Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements Deliverables Index Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 1.6 - FINAL Date 07.08.2013 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of Contents (Project deliverables) COMPONENT TITLE DESCRIPTION Part A Part B Air Cargo Regulations prior to the enactment of Implementing Regulation (EU) No 1082/2012 Support for BSR Airports with respect to Commission Implementing Regulation (EU) No 1082/2012 9 November 2012 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation (the ACC3 Regulation) A.1 Review of Air Cargo Security Regulations and significance for BSR A.2 Compliance Data Acquisition B.1 Background to ACC3 Regulation and impact on BSR airports B.2 ACC3 Air Cargo Security Newsletters B.3 Visit with BSR Airport Managers in Belarus to present approach to and obtain feedback B.4 Updated ACC3 Overview for BSR Airport Managers after Belarus visit B.5 EU Aviation Security Validation Guide for BSR Airports Evolution of Task 3.4 of Work Package 3 Air Cargo Market In establishing the content of task 3.4 - Air Cargo Security Regulations Compliance Requirements, the original proposition was to: evaluate air cargo and supply chain security procedures and processes that will enable airports and air cargo stakeholders in BSR to be accepted as having equivalent security procedures to those in EU Member States, and thus be considered as equal members of the air cargo community across Europe and Worldwide This was supported by a review of the air Cargo Security Regulations and the significance for BSR, to be further enhanced by the collection of air cargo supply chain compliance data in the BSR. Early during the life of the project in 2010, the EU tabled Regulation (EU) No 185/2010, which without providing full implementation details, stated that the EU requirements to enable air cargo to be flown from BSR airports (from States that are not EU Member States), would be significantly changed and the methods and approach required to secure air cargo after July 2014, would require a new level of awareness. The authors of Task 3.4 therefore proposed that on the enactment of the new Regulation, that was voted on as Regulation (EU) No 1082/2012 on 9 November 2012 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation, the focus on task 3.4 would be changed to provide information and tools to BSR airports to facilitate compliance with this new Regulation, which Page 2 of 3 www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project is referred to as the ACC3 Regulation. Prior to the enactment on 9 November 2012, the objective and outputs of Task 3.4 are defined and referenced as PART A, thereafter they are defined and referenced as Part B, Page 3 of 3 www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART A.1 Review of Air Cargo Regulations prior to the enactment of Implementing Regulation (EU) No 1082/2012 amending Commission Regulation (EU) No 185/2010 in respect of EU Aviation Security Validations Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 1.6 - FINAL Date 13.02.2013 Co-Ordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. The Role of Air Cargo Security in Baltic Air Cargo.net... 4 1.1 Introduction... 4 1.2 BSR States... 5 1.3 Air cargo security challenges in BSR... 6 2. Overview of Task 3.4... 7 2.1 Introduction... 7 2.2 Sub-tasks and document structure... 8 3. Review of Relevant Current Air Cargo Regulations... 9 3.1 Introduction... 9 3.2 Legend... 9 3.3 European Regulations Common Rules... 11 3.4 European Regulations Implementing Measures... 25 3.5 EU Regulations relating to ICAO... 39 3.6 ICAO Annex 17... 42 3.7 State Regulations U.S. C.F.R. Part 1546 Foreign Air Carrier... 52 4. Evolving Air Cargo Regulatory Framework... 58 4.1 Introduction... 58 4.2 European action plan to strengthen air cargo security... 59 4.3 TSA 100% air cargo screening requirement... 59 4.4 6 th meeting of the ICAO Facilitation Panel (FALP) in May 2010... 60 4.5 Hearing of the US Senate Committee on Commerce, Science and Transportation held on Dec 2 2010... 60 4.6 Proposals of the Global Air Cargo Advisory Group... 63 4.7 Conclusion... 64 5. Certification of Participants in the Air Cargo Supply Chain... 66 5.1 Introduction... 66 5.2 International standards and certification challenges... 67 5.3 Certification alternatives... 68 5.4 Generic Security Programmes... 69 5.5 Government certification authorities... 73 5.6 Business certification/standards associations... 74 5.7 Customs (AEO) certification... 76 5.8 Employee background Checks... 77 5.9 Conclusion... 78 6. Screening of air cargo... 79 6.1 Introduction... 79 Work Package 3.4 Air Cargo Security Release 1.6 Page: 2
Lead Partner Task Leader Project 6.2 Physical examination (screening) of air cargo shipments... 79 6.3 Electronic screening of shipment information... 79 6.4 Chain of custody validations... 80 6.5 Conclusion... 80 7. BSR air cargo security awareness and Incident reporting... 82 7.1 Introduction... 82 7.2 Security awareness building and training... 82 7.3 Security incident reporting... 83 7.4 Conclusion... 83 Appendix I Air Cargo Security Definitions... 85 Appendix II Air Cargo Security Abbreviations... 87 Appendix III EU action plan to strengthen air cargo security... 88 Appendix IV TSA 100% Screening Communication... 91 Table of Figures Figure 1 - Baltic Sea Region.... 5 Figure 2 - Regulated or Non-regulated air cargo stakeholders... 7 Figure 3: End-to-end supply chain.... 76 List of Tables Table 1 EU and non EU States... 6 Table 2 - Legend for regulatory review... 10 Table 3 - Differences in the world-wide implementation of air cargo known consignor/trusted trader systems.... 67 Table 4 - -Objectives of a Generic Security Programme... 69 Table 5 - Abbreviated table of contents Regulated agent security programme... 71 Table 6 - Abbreviated table of contents Logistics/road transport security programme... 72 Work Package 3.4 Air Cargo Security Release 1.6 Page: 3
Lead Partner Task Leader Project 1. The Role of Air Cargo Security in Baltic Air Cargo.net 1.1 Introduction The goal of Baltic Air Cargo net is the improvement of the Baltic air cargo transport sector by the use of modern, service oriented ICT-methods and logistic interfaces. Work Package 3 is entitled the Air Cargo Market Analysis and Outlooks, research, implementation, transfer. The aims of WP3 have been defined as: Analysis of the current situation on airfreight transport market in the Baltic Sea Region (BSR) Associated infrastructure and operational needs of the regional airports Prospects for future development and possible role of regional airports in the global network Planning of optimal mix with other transport modes Mapping relevant regional characteristics Development of Scenarios for involved airports The objective of task 3.4 Air Cargo Security Regulations is to evaluate, define and demonstrate air cargo and supply chain security IT procedures and processes that will enable airports and air cargo stakeholders in BSR to be accepted as having equivalent security procedures to those in EU Member States, and thus be considered as equal members of the air cargo community across Europe and Worldwide. The definition of this task early in the execution of the Baltic Air Cargo net project is timely, in view of the rapid changes currently being proposed in Europe 1 and Worldwide to combat the gaps in air cargo security highlighted by the events in Yemen in October of 2010 2. These changes include a pro-active approach to the application of a similar level of aviation security to that today implemented across the EU, in all States in Europe and Worldwide. They will include the extension of the air cargo regulated agent and known consigner certification and audit procedures to States not included in the Quadrilateral (QUAD) States 3, the strengthening of the 1 IP-10-1651, Brussels Dec 2, 2010 A European Action Plan to Strengthen Air Cargo Security, included as Appendix 1 2 http://www.interpol.int/public/icpo/pressreleases/pr2010/pr091_on.pdf 3 The Quad States include U.S. Canada, the European Commission and its Member States and Australia. The aviation security authorities in these States are co-operating to ensure the harmonisation and m Work Package 3.4 Air Cargo Security Release 1.6 Page: 4
Lead Partner Task Leader Project account consignor implemented in the Express Parcels Industry, and the integration of the air cargo (known consignor and regulated agent) and Customs (Authorised Economic Operator) certifications. The benefits for the air cargo industry in the Baltic Sea region in the early evaluation and adoption of the required measures will ensure the above mentioned security procedure equivalence and acceptance within the European Community and World-wide. 1.2 BSR States Figure 1 and Table 1 illustrate the States participating in the BSR. Figure 1 - Baltic Sea Region. EU Member States Denmark Estonia Finland Non EU Member States Norway Belarus Russia (north-west regions) Germany (Northern parts) Latvia Work Package 3.4 Air Cargo Security Release 1.6 Page: 5
