Template (Unscreened Airport Operators): …€¦ · Web viewCargo that is transported or handled...
Transcript of Template (Unscreened Airport Operators): …€¦ · Web viewCargo that is transported or handled...
Sensitive
[optional: insert company logo]
TRANSPORT SECURITY PROGRAM (TSP) FOR
[INSERT ORGANISATION’S LEGAL NAME]
A Regulated Air Cargo Agent (RACA) regulated under the Aviation Transport Security Act 2004
Legal name of RACA: [INSERT ORGANISATION’S LEGAL NAME]
Trading or operating as: [Insert trading / operating names]
ACN/ARBN: [Insert Australian Company Number or Australian Registered Body Number as applicable]
ABN: [Insert Australian Business Number if held]
Under regulation 2.06 of the Aviation Transport Security Regulations 2005 it is an offence to disclose any information about the content of an aviation industry participant’s TSP without the consent of the participant.
SCT05-06 (May 2016) Sensitive
[READ AND DELETE THIS TEXT BOX BEFORE SUBMITTING TSP]
Your completed TSP must accurately reflect the specific security measures and procedures employed by your organisation. Before starting your TSP, please read the accompanying guidance for RACAs developing a TSP.
Disclaimer
The Australian Government has prepared this document with due care. However, it is made available on the understanding that the Australian Government is not providing legal advice and that users of this guidance exercise their own skill and care with respect to its use and seek independent advice if necessary. The Australian Government takes no responsibility for any errors, omissions or changes to the information that may occur and disclaims any responsibility and liability to any person, organisation or the environment in respect of anything done, or omitted to be done, in reliance upon information contained in this guidance.
The information contained is guidance material only. The information in no way overrides Commonwealth or State legislation. Aviation industry participants should refer to the Aviation Transport Security Act 2004 and the Aviation Transport Security Regulations 2005 before submitting TSPs for approval.
TSP – [RACA trading name] Sensitive
Contents
Document Revision Record......................................................................................................................ivKey References.........................................................................................................................................v
Definitions [s9; r1.03 and others]....................................................................................................................................vGlossary of acronyms and terms.....................................................................................................................................v
1 GENERAL OBLIGATIONS...........................................................................................................................1
1.1 Program scope and objectives [r2.48]..............................................................................................11.2 Local security risk context statement [r2.49]....................................................................................11.3 Quality control [r2.53].....................................................................................................................1
1.3.1 Audits [r2.53(1)(a)-(b)].........................................................................................................................................11.3.2 TSP reviews [r2.53(1)(c)-(d)]................................................................................................................................2
1.4 Information security [s16(2)(e); r2.51(4); r2.52(3)]...........................................................................31.5 Security of passwords, keys and access devices [r2.55(1)(f)].............................................................3
2 OPERATIONAL DETAILS............................................................................................................................5
2.1 Sites and facilities covered by this TSP [s16(2)(f); r2.54]...................................................................52.2 Security management [s16(2)(a); r2.52(1); r2.58].............................................................................5
2.2.1 Organisational structure and security management arrangements [r2.52(1)(a)]................................................52.2.2 Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58]...........................................................................52.2.3 Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58]...............................................................52.2.4 Contractors [r2.52(1)(b); r2.58]...........................................................................................................................7
2.3 Consultation and communication [s16(2)(b),(g); r2.52(2)]................................................................72.3.1 Consultation to develop this TSP [s16(2)(g)]........................................................................................................72.3.2 Communication and consultation within the organisation [r2.52(2)(a)]..............................................................72.3.3 Communication and consultation with the operator of a security controlled airport at which the Organisation has a facility [r2.52(2)(b)]..........................................................................................................................7
SCT05-06 (May 2016) Sensitive Page ii
TSP – [RACA trading name] Sensitive
2.3.4 Communication and consultation with relevant third parties [r2.52(2)(d)].........................................................8
2.4 Implementation of security measures and procedures [r2.55(2)]......................................................8
3 PHYSICAL SECURITY AND ACCESS CONTROL MEASURES [R2.54(1)(D); R2.55].....................................................9
3.1 Physical security of sites and facilities [r2.54(1)(d); r2.55(1)(e)]........................................................93.1.1 Building security..................................................................................................................................................93.1.2 Perimeter security...............................................................................................................................................93.1.3 Signage................................................................................................................................................................93.1.4 CCTV coverage.....................................................................................................................................................93.1.5 Alarms................................................................................................................................................................10
3.2 Access control measures for sites and facilities [r2.54(1)(d); r2.55(1)(e)]........................................103.2.1 Access control....................................................................................................................................................103.2.2 Identification.....................................................................................................................................................11
3.3 Access control measures for airside and security zones [r2.55(1)(b)-(d)].........................................113.4 Maintenance of security equipment [r2.55(1)(g)]...........................................................................113.5 Physical security of cargo transport vehicles [r2.55(1)(h)]...............................................................12
4 CARGO SECURITY AND EXAMINATION [R2.51; R2.55(1)(I)]...........................................................................13
4.1 Cargo security [r2.51(1); r2.51(2); r2.52(3)]....................................................................................134.1.1 Cargo Records [r2.52(3)]....................................................................................................................................13The following measures and procedures are used for the keeping of accurate records of cargo in the Organisation’s possession or under the Organisation’s control:...................................................................................134.1.2 Deter and detect unauthorised explosives [r2.51(1)]........................................................................................134.1.3 Ensuring the security of cargo at all times [r2.51(2)].........................................................................................13
4.2 Cargo examination [s16(2)(c); r2.51(1A); r2.55(1)(i)].......................................................................134.2.1 Methods, techniques and equipment for examination of cargo [s16(2)(c); r2.51(1A); r2.55(1)(i)]....................13
5 REGULAR CUSTOMERS [R2.60]...............................................................................................................15
SCT05-06 (May 2016) Sensitive Page iii
TSP – [RACA trading name] Sensitive
5.1 Maintaining a regular customer list [r2.60(a)]................................................................................155.2 Regular customer undertaking [r2.60(b)]........................................................................................155.3 Receiving cargo from a regular customer [r2.60(c)]........................................................................15
6 CARGO SECURITY RESPONSES [S16(2)(D); R2.51(3); R2.57].........................................................................16
6.1 Measures and procedures for the handling and treatment of suspect cargo [r2.51(3)]....................166.2 Measures and procedures in the event of a heightened security alert [s16(2)(d); r2.57].................16
ANNEX A: CLEARING CARGO........................................................................................................................17
Introduction............................................................................................................................................17Notes on treatment of cargo [s44B(2)]....................................................................................................17Notes on dealing with cargo [s44B(3)].....................................................................................................17Notes on regular customers....................................................................................................................17Receiving Cargo Tables............................................................................................................................17Supporting Tables:..................................................................................................................................20
ATTACHMENT A: SIGNED STATEMENT [S16(1) AND R2.05]..................................................................................22
ATTACHMENT B: LOCAL SECURITY RISK CONTEXT STATEMENT [R2.49].....................................................................23
General threats and generic security risk events of relevance to the Organisation......................................................23People, assets, infrastructure and operations that need to be protected....................................................................24
ATTACHMENT C: LIST OF SITES AND FACILITIES COVERED BY THIS TSP [R2.54(1)].....................................................25
ATTACHMENT D: ORGANISATIONAL STRUCTURE AND SECURITY MANAGEMENT ARRANGEMENTS [R2.52(1)(A)]..............26
ATTACHMENT E: CONSULTATION UNDERTAKEN AS PART OF THE DEVELOPMENT OF THIS TSP [S16(2)(G)].......................27
ATTACHMENT F: REGULAR CUSTOMER UNDERTAKING [R2.60(B)]..........................................................................28
ACCOMPANYING DOCUMENT 1: DETAILS OF SITES AND FACILITIES COVERED BY THIS TSP [R2.54(2)]............................29
ACCOMPANYING DOCUMENT 2: TIMETABLE FOR IMPLEMENTATION OF SECURITY MEASURES AND PROCEDURES [R2.55(2)(B)].................................................................................................................................................30
ACCOMPANYING DOCUMENT 3: MEASURES AND PROCEDURES IN THE EVENT OF A HEIGHTENED SECURITY ALERT [R2.57].. .31
Aviation security incident response [r2.57(2)(a)]..........................................................................................................31Reporting aviation security breaches [r2.57(2)(b)].......................................................................................................32Evacuation and emergency management [r2.57(2)(c)].................................................................................................32Special security directions [r2.57(2)(d)]........................................................................................................................33Staff security awareness [r2.57(2)(e)]...........................................................................................................................33Contingency Plans [r2.57(2)(f)].....................................................................................................................................33
FINAL CHECKS PRIOR TO SUBMISSION...............................................................................................................35
SCT05-06 (May 2016) Sensitive Page iv
TSP – [RACA trading name] Sensitive
Document Revision Record
Updates, revisions and alterations to this TSP are recorded below in the TSP Revision Record. Authority to make updates and alterations to this record is restricted to the Security Contact Officer (SCO) and [Insert title of any other authorised person if relevant] who is/are authorised by the Organisation to effect such changes.
