DOCX - Department of Infrastructure and Regional Development

advertisement
For Official
Use Only
Sensitive
Template for a Maritime Security
Identification Card Plan
Template to support the Maritime Security Identification Card Plan
Released August 2015
<<Name of Issuing Body>> ASIC Program, Version #, Month and Year 1
For Official Use Only
For Official Use Only
Disclaimer
The Department makes all reasonable efforts to ensure that the information provided in this document is
accurate. However, the contents of this document are provided as a general guide only; the Department
does not guarantee the accuracy, currency or completeness of any information contained in this
document. The Department will not accept any responsibility or liability for any loss, however caused,
arising from the use of, or reliance upon, the contents of this document.
Therefore, before relying on any information contained in this document, you should always make your
own enquiries, consider your individual circumstances, seek professional advice, and check that the
information is accurate and current.
2
Template for a Maritime Security Identification Card Plan, August 2015
For Official Use Only
For Official Use Only
Introduction
The template may be used to outline the Maritime Security Identification Card (MSIC) Plan of an Issuing
Body authorised to issue MSICs.
The MSIC Plan is regulated under the Maritime Transport and Offshore Facilities Security Act 2003 and
the Maritime Transport and Offshore Facilities Security Regulations 2003
Using the Template
This template includes instructions and prompt boxes where you must insert your own measures and
procedures to demonstrate compliance with the Maritime Transport and Offshore Facilities Security
Regulations 2003 as an MSIC Issuing Body. Please ensure ALL instructions and prompt boxes
have been deleted from your MSIC Plan prior to submission.
Where <<Name of Issuing Body>> presents throughout the document, please insert your legal entity
name.
Note: It is important to note that your MSIC Plan must detail your own specific and relevant
measures and procedures.
Submitting the Template
Upon completion, submit your MSIC Plan electronically (minus these introductory pages) to:
national.coordinator@infrastructure.gov.au
or by mail to:
National Coordinator
Office of Transport Security
GPO Box 1966
CANBERRA ACT 2601
Should you have any questions regarding your Plan or this template, please email the Issuing Body
Coordinator at: issuingbody.coordinator@infrastructure.gov.au
Template for a Maritime Security Identification Card Plan, August 2015 3
For Official Use Only
For Official Use Only
Template for a Maritime Security Identification Card (MSIC) Plan
for
<Insert Issuing Body Legal Entity Name>
Trading Name
<Insert Trading Name>
ACN / ABN
<Insert Australian Company Number or Australian Business Number>
Physical Address
<Insert Issuing Body’s Physical Office Address>
Postal Address
<Insert Issuing Body’s Postal Address>
Date: DD/MM/YYYY
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
4
For Official Use Only
Contents
This table of contents will automatically update when the document is printed.
If you click on the table and press function key F9, it will update immediately. You will be able to
confirm any changes you initiate at that time.
This template has the classification of “For Official Use Only” in the header. This classification is
applicable from the time you make your first entry into the template.
[Please remove this highlighted area before submitting your MSIC Plan]
Maritime Security Identification Card (MSIC) Plan Template ..............................................................4
Contents..................................................................................................................................................5
Glossary of Acronyms and Terms ........................................................................................................8
1
Plan Administration.......................................................................................................................10
1.1
Scope .......................................................................................................................................10
1.2
Applicant Types ........................................................................................................................10
1.3
Document Management ...........................................................................................................11
1.3.1 MSIC Plan Revision Record ...................................................................................................11
2
1.4
Document Protection ................................................................................................................12
1.5
Quality Assurance Measures ....................................................................................................13
1.6
Variations .................................................................................................................................14
1.7
Contact Details .........................................................................................................................14
Introduction ...................................................................................................................................15
2.1
3
Purpose....................................................................................................................................15
Issue and Production of MSICs ....................................................................................................16
3.1
MSIC Administration.................................................................................................................16
3.1.1
Agents ...............................................................................................................................16
3.1.2
MSIC Production ...............................................................................................................17
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
5
For Official Use Only
3.1.3
3.2
4
Issuing Body Staff Requirements ......................................................................................18
MSIC Application Procedure ....................................................................................................18
3.2.1
Verification of Identification Documentation .......................................................................19
3.2.2
Verification of Operational Need ........................................................................................20
3.2.3
Background Checks for MSIC Applications .......................................................................21
3.2.4
Issue of MSIC to ASIC Holders .........................................................................................22
3.2.5
MSIC Application Form .....................................................................................................22
3.3
Collection and Secure Transport of MSICs ...............................................................................23
3.4
Form of MSICs .........................................................................................................................24
Design, Distribution and Storage of Sample MSICs for Training Purposes ..............................25
4.1
Sample MSICs .........................................................................................................................25
5 Procedures for the Safekeeping, Secure Transport and Disposal of MSICs and Associated
Equipment.............................................................................................................................................27
5.1
Safekeeping of MSICs and Associated Equipment ...................................................................27
5.2
Secure Transport of MSICs ......................................................................................................28
5.3
Disposal of MSICs and Associated Equipment .........................................................................28
6 Procedures for the Recovery and Secure Destruction of Issued MSICs that are No Longer
Required................................................................................................................................................30
7
6.1
Recovery Procedures ...............................................................................................................30
6.2
Secure Destruction Procedures ................................................................................................31
Security of Records in Relation to Applicants for MSICs ...........................................................32
7.1
8
9
Procedures for Lost, Stolen or Destroyed MSICs .......................................................................34
8.1
Lost MSICs...............................................................................................................................34
8.2
Stolen MSICs ...........................................................................................................................34
8.3
Destroyed MSICs .....................................................................................................................35
Procedures to Ensure that MSICs are Returned when No Longer Required ............................36
9.1
6
Security of Records ..................................................................................................................32
Return of MSICs .......................................................................................................................36
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
10
10.1
11
11.1
Revocation of Authority as an Issuing Body - Preservation of Records ...............................37
Procedures for the Preservation of Records .............................................................................37
Obligations of MSIC Holders .....................................................................................................38
Obligations of Holders ..............................................................................................................38
Attachment <<XX>>..............................................................................................................................39
Attachment <<XX>>..............................................................................................................................40
Attachment <<XX>>..............................................................................................................................41
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
7
For Official Use Only
Glossary of Acronyms and Terms
A range of terms are defined in the Act and Regulations. The legislation is available from
www.comlaw.gov.au.
Note: Insert any acronyms or definitions to the list above that are specific to the Issuing
Body’s operations, for example the abbreviated name or acronym of the Issuing Body.
Term
Meaning
Act, the
Maritime Transport and Offshore Facilities Security Act 2003.
AFP
The Australian Federal Police established under the Australian Federal Police
Act 1979.
AGD
Attorney-General’s Department.
ASIO
The Australian Security Intelligence Organisation established under the
Australian Security Intelligence Organisation Act 1979.
AusCheck scheme
The scheme prescribed for the purposes of Section 8 of the AusCheck Act
2007.
Background Check
For an individual, means an assessment, under the AusCheck scheme, of
information about any of the matters mentioned in Section 5 of the AusCheck
Act 2007.
Department, the
Department of Infrastructure and Regional Development.
Disqualifying
Offence
A maritime-security-relevant offence mentioned in Part 1 of Schedule 1 to the
Regulations.
Holder
Holder of an MSIC, means the person to whom it is issued.
Maritime Industry
Participant (MIP)
Maritime Industry Participant means:
8
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
a) a port operator; or
b) a port facility operator; or
c) the ship operator for a regulated Australian ship; or
d) the ship operator for a regulated foreign ship; or
a. an offshore industry participant; or
e) a contractor who provides services to a person mentioned in
paragraphs (a) to (d); or
f) a person who:
i.
conducts a maritime-related enterprise; and
ii.
is prescribed in regulations. (regulation 1.05 of the Regulations).
MSIC
Maritime Security Identification Card.
MSIC Plan
A Plan of the kind described in regulation 6.07Q.
Maritime Security
Zone
The term used to describe:

A port security zone.

A ship security zone.

An on-board security zone.

An offshore security zone.
Operational Need
A person has an operational need to hold an MSIC if his or her occupation or
business interests require, or will require, him or her to have unmonitored
access to a maritime security zone at least once each year.
OTS
The Office of Transport Security within the Department of Infrastructure and
Regional Development.
Regulation(s), the
The Maritime Transport and Offshore Facilities Security Regulations 2003.
Secretary, the
The Secretary of the Department of Infrastructure and Regional Development.
Secretary AGD
The Secretary of the Attorney-General’s Department who is responsible for
administering the AusCheck scheme.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
9
For Official Use Only
1 Plan Administration
Reference: Part 6, Division 6.1A
1.1 Scope
This Plan sets out the procedures under which <<Name of Issuing Body>> issues MSICs.
<<Name of Issuing Body>> will comply with both the Regulations and the procedures set out in this
Plan.
<<Name of Issuing Body>> ensures that any agents (if applicable) engaged to undertake tasks
specified within this Plan comply with both the Regulations and the procedures set out in this Plan.
This Plan does not authorise the issue of temporary MSICs. Temporary MSICs are only to be issued to
a person by a maritime industry participant (MIP), where its maritime security plan, ship security plan, or
offshore security plan provides for the MIP to issue temporary MSICs.
1.2 Applicant Types
<<Name of Issuing Body>> may issue MSICs for the following types of applicants:*
Delete/Modify/Add below as appropriate