Lead Partner Task Leader Project EU Member States Non EU Member States Lithuania Poland Sweden Table 1 EU and non EU States 1.3 Air cargo security challenges in BSR The above list of participating countries to some extent defines the challenges for the ensuring a high level of air cargo security for the participants in the Baltic Air Cargo.net. Each of the EU Member States in BSR is required under EU regulations to already have in place a regulated agent accreditation program, and to be at this time moving forward to implementing a program to certify and audit the security programmes of known consignors (required by April 2013). The EU known consignor programme could be either based on certification and audit by EU appropriate authorities (generally the civil aviation authorities) and/or independent validators appointed by the appropriate authorities in each Member State. As of January 2011, The appropriate authority in Germany, the Luftfahrt-Bundesamt (LBA) 4 has not yet completed the inspection all of the more than 1,500 regulated agents in Germany. LBA is currently talking on additional staff to be able to internally using government inspectors to certify the approximately 3,000 known consignors that are expected to apply to be accredited by the cut-off date of April 2013. The other EU Member States in the BSR are each in different phases in the implementation of regulated agent and known consignor programmes. [Information relating to the known consignor programme status in BSR EU Member State is available, to interested parties with appropriate levels of EU Security Clearances] The above notwithstanding, as will be described in Chapter 4 the evolving air cargo regulatory framework moves are afoot to implement a regulated agent/known consignor scheme in thirdcountries, which for BSR would involve Norway, Belarus and the north-west regions of Russia. It can therefore be expected that the EU will expect to find similar air cargo security measures and processes in place across BSR by 2013. In addition Northwest Russia shares borders with Norway, Finland, Estonia, Latvia, Lithuania and Poland (both via Kaliningrad Oblast), and Belarus. As such any air cargo solution in BSR must address the security of the BSR logistics chain, and address the transport of goods by truck from one BSR State and loading on aircraft prior to shipment out with BSR States. 4 http://www.lba.de/en/operations/aviationsecurity/aviationsecurity.html?nn=30636 Work Package 3.4 Air Cargo Security Release 1.6 Page: 6
Lead Partner Task Leader Project 2. Overview of Task 3.4 2.1 Introduction Identifying the regulated and non-regulated stakeholders and parties operating in the aviation security environment is a challenging task. Figure 1 illustrates the situation often found in the cargo handling areas of airports. Cargo Brokers Transporters Airport Handling Agents Regulated Agents Consignee Warehouse Operators Un-regulated Agents Air Carriers Consignment Customs Brokers Airport Warehouse Operators Security Companies Consignor Sub-Contracted Parties Figure 2 - Regulated or Non-regulated air cargo stakeholders 5 The above picture graphically demonstrates this challenge. Many of the entities operating in the air cargo space in the airport environment, are not regulated. Have these entities handled air cargo shipments, and if so, has the broken chain of custody been resolved by the application of security controls. When an inspector from ICAO and/or the European Commission enters the cargo handling area and views the above list of stakeholders, he or she will immediately ask which are the regulated 5 Source - Study on a database of regulated agents and known shippers (DG-TREN) Work Package 3.4 Air Cargo Security Release 1.6 Page: 7
Lead Partner Task Leader Project parties, and what is the involvement of the non-regulated parties in handling/processing cargo designated for transport on passenger aircraft. The inspector will ask to view the accreditation certificates, and the operational security manuals for each regulated entity. 2.2 Sub-tasks and document structure To achieve the security equivalence objectives defined for Baltic Air Cargo.net, and to address this challenge, Task 3.4 is being divided into a number of sub-chapters, each addressing a separate element of the BSR air cargo security challenge: The initial sub task will relate to existing and planned air cargo regulations pertinent to companies operating in BSR. Chapter 3 will review relevant existing EU and international aviation security legislation, and identify the regulations that impact on air cargo security in the Baltic Sea Region. Thereafter, Chapter 4 will review the evolving air cargo security regulatory environment will be considered, and an evaluation be made of the additional regulations that will most probably be implemented during the next 5-10 years; Chapter 5 will provide a discussion on the implementation of security programmes to support the Baltic Air Cargo.net. The benefits of different approaches will be discussed and an initial proposal for a generic air cargo security programme, that could be implemented across participants in the Baltic Air Cargo.net project. This chapter will further address the possibility of an integrated supply chain security certification including aviation and customs security; Chapter 6 will review the air cargo screening implementation actions that have been put in place as elements within the air cargo regulations, and indicate the physical and electronic (data transfer) air cargo screening challenges facing BSR; and Chapter 7 will discuss the requirement for a BSR air cargo security awareness and incident reporting component to ensure that air cargo industry participants in the Baltic Air Cargo.net project within BSR can be made aware, trained and educated in the appropriate air cargo security measures and be made aware of emerging and evolving air cargo security (crime and terrorism) threats. This will enable participants in the Baltic Air Cargo.net to be exposed to security training and emerging threats to ensure equivalence of the security measures with those of the EU; and A conclusion will be provided at the end of each of Chapters 5, 6 and 7 that will discuss the significance of the regulatory changes/ developments and/or initiatives for the Baltic Air Cargo.net, and will discuss the extent to which addressing these components can be included in the approach of the consortium to air cargo security. Appendixes are included at the end of this document, which reference terminology, abbreviations and specific regulations. Work Package 3.4 Air Cargo Security Release 1.6 Page: 8
Lead Partner Task Leader Project 3. Review of Relevant Current Air Cargo Regulations 3.1 Introduction Chapter 3 provides a high-level overview of the relevant EU and International air cargo regulations. The regulations which are being review have been organized under the following headings: European regulations Common Rules European regulations Implementing Measures EU regulations relating to ICAO ICAO Annex 17 State Regulations US C.F.R. Part 1546 Foreign Air Carriers This overview of the existing legislative environment is significant as it relates to the make-up of BSR States. The EU Member States are subject to the requirements of all Stated EU regulations, the other BSR states are subject to the ICAO Annex 17, and the changes that are currently being discussed. Any of the BSR states wising to ship cargo by air to the US, are subject to the TSA foreign air carrier rules. 3.2 Legend Table 2 overleaf provides the legend has been adopted for the analysis of relevant legislative instruments in this document: Work Package 3.4 Air Cargo Security Release 1.6 Page: 9
Lead Partner Task Leader Project Table 2 - Legend for regulatory review Title Explanation Notes Project Identifier Reference identifier Rows repeated as the identifier Name of Instrument Legislative instrument as known by the appropriate for the legislative authority instrument Title/ description Title of legislative instrument Type Category of legislative Instrument - Framework Regulation, Implementing Regulation, Opinion, Directive, etc Date Scope Date of enactment MS, EU, Third Country, other Interrelationship other legislation Objective with e.g. EU Wide and pertaining to third countries Could be obtained from title and from within the regulation Objective of the instrument (often will be taken from the Preamble Applicability Structure To which areas of aviation security the instrument is applied The structure of the instrument in terms of preamble, articles ( with titles), annex ( with titles) Baltic Sea Region (Non EU) relevance Missing Non Public Documents The relevance of this instrument to non-eu States Relevant non-public security sensitive documents (Separate Commission Decisions) referenced in the legislative instrument Work Package 3.4 Air Cargo Security Release 1.6 Page: 10