Note: ‘Nature of revision’ includes initial submission and any alteration (minor amendment) etcetera. If the type of revision is an alteration, you should note which part of the TSP the alteration affected.
TSP REVISION RECORD
Version number Nature of revision Revision date Page(s) affected Section(s) affected Actioned by (name, title) Action date
1.0 Initial submission dd/mm/yy All All Name, title Approved dd/mm/yy
SCT05-06 (May 2016) Sensitive Page v
TSP – [RACA trading name] Sensitive
Key ReferencesAll section (s) references in this TSP are to sections of the Aviation Transport Security Act 2004 (the Act) and all references to regulations (r) are to the Aviation Transport Security Regulations 2005 (the Regulations).
Definitions [s9; r1.03 and others]
Definitions are provided in the Act and the Regulations. Key definitions are found in s9 of the Act and r1.03 of the Regulations. The Act and Regulations are available at www.comlaw.gov.au.
Glossary of acronyms and terms
The following list includes definitive acronyms used in this TSP.
SCT05-06 (May 2016) Sensitive Page vi
TSP – [RACA trading name] Sensitive
Term Meaning
AACA Accredited Air Cargo Agent
Act, the Aviation Transport Security Act 2004
Cargo Goods (other than baggage or stores) that are transported by air, or are intended or are reasonably likely to be transported by air
ChOCS Chain of Custody Statement
Cleared CargoCargo that has received clearance and has been dealt with in accordance with the Regulations, including cargo that is received by a RACA with both a Security Declaration and ChOCS
Department, the The Australian Government department responsible for the administration of the Act and the Regulations
Diplomatic Bag An item that is a diplomatic bag for the purposes of the Diplomatic Privileges and Immunities Act 1967
Exempt Items Items of cargo that can be cleared without examination because the Secretary has issued a notice under s44B(2)(b) of the Act
International Cargo International cargo means cargo that is destined for a foreign country and that is not transhipped cargo
LSRCS Local Security Risk Context Statement
Organisation, the The RACA, named in this TSP, to whom this TSP applies
OTS Office of Transport Security
RACA Regulated Air Cargo Agent
Regulated Business Regulated business means a RACA, AACA or an operator of a prescribed air service
Regulations, the Aviation Transport Security Regulations 2005
SCO Security Contact Officer
Secretary, the The Secretary of the Department
SSD Special Security Direction
TSP Transport Security Program
Uncleared Cargo Cargo that is not cleared cargo, including cargo that is received by a RACA without both a Security Declaration and ChOCS
SCT05-06 (May 2016) Sensitive Page vii
TSP – [RACA trading name] Sensitive
1 General Obligations
SCT05-06 (May 2016) Sensitive Page 1
TSP – [RACA trading name] Sensitive
This TSP has been made in accordance with the obligations of a RACA as set out in s12 of the Act and r2.03(a) of the Regulations. This TSP applies to the RACA identified and named on the cover of this document (the Organisation).
A signed statement, to the effect that the Organisation believes this TSP gives effect to its obligations set out in section 16(1) of the Act, is provided at Attachment A.
1.1 Program scope and objectives [r2.48]
This TSP applies measures and procedures to all cargo that is in the possession of this RACA or under the control of this RACA and at each site or facility that is covered by this TSP. It sets out the measures and procedures to be used to examine, handle, store and transport cargo in a secure manner and make arrangements for the secure movement of cargo. This includes measures and procedures to:
a) prevent an act of unlawful interference with aviation;
b) safeguard against unlawful interference with aviation by ensuring the security of cargo handled (or for which arrangements are made) by all parties covered by this TSP; and
c) increase public confidence in aviation security arrangements.
1.2 Local security risk context statement [r2.49]
A statement outlining the local security risk context for the Organisation is provided at Attachment B. The statement has been developed in the context of:
the location of the Organisation’s sites and facilities;
seasonal and operational factors relevant to the Organisation and its environment;
general threats and generic security risk events to people, assets, infrastructure and operations; and
an outline of the people, assets, infrastructure and operations that need to be protected.
1.3 Quality control [r2.53]
The following quality control procedures are employed by the Organisation:
1.3.1 Audits [r2.53(1)(a)-(b)]
The Organisation will conduct audits of security measures and procedures to ensure that measures and procedures described in this TSP, as required under the Act and Regulations, have been implemented.
Audits will be scheduled as follows:
[insert details of how audits are scheduled].
Audits will be conducted as follows:
Set out details of the procedures for conducting an audit at your organisation. For example:
Audits will be systematic and will assess the implementation of this TSP and all security measures detailed within it. All audits will include consideration of and, where required, consultation on the following:
results from any previous audits and TSP reviews;
SCT05-06 (May 2016) Sensitive Page 2
TSP – [RACA trading name] Sensitive
measures set out in the TSP;
any results from drills and/or exercises conducted; and
any relevant aviation security incidents.
Particular consideration will also be given to whether the security measures and procedures are being applied as per the TSP and, if not, what corrective action will be taken.
Consideration may also be given to:
[please specify as appropriate for the Organisation – for example options for continuous improvement in regard to security measures and procedures].
Findings and recommendations will be presented to [full title of the vetting authority within your organisation, such as the CEO, or the Operations Manager] and to [full title of any security committee or other body which will view the reports] for consideration, and implemented as appropriate.
1.3.2 TSP reviews [r2.53(1)(c)-(d)]
A review of this TSP will be conducted if:
there is a change in the security threat level for air cargo or the Organisation;
an aviation security incident occurs;
there is a major change in the operational profile of the Organisation;
a change in ownership or organisational structure; or
directed by the Department to do so.
[please specify any additional circumstances as appropriate for your organisation – for example after each security audit].
Reviews will involve input from a variety of sources including consultation with all parties affected by this TSP.
Set out details of the procedures for reviewing your TSP, including a process for consultation. For example:
All reviews will assess the current security measures and procedures to consider if they are adequate to meet the requirements of the current local security risk context statement set out in Attachment B. They will include consideration of and, where required, consultation on the following:
results from any previous audits and reviews;
any change to Transport Security Advisories or the Aviation Security Risk Context Statement issued by the Department in relation to cargo;
any changes to the local risk context;
any changes in TSP coverage;
any results from drills and/or exercises conducted;
any relevant aviation security incidents; and
SCT05-06 (May 2016) Sensitive Page 3
TSP – [RACA trading name] Sensitive
any changes in the regulatory requirements.
Particular consideration will also be given to whether the security measures and procedures set out in the TSP remain appropriate and proportionate in relation to the local risk context statement and operational requirements.