Employees and contractors of <<Name of Issuing Body>>;

Employees and contractors of <<Name of Port(s)/Port Facilities>>;

Employees and contractors of tenancies at <<Name of Port(s)/Port Facilities>>;

Employees and contractors of offshore facilities;

Locally based contractors who provides services to Maritime Industry Participants at <<Name of
Port(s)/Port Facilities >>;
10

Any locally based persons who meets the legislative requirements to be issued an MSIC; and/or

Any person who meets the legislative requirements to be issued an MSIC.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
1.3 Document Management
<<Name of Issuing Body>>’s document management procedures are:




Note: The Issuing Body may include document management procedures in their MSIC Plan
to enable the Issuing Body to have better version control of this document.
Once this Plan is approved, any further variations must be submitted to the Secretary for
consideration and approval which must be received prior to implementation.
In accordance with the Regulations, <<Name of Issuing Body>> submits their MSIC Plan and any
future variations to the Secretary for approval. Once the MSIC Plan is approved by the Secretary,
<<Name of Issuing Body>> will give effect to the measures and procedures contained within the
approved MSIC Plan.
1.3.1 MSIC Plan Revision Record
Section
Page
Number(s)
1.0
1.1
Approved By
Number(s)
Date of Latest
Revision
All
All
31 May 2013
G.Smith
1.2
6
6 December 2014
G.Smith
Version
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
11
For Official Use Only
[Please remove the example text in the table above and insert your own revision record details
before submitting your MSIC Plan. The document footer must also be updated to reflect the
latest version number and date of this MSIC Plan as per the above table.]
1.4 Document Protection
<<The Port Facility Security Officer/ Port Security Officer/ insert relevant position title>> is
responsible for the management and implementation of this MSIC Plan. The MSIC Plan is classified “For
Official Use Only” and is protected from unauthorised access or disclosure to third parties using the
following measures:




Note: The Issuing Body may detail the measures in place to securely store and manage
access to both electronic and hard copies of this document.
Appropriate storage (electronic and hard copies) for this document may include lockable filing
cabinets or drawers, password protection etc. with access limited to those persons
responsible for the administration and issuing of MSICs under this MSIC Plan.
Once completed, this document is "For Official Use Only". Revealing the information
contained in this document to unauthorised people may cause damage to the Issuing Body,
individual applicants and/or the Australian Government.
12
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
1.5 Quality Assurance Measures
<<Name of Issuing Body>> has implemented the following quality assurance measures to ensure
compliance with this MSIC Plan and the Regulations:




Note: To enhance security outcomes and ensure continuous improvement, the Issuing Body
may implement quality assurance measures including reviews and audits to monitor its own
compliance with the Regulations and its MSIC Plan.
A review will evaluate whether the procedures contained within the MSIC Plan are effective
and adequate. An audit will examine the procedures to determine whether they have been
implemented correctly.
If including quality assurance measures in the MSIC Plan, the Issuing Body should set out
what matters will be evaluated (e.g. card production, process verification, card recovery and
destruction, etc.). In addition to formal scheduled audits and reviews, the Issuing Body should
conduct ongoing quality assurance checks to ensure that MSICs are issued in accordance with
its MSIC Plan and the Regulations.
Such ongoing quality assurance measures should also ensure that MSICs produced meet the
requirements prescribed in the Regulations. Any quality assurance measures included in the
MSIC Plan should specify the minimum frequency at which they occur. The frequency of these
measures should be sufficient to ensure the security outcome is being achieved.
An audit of this MSIC Plan should be conducted by an independent person.
The person should:

Have an understanding of MSIC Issuing Body obligations;