Lead Partner Task Leader Project 3.3 European Regulations Common Rules 3.3.1 Commission Regulation (EC) No 300/2008 (EU1) Project Identifier Name of Instrument Title/ description Type EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security Framework Regulation Date 11 March 2008 Scope EU Wide and pertaining to third countries regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports [Whereas #6] Interrelationship with other legislation Objective Repeals EC regulation 2020/2002 enacted after 9/11 to establish the initial set of common rules across the EU. Is basis for future implementing regulation EU 185/2010. amended by EC regulations EC 272/2009 and EU 18/2010 Mentions Council Decision 1999/486/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred by the Commission This regulation provides the EU with a "common interpretation of Annex 17 of the Chicago Convention" (Art. 1). In other words, their purpose is to ensure a harmonised approach across Europe. Being a Regulation, these are automatically binding (directly applicable) in each Member State and do not need to be implemented through national law. This regulation sets out a list of "common basic standards". As with the Chicago convention these are relatively high-level, and the intention seems to be that they are fleshed out in more detail through published "detailed measures for the implementation of common basic standards" (Art 4(3)) This Regulations do not have much of relevance for flights from Third countries - although it does refer to the security requirements of Third countries in respect of flights going to, or flying over, those Third countries (e.g. Art. 7). Further (and more importantly) the Regulation allows for agreements to be made between the Community and a Third country recognising that the Third countries' security measures are equivalent to the EU's, such that security procedures relating to flights from those countries can be relaxed (e.g. there is no need to re-screen passengers or luggage). This is what is termed "one-stop security" (see Art. 20). Other generic objectives:. should lay down basic principles of what has to be done to safeguard civil aviation [Whereas #5] Work Package 3.4 Air Cargo Security Release 1.6 Page: 11
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security..should apply to airports..[whereas #6] MS should be allowed to.. apply more stringent measures..[whereas #10].each Member State should draw up a national civil aviation security programme. Furthermore, each airport operator, air carrier and entity implementing aviation security standards should draw up, apply and maintain a security programme in order to comply both with this Regulation and with whichever national civil aviation security programme is applicable...[whereas #13].. the Commission should conduct inspections, including unannounced inspections...[whereas #14]. Implementing acts setting out common measures and procedures for the implementation of the common basic standards on aviation security which contain sensitive security information, together with Commission inspection reports and the answers of the appropriate authorities should be regarded as EU classified information within the meaning of Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending its internal rules of procedure. Those items should not be published and should be made available only to those operators and entities with a legitimate interest. [Whereas #16] The measures necessary for the implementation of this Regulation should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission. [Whereas #17] Penalties should be provided for infringements of the provisions of this Regulation,. [Whereas #23] The Ministerial Statement on Gibraltar Airport, agreed in Cordoba on 18 September 2006 during the first Ministerial meeting of the Forum of Dialogue on Gibraltar, will replace the Joint Declaration on Gibraltar Airport made in London on 2 December 1987, and full compliance with it will be deemed to constitute compliance with the 1987 Declaration.,. [Whereas #24] Since the objectives of this Regulation, namely to safeguard civil aviation against acts of unlawful interference and to provide a basis for a common interpretation of Annex 17 to the Chicago Convention on International Civil Aviation, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of this Regulation, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiary as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in Work Package 3.4 Air Cargo Security Release 1.6 Page: 12
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security order to achieve those objectives,. [Whereas #25] Applicability The regulation applies to : (a) all airports or parts of airports located in the territory of a Member State that are not exclusively used for military purposes; (b) all operators, including air carriers, providing services at airports referred to in point (a); (c) all entities applying aviation security standards that operate from premises located inside or outside airport premises and provide goods and/or services to or through airports referred to in point (a). Structure - Preamble (Whereas (background/objectives) 1 25) - Articles 1. Objectives 2. Scope 3. Definitions 4. Common basic standards 5. Security costs 6. More stringent measures applied by Member States 7. Security Measures required by third countries 8. Cooperation with the International Civil Aviation Organisation 9. Appropriate authority 10. National civil aviation security program 11. National quality control program 12. Airport security program 13. Air carrier security program 14. Entity security program 15. Commission inspections 16. Annual report 17. Stakeholder s Advisory Group 18. Dissemination of information Work Package 3.4 Air Cargo Security Release 1.6 Page: 13
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security 19. Committee procedures 20. Agreements between the Community and third countries 21. Penalties 22. Commission report on financing 23. Repeal 24. Entry into force ANNEX Common Basic Standards for Safeguarding Civil Aviation Against Acts of Unlawful Interference ( Article 4) 25. Airport security 26. Demarcated Areas of Airports 27. Aircraft Security 28. Passengers and Cabin Baggage 29. Hold Baggage 30. Cargo and Mail 31. Air Carrier Mail and Air Carrier Materials 32. In-Flight Supplies 33. Airport Supplies 34. In-Flight Security Measures 35. Staff Recruitment and Training 36. Security Equipment Baltic Sea Region (Non EU) relevance - Preamble - Third countries may require the application of measures that differ from those laid down in this Regulation in respect of flights from an airport in a Member State to, or over, that third country. However, without prejudice to any bilateral agreements to which the Community is a party, it should be possible for the Commission to examine the measures required by the third country. (Whereas #11) - Article 7 Security measures required by third countries 1. Without prejudice to any bilateral agreements to which the Community is a party, a Member State shall notify the Commission of measures required by a third country if they differ from the common basic standards referred to in Article 4 in respect of flights from an airport in a Member State to, or over, that third Work Package 3.4 Air Cargo Security Release 1.6 Page: 14
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security country. 2. At the request of the Member State concerned or on its own initiative, the Commission shall examine the application of any measures notified under paragraph 1 and may, in accordance with the regulatory procedure referred to in Article 19(2), draw up an appropriate response to the third country concerned. [Paragraphs 1 and 2 shall not apply if: the Member State concerned applies the measures concerned in accordance with Article 6; or (b) the requirement of the third country is limited to a given flight on a specific date.] - Article 20 Agreements between the Community and third countries. When appropriate, and in conformity with Community law, agreements recognising that the security standards applied in a third country are equivalent to Community standards could be envisaged in aviation agreements between the Community and a third country in accordance with Article 300 of the Treaty, in order to advance the goal of one-stop security for all flights between the European Union and third countries. ANNEX 4. Passengers and Cabin Baggage 4.1.2 Transfer passengers and their cabin baggage may be exempted from screening, if b) they arrive from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2). 6 4.1.3 Transit passengers and their cabin baggage may be exempted from screening if: a). they remain on board the aircraft; or b). they do not mix with screened departing passengers other than those who board the same aircraft; or c). they arrive from a third country where the security standards applied are recognized as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2). 4.2.2 Screened departing passengers shall not mix with arriving passengers, (a) 6 Articles 5 and 7 of decision 1999/486/EC shall apply [Confidential?] Work Package 3.4 Air Cargo Security Release 1.6 Page: 15
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU1 Commission Regulation (EC) no 300/2008 of the European Parliament and of the Council common rules in the field of civil aviation security unless: b). the passengers arrive from a third country where the security standards applied are recognized as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2). 5. Hold Baggage 5.1.2 Transfer hold baggage may be exempted from screening, if b). it arrives from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2) 6. Cargo and Mail 6.1.3 Transfer cargo and transfer mail may be exempted from screening, if it remains on board the aircraft. Missing Non Public Documents Decision 1999/486/EC shall apply Work Package 3.4 Air Cargo Security Release 1.6 Page: 16