Findings and recommendations will be presented to [full title of the vetting authority within your organisation, such as the CEO, or the Operations Manager] and to [full title of any security committee or other body which will view the reports] for consideration, and implemented as appropriate. This may require an amendment to, or revision of, this TSP.
1.4 Information security [s16(2)(e); r2.51(4); r2.52(3)]
The following security information requires protection against unauthorised access, amendment and disclosure:
this TSP;
any attachments or accompanying documents to this TSP;
security measures to be applied to cargo;
aircraft operator and flight information for cargo, prior to that cargo being received by the Organisation;
security compliance information (e.g. findings from audits conducted by the Department);
results, records and reports of any audit or review carried out in accordance with the TSP, the Act or Regulations;
[any other – please specify]
Access to this security information is restricted to persons who have a ‘need to know’, and requires authorisation from [specify position/role].
[Specify position/role] is responsible for:
the protection of the TSP;
determining who has access to the TSP;
the approval of electronic access to the TSP;
the distribution, return and destruction of all TSP copies;
the recording of the movement of all TSP copies;
determining who is authorised to amend the TSP; and
managing access, amendment and disclosure of other security information within the Organisation.
Security information will be protected against unauthorised access, amendment and disclosure through the following measures and procedures:
Insert your measures and procedures. For example:
Security information will be identified and classified appropriately.
SCT05-06 (May 2016) Sensitive Page 4
TSP – [RACA trading name] Sensitive
Records of authorised disclosure of security information will be retained.
Physical copies of security information are securely stored in [type of container/location] at [insert location]. Only [specify] is authorised to remove them from the container, and a register of all requests and approvals in maintained.
Electronic copies are stored on a computer system that is restricted to authorised personnel only.
1.5 Security of passwords, keys and access devices [r2.55(1)(f)]Set out how and where passwords, security codes or access devices are used as a security measure in your organisation.
The management and control of all passwords, access codes, access devices and keys [specify] is the responsibility of [specify].
Records of all security passwords, access codes, keys and access devices issued is kept by the [specify]. These records are secured [specify the receptacle, location, and the method to secure the record].
Security passwords / access codes are changed:
Insert your measures and procedures. For example:
every three to twelve months OR [specify timeframe];
when any staff with security access leave; and / or
when a security incident involving unauthorised access to security areas and security zones has been determined by the SCO to have compromised access control security.
Audits of keys and access devices are conducted [specify how often and by whom] to ensure that:
Insert your measures and procedures. For example:
nominated staff have their correct passwords and access devices;
staff with access to security information or zones and areas still require it;
any loss of keys or access device has been reported, recorded and investigated; and
keys and access devices that are held in storage have been issued and returned correctly.
SCT05-06 (May 2016) Sensitive Page 5
TSP – [RACA trading name] Sensitive
2 Operational Details
2.1 Sites and facilities covered by this TSP [s16(2)(f); r2.54]
A list of all sites that operate on behalf of the Organisation and all facilities that are covered by this TSP, including other aviation industry participants operating under this TSP, are set out in Attachment C.
Further details for sites and facilities covered by this TSP are set out in Accompanying Document 1.
Note: under the Regulations, the TSP must only cover an aviation industry participant that is an agent or subsidiary of the Organisation, or has a contract with the Organisation to provide a service for the movement or handling of cargo or the making of arrangements for the movement or handling of cargo.
2.2 Security management [s16(2)(a); r2.52(1); r2.58]
2.2.1 Organisational structure and security management arrangements [r2.52(1)(a)]
The Organisation’s structure, and the arrangements for managing security at each of our facilities, are set out in Attachment D.
2.2.2 Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58]
The SCO is responsible for facilitating the development, implementation, review and maintenance of this TSP. The SCO is also responsible for the maintenance of the administration of security measures and procedures contained in this TSP.
Specific responsibilities include:
liaising with other aviation industry participants in relation to aviation security matters;
liaising with the Department to ensure compliance with all aviation security regulatory requirements, change in the Department’s threat assessment, and any Special Security Directives or Compliance Control Directions;
Set out any additional responsibilities for the SCO in your organisation. For example:
ensuring employees, contractors or other persons with aviation security related roles have sufficient knowledge, skills and training to perform their duties;
ensuring staff are briefed on all security-related matters in relation to the Organisation’s facilities;
ensuring the appropriate protection of all security information against unauthorised access, amendment and disclosure; ensuring the integrity of all preventive security measures and arranging maintenance as required;
overseeing the serviceability of all security equipment;
Maintaining the Regular Customer List;
reporting and monitoring aviation security incidents, including threats and breaches; and
attending relevant aviation security meetings.
The knowledge, skills and other requirements to fulfil the security-related aspects of this position are:
Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.
Note: under the Regulations, the RACA must appoint a SCO and the RACA must provide security awareness training for the relevant staff to enable them to properly perform the security related aspects of their positions.
SCT05-06 (May 2016) Sensitive Page 6
TSP – [RACA trading name] Sensitive
2.2.3 Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58]
The roles and responsibilities of security officers and other persons assigned particular security duties and responsibilities are as follows:
Insert as relevant to your organisation. For example:
Senior Security Officers/Security Officers
Senior Security Officers / Security Officers are supervised by and report to [specify].
Their duties and responsibilities require them to:
Manage day to day security issues;
brief staff on security-related matters such as changes in the security environment when directed by [specify].
[Report / investigate / compile] all security breaches, threats or aviation incident reports for [specify].
They also assist the Operations Manager / Security Manager / SCO in:
the development, implementation, review and maintenance of the Organisation’s TSP;
liaison with other aviation industry participants in relation to aviation security matters;
providing feedback to SCO / other regarding application and effectiveness of security measures in the Organisation’s TSP; and
the coordination with the Department’s staff to ensure regulatory compliance.
The knowledge, skills and other requirements for the security-related aspects of these positions are:
Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.
Cargo Receipt Officers
The roles and responsibilities of a Cargo Receipt Officer are as follows:
Receive and inspect cargo consignments from consignors and other regulated businesses in accordance with measures set out in this TSP;
Check security documentation for consignments; and
Report to SCO / other regarding suspect cargo or any security issues or incidents.
The knowledge, skills and other requirements for the security-related aspects of these positions are:
Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.
Cargo Examination Officers
SCT05-06 (May 2016) Sensitive Page 7
TSP – [RACA trading name] Sensitive
Conduct cargo examination in accordance with this TSP, relevant air cargo examination notices and examination equipment instructions;
Report to SCO / other regarding suspect cargo or any security issues or incidents.
The knowledge, skills and other requirements for the security-related aspects of these positions are:
Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.
Note: under the Regulations, the RACA must provide security awareness training for the relevant staff to enable them to properly perform the security related aspects of their positions.
2.2.4 Contractors [r2.52(1)(b); r2.58]
Select from the options below as appropriate for your operations.
The Organisation does not have any arrangements or contracts with any private or secondary businesses to undertake security roles at the Organisation’s facilities.
ORThe Organisation has a contract with [specify] to undertake the following security relevant duties and responsibilities:
Insert as relevant to your organisation. For example:
open and inspect each site and facility before daily commencement of operations;
secure each site and facility after the daily conclusion of operations to ensure that all persons have vacated and there are no unattended items;
lock, alarm and/or patrol site and facility building(s);
monitor CCTV and respond to any suspicious behaviour or incidents;
monitor the alarms and respond to any activation of the alarm system; and
perform regular / irregular patrols of the area surrounding each site and facility.
The knowledge, skills and other requirements for the security-related aspects of these positions are:
[Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.]
Note: under the Regulations, the RACA must provide security awareness training for the relevant staff (including contractors) to enable them to properly perform the security related aspects of their positions.
