method to communicate the SSD to the various parties such as through meetings, telephone calls or emails. Staff security awareness [r2.57(2)(e)] In the event of a heightened security alert the Organisation will take the following actions to raise the awareness and alertness of staff to security threats, and their responsibility to report aviation security incidents and breaches: Insert your measures and procedures. For example: Inform staff of the heightened security alert. Remind staff of reporting responsibilities regarding security incidents and breaches. Provide staff with details of the approved incident report form. Ensure all staff are made aware of, and have access to, the Organisation’s operational procedure manual / security manual [insert the title of the relevant documentation for your organisation]. Contingency Plans [r2.57(2)(f)] Select from the options below as appropriate for your operations. The Organisation does not have additional security contingency plans or procedures related to heightened security alerts. OR The Organisation has a number of security contingency plans and procedures related to heightened security alerts. These plans may also be activated upon: receipt of an SSD; a threat to security; a breach of security; the occurrence of an aviation security incident; or SCT05-06 (September 2015) Sensitive Page 33 TSP – [RACA trading name] Sensitive any time declared by the [specify]. These procedures and plans include, but are not limited to: Insert your organisation’s contingency plans here. For example: an increase in security personnel; requests for assistance from the relevant law enforcement agency; changes to vehicle access and/or parking arrangements in the vicinity of the site/facility and/or inspection of vehicles; increased monitoring or reduction of access points; and other measures subject to assessment of risk. SCT05-06 (September 2015) Sensitive Page 34 DELETE THIS PAGE PRIOR TO SUBMISSION Final checks prior to submission 1. All purple text should have been replaced or overwritten in black text by the information relevant to your operations. 2. All red text (except the security classification) should be deleted. 3. There should be no track changes or comments. 4. The Table of Contents should be updated (at the Home option on the toolbar, go to the Editing tab, choose Select, then press Select All. This will select the entire document. If you now press the F9 button, section headings and paragraph titles will be updated in the Table of Contents). 5. Ensure the Document Revision Record is completed. 6. Remove any passwords or other protection measures. 7. Ensure that your Statement has been signed and dated by the CEO (or authorised representative). 8. Ensure your organisation retains identical electronic and hard copies of the document. 9. Send the completed TSP by email to national.coordinator@infrastructure.gov.au for consideration by the Secretary. DELETE THIS PAGE PRIOR TO SUBMISSION