Lead Partner Task Leader Project 3.3.2 Commission Regulation (EC) No 272/2009 (EU2) Project Identifier Name Instrument Title/ description Type of EU2 Commission Regulation (EC) no 272/2009 of the European Parliament and of the Council supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 Framework Regulation Date 2 April 2009 Scope EU Wide and pertaining to third countries as per EC 300/2008 regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports [ EC 300/2008 Whereas #6] Interrelationship with other legislation Supplementing Regulation EC No 300/2008 Objective General measures supplementing the common basic standards on civil aviation security should therefore be adopted in the field of screening, access control and other security controls as well as in the field of prohibited articles, third country recognition of equivalence, staff recruitment, training, special security procedures and exemptions from security controls..[whereas #3] Methods, including technologies, for detection of liquid explosives should be deployed on an EU-wide basis at airports as swiftly as possible, and no later than 29 April 2010, thus allowing passengers to carry harmless liquids without restrictions. If it is not possible to deploy methods, including technologies, for the detection of liquid explosives on an EU-wide basis in time, the Commission will propose the necessary addition to the categories of items that may be prohibited (Part B of the Annex). If the deployment of methods, including tech-nologies, is not possible at certain airports for objective reasons, modalities to allow liquids to be carried without compromising standards of security will be specified by the Commission in implementing measures...[whereas #6] Applicability The regulation provides for general measures to supplement the common basic standards set out in the Annex to Regulation (EC) No 300/2008. [ Date of application to be not later than 29 April 2010] Work Package 3.4 Air Cargo Security Release 1.6 Page: 17
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU2 Commission Regulation (EC) no 272/2009 of the European Parliament and of the Council supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 Structure - Preamble (Whereas (background/objectives) 1 7) - - Articles 1. Measures to supplement common basic standards set out in Annex to Regulation (EC) No 300/2008 2. Definitions 3. Entry into force ANNEX PART A Allowing the use of methods: 4. For the screening of persons 5. For the screening of cabin baggage items 6. For the screening of hold baggage, cargo and mail may allow the use of other methods on a trial basis and for a limited period ANNEX PART B Categories of articles that may be prohibited ANNEX PART C Access control grounds for granting access to airside and security restricted areas ANNEX PART D Methods allowed for the examination of vehicles, aircraft security checks and aircraft security searches ANNEX PART E Criteria for recognizing the equivalence of security standards in third countries ANNEX PART F Cargo and Mail ANNEX PART G Air carrier mail and air carrier materials: conditions under which they shall be screened or subjected to other security controls ANNEX PART H Work Package 3.4 Air Cargo Security Release 1.6 Page: 18
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU2 Commission Regulation (EC) no 272/2009 of the European Parliament and of the Council supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 In-flight supplies and airports supplies ANNEX PART I Criteria for defining critical parts of security restricted areas ANNEX PART J Staff recruitment and methods of training ANNEX PART K Conditions under which special security procedures or exemptions from security procedures may be applied Relevance to the Study - Article 1 e) establish criteria for recognizing the equivalence of security standards of third countries as laid down in part E of the Annex; - ANNEX PART E Criteria for recognizing the equivalence of security standards in third countries The Commission shall recognize the equivalence of security standards in accordance with the following criteria: (a) The third country has a good record of cooperation with the Community and its Member States; (b) The Commission has verified that the third country applies satisfactory standards of aviation security, including quality control; and (c) The Commission has verified that: as regards passengers and cabin baggage, security measures are applied equivalent to those set out in sections 1, 3, 11 and 12 and points 4.1 and 4.2 of the Annex to Regulation (EC) No 300/2008 and related implementing acts; as regards hold baggage, security measures are applied equivalent to those set out in sections 1, 3, 5, 11 and 12 of the Annex to Regulation (EC) No 300/2008 and related implementing acts; as regards cargo and mail, security measures are applied equivalent to those set out in sections 1, 3, 6, 11 and 12 of the Annex to Regulation (EC) No 300/2008 and related implementing acts; and/or as regards aircraft security, security measures are applied equivalent to Work Package 3.4 Air Cargo Security Release 1.6 Page: 19
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU2 Commission Regulation (EC) no 272/2009 of the European Parliament and of the Council supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 those set out in sections 1, 3, 11 and 12 and points 4.1 and 4.2 of the Annex to Regulation (EC) No 300/2008 and related implementing acts Missing Non Public Documents None identified 3.3.3 Commission Regulation (EU) No 18/2010 (EU3) Project Identifier Name Instrument Title/ description Type of EU3 Commission Regulation (EU) no 18/2010 of the European Parliament and of the Council amending Regulation (EC) No 300/2008 of the European Parliament and of the Council as far as specifications for national quality control programmes in the field of civil aviation security are concerned Framework Regulation Date 8 January 2010 Scope EU Wide and pertaining to third countries as per EC 300/2008 regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports [ EC 300/2008 Whereas #6] Interrelationship with other legislation Objective Amending Regulation EC No 300/2008 The development and implementation of a national quality control programme by each Member State is essential to ensure the effectiveness of its national civil aviation security programme in accordance with Article 11(1) of Regulation (EC) No 300/2008...[Whereas #1] Applicability Regulation (EC) No 300/2008 is amended as follows: 1. The title Annex is replaced by Annex I. Work Package 3.4 Air Cargo Security Release 1.6 Page: 20
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU3 Commission Regulation (EU) no 18/2010 of the European Parliament and of the Council amending Regulation (EC) No 300/2008 of the European Parliament and of the Council as far as specifications for national quality control programmes in the field of civil aviation security are concerned 2. The text set out in the Annex to this Regulation is added as Annex II. Structure Preamble (Whereas (background/objectives) 1 8) Articles Amendments to Regulation (EC) No 300/2008 Entry into force ANNEX 1 (Not provided relates to Annex of 300/2008) ANNEX II Common specifications for the national quality control programme to be implemented by each member State in the field of civil aviation security Definitions Powers of the Appropriate Authority Objectives and Content of the National Quality Control Programme Compliance Monitoring Methodology Security Audits Inspections Tests Surveys Reporting Common Classification of Compliance Correction of Deficiencies Follow-up Activities Related to the Verification of the Correction Availability of Auditors Qualification Criteria for Auditors Powers of Auditors Best Practices Reporting to the Commission Appendix I Elements to be included in the set of directly linked security measures Work Package 3.4 Air Cargo Security Release 1.6 Page: 21
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU3 Commission Regulation (EU) no 18/2010 of the European Parliament and of the Council amending Regulation (EC) No 300/2008 of the European Parliament and of the Council as far as specifications for national quality control programmes in the field of civil aviation security are concerned The sets of directly linked security measures as referred to in point 7.1 of Annex II shall include the following elements of Annex I to this Regulation and the corresponding provisions in its implementing acts: Appendix II Harmonised classification system of compliance Appendix II Content of Report to the Commission Baltic Sea Region (Non EU) relevance Missing Non Public Documents No specific mention/ relevance Not identified Work Package 3.4 Air Cargo Security Release 1.6 Page: 22
Lead Partner Task Leader Project 3.3.4 Commission Regulation (EU) No 297/2010 (Study 4) Project Identifier Name Instrument Title/ description Type of EU4 Commission Regulation (EU) no 297/2010 of 9 April 2010 amending Regulation (EC) No 272/2009 supplementing the common basic standards on civil aviation security Framework Regulation Date 9 April 2010 Scope EU Wide and pertaining to third countries as per EC 300/2008 regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports [ EC 300/2008 Whereas #6] Interrelationship with other legislation The Annex to Commission Regulation (EC) No 272/2009 of 2 April 2009 supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 of the European Parliament and of the Council, details in its Part A.3 the methods of screening allowed for baggage, cargo and mail which is to be loaded into the hold of an aircraft. It is necessary from time to time to make provision for additional methods of screening shown to be effective for screening some or all types of cargo and to provide a legal basis for the development of detailed implementing measures. Metal detection equipment is considered to be an effective screening method for some types of cargo. [Whereas #2] Regulation (EC) No 272/2009 does not provide for liquids, aerosols and gels to be considered as a category of articles that may be prohibited from introduction into security restricted areas and on board an aircraft. Instead Regulation (EC) No 272/2009 requires methods, including technologies, for detection of liquid explosives to be deployed on an EU-wide basis at airports as swiftly as possible, but no later than 29 April 2010. [Whereas #4] Objective It is now time to put an end to the restrictions on liquids, aerosols and gels, moving progressively from banning most liquids to a system of screening for liquid explosives. To this end, transitional arrangements beyond April 2010 are required to phase-in the deployment of detection methods, including technologies, at all EU airports without compromising aviation security. The concerns of the law enforcement community, aimed at preventing possible terrorist threats in the future, require an effective mechanism in place until airports are in a position to install reliable detection equipment. Therefore a Work Package 3.4 Air Cargo Security Release 1.6 Page: 23