2.3 Consultation and communication [s16(2)(b),(g); r2.52(2)]
2.3.1 Consultation to develop this TSP [s16(2)(g)]
Details of the consultation undertaken in developing this TSP can be found at Attachment E.
2.3.2 Communication and consultation within the organisation [r2.52(2)(a)]
SCT05-06 (May 2016) Sensitive Page 8
TSP – [RACA trading name] Sensitive
The [specify position/role] is responsible for ensuring ongoing and effective communication within the organisation and within each site covered by the TSP for the purpose of coordinating security-related activities. The mechanisms used to communicate and consult within the organisation are:
Insert as relevant to your organisation. For example:
A weekly email to all staff and contractors.
Meetings or phone calls as required.
2.3.3 Communication and consultation with the operator of a security controlled airport at which the Organisation has a facility [r2.52(2)(b)]
The Organisation does not have any sites or facilities at any security controlled airports.
ORThe [specify position/role] is responsible for ensuring ongoing and effective communication between the organisation and the operator of any security controlled airport at which the Organisation has a facility for the purpose of coordinating security-relevant activities. The mechanisms used to communicate and consult with these airport operators are:
Insert as relevant to your organisation. For example:
Quarterly attendance of Airport Security Committee meetings.
2.3.4 Communication and consultation with relevant third parties [r2.52(2)(d)]
The [specify position/role] is responsible for ensuring ongoing and effective communication between the organisation and relevant third parties, such as police or aircraft operators, for the purpose of coordinating security-relevant activities. The mechanisms used to communicate and consult with these third parties are:
Insert as relevant to your organisation. For example:
Industry meetings [specify];
Quarterly meetings of the Airport Security Committee, which includes representatives of the police, all aircraft operators, airport tenants and lessees.
2.4 Implementation of security measures and procedures [r2.55(2)]
All measures described in this TSP have been implemented.
ORThe measures and procedures that have not yet been implemented, and a timetable for implementation is set out at Accompanying Document 2.
SCT05-06 (May 2016) Sensitive Page 9
TSP – [RACA trading name] Sensitive
3 Physical Security and Access Control Measures [r2.54(1)(d); r2.55]
3.1 Physical security of sites and facilities [r2.54(1)(d); r2.55(1)(e)]
3.1.1 Building security
The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours.All buildings where cargo is handled are of sound construction and deter unauthorised access.
Access points and potential access or insertion points, such as windows, vents and sky lights, for buildings where cargo is handled are monitored or secured against unauthorised access or insertion of objects at all times.
All building access points are closed, secured and deter unauthorised access when not in use and out of hours.
3.1.2 Perimeter security
The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours.
All areas where cargo is handled are secured by fencing that will deter unauthorised access of persons or vehicles.
Access gates for areas where cargo is handled are monitored or secured against unauthorised access of persons or vehicles at all times.
All access gates to the site and secure areas are closed, secured and deter unauthorised access when not in use and out of hours.
The site perimeter is patrolled [specify frequency] by security guards out of hours.
3.1.3 Signage
The following security measures and procedures apply to all sites OR [specify sites].
Signage to advise of authorised personnel only at all secure area access points;
Signage to advise ID cards must be worn in all secure areas;
Signage reminding employees to challenge and report any unauthorised persons or suspicious behaviour in secure areas;
Signage informing customers that:
cargo will be subject to security and clearing procedures; and
it is illegal to consign as cargo, without authorisation, an explosive or an explosive device, displayed in cargo consignment areas.
3.1.4 CCTV coverage
The Organisation does not use CCTV.
OR
SCT05-06 (May 2016) Sensitive Page 10
TSP – [RACA trading name] Sensitive
The following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours.
The following areas are monitored by CCTV:
site access points;
building access points;
cargo handling areas;
cargo storage areas;
office and administration areas; and
overnight parking areas for cargo transport vehicles.
The CCTV monitoring station for the Organisation is located at [specify location] and operates [specify the hours of operation]. CCTV is monitored by [specify role/position].
CCTV recordings are retained for a period of [specify]. The Organisation will provide a copy of the recordings to law enforcement authorities upon request, if appropriate.
Staff responsible for CCTV monitoring will report any security incident as soon as practicable to the SCO and, if necessary or appropriate, to the local law enforcement agency.
3.1.5 Alarms
The Organisation does not use alarms.
ORThe following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours.
The following areas are monitored by a back-to-base alarm system out of hours:
site access points;
building access points;
cargo handling areas;
cargo storage areas;
office and administration areas; and
overnight parking areas for cargo transport vehicles.
The response to an alarm out of hours is:
Insert measures and procedures for investigating, assessing and responding to an alarm.
SCT05-06 (May 2016) Sensitive Page 11
TSP – [RACA trading name] Sensitive
3.2 Access control measures for sites and facilities [r2.54(1)(d); r2.55(1)(e)]
3.2.1 Access control
The following measures are used to control access to all sites OR [specify sites] and include security procedures for out of hours.
Insert your measures and procedures. For example:
Access to sites and facilities is permitted 24 hours a day, 7 days a week OR limited to operational hours;
Access to the following areas is restricted to authorised persons who have a legitimate purpose and displaying appropriate identification:
Cargo handling areas,
Cargo storage areas,
Security information storage areas;
Access to secure areas is controlled by [specify method of control e.g. swipe cards / guards / locks]
Authorised persons are not permitted to bring personal bags, packages or non-essential items into cargo handling areas. Spot checks will be periodically conducted by [specify].
All staff are required to challenge any person in a restricted area who is not known to be authorised or is not displaying appropriate identification.
3.2.2 Identification
The following measures are used to manage staff and visitor identification procedures to all sites OR [specify sites].
Insert your measures and procedures. For example:
All staff (including contractors) who access cargo handling areas, handle cargo or transport cargo are required to have an identification card;
All staff (including contractors) must display their identification card when in cargo handling areas or when transporting cargo;
Identification cards are tamper-resistant and include the employee’s name and photograph, the Organisation’s name and an expiry date. Identification cards are valid for no more than two years;
Identification cards are recovered when expired or when employment ends. Records for the issue and recovery of all identification cards are kept and maintained by [specify];
Temporary identification cards may be provided for:
New employees,
Short-term contractors, and
Employees whose identification card is temporarily unavailable.
Temporary identification cards are valid for a single day only; and
SCT05-06 (May 2016) Sensitive Page 12
TSP – [RACA trading name] Sensitive
Visitor cards may be provided for visitors who need access to cargo handling areas or security information storage areas. Visitor identification cards are valid for a single day only and must be reclaimed when the visitor leaves the site. Visitors must be escorted in cargo handling areas and other secure areas at all times.
3.3 Access control measures for airside and security zones [r2.55(1)(b)-(d)]
The Organisation does not access airside areas or airport security zones.
ORThe following security measures and procedures apply to all sites OR [specify sites] and include security procedures for out of hours.
Measures to deter and detect unauthorised access include:
Insert your measures and procedures. For example:
Compliance with airport security measures, including ID checks for personnel accessing airside or airport security zones;
Monitor relevant access points during operational periods; and
Secure and alarm relevant access points out of hours.
3.4 Maintenance of security equipment [r2.55(1)(g)]
The following measures are used to maintain security equipment at all sites OR [specify sites].
Insert your measures and procedures. For example:
All security equipment is maintained according to the manufacturer’s instructions;
All security equipment is calibrated by [specify role/position] according to the manufacturer’s instructions; and
[Specify role/position] is responsible for managing and recording details of equipment maintenance procedures, maintenance checks and calibration checks.
3.5 Physical security of cargo transport vehicles [r2.55(1)(h)]
The following measures are used to secure cargo transport vehicles at all sites OR [specify sites] and include security procedures for out of hours.