Have an understanding of the relevant sections within the Regulations; and

Be independent of the development and management of this MSIC Plan.
For the purposes of this section, OTS is NOT an independent auditor.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
13
For Official Use Only
1.6 Variations
Reference: r. 6.07T
Where changes to service delivery are proposed which result in a change to procedures, a variation to
this Plan will be submitted to the Secretary by <<Name of Issuing Body>> for approval before being
implemented.
1.7 Contact Details
The contact details for << The Port Facility Security Officer/ Port Security Officer/ insert relevant
position title>> who is/are responsible for the management and implementation of this MSIC Plan are
detailed in Attachment <<XX>>.
14
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
2 Introduction
2.1 Purpose
Reference: r. 6.07Q
This document is the MSIC Plan of <<Name of Issuing Body>>, as an Issuing Body authorised to issue
MSICs.
Pursuant to the Regulations, the purpose of <<Name of Issuing Body>>’s MSIC Plan is to set out
procedures to be followed for the following purposes:

the issue and production of MSICs;

the design, distribution and storage of sample MSICs (if applicable);

the safekeeping, secure transport and disposal of MSICs and associated equipment;

the recovery and secure destruction of issued MSICs that are no longer required;

the security of records in relation to applicants for MSICs;

lost, destroyed or stolen MSICs;

ensuring MSICs are returned to issuing bodies when they are no longer required.
This MSIC Plan must also set out the procedures that will be followed if the authorisation as an Issuing
Body is later revoked, including procedures to ensure that information about applications for MSICs, and
holders of MSICs is appropriately preserved.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
15
For Official Use Only
3 Issue and Production of MSICs
Reference: r. 6.07Q(1)(a)
The procedures set out in this Plan for the issue and production of MSICs include:

verification of identity;

verification of operational need;

application process;

applications for background checks to the Secretary AGD (AusCheck); and

collection of MSICs by applicants.
3.1 MSIC Administration
3.1.1
Agents
<<Name of Issuing Body>> engages/does not engage* agents to undertake functions contained within
this MSIC Plan. * Delete as appropriate
Note: Where an Issuing Body engages a third party (agent) to undertake elements of the
MSIC issuing process on its behalf, the agent must comply with this MSIC Plan to ensure that
the Issuing Body meets its regulatory obligations. The Issuing Body is responsible for the
actions undertaken by its agent(s) in connection with the issue and production of MSICs.
The Issuing Body must identify who those agents are and what functions they undertake in
accordance with this MSIC Plan and the Regulations.
Where an agent’s procedures differ from those of the Issuing Body itself, the agent’s
procedures must also be contained within this MSIC Plan.
Where no agent(s) are engaged, please delete the appropriate text.
16
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
If no agents are used, delete text below
<<Name of Issuing Body>> will ensure that any agents engaged will comply with this MSIC Plan
and the Regulations. Where agents are engaged to undertake MSIC issuing functions on its behalf,
<<Name of Issuing Body>> will have the following control mechanisms in place to ensure that the
agents conduct those functions accordingly:




A list of agents is at Attachment <<XX>>.
3.1.2
MSIC Production
<<Name of Issuing Body>> does/does not* produce / manufacture MSICs. * Delete as appropriate
<<Name of Issuing Body>> does/does not* have a Kinegram(R) machine. * Delete as appropriate
Note: Where the Issuing Body does not have a Kinegram® machine and does not produce /
manufacture its own MSICs, please nominate the Issuing Body that produces / manufactures
them on its behalf.
<<Name of Issuing Body>> MSICs are produced / manufactured by <<XX>>. (Delete if the Issuing
Body produces / manufactures their own).
<<Name of Issuing Body>> produces MSICs for the Issuing Bodies listed in Attachment <<XX>>. (Delete
if the Issuing body does not produce / manufacture MSICs for other Issuing Bodies).
Note: If the Issuing Body does not produce / manufacture MSICs on behalf of other Issuing
Bodies please delete above.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
17
For Official Use Only
3.1.3
Issuing Body Staff Requirements
Reference: r. 6.07V, 6.08C(1)(b), (c), (d) and (e)
<<Name of Issuing Body>> does not allow a person to be directly involved in the issue of an MSIC
unless he or she is able to satisfy the security-relevant criteria for the issue of an MSIC.
Note: In some cases, MSIC issuing staff may not have an operational need sufficient to
satisfy the requirement to be issued an MSIC. Nevertheless, the Issuing Body must apply to
AusCheck for a background check on a person employed by them, before they are directly
involved in the issue of MSICs.
3.2 MSIC Application Procedure
Reference: r. 6.07Q
<<Name of Issuing Body>> receives MSIC applications via the following methods:
* Delete/Modify/Add below as appropriate

Directly to <<Name of Issuing Body>> in person

Online <<insert website address>>

By post

Directly to <<Name of Entity>> (an agent of the Issuing Body) in person
The procedure to apply for an MSIC through <<Name of Issuing Body>> is as follows:




Note: The Issuing Body must set out the procedures of how applicants apply for an MSIC
(e.g. in person, online or through agents of the Issuing Body etc.)
18
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
3.2.1
Verification of Identification Documentation
Reference: r. 6.07F, 6.07G, 6.07H
<<Name of Issuing Body>>will not issue an MSIC to a person unless it satisfied that the
identification of the applicant has been verified.
Note: An Issuing Body must confirm an applicant’s identity for both initial and renewal
applications. The Regulations do not make a distinction between new or renewal applications
in regards to the requirements that must be met in order for an applicant to be issued an
MSIC.
<<Name of Issuing Body>> undertakes the following procedures in order to verify the identity of the
applicant:




Note: Procedures may include, but are not limited to:

How documentation is authenticated as genuine;

How documentation is provided to the Issuing Body (personally/by post);

Who checks the documentation presented;

How is it checked;

If not presented personally, how is it confirmed or verified;

If presented through an agent, how is the documentation confirmed or verified against
the applicant;

In the case of certified documentation, how is it certified;

If the documentation is not recognised by the Issuing Body; and

How the copies of documentation are retained by the Issuing Body.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
19
For Official Use Only
<<Name of Issuing Body>> accepts the kinds of documents as prescribed in regulation 6.07G for
the purposes of verifying the identity of an MSIC applicant.
Note: Documents that are deemed to be primary, secondary and tertiary identification
documents are identified in Regulation 6.07G.
Where an applicant presents foreign documents as identification, <<Name of Issuing Body>>
undertakes the following procedures to verify the documents:




Note: The Issuing Body may set out the procedures to be followed to confirm foreign
documents. These procedures may require the person to have the document(s)
authenticated and translated.
3.2.2
Verification of Operational Need
Before issuing an MSIC, <<Name of Issuing Body>> ensures that the applicant’s operational need
has been established.
Note: An Issuing Body must confirm an applicant’s operational need for both initial and
renewal applications. The Regulations do not make a distinction between new or renewal
applications in regards to the requirements that must be met in order for an applicant to be
issued an MSIC.
20
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
<<Name of Issuing Body>> ascertains an MSIC applicant’s operational need through the following
measures:




Note: The Issuing Body must set out the procedures to ascertain an applicant’s operational
need for an MSIC. In determining whether an applicant has operational need, the Issuing
Body must consider the frequency and specific reasons provided by the applicant for
unmonitored access to a maritime security zone.
An applicant’s occupation/position title alone is not sufficient to establish operational need.
Consideration must be given to checking the authenticity of any documentation presented by
the applicant to establish operational need, for audit purposes.
Operational need should be confirmed through some form of independent corroboration, for
example:
3.2.3

A letter from the applicant’s current employer.

A letter from the applicant’s current contracting party.

A letter from an Industry Participant who has responsibility for a relevant maritime
security zone.
Background Checks for MSIC Applications
Reference: r. 6.08CA, 6.08BA, 6.08LD, 6.08LB, 6.08LBA
<<Name of Issuing Body>> lodges all background check applications with AusCheck. A
background check application to AusCheck will not be made unless <<Name of Issuing Body>>
has provided the applicant with a notice explaining how AusCheck will use and disclose personal
information about the individual for the AusCheck scheme. <<Name of Issuing Body>> will obtain
copies of these notices from AusCheck.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
21
For Official Use Only
<<Name of Issuing Body>> will not issue an MSIC to a person unless it has received a notice from
AusCheck stating that the person does not have an adverse criminal record, or that the person has a
qualified criminal record but is not a threat to the security of maritime transport or an offshore facility.
Where an MSIC holder notifies <<Name of Issuing Body>> of a change of name and/or address,
<<Name of Issuing Body>> will update the AusCheck facility with the changed name and/or
address within 7 days.
<<Name of Issuing Body>> will apply to AusCheck for a subsequent background check where an
MSIC holder has provided notification that he/she has been convicted of a maritime-security-relevant
offence.
If a person has an adverse criminal record, <<Name of Issuing Body>> or the person may apply to the
Secretary under regulation 6.08F, in writing, for approval to issue the MSIC.
3.2.4
Issue of MSIC to ASIC Holders
Reference: r. 6.08E
<<Name of Issuing Body>> may issue an MSIC to a person who currently holds a valid Aviation
Security Identification Card (ASIC), as issued under the Aviation Transport Security
Regulations 2005, and has demonstrated an operational need for an MSIC. The ASIC holder will not
be required to undergo identity confirmation, as an ASIC holder has already undergone a
background check.
3.2.5
MSIC Application Form
A copy of the MSIC application form is at Attachment <<XX>>.
22
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
3.3 Collection and Secure Transport of MSICs
Reference: r: 6.07Q
<<Name of Issuing Body>> undertakes the following procedures for the collection of an MSIC by
the applicant:




Note: The Issuing Body must set out the procedure for issuing an MSIC and its collection by
the applicant, once the application has been approved and the card has been produced.
For example, are MSICs required to be personally collected from the Issuing Body? Is
Australia Post or a courier utilised? If an agent is used for the distribution of MSICs, how does
the agent establish the identity of the addressee?
Procedures may include, but are not limited to:

Confirmation by an officer of the Issuing Body when the card has been collected in
person by the applicant.

Confirmation by an agent of the Issuing Body when the card is collected in person by
the applicant.

Secure postal or courier delivery where the applicant must sign to confirm that they
have received the card.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
23
For Official Use Only
3.4 Form of MSICs
Reference: r. 6.08J
<<Name of Issuing Body>> complies with the Regulations, as to the form of an MSIC.
The form of the front of an MSIC is detailed in Figure 1:
Figure 1: MSIC
Insert image of
Issuing Body’s MSIC
The back of the MSIC has the following statement in at least 10 point Arial:
“You must report a maritime-security-relevant offence to your Issuing Body or AusCheck”.
Note: The Issuing Body may insert a diagram or copy of the MSIC it will be issuing.
24
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
4 Design, Distribution and Storage of Sample MSICs for Training
Purposes
4.1 Sample MSICs
Reference: r. 6.07Q(1)(b)
<<Name of Issuing Body>> produces/does not produce* sample MSICs. * Delete as appropriate
<<Name of Issuing Body>> undertakes the following procedures for the design, distribution and
storage of sample MSICs for training purposes as follows:




Note: The Issuing Body must set out the procedures of how it produces and stores sample
MSICs for training purposes, including those for other ports if applicable.
* If sample MSICs are not produced, please delete the appropriate text and figures.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
25
For Official Use Only
The form of the front of a sample MSIC is detailed in Figure 2:
Figure 2: Sample MSIC
Insert image of
Issuing Body’s
sample MSIC
Note: The Issuing Body may insert a diagram or copy of the sample MSIC it issues.
26
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
5 Procedures for the Safekeeping, Secure Transport and Disposal of
MSICs and Associated Equipment
5.1 Safekeeping of MSICs and Associated Equipment
Reference: r. 6.07Q(1)(c)
<<Name of Issuing Body>> undertakes the following measures and procedures for the
safekeeping of MSICs and associated equipment:




Note: The Issuing Body must set out the security measures to safeguard equipment and
information technology systems used in the production of MSICs. For example, specific
security arrangements such as access control, alarms, patrols (including frequency), CCTV
(monitored/unmonitored and duration of storing footage) for the MSIC production area, etc.
Security measures for the Kinegram® machine and card printing equipment may include, but
are not limited to:

Storage of the Kinegram® machine and card printer;

Storage and location of the spare Kinegram® foils, keys, keypad, etc. when not in
use;

Who is responsible for the Kinegram® machine and card printer and is there any
documentation of this responsibility;

Who is responsible for the Kinegram® machine and card printer maintenance and is
there approved authority;

Security of stocks of MSICs (either blank or pre-printed);

Auditing procedures conducted on the stock of cards and/or Kinegram® rolls and
frequency thereof; and

Processes for reconciling and destroying mis-struck Kinegrams® and mis-printed
MSICs.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
27
For Official Use Only
5.2 Secure Transport of MSICs
<<Name of Issuing Body>> undertakes the following procedures to ensure the secure transport of
MSICs:




Note: The Issuing Body must set out the procedures for the secure transport of MSICs
between:

The Issuing Body; and

Agent(s) (if any); and

The applicant.
Where MSICs are produced / manufactured by an agent, the MSIC Plan must also include
the procedures for the secure transport of MSICs between that agent and the Issuing Body
and/or the applicant.
Ensure that this section aligns with the procedures documented in section 3.2 ’Collection and
Secure Transport of MSICs’ (where applicable).
5.3 Disposal of MSICs and Associated Equipment
<<Name of Issuing Body>> undertakes the following procedures to ensure the secure disposal of
MSICs and associated equipment in relation to the production / manufacture of MSICs:




28
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
Note: MSICs and associated equipment (printers, Kinegram® machines, foils etc.), must be
disposed of in a secure manner.
The Issuing Body must set out the procedures in respect to the disposal of MSICs and
associated equipment. This may include, but is not limited to, the use of specialist providers
for the disposal of secure information/MSICs/equipment, or return of equipment to the
manufacturer, i.e. Kurz Australia.
Where associated equipment is decommissioned, <<Name of Issuing Body>> maintains effective
disposal records/registers.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
29
For Official Use Only
6 Procedures for the Recovery and Secure Destruction of Issued
MSICs that are No Longer Required
Reference: r. 6.07Q(1)(d). 6.08P, 6.08Q
6.1 Recovery Procedures
<<Name of Issuing Body>> undertakes the following procedures to recover MSICs that are no
longer required:




Note: All reasonable measures must be undertaken by the Issuing Body to recover an MSIC
that is no longer required, including cards that have expired or been cancelled.
The Issuing Body must detail procedures used to recover an MSIC. The timeframe and
frequency of these recovery attempts must be sufficient to ensure that MSICs are recovered
within a timely period. Regulation 6.08P(1) requires MSICs to be returned to the Issuing
Body within one month of the card expiring or no longer being required.
Numerous contact methods (e.g. contact with the holder via a combination of emails,
telephone calls, SMS messages, letters etc.) should be used in order to have the greatest
chance of making successful contact with the applicant and therefore the recovery of the
MSIC.
The Issuing Body may consider further initiatives, such as establishing a refundable bond.
The Issuing Body should measure the effectiveness of its recovery procedures against the
number of outstanding MSICs not returned.
Ensure that this section aligns with the procedures documented in section 9.1 ‘Return of
MSICs’ (as applicable).
30
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
6.2 Secure Destruction Procedures
<<Name of Issuing Body>> undertakes the following procedures to ensure the secure destruction
of MSICs that are no longer required:




The destruction is noted in the MSIC register.
Note: The Issuing Body must set out the procedures and methods they use to securely
destroy an MSIC that is no longer required, including cards that have expired or been
cancelled.
Procedures may include shredding or similar to render the MSIC unusable.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
31
For Official Use Only
7 Security of Records in Relation to Applicants for MSICs
Reference r. 6.07Q(1)(e)
7.1 Security of Records
Reference: r. 6.08T, 6.08U
<<Name of Issuing Body>> securely stores records (including the MSIC register) containing
information relating to the issue of MSICs through the following measures and procedures:




Note: The Issuing Body must set out the measures relating to the secure storage of MSIC
records and its MSIC register. For example, specific security arrangements such as access
control, alarms, patrols (including frequency), CCTV (monitored/unmonitored and duration of
storing footage), measures in place to secure cabinets, etc.
These measures and procedures may include, but are not limited to:

How access is restricted to employees with a need-to-know;

How cabinets are secured (e.g. combination locks, keys, etc.);

How the applicant’s personal information is securely forwarded to/from agent(s) (if
applicable); and

How the agent(s) securely stores records in relation to applicants on their premises (if
applicable).
Measures for electronic records must include how the Issuing Body prevents unauthorised
access to records from both internal and external parties. For example, password protection,
removal of access for employees that no longer have a need-to-know, firewalls etc.
See http://www.staysmartonline.gov.au/business for further information.
<<Name of Issuing Body>> maintains records that are sufficient to demonstrate that it has
complied with its MSIC Plan. These records are held within <<Name of Issuing Body>>’s office.
32
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
<<Name of Issuing Body>> will retain the record of issue of an MSIC for at least seven years after
the creation of the record, in accordance with regulation 6.08U(2).
<<Name of Issuing Body>> maintains a register of MSICs in accordance with regulation 6.08T.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
33
For Official Use Only
8 Procedures for Lost, Stolen or Destroyed MSICs
Reference: r. 6.07Q(1)(f)
8.1 Lost MSICs
Reference: r. 6.08R
<<Name of Issuing Body>> undertakes the following procedures regarding lost MSICs:




Note: The Issuing Body must set out procedures regarding lost, stolen and destroyed MSICs.
This may include, but is not limited to:

The Issuing Body requires a statutory declaration of the loss, theft or destruction from
the holder;

Seeking the destroyed MSIC to be returned to the Issuing Body;

The minimum statement of facts to be contained within the statutory declaration, e.g.
circumstances surrounding the loss, theft or destruction;

If the Issuing Body is a port/port facility operator and the MSIC has access control
enabled, ensure access control is disabled for lost, stolen or destroyed MSICs;

Procedures or advisories for the card holder (if any), to minimise the loss, theft or
destruction of MSICs.
8.2 Stolen MSICs
<<Name of Issuing Body>> undertakes the following procedures regarding stolen MSICs:




34
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
8.3 Destroyed MSICs
<<Name of Issuing Body>> undertakes the following procedures regarding destroyed MSICs:




<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
35
For Official Use Only
9 Procedures to Ensure that MSICs are Returned when No Longer
Required
Reference r. 6.07Q(1)(g)
9.1 Return of MSICs
Reference r. 6.08P
<<Name of Issuing Body>> undertakes the following procedures to ensure the return of MSICs that
are no longer required:




Note: All reasonable measures must be undertaken by the Issuing Body to ensure that
MSICs are returned when no longer required, including cards that have expired or been
cancelled.
The Issuing Body must detail procedures used to recover an MSIC. The timeframe and
frequency of these recovery attempts must be sufficient to ensure that MSICs are recovered
within a timely period. Regulation 6.08P(1) requires MSICs to be returned to the Issuing
Body within one month of the card expiring or no longer being required.
Numerous contact methods (e.g. contact with the holder via a combination of emails,
telephone calls, SMS messages, letters etc.) should be used in order to have the greatest
chance of making successful contact with the applicant and therefore the recovery of the
MSIC.
The Issuing Body may consider further initiatives, such as establishing a refundable bond.
The Issuing Body should measure the effectiveness of its recovery procedures against the
number of outstanding MSICs not returned.
Ensure that this section aligns with the procedures documented in section 6.1 ‘Recovery
Procedures’ (as applicable).
36
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
10 Revocation of Authority as an Issuing Body - Preservation of
Records
Reference: r. 6.07Q(2)
10.1 Procedures for the Preservation of Records
Reference: r. 6.07W, 6.07X, 6.07Z
Where the authorisation as an Issuing Body is revoked by the Secretary, <<Name of Issuing
Body>> will undertake the following procedures to ensure that information about applications for
MSICs and holders of MSICs is appropriately preserved:




Note: The Issuing Body must set out procedures for how it preserves information about
applications for MSICs and the holders of MSICs.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
37
For Official Use Only
11 Obligations of MSIC Holders
11.1 Obligations of Holders
<<Name of Issuing Body>> undertakes the following procedures to promote MSIC holder awareness
to ensure compliance with their obligations and responsibilities under the Regulations:




Note: While MSIC holders are responsible for complying with card holder obligations as set
out in the Regulations, the Issuing Body may have ongoing measures to communicate these
obligations to the MSIC holders. This may be through a combination of training, advisories
on the Issuing Body’s web site / intranet, emails, signage, lanyard cards, etc.
An Issuing Body may have procedures for how it communicates to card holders, to ensure
they are aware of their individual obligations under the Regulations, in respect to the following
matters:
38

Requirement to properly display the MSIC when in a maritime security zone
(regulation 6.07J(1);

Notification of conviction and sentence for a disqualifying offence or a conviction of
any other maritime-security-relevant offence and a sentence of imprisonment, within 7
days after being sentenced (regulation 6.08LB(1)(a) and (b);

Notification, in the prescribed manner, of a change of name and/or address
(regulation 6.08L(2) and 6.08LD);

Return of MSIC to Issuing Body on expiry, suspension, cancellation, if
damaged/altered/defaced or the holder no longer has an operational need to hold the
MSIC (regulation 6.08P, 6.08Q);

Notification of a lost, stolen or destroyed MSIC in the form of a statutory declaration
(regulation 6.08R);

Notification of potential penalties which may be incurred by an MSIC holder for nondisplay of an MSIC.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
Attachment <<XX>>
Issuing Body Contact Details
Trading Name
[Insert Trading Name]
ACN / ABN
[Insert Australian Company Number or Australian Business Number]
Physical Address
[Insert Issuing Body’s Physical Office Address]
Postal Address
[Insert Issuing Body’s Postal Address]
Primary Contact Person
Name
Position
Phone
Mobile
Email
Phone
Mobile
Email
Secondary Contact Person
Name
Position
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
39
For Official Use Only
Attachment <<XX>>
Issuing Bodies for Whom <<Name of Issuing Body>> Produces MSICs
Note: With reference to section 3.1 of the Plan
The Issuing Body must list the names of those Issuing Bodies for whom it produces MSICs.
40
Issuing Body
Written Agreement
Date of Agreement
XYZ Port Ltd
Yes
01 Jan 2012
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
For Official Use Only
Attachment <<XX>>
Attach copy of MSIC Application Form here.
<<Name of Issuing Body>> MSIC Plan, Version #, Month and Year
For Official Use Only
41
Download