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Applicability of EU4 Commission Regulation (EU) no 297/2010 of 9 April 2010 amending Regulation (EC) No 272/2009 supplementing the common basic standards on civil aviation security new approach is needed. This should be achieved by 29 April 2013, the date by which all airports should have the capability to screen liquids, aerosols and gels. [Whereas #5] The regulation provides for general measures to amend 272/2009 supplementing the common basic standards set out in the Annex to Regulation (EC) No 300/2008 Structure Amending 272/2009 Part A Methods of screening allowed for hold baggage cargo and mail Adding metal detection equipment Part B Categories of articles that may be prohibited Adding Liquids, aerosols and gels (LAGs) Baltic Sea Region (Non EU) relevance Liquids, aerosols and gels shall be permitted to be taken into security restricted areas and on board an aircraft provided they are screened or exempted from screening in accordance with the requirements of implementing rules adopted pursuant to Article 4(3) of Regulation (EC) No 300/2008. By 29 April 2011 liquids, aerosols and gels obtained at a third country airport or on board an aircraft of a non- Community air carrier shall be permitted into security restricted areas and on board an aircraft, on condition that the liquid is packed in a bag that conforms to the recommended security control guidelines of the International Civil Aviation Organisation and the bag displays satisfactory proof of purchase within the preceding thirty-six hours airside at the airport or on board the aircraft. They shall be screened in accordance with the requirements of implementing rules adopted pursuant to Article 4(3) of Regulation (EC) No 300/2008. Missing Non Public Documents None identified Work Package 3.4 Air Cargo Security Release 1.6 Page: 24
Lead Partner Task Leader Project 3.4 European Regulations Implementing Measures 3.4.1 Commission Regulation (EU) No 72/2010 (EU5) Project Identifier Name of Instrument Title/ description Type EU5 Commission Regulation (EU) no 72/2010 of the European Parliament and of the Council laying down procedures for conducting Commission inspections the field of civil aviation security are concerned ( text with EEA relevance) Implementing measures Date 8 January 2010 Scope EU Wide and pertaining to third countries as per EC 300/2008 regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports [ EC 300/2008 Whereas #6] Interrelationship (other legislation) Addition to provisions of EC 300/2008 Objective In order to monitor the application by Member States of Regulation (EC) No 300/2008 the Commission should conduct inspections. The organisation of inspections under the supervision of the Commission is needed to verify the effectiveness of national quality control programmes [ Whereas #1] The Commission should have the possibility of including qualified national auditors made available by Member States in its inspection teams. [ Whereas #3] Applicability Chapter 1 Article 1 This Regulation lays down procedures for conducting Commission inspections to monitor the application by Member States of Regulation (EC) No 300/2008. Commission inspections shall cover appropriate authorities of Member States and selected airports, operators and entities applying aviation security standards. The inspections shall be conducted in a transparent, effective, harmonised and consistent manner. Structure Preamble (Whereas (background/objectives) 1 8) Chapter I Subject Matter and Definitions Work Package 3.4 Air Cargo Security Release 1.6 Page: 25
Lead Partner Task Leader Project Project Identifier Name of Instrument Title/ description EU5 Commission Regulation (EU) no 72/2010 of the European Parliament and of the Council laying down procedures for conducting Commission inspections the field of civil aviation security are concerned ( text with EEA relevance) Article 1 Subject matter Article 2 Definitions Chapter II General Requirements Article 3 Cooperation of Member States Article 4 Exercise of Commission Powers Article 5 Qualification criteria for Commission inspectors Article 6 Participation of National Auditors in Commission inspectors Chapter III Procedures for the conduct of Commission inspections Article 7 Notification of Inspections Article 8 Preparation of Inspections Article 9 Conduct of Inspections Article 10 Inspection reports Article 11 Answer of the Appropriate Authority Article 12 Rectification of deficiencies Article 13 Follow up inspections Chapter IV General and Final Provisions Article 14 Information to the Committee Article 15 Notification of serious deficiencies to appropriate authorities Article 16 Entry into force Baltic Sea Region (Non EU) relevance Missing Non Public Documents No specific mention/ relevance None identified Work Package 3.4 Air Cargo Security Release 1.6 Page: 26
Lead Partner Task Leader Project 3.4.2 Commission Regulation (EU) No 185/2010 (EU6) Project Identifier Name Instrument Title/ description Type of EU6 Commission Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Implementing measures Date 4 March 2010 Scope EU Wide and pertaining to third countries This Regulation lays down detailed measures for the implementation of common basic standards for safeguarding civil aviation against acts of unlawful interference that jeopardise the security of civil aviation and general measures supplementing the common basic standards [preamble] Interrelationship with other legislation Repeal Commission Regulations (EC) No 1217/2003 of 4 July 2003 laying down common specifications for national civil aviation security quality control programmes ( 3 ), (EC) No 1486/2003 of 22 August 2003 laying down procedures for conducting Commission inspections in the field of civil aviation security ( 4 ), (EC) No 1138/2004 of 21 June 2004 establishing a common definition of critical parts of security restricted areas at airports ( 5 ) and (EC) No 820/2008 of 8 August 2008 laying down measures for the implementation of the common basic standards on aviation security ( 6 ), which all implemented Regulation (EC) No 2320/2002 of the European Parliament and of the Council of 16 December 2002 establishing common rules in the field of civil aviation security ( 7 ), should therefore be repealed. (Whereas #5) Regulations (EC) No 1217/2003, (EC) No 1486/2003, (EC) No 1138/2004 and (EC) No 820/2008 are repealed with effect from 29 April 2010. (Article 5) Objective This Regulation is made pursuant to Art 4(3) of the Regulation 300/2008 - providing the "detailed measures" that flesh out the "common basic standards". In accordance with Article 4(3) of Regulation (EC) No 300/2008 the Commission should adopt detailed measures for the implementation of common basic standards referred to in Article 4(1) and of general measures supplementing common basic standards referred to in Article 4(2) of that Work Package 3.4 Air Cargo Security Release 1.6 Page: 27
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Applicability Structure of EU6 Commission Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Regulation [ Whereas #1] If they contain sensitive security measures, these measures should be regarded as EU classified information within the meaning of Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending internal rules of procedure ( 2 ), as provided for by Article 18 point (a) of Regulation (EC) No 300/2008 and should therefore not be published. These measures should be adopted separately, by means of a Decision addressed to the Member States. [ Whereas #2] The Commission should have the possibility of including qualified national auditors made available by Member States in its inspection teams. [ Whereas #3] This Regulation lays down detailed measures for the implementation of common basic standards for safeguarding civil aviation against acts of unlawful interference that jeopardise the security of civil aviation and general measures supplementing the common basic standards. [Article 1 objective] Article 7. Objective 8. Implementation rules 9. Repeal 10. Entry into Force (as from 29 July 2010) ANNEX 1. Airport Security 2. Demarcated Areas of Airports ( no provisions) 3. Aircraft Security 4. Passengers and Cabin Baggage 5. Hold Baggage 6. Cargo and Mail 7. Air Carrier Mail and Air Carrier Materials 8. In-Flight Supplies Work Package 3.4 Air Cargo Security Release 1.6 Page: 28