Insert your measures and procedures. For example:
All vehicles used to transport cargo are of sound condition and deter unauthorised access;
Passenger and cargo areas of vehicles used to transport cargo are kept locked when unattended or not in use;
Vehicles used to transport cargo are parked in secure areas and/or monitored out of hours;
Vehicles used to transport cargo are inspected for unauthorised access, tampering or insertion of unauthorised objects:
daily prior to use; and
After any period left unattended in an unsecured area.
SCT05-06 (May 2016) Sensitive Page 13
TSP – [RACA trading name] Sensitive
4 Cargo security and examination [r2.51; r2.55(1)(i)]
SCT05-06 (May 2016) Sensitive Page 14
TSP – [RACA trading name] Sensitive
4.1 Cargo security [r2.51(1); r2.51(2); r2.52(3)]
4.1.1 Cargo Records [r2.52(3)]
The following measures and procedures are used for the keeping of accurate records of cargo in the Organisation’s possession or under the Organisation’s control:
Insert your measures and procedures. For example:
[cargo record keeping procedures]
4.1.2 Deter and detect unauthorised explosives [r2.51(1)]
The following measures and procedures are used to deter and detect the unauthorised carriage, as cargo, of explosives that could facilitate an act of unlawful interference with aviation:
Insert your measures and procedures. For example:
All cargo that is received by the Organisation is checked on receipt for signs of tampering or that it may be suspect cargo, in accordance with the procedures set out in Annex A.
All uncleared cargo is treated in accordance with the procedures set out in Annex A and receives clearance. A Security Declaration is issued for all cargo that receives clearance.
Cleared cargo is:
Cargo for which the Organisation issued a Security Declaration; or
Cargo that was received by the Organisation with both a Security Declaration and a ChOCS.
Cleared cargo is kept secure at all times and dealt with in accordance with the procedures set out in Annex A. A ChOCS is issued for all cleared cargo.
Any cargo that shows signs of tampering or that it may contain unauthorised explosives or is examined and cannot be cleared is treated as suspect cargo in accordance with this TSP and is not provided to another regular business.
The following procedures will have effect during equipment failure or unserviceability:
Insert your measures and procedures. For example:
[specify contingency procedures if security equipment fails]
4.1.3 Ensuring the security of cargo at all times [r2.51(2)]
The following measures and procedures are used to ensure the security of cargo at all times:
Insert your measures and procedures. For example:
All cargo is kept secure while in the possession of the Organisation by ensuring that it is accompanied, monitored, or kept in a secure area at all times.
Access to cargo is restricted to authorised persons only in accordance with the access control procedures set out in this TSP.
SCT05-06 (May 2016) Sensitive Page 15
TSP – [RACA trading name] Sensitive
Any cargo that is found to have not been kept secure at all times is rechecked for tampering and unauthorised explosives and treated as uncleared cargo until it subsequently receives clearance.
4.2 Cargo examination [s16(2)(c); r2.51(1A); r2.55(1)(i)]
4.2.1 Methods, techniques and equipment for examination of cargo [s16(2)(c); r2.51(1A); r2.55(1)(i)]
The methods, techniques and equipment for examination of cargo for all sites OR [specify sites] is set out in Annex A and in any notices issued to the Organisation under regulation 4.41J.
SCT05-06 (May 2016) Sensitive Page 16
TSP – [RACA trading name] Sensitive
5 Regular Customers [r2.60]
5.1 Maintaining a regular customer list [r2.60(a)]
The following procedures apply to the Organisation’s regular customer list:
Insert your measures and procedures. For example:
Customers may become regular customers by their inclusion on the Organisation’s regular customer list.
Customers may only be added to the regular customer list by [specify role/position].
To be eligible to be added to the regular customer list, the customer must sign a regular customer undertaking, and evidence must be provided that the customer:
is the regular customer of another RACA; or
has an established credit rating; and
has consigned cargo at least three times without incident.
For each regular customer, the regular customer list must include:
the customer’s name and contact details;
why the customer was included on the list; and
the date of the customer’s inclusion on the list.
5.2 Regular customer undertaking [r2.60(b)]
The form of the regular customer undertaking can be found at Attachment F.
5.3 Receiving cargo from a regular customer [r2.60(c)]
The procedures for receiving cargo from a regular customer, including procedures to identify people who represent such a customer, can be found in Annex A.
SCT05-06 (May 2016) Sensitive Page 17
TSP – [RACA trading name] Sensitive
6 Cargo security responses [s16(2)(d); r2.51(3); r2.57]
6.1 Measures and procedures for the handling and treatment of suspect cargo [r2.51(3)]
[Specify position/role] is responsible for determining whether an item is suspect cargo and the appropriate response. If there is any concern that an item may cause unlawful interference with aviation, or contain an unauthorised explosive or explosive device, items will be considered suspect cargo.
Following the identification of suspect cargo, the following actions will be taken:
Insert your measures and procedures. For example:
The area around the item or vehicle will be cleared;
Employees and customers will be instructed to clear the area or evacuate and not interfere with or approach the suspect cargo;
State or Territory police will be contacted immediately;
Consideration will be given to whether local site operations can continue safely and whether to temporarily alter or cease local operations;
The Department and any other relevant government agencies will be notified when practicable;
The instructions of police and government agencies will be followed; and
Procedures regarding the discovery of an explosive device will be followed if the item is identified as an unauthorised explosive.
6.2 Measures and procedures in the event of a heightened security alert [s16(2)(d); r2.57]
The Organisation has a number of additional security measures and procedures available for implementation in the event of a heightened security alert. These measures and procedures are detailed at Accompanying Document 3.
Measures for heightened security alerts may be implemented:
when the Australian Government formally raises a national counter-terrorism alert level;
when specific threats are directed towards the Organisation;
in response to an aviation security incident;
in response to the issuance of an SSD; or
as otherwise advised by the Department.
SCT05-06 (May 2016) Sensitive Page 18
TSP – [RACA trading name] Sensitive
ANNEX A: Clearing Cargo
Introduction
This Annex (version 3.2) details the basic security measures for cargo to receive clearance. This includes the receipt, examination and treatment of cargo. This Annex also details the requirements for dealing with cargo in order to clear cargo and maintain its cleared status.
This Annex forms part of the TSP and, where any discrepancies exist, security measures detailed within this Annex take precedence over measures detailed elsewhere within the TSP.
Notes on treatment of cargo [s44B(2)]
Cargo has been treated in accordance with this TSP if the receipt, ID and examination requirements set out in Tables 1.1 and 1.2 have been met and a Security Declaration has been issued (if required).
Notes on dealing with cargo [s44B(3)]
Cargo has been dealt with in accordance with this TSP if the cargo is:
checked on receipt and not suspect cargo and not tampered with;
kept secure at all times; and
continues to show no signs of tampering, suspect cargo or containing unauthorised explosives for the entire time it is in the possession of the RACA.
Indications that cargo has been tampered with may include oil stains and damage or cuts in packaging or wrapping.
Signs that cargo is suspect cargo may include unusual smells, excessive postage or if the weight exceeds the normal weight for the consignment type or any other indications of potential explosives.
Notes on regular customers
All cargo from Regular Customers must be received by a Regulated Business directly from the regular customer in order to maintain cleared cargo status.
Receiving Cargo Tables
Records of identification are to be retained for a period of 30 days.
Examination will be conducted in accordance with the Table 1.5 titled ‘Examination Methods’.
Any changes to examination of cargo will be by written notice issued by the Secretary of the Department, or delegate, and will occur independently of the requirements of this TSP.
A Notice listing those items that are exempt from examination is issued from time to time by the Department.
SCT05-06 (May 2016) Sensitive Page 19
TSP – [RACA trading name] Sensitive
Table 1.1: Uncleared cargo that is received by RACA without a Security Declaration
Cargo Type Received From Check ID of sender(refer to Table 1.3)
Record ID of sender(refer to Table 1.4)
Examination of cargo required(refer to Table 1.5)
Documentation to be issued(refer to Table 1.6)
1 Items ≤ 250 gm and ≤ 5 mm thick
Unregulated No No No No
Regular Customer No No No No
Regulated Business No No No No
2 Domestic cargo items > 250gm and/or > 5mm thick
Unregulated No No No No
Regular Customer No No No No
Regulated Business No No No No
3 International exempt items > 250 gm and/or > 5mm thick
Unregulated Yes Yes No Security Declaration and Chain of Custody Statement
Regular Customer Yes No No Security Declaration and Chain of Custody Statement
Regulated Business Yes Yes No Security Declaration and Chain of Custody Statement
4 International non-exempt items > 250gm and/or > 5mm thick
Unregulated Yes Yes Yes Security Declaration and Chain of Custody Statement
Regular Customer Yes No No Security Declaration and Chain of Custody Statement
Regulated Business Yes Yes Yes Security Declaration and Chain of Custody Statement
SCT05-06 (May 2016) Sensitive Page 20
TSP – [RACA trading name] Sensitive
Table 1.2: Cleared cargo that is received by a RACA with a Security Declaration and Chain of Custody Statement
Please note that once cargo is cleared it can only retain its cleared status if transported and handled by a regulated business in accordance with their Security Program. When passing on cleared cargo a Regulated Business must issue a Chain of Custody Statement as evidence that cleared cargo has been held securely at all times whilst in the regulated business’s possession. Cargo that is transported or handled by a non-regulated business after clearance is no longer cleared and will require re-examination.
Cargo Type Received From Check ID of sender(refer to table 1.3)
Record ID of sender(refer to table 1.4)
Examination of cargo required(refer to table 1.5)
Documentation to be issued(refer to table 1.6)
1 Items ≤ 250 gm and ≤ 5 mm thick
Unregulated N/A (Refer to Table 1.1)
Regular Customer N/A (Refer to Table 1.1)
Regulated Business No No No No
2 Domestic cargo items > 250gm and/or > 5mm thick
Unregulated N/A (Refer to Table 1.1)
Regular Customer N/A (Refer to Table 1.1)
Regulated Business No No No No
3 International exempt items > 250 gm and/or > 5mm thick
Unregulated N/A (Refer to Table 1.1)
Regular Customer N/A (Refer to Table 1.1)
Regulated Business No No NoChain of Custody Statement (existing Security Declaration
is still valid)
4 International non-exempt items > 250gm and/or > 5mm thick
Unregulated N/A (Refer to Table 1.1)
Regular Customer N/A (Refer to Table 1.1)
Regulated Business No No NoChain of Custody Statement (existing Security Declaration
is still valid)
SCT05-06 (May 2016) Sensitive Page 21
TSP – [RACA trading name] Sensitive
Supporting Tables:
Table 1.3: Required Identification Document:
The following are the only forms of valid identification documents that are permitted for the purposes of preparing cargo for clearance:
An Australian photographic drivers licence; An Australian passport; A foreign passport supported by a second form of identification (that may not appear on this list); A photo credit or debit card issued by an authorised deposit-taking institution; A photographic identification card issued by an Australian government body (including Australian
State/Territory bodies). Appropriate identification that satisfies the sender represents the Regular Customer.
Table 1.4: Recording Identification:
In order to clear cargo a RACA is required to identify the person sending the cargo. If required to do so you must sight a Required Identification Document, and record the following details:
The senders name; The type of Identification Document (e.g. drivers’ licence); The issuing body (e.g. NSW RTA); and The unique identification number shown on the Identification Document.
Where the sender is a corporation a Required Identification Document of an authorised representative of the sender (e.g. an employee) must be sighted and recorded.
Table 1.5: Examination Methods:
Each examination will be conducted in accordance with one of the methods shown below: Physical Examination – The contents of the cargo will be searched as thoroughly as is practical to
verify that the contents are consistent with any available description and that no unauthorised explosive or incendiary device appears to be included in the cargo (Note: this includes but is not limited to a visual assessment of the cargo).
Explosive Trace Detection – The use and maintenance of Explosive Trace Detection equipment will be in accordance with the manufacturers’ instructions, the equipments operational limitations and any advice or notice issued by the Department of Infrastructure and Transport.
X-Ray – The use and maintenance of X-Ray equipment will be in accordance with the manufacturers’ instructions, the equipments operational limitations and any advice or notice issued by the Department of Infrastructure and Transport.
Seven day secure hold – cargo is held securely for a period of seven days prior to transfer.
SCT05-06 (May 2016) Sensitive Page 22
TSP – [RACA trading name] Sensitive
Table 1.6: Cargo Security Documentation:
Security Declaration:A Security Declaration is issued by a RACA to indicate that cargo has received clearance through being:
a) examined or, where an exemption notice has been issued, the cargo is exempt from examination; andb) treated in accordance with the RACA’s TSP.
The Security Declaration must:
a) identify the cargo (such as reference to a Consignment number, Master Air Waybill or equivalent document that specifically identifies the cargo);
b) state the name of the RACA issuing the Security Declaration;c) state the name and contact details of the individual issuing the Security Declaration on behalf of the
RACA;d) state the time and date the Security Declaration is issued; ande) declare the cargo has received clearance.
Chain of Custody Statement:A Chain of Custody Statement is provided by each Regulated Business (the Issuer) to another Regulated Business to whom they are passing the cleared cargo, stating that the Issuer has dealt with the cleared cargo by preventing unauthorised access and holding the cleared cargo in a manner that makes tampering with the cleared cargo obvious.
The Chain of Custody Statement must:
a) identify the cargo (such as reference to a Consignment number, Master Air Waybill or equivalent document that specifically identifies the cargo);
b) state the name of the Regulated Business issuing the Chain of Custody Statement;c) state the name and contact details of the individual issuing the Chain of Custody Statement on behalf
of the Regulated Business;d) state the time and date the Chain of Custody Statement is issued;e) state whether the Regulated Business received a Security Declaration for the cargo when the Regulated
Business took possession of the cargo;f) if the Regulated Business received a Security Declaration for the cargo when taking possession of the
cargo, the Chain of Custody Statement must state that the cargo has been held securely at all times in accordance with the Regulated Business’s TSP or AACA security program; and
g) i f the Regulated Business did not receive a Security Declaration for the cargo when taking possession of the cargo, then Chain of Custody Statement must state that the RACA issued a Security Declaration for the cargo and that the cargo has been held securely at all times after the cargo received clearance in accordance with the Regulated Business’s TSP.
For cleared cargo to maintain its cleared status, it must be accompanied by a Security Declaration and a Chain of Custody Statement at all times.
If you did not receive both a Security Declaration and a Chain of Custody Statement when taking possession of cargo, treat the cargo as uncleared cargo and remove any security documentation.
SCT05-06 (May 2016) Sensitive Page 23
TSP – [RACA trading name] Sensitive
Attachment A: Signed statement [s16(1) and r2.05]
[Optional: Insert Organisation’s logo]
[Insert Organisation’s legal name here]:
is aware of its general responsibility to contribute to the maintenance of aviation security;
has developed an integrated, responsible and proactive approach to managing aviation security within the Organisation;
is aware of, and has the capacity to meet, the specific legislative obligations; and
has taken into account relevant features of its operation in developing activities and strategies for managing aviation security within the Organisation.
[insert Organisation’s legal name here] believes that this TSP gives effect to all of the above obligations.
Signature :
Title :
Date :
(Chief Executive Officer or authorised representative)
SCT05-06 (May 2016) Sensitive Page 24
TSP – [RACA trading name] Sensitive
Attachment B: Local security risk context statement [r2.49]
Provide a statement outlining the local security risk context for the Organisation, including consideration of its location, and seasonal and operational factors. For example:
The Organisation employs [number] of staff and contractors and cargo is handled at [number] of sites in Australia and operate facilities that handle cargo at the following airports [list sites on airports].