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU6 Commission Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) 9. Airport Supplies 10. In flight security measure ( no provisions) 11. Staff Recruitment and Training 12. Security Equipment Baltic Sea Region (Non EU) relevance Annex - 1 Airport Security 1.1.3.4 persons arriving from third countries other than those listed in Attachment 4-B shall be considered as unscreened persons Annex - 3 Aircraft Security Third countries where the security standards applied are recognised as equivalent to the common basic standards as regards aircraft security are listed in Attachment 3-B. An aircraft need not be subjected to an aircraft security check. It shall be subjected to an aircraft security search in accordance with point 3.1. An aircraft arriving into a critical part from a third country not listed in Attachment 3-B shall be subjected to an aircraft security search any time after any passenger disembarkation and/or the unloading of the hold An aircraft arriving from a Member State where it was in transit after having arrived from a third country not listed in Attachment 3-B shall be considered as an aircraft arriving from a third country ATTACHMENT 3-B - AIRCRAFT SECURITY THIRD COUNTRIES RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS [not provided] 7 Annex - 4 Passengers and Cabin Baggage Third countries where the security standards are recognized as equivalent to the common basic standards are listed in Attachment 4-B Passengers and their cabin baggage arriving from a Member State where the aircraft was in transit after having arrived from a third country not listed in 7 ATTACHMENTS 3- B, 4- B, 5- A and 6- F referring to THIRD PARTIES RECOGNISED AS APPLYING EQUIVALENT STANDARDS are not provided, although such a list is provided as ATTACHMENT 4- D in (EU) 358/2010 LAG s and STEB s Work Package 3.4 Air Cargo Security Release 1.6 Page: 29
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU6 Commission Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Attachment 4-B shall be considered as passengers and cabin baggage arriving from a third country, unless there is a confirmation that these passengers and their cabin baggage were screened in that Member State. ATTACHMENT 4-B - PASSENGER and CABIN BAGGAGE THIRD COUNTRIES RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS (provided in Commission regulation (EU) 358/2010 as Attachment 4-D) Baltic Sea Region (Non EU) relevance (continued) Annex - 5 Hold Baggage Third countries where the security standards are recognized as equivalent to the common basic standards as regards hold baggage are listed in Attachment 5-A Hold baggage arriving from a Member State where the aircraft was in transit after having arrived from a third country not listed in Attachment 5-A shall be considered as hold baggage arriving from a third country, unless there is a confirmation that the hold baggage was screened in that Member State.. ATTACHMENT 5-A - HOLD BAGGAGE THIRD COUNTRIES RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS [not provided] Annex - 6 Cargo and Mail ATTACHMENT 6-F - HOLD BAGGAGE THIRD COUNTRIES RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS [not provided] Missing Non Public Documents Relevant to the Study THIRD COUNTRIES RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS Attachment 3-B (Aircraft Security) Attachment 4-B (Passenger and Cabin Baggage) Attachment 5-A (Hold Baggage) Attachment 6-F (Cargo & Mail) Work Package 3.4 Air Cargo Security Release 1.6 Page: 30
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU6 Commission Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) - Other Attachment 3-A Aircraft Security Search Attachment 4-A Requirements for a hand search Attachment 6-B Provisions for guidance of Known Consignors Attachment 6-C Checklist for Known Consignors Attachment 12-A Performance Requirements for WTMD Attachment 12-B Performance Requirements for EDS Attachment 12-C Performance Requirements for Screening of Liquids, aerosols and gels Work Package 3.4 Air Cargo Security Release 1.6 Page: 31
Lead Partner Task Leader Project 3.4.3 Commission Regulation (EU) No 357/2010 (EU7) Project Identifier Name Instrument Title/ description Type of EU7 Commission Regulation (EU) No 357/2010 Amending Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Implementing Measures Date 23 April 2010 Scope Interrelationship with other legislation EU Wide and pertaining to third countries Amends regulation (EU) No 185/2010 of 4 March 2010 Commission Regulation (EC) No 820/2008 of 8 August 2008 contains security procedures for supplies of liquids and tamper-evident bags. However, that Regulation will be repealed as from 29 April 2010. [Whereas #1] Commission Regulation (EU) No 185/2010 of 4 March 2010 will replace Regulation (EC) No 820/2008. Regulation (EU) No 185/2010 does not contain security procedures for supplies of liquids and tamper- evident bags. [Whereas #2] Objective In order to protect civil aviation against acts of unlawful interference that jeopardise the security of civil aviation, security procedures for supplies of liquids, aerosols and gels and security tamper-evident bags sold airside at Union airports should be maintained. Therefore, it is necessary to include them in Regulation (EU) No 185/2010. Applicability This regulation amends the common basic standards by adding provisions for supplies of LAGS (Liquids Aerosols and Gels) and STEBs (Security Tamper Evident Bags) Structure Addition to Chapter 8: IN-FLIGHT SUPPLIES inserts an additional point 8.3 Addition to Chapter 9: AIRPORT SUPPLIES inserts an additional point 9.3 Baltic Sea Region (Non EU) relevance Missing Non Public Documents The wider context of handling LAGS and STEBs as outlined in common basic standards of 185/2010. There is mention of a separate decision regarding detailed provisions for additional security provisions both for in-flight supplies and airport supplies (unclear if this is public or not) Work Package 3.4 Air Cargo Security Release 1.6 Page: 32
Lead Partner Task Leader Project Work Package 3.4 Air Cargo Security Release 1.6 Page: 33
Lead Partner Task Leader Project 3.4.4 Commission Regulation (EU) No 358/2010 (EU8) Project Identifier Name Instrument Title/ description Type of EU8 Commission Regulation (EU) No 358/2010 amending Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Implementing Measures Date 23 April 2010 Scope Interrelationship with other legislation EU Wide and pertaining to third countries Amends regulation (EU) No 185/2010 of 4 March 2010 and Commission Regulation (EC) No 820/2008 of 8 August 2008 provides for exemptions to the application of those restrictions to be granted if certain conditions are met. After having verified that those conditions have been met at airports in certain third countries and that those countries have a good record of cooperation with the Union and its Member States, the Commission has granted such exemptions. [Whereas #2] As Regulation (EC) No 820/2008 is repealed from 29 April 2010 and thus those exemptions will also be repealed. However, the restrictions on liquids, aerosols and gels carried by passengers arriving on flights from third countries and transferring at Union airports remain in place as provided in Regulation (EU) No 297/2010 of 9 April 2010 amending Regulation (EC) No 272/2009 supplementing the common basic standards on civil aviation security. [Whereas #3] The exemptions to the application of the restrictions on liquids, aerosols and gels carried by passengers arriving on flights from third countries should therefore be extended whilst those restrictions remain in place, provided that those third countries continue to meet the conditions under which the exemptions were granted. [Whereas #4] Regulation (EU) No 297/2010 of 9 April 2010 will apply from 29 April 2010. The entry into force of this Regulation is therefore urgent as it should apply from the same date. [Whereas #6] The measures provided for in this Regulation are in accordance with the opinion of the Committee on Civil Aviation Security set up by Article 19(1) of Regulation (EC) No 300/2008, [Whereas #7] Work Package 3.4 Air Cargo Security Release 1.6 Page: 34
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Objective Applicability Structure of EU8 Commission Regulation (EU) No 358/2010 amending Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) The restrictions on liquids, aerosols and gels carried by passengers arriving on flights from third countries and transferring at Union airports create certain operational difficulties at these airports and cause inconvenience to the passengers concerned. Amends detailed measures for the implementation of common basic standards In addition to defining STEBs as bags that conform with ICAO standards the amendment provides the conditions for LAGs carried by passengers being exempt from screening (less than 100ml, capacity not exceeding 1 litre ). Relevance to the Study Exemption (g) from the new point 4.1.3.4 of 185/2010: LAGs carried by passengers may be exempted from screening if the LAG is. (g) obtained at an airport situated in a third country listed in Attachment 4-D, on condition that the LAG is packed in a STEB inside which satisfactory proof of purchase at airside at that airport within the preceding 36 hours is displayed. The exemptions provided for in this point shall expire on 29 April 2011. Attachment 4-D is added by this amendment: Airport(s) from which flights depart to Union airports: Canada: All international airports Republic of Croatia: Dubrovnik (DBV) airport Pula (PUY) airport Rijeka (RJK) airport Split (SPU) airport EN 27.4.2010 Official Journal of the European Union L 105/13 Zadar (ZAD) airport Zagreb (ZAG) airport Malaysia Kuala Lumpur International (KUL) airport Work Package 3.4 Air Cargo Security Release 1.6 Page: 35