The Organisation regularly handles the following types of cargo from [regular customers / other businesses / freight forwarders / other regulated businesses only / unknown individuals]:
[list types of cargo handled by the Organisation];
The Organisation uses [its own drivers and vehicles / contract drivers / couriers / an AACA / another regulated business] to transport cargo to [another freight forwarder / an express freight forwarder / a CTO / an airline].
The Organisation handles cargo to [Australia only / all countries / countries that might be the target of terrorism or unlawful interference with aviation].
The Organisation [conducts technological examination of cargo / clears cargo from regular customers only / does not clear cargo].
[Organisation’s name] understands that Australia’s National Terrorism Threat Advisory System (NTTAS) informs the public about the likelihood of an act of terrorism occurring in Australia. This system replaced the former National Terrorism Threat System and the Public Alert System in November 2015, merging them into a single, easier to understand system. Information on the new National Terrorism Threat Advisory System, including advice on the current level, is available at www.nationalsecurity.gov.au/threatlevel .
[Organisation’s name] acknowledges that the NTTAS should inform the development of its local security risk context statement and its security measures and procedures. We acknowledge that this threat is likely to continue for the foreseeable future, and that airports and aircraft have been the target of previous attacks.
The Organisation understands the importance of ensuring that its measures and procedures are suitable to protect its employees, contractors and the broader aviation industry. In preparing this TSP, and in establishing and implementing measures and procedures to address aviation security issues, we particularly considered the following threats of relevance (set out below) and the people, assets and infrastructure that we need to protect.
General threats and generic security risk events of relevance to the Organisation
SCT05-06 (May 2016) Sensitive Page 25
TSP – [RACA trading name] Sensitive
Source of Risk Risk Event
Improvised explosive device (IED) consigned in cargo
IED consigned as cargo by known or unknown sender. IED device consigned as a piece of cargo; IED device disguised as a piece of cargo (e.g. a fake laptop); IED device concealed within a piece of cargo; IED device concealed within an object consigned as cargo (e.g. printer
cartridges);
IED inserted into cargo
IED placed into cargo for loading on an aircraft by intruder, trusted insider or visitor. IED device placed in cargo item; IED device placed in cargo consolidation; IED device placed in cargo palette, ULD or other container; IED device placed directly into aircraft cargo hold;
Computer network attack
Deliberate disruption of websites or IT systems to cause loss or compromise of information relevant to aviation security.
Hoax threats Hoax threats used to deliberately cause disruption to services/distract emergency responders.
Theft of business assets
This could include theft of aircraft, ground handling equipment, maintenance equipment, cargo etc Forced entry to terminal building may damage security systems; Damage to or theft of assets may put security of travellers and aircraft at risk.
Acts of vandalism or arson
This might include deliberate damage to cargo or facilities, graffiti etc Could threaten the effectiveness of security systems such as CCTV; could involve consequential damage to access control systems such as fences.Could also involve individuals with access, or unauthorised access to locations.
Trusted insider
May be an employee, contractor or visitor. Could involve any of the following: Tampering with cargo; facilitating or overlooking the transfer or movement of IEDs in cargo. Facilitating the passage of an IEDs through examination or clearance; causing loss or disruption to computers or networks; inappropriate use of ID to access secure areas without authorisation, or give
access to a secure area to another individual; tailgating to avoid access being detected; and/or tampering with security systems.
Terrorist surveillance
This may include the following techniques: visual surveillance, from a distance; visual surveillance, from a static location (e.g. parked vehicle) near facilities; vehicle drive-by or on foot; scanning websites looking for security information.Attackers may also undertake dry runs. This may involve: threat-testing response time and methods by using false suspect cargo; testing security screening systems.
SCT05-06 (May 2016) Sensitive Page 26
TSP – [RACA trading name] Sensitive
People, assets, infrastructure and operations that need to be protected
People
The following people are to be protected under this TSP: Organisation employees and contractors; Drivers; Consignors/Visitors; and Airport staff and the travelling public.
Assets
Assets to be protected under this TSP include: Cargo containers and handling equipment; Cargo handling vehicles and cargo transport vehicles; Administrative assets; assets and technology used for screening and clearing purposes; and assets which may be required in an emergency.
InfrastructureInfrastructure to be protected under this TSP includes: buildings under the control of the Organisation; fences and other structures under the control of the Organisation; and airport facilities under the control of the Organisation.
SCT05-06 (May 2016) Sensitive Page 27
TSP – [RACA trading name] Sensitive
Attachment C: List of Sites and Facilities Covered by this TSP [r2.54(1)]
Listed below are all sites that operate on behalf of the Organisation and all facilities covered by this TSP:
Site/facility name Address Suburb/town State Postcode
Add rows as required
Under the Regulations, for each facility that is located at a security controlled airport, the RACA must give the airport operator:
(a) the RACA’s contact details, including contact details for the security contact officer; and(b) details of the procedures to check the identity of persons who are authorised to have access to the facility.
A failure to notify the Secretary in writing within seven (7) days of becoming aware of any changes to the details in these tables may be an offence under the Regulations.
SCT05-06 (May 2016) Sensitive Page 28
TSP – [RACA trading name] Sensitive
Attachment D: Organisational Structure and Security Management Arrangements [r2.52(1)(a)]
Insert text and/or a diagram clearly articulating your organisational structure and security management arrangements here.
SCT05-06 (May 2016) Sensitive Page 29
TSP – [RACA trading name] Sensitive
Attachment E: Consultation undertaken as part of the development of this TSP [s16(2)(g)]
The following aviation industry participants contributed to the development of this TSP:
Organisation Title / Relationship Consultation Undertaken
e.g. your organisation
e.g. all levels of management and staff supervision
e.g. considered and discussed the various security-related roles and responsibilities within the organisation.e.g. security measures and procedures to be implemented in accordance to this TSP.e.g. reporting responsibilities of staff.
e.g. ABC Airways e.g. RPT operator e.g. procedures and requirements for loading cargo.
e.g. XYZ Cargo e.g. freight operator e.g. procedures and requirements for loading cargo.
[Other consulted organisations]Add rows as required
SCT05-06 (May 2016) Sensitive Page 30
TSP – [RACA trading name] Sensitive
Attachment F: Regular Customer Undertaking [r2.60(b)]
[Optional: Insert customer logo]
[Insert customer’s legal name here] (the customer):
agrees to be placed on the regular customer list of [Organisation’s name].
undertakes to take appropriate security measures to prevent the unauthorised carriage of an explosive or an explosive device;
undertakes that at time of consignment, cargo will:
have secure, undamaged packaging;
appear not to have been tampered with;
be accompanied by documentation that identifies the customer as the consignor of the cargo; and
be presented by a person who can be verified as a representative of the customer;
is aware that cargo will be subject to security and clearing procedures; and
is aware that it is illegal to consign as cargo, without authorisation, an explosive or an explosive device.
Signature :
Title :
Date :
(Chief Executive Officer or authorised representative)
SCT05-06 (May 2016) Sensitive Page 31
TSP – [RACA trading name] Sensitive
Accompanying Document 1: Details of Sites and Facilities Covered by this TSP [r2.54(2)]
Detailed below are all sites that operate on behalf of the Organisation and all facilities covered by this TSP:
Site/facility name: Site/facility name or identifying description
Address: Street address of site/facility
Located on an airport Yes / No If yes, is it a security controlled airport Yes / No
If located on an airport, name of airport and a description of airside and landside operations
This site/facility is located at [airport trading name].The airside operations at this airport are [location and description].The landside operations at this airport are [location and description].
Operations conducted at this site/facility include:
handling cargo consolidating cargo examining cargo storing cargo after hours loading cargo onto road vehicles parking cargo transport vehicles after hours loading cargo onto aircraft (CTO operations)
Proportion of cargo handled at this site that is domestic cargo None / Some / Most / All
Proportion of cargo handled at this site that is international cargo None / Some / Most / All
Hours of operation
Days e.g. Mon-Fri Hours e.g. 24h
Days e.g. Sat Hours e.g. 0800h – 1200h
Days e.g. Sun Hours e.g. closed
Add additional pages as required
Under the Regulations, for each facility that is located at a security controlled airport, the RACA must give the airport operator:
(a) the RACA’s contact details, including contact details for the security contact officer; and(b) details of the procedures to check the identity of persons who are authorised to have access to the facility.
A failure to notify the Secretary in writing within seven (7) days of becoming aware of any changes to the details in these tables may be an offence under the Regulations.
SCT05-06 (May 2016) Sensitive Page 32
TSP – [RACA trading name] Sensitive
Accompanying Document 2: Timetable for implementation of security measures and procedures [r2.55(2)(b)]
Detailed below are security measures and/or procedures yet to be implemented at by the Organisation.
Measure or Procedure not yet implementedSite(s) Implementation
date(no later than)
e.g. Swipe card access installed to replace the key lock on all entry doors All sites DD/MM/YY
Delete this document if all of the measures and procedures referred to in your TSP have been implemented.
SCT05-06 (May 2016) Sensitive Page 33
TSP – [RACA trading name] Sensitive
Accompanying Document 3: Measures and procedures in the event of a heightened security alert [r2.57]
The Organisation has a number of additional security measures and procedures available for implementation in the event of a heightened security alert. These measures are:
Insert your measures and procedures. For example:
an increase in the number of security personnel / guards;
increased frequency of patrols;
implement 7-day hold on all cargo;
examine 100% of cargo (including cargo from regular customers);
24-hour watches;
hiring commercial flood lights;
request assistance from the relevant law enforcement agency;
changes to parking arrangements in the vicinity of the site or facility and/or inspection of vehicles and changes to the vehicular parking areas;
changes to cargo delivery arrangements; and
increased monitoring or reduction of access points.
All of these measures can be applied almost immediately, and are able to be sustained for an extended period.
Aviation security incident response [r2.57(2)(a)]
Insert your measures and procedures for responding to an aviation security incident. For example:
If an aviation security incident, including a threat or breach of security, is identified by the Organisation or any member of staff, the [specify] and the SCO are to be informed immediately.
The SCO is to inform:
all relevant authorities including the local State / Territory Police and the Australian Federal Police; and
any relevant aviation industry participants facing immediate threat.
The SCO is to ensure:
staff are fully aware of circumstances;
information is passed on; and
evidence is preserved (unless otherwise directed by a relevant authority e.g. for safety reasons).
The SCO is then to:
document or record all information from staff with knowledge of the incident;
provide an analysis of the incident for company action;
be prepared to provide information to assist relevant authorities; and
if requested, consider providing company resources to assist relevant authorities.
All Organisation staff are to:
assist the SCO and the Site/Facility Manager in precautionary/preparatory actions; and
comply with all requests and procedures from relevant emergency authorities.
SCT05-06 (May 2016) Sensitive Page 34
TSP – [RACA trading name] Sensitive
Reporting aviation security breaches [r2.57(2)(b)]
The Organisation has a range of procedures for reporting aviation security breaches, including threats to aviation security. The nature of the threat and the seriousness of the breach will dictate who will be advised and the appropriate level of escalation.
These procedures are as follows:
Insert your measures and procedures. For example:
the [specify] and the SCO are to be informed immediately;
the SCO is responsible for recording the breach, and for recording and response activities taken;
the Department will be notified of any security breaches on case by case OR monthly basis.
Where appropriate, an aviation security breach that relates to the Organisation will also be reported to:
the Secretary;
the relevant State or Territory [specify] police force;
the Australian Federal Police;
any regulated business that is impacted;
any airport operator that is impacted; and
any aircraft operator that is impacted.
Contact numbers and email addresses for incident reporting are available to all staff via:
our induction training;
our procedures manual; and
are prominently displayed in all offices.
Reports made by phone will be followed up in writing within 24 hours.
Evacuation and emergency management [r2.57(2)(c)]
The following actions apply to a threat to or breach of security including:
a bomb threat;
a failure of critical security equipment;
[specify further as relevant].
Any of these incidents may result in the Organisation doing some or all of the following:
Insert your measures and procedures. For example:
securing and evacuating the affected site/facility;
refusing to receive any further cargo;
[specify further as relevant].
We will also comply with any requests from relevant emergency authorities.
Following any of the incidents referred to above, a full internal investigation and report will be made for review by [specify] and, if required, changes to operating procedures will be implemented and this TSP updated accordingly.
Special security directions [r2.57(2)(d)]
[Specify position/role] is responsible for implementing and ensuring compliance with any special security direction (SSD) issued by the Secretary to the Organisation.
SCT05-06 (May 2016) Sensitive Page 35
TSP – [RACA trading name] Sensitive
Insert your procedures for responding to an SSD given by the Secretary here. For example:
Upon receipt of an SSD, the [position identified above] will determine the most effective way to implement the SSD in consultation with the Organisation’s senior management.
The Organisation’s senior management will consider which of the various parties who may be affected by the SSD will need to be informed, including:
employees and staff;
consignors;
relevant regulated businesses;
law enforcement agencies; and
local fire and emergency agencies.
The Organisation’s senior management will also determine the most effective method to communicate the SSD to the various parties such as through meetings, telephone calls or emails.
Staff security awareness [r2.57(2)(e)]
In the event of a heightened security alert the Organisation will take the following actions to raise the awareness and alertness of staff to security threats, and their responsibility to report aviation security incidents and breaches:
Insert your measures and procedures. For example:
Inform staff of the heightened security alert.
Remind staff of reporting responsibilities regarding security incidents and breaches.
Provide staff with details of the approved incident report form.
Ensure all staff are made aware of, and have access to, the Organisation’s operational procedure manual / security manual [insert the title of the relevant documentation for your organisation].
Contingency Plans [r2.57(2)(f)]
Select from the options below as appropriate for your operations.
The Organisation does not have additional security contingency plans or procedures related to heightened security alerts.
OR
The Organisation has a number of security contingency plans and procedures related to heightened security alerts. These plans may also be activated upon:
receipt of an SSD;
a threat to security;
a breach of security;
the occurrence of an aviation security incident; or
any time declared by the [specify].
These procedures and plans include, but are not limited to:
Insert your organisation’s contingency plans here. For example:
an increase in security personnel;
requests for assistance from the relevant law enforcement agency;
changes to vehicle access and/or parking arrangements in the vicinity of the site/facility and/or inspection of vehicles;
SCT05-06 (May 2016) Sensitive Page 36
TSP – [RACA trading name] Sensitive
increased monitoring or reduction of access points; and
other measures subject to assessment of risk.
SCT05-06 (May 2016) Sensitive Page 37
DELETE THIS PAGE PRIOR TO SUBMISSION
Final checks prior to submission
1. All purple text should have been replaced or overwritten in black text by the information relevant to your operations.
2. All red text (except the security classification) should be deleted.
3. There should be no track changes or comments.
4. The Table of Contents should be updated (at the Home option on the toolbar, go to the Editing tab, choose Select, then press Select All. This will select the entire document. If you now press the F9 button, section headings and paragraph titles will be updated in the Table of Contents).
5. Ensure the Document Revision Record is completed.
6. Remove any passwords or other protection measures.
7. Ensure that your Statement has been signed and dated by the CEO (or authorised representative).
8. Ensure your organisation retains identical electronic and hard copies of the document.
9. Send the completed TSP by email to [email protected] for consideration by the Secretary.
DELETE THIS PAGE PRIOR TO SUBMISSION