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of EU8 Commission Regulation (EU) No 358/2010 amending Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Republic of Singapore: Changi (SIN) airport United States of America All international airports Missing Non Public Documents None Identified Work Package 3.4 Air Cargo Security Release 1.6 Page: 36
Lead Partner Task Leader Project 3.4.5 Commission Regulation (EU) No 537/2010 (EU9) Project Identifier Name Instrument Title/ description Type of EU9 Commission Regulation (EU) No 573/2010 amending Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) Implementing Measures Date 30 June 2010 Scope Interrelationship with other legislation EU Wide and pertaining to third countries Having regard to Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 establishing common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 and in particular Article 4(3) thereof. Regulation (EC) No 300/2008 shall apply in full as from the date specified in the implementing rules adopted in accordance with the procedures referred to in Article 4(2) and 4(3) of that Regulation but not later than 29 April 2010. This Regulation should therefore apply as from 29 April 2010 in order to harmonise the application of Regulation (EC) No 300/2008 and its implementing acts. [Whereas 3] Commission Regulations (EC) No 1217/2003 of 4 July 2003 laying down common specifications for national civil aviation security quality control programmes ( 3 ), (EC) No 1486/2003 of 22 August 2003 laying down procedures for conducting Commission inspections in the field of civil aviation security ( 4 ), (EC) No 1138/2004 of 21 June 2004 establishing a common definition of critical parts of security restricted areas at airports ( 5 ) and (EC) No 820/2008 of 8 August 2008 laying down measures for the implementation of the common basic standards on aviation security ( 6 ), which all implemented Regulation (EC) No 2320/2002 of the European Parliament and of the Council of 16 December 2002 establishing common rules in the field of civil aviation security ( 7 ) should therefore be repealed. [whereas #4] Objective In accordance with Article 4(3) of Regulation (EC) No 300/2008 the Commission should adopt detailed measures for the implementation of common basic standards referred to in Article 4(1) and of general measures supplementing common basic standards referred to in Article 4(2) of that Regulation. [whereas #1] Work Package 3.4 Air Cargo Security Release 1.6 Page: 37
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Applicability Structure of EU9 Commission Regulation (EU) No 573/2010 amending Regulation (EU) No 185/2010 laying down detailed measures for the implementation of the common basic standards on aviation security (Text with EEA relevance) This Regulation lays down detailed measures for the implementation of common basic standards for safeguarding civil aviation against acts of unlawful interference that jeopardise the security of civil aviation and general measures supplementing the common basic standards Amends 185/2010 adding detailed measures for use of EXPLOSION DETECTION DOGS (EDD) Chapter 4 point 4.1 SCREENING OF PASSENGERS AND CABIN BAGGAGE Chapter 5 point 5.1 SCREENING OF HOLD BAGGAGE Chapter 12 General Principles (12.9.1) Standards for EDD (12.9.2) Training Requirements (12.9.3) Approval Procedures (12.9.4) Quality Control (12.9.5) Methodology of Screening (12.9.6) Baltic Sea Region (Non EU) relevance Missing Non Public Documents The wider context of screening passengers and baggage as outlined in common basic standards of 185/2010. Of separate Commission Decision Attachment 12-D (Detection of explosive materials performance requirements) Attachment 12-E and 12-F (Approval by appropriate authority) Attachment 12-G (Quality control measures) Work Package 3.4 Air Cargo Security Release 1.6 Page: 38
Lead Partner Task Leader Project 3.5 EU Regulations relating to ICAO 3.5.1 Proposal for a Council Decision 2009/97/EC of 24 July 2008 (EU10) Title Explanation Project Identifier EU 10 Name of Instrument Title/ description Type Council Decision 2009/97/EC on the signature and provisional application of a Memorandum of Cooperation between the International Civil Aviation Organization and the European Community regarding security audits / inspections and related matters Decision Date 24 July 2008 Scope Interrelationship other legislation Objective Applicability with EU Wide Chicago Convention The proposal aims at significantly reducing the number of individual audits in Member States, at national and at airport level, thereby avoiding duplication of work and allowing for a better use of limited resources. Both Member States and the aviation industry in the Community, in particular airports and airlines, will benefit from this MoC. Aviation safety Work Package 3.4 Air Cargo Security Release 1.6 Page: 39
Lead Partner Task Leader Project 3.5.2 Council Decision (2010/302/EU) of 10 May 2010 (EU11) Title Explanation Project Identifier EU 11 Name of Instrument Title/ description Type Council Decision (2010/302/EU) on the conclusion of a Memorandum of Cooperation between the International Civil Aviation Organization and the European Community regarding security audits / inspections and related matters Establishing a Memorandum of Cooperation Date 10 May 2010 Scope Interrelationship other legislation Objective Applicability with EU Wide and pertaining to third countries Chicago Convention, decision 2009/97/EC Security audits and inspections Aviation safety Work Package 3.4 Air Cargo Security Release 1.6 Page: 40
Lead Partner Task Leader Project Title Explanation Project Identifier EU 12 Name of Instrument EU Implementing regulation No 859/2011 of 25 th August 2011 Title/ description Type amending Regulation EU No 285/2010 laying down detailed measures for the implementation of the common basic standards on aviation security in respect of air cargo and mail Implementing Regulation Date 25 th August 2011 Scope EU Wide and pertaining to third countries Interrelationship other legislation with Objective Applicability Relevance to the Project Security audits and inspections Aviation security This new regulation (known also as the precursor to the ACC3 regulation) requires that: 1. Any carrier carrying cargo or mail from a non-eu country into the EU will have to be designated as Air Cargo or Mail Carrier operating in the Union from a Third country airport (ACC3). The ACC3 designation is airport specific but recognized by all EU Member States this however implies that carriers will have to seek ACC3 designation for each of their stations outside the EU and for each station receive a different identification number. A list of 14 countries had been exempted from this requirement (including US). 2. ACC3 will have to ensure that their security programme integrates EU requirements (in attachment 6-G), submit a declaration of commitment to the appropriate authority and nominate a person responsible. 3. All cargo carried by ACC3 shall be screened or security controlled (by a RA, KC or AC) and their security status shall be indicated in accompanying documentation. 4. By 1 July 2014, ACC3 shall proceed to an independent verification of their cargo operations at the airport for which it has been designated. The report of the independent validator has to be submitted to the appropriate authority. If the report is satisfactory, the ACC3 will be entered in the EU database for RA and KC. 5. By 1 July 2014, ACC3 shall ensure that RA, KC, AC from which it accepts shipments are independently validated. After this validation, airlines must Work Package 3.4 Air Cargo Security Release 1.6 Page: 41
Lead Partner Task Leader Project maintain their own database with the details of RA, KC and AC they are accepting cargo from. Before this date, airlines will have to detail in their security programme the security controls implemented by RA, KC and AC and their own procedure of recognition in third countries. The regulation includes additional security measures for High Risk Cargo, defined as cargo originating from some specific countries (list of 10 countries so far), or cargo subject to significant tampering. These new EU rules pose a real challenge of implementation for the airlines carrying cargo into the EU because airline will have to: 1. Submit security programmes for each station they are operating from, 2. Validate themselves the RA, KC, AC they are working with (at least until 2014), 3. Maintain a database for the validated RA, KC and AC in third countries, and 4. Deploy enhanced screening capabilities at their non-eu stations. The Commission will now convene a working group to work on the details of the implementation of these new rules and IATA will also participate 3.6 ICAO Annex 17 Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference Type The Chicago Convention on International Civil Aviation - 1944 established the International Civil Aviation Organization (ICAO), a UN agency. The convention has been revised 8 times (most recently in 2006), and so is still very much an extant document. There are currently 190 "Contracting States" - see: http://www.icao.int/cgi/goto_m.pl?/cgi/statesdb4.pl?en Annex 17 of the Convention sets out "standards" and "recommended practices" in respect of civil aviation. In general, it seems to contain fairly high-level principles (for example: "each Contracting State shall ensure that security controls are applied to cargo and mail" before being loaded on to an aircraft) as opposed to specific security requirements, and thus the Contracting States will have a large degree of autonomy in terms of how they actually meet those requirements. Work Package 3.4 Air Cargo Security Release 1.6 Page: 42
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Date Scope of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference April 2006 ( 8 th edition) World Wide Interrelationship with other legislation Objective Each Contracting State shall have as its primary objective the safety of passengers, crew, ground personnel and the general public in all matters related to safeguarding against acts of unlawful interference with civil aviation. Each Contracting State shall establish an organization and develop and implement regulations, practices and procedures to safeguard civil aviation against acts of unlawful interference taking into account the safety, regularity and efficiency of flights. Each Contracting State shall ensure that such an organization and such regulations, practices and procedures: a) protect the safety of passengers, crew, ground personnel and the general public in all matters related to safeguarding against acts of unlawful interference with civil aviation; and b) are capable of responding rapidly to meet any increased security threat. Recommendation. Each Contracting State should ensure appropriate protection of aviation security information. Recommendation. Each Contracting State should whenever possible arrange for the security controls and procedures to Work Package 3.4 Air Cargo Security Release 1.6 Page: 43
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description Applicability of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference cause a minimum of interference with, or delay to the activities of, civil aviation provided the effectiveness of these controls and procedures is not compromised. CHAPTER 2.2 GENERAL PRINCIPLES Each Contracting State shall apply the Standards and shall endeavour to apply the Recommended Practices contained in Annex 17 to international civil aviation operations. Each Contracting State shall ensure that measures designed to safeguard against acts of unlawful interference are applied to domestic operations to the extent practicable, based upon a security risk assessment carried out by the relevant national authorities. Structure FOREWARD CHAPTERS: Definitions General Principles 2.1 Objectives 2.2 Applicability 2.3 Security and facilitation 2.4 International Cooperation 2.5 Equipment, research and development Organization 3.1 National organization and appropriate authority 3.2 Airport Operations 3.3 Aircraft Operators 3.4 Quality Control Work Package 3.4 Air Cargo Security Release 1.6 Page: 44
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference Preventative security measures 4.1 Objective 4.2 Measures relating to access control 4.3 Measures relating to aircraft 4.4 Measures relating to passengers and their cabin baggage 4.5 Measures relating to hold baggage 4.6 Measures relating to cargo, mail, and other goods 4.7 Measures relating to special categories of passengers Management of response to acts of unlawful interference 5.1 Prevention 5.2 Response 5.3 Exchange of Information and reporting ATTACHMENTS Relevance to the Study Use of the text of the Annex in national regulations. The Council, on 13 April 1948, adopted a resolution inviting the attention of Contracting States to the desirability of using in their own national regulations, as far as practicable, the precise language of those ICAO Standards that are of a regulatory character and also of indicating departures from the Standards, including any additional national regulations that were important for the safety or regularity of air navigation. Wherever possible, the provisions of this Annex have been written in such a way as would facilitate incorporation, without major textual changes, into national legislation. GENERAL INFORMATION a) Standards and Recommended Practices adopted by the Council under the provisions of the Convention. They are defined as follows: Standard: Any specification for physical characteristics, configuration, materiel, performance, personnel or procedure, the uniform application of which is recognized Work Package 3.4 Air Cargo Security Release 1.6 Page: 45
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference as necessary for the safety or regularity of international air navigation and to which Contracting States will conform in accordance with the Convention; in the event of impossibility of compliance, notification to the Council is compulsory under Article 38 of the Convention. Recommended Practice: Any specification for physical characteristics, configuration, materiel, performance, personnel or procedure, the uniform application of which is recognized as desirable in the interests of safety, regularity or efficiency of international air navigation, and to which Contracting States will endeavour to conform in accordance with the Convention. b) Appendices comprising material grouped separately for convenience but forming part of the Standards and Recommended Practices adopted by the Council. c) Definitions of terms used in the Standards and Recommended Practices which are not self-explanatory in that they do not have accepted dictionary meanings. A definition does not have an independent status but is an essential part of each Standard and Recommended Practice in which the term is used, since a change in the meaning of the term would affect the specification. 2.4 INTERNATIONAL COOPERATION 2.4.1 Each Contracting State shall ensure that requests from other Contracting States for additional security measures in respect of a specific flight(s) by operators of such other States are met, as far as may be practicable. The requesting State shall give consideration to alternative measures of the other State that are equivalent to those requested. 2.4.2 Each Contracting State shall cooperate with other States in the development and exchange of information concerning national civil aviation security programmes, trainingprogrammes and quality control programmes, as necessary. 2.4.3 Each Contracting State shall establish and implementprocedures to share with other Contracting States threat information that applies to the aviation security interests of those States, to the extent practicable. 2.4.4 Each Contracting State shall establish and implement suitable protection and handling procedures for security information shared by other Contracting States, or security information that affects the security interests of other Contracting States, in Work Package 3.4 Air Cargo Security Release 1.6 Page: 46
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference order to ensure that inappropriate use or disclosure of such information is avoided. 2.4.5 Recommendation. Each Contracting State should share, as appropriate, and consistent with its sovereignty, the results of the audit carried out by ICAO and the corrective actions taken by the audited State if requested by another State. 2.4.6 Recommendation. Each Contracting State should include in each of its bilateral agreements on air transport a clause related to aviation security, taking into account the model clause developed by ICAO. 2.4.7 Recommendation. Each Contracting State should make available to other Contracting States on request a written version of the appropriate parts of its national civil aviation security programme. 2.4.8 Recommendation. Each Contracting State should notify ICAO where it has shared information under 2.4.5 3. NATIONAL ORGANIZATION AND APPROPRIATE AUTHORITY 3.1.1 Each Contracting State shall establish and implement a written national civil aviation security programme to safeguard civil aviation operations against acts of unlawful interference. through regulations, practices and procedures which take into account the safety, regularity and efficiency of flights. 3.1.2 Each Contracting State shall designate and specify to ICAO an appropriate authority within its administration to be responsible for the development, implementation and maintenance of the national civil aviation security programme. 3.1.3 Each Contracting State shall keep under constant review the level of threat to civil aviation within its territory, and establish and implement policies and procedures to adjust relevant elements of its national civil aviation security programme accordingly, based upon a security risk assessment carried out by the relevant national authorities. 3.1.4 Each Contracting State shall require the appropriate authority to define and allocate tasks and coordinate activities between the departments, agencies and other organizations of the State, airport and aircraft operators and other entities Work Package 3.4 Air Cargo Security Release 1.6 Page: 47
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference concerned with or responsible for the implementation of various aspects of the national civil aviation security programme. 3.1.5 Each Contracting State shall establish a national aviation security committee or similar arrangements for the purpose of coordinating security activities between the departments, agencies and other organizations of the State, airport and aircraft operators and other entities concerned with or responsible for the implementation of various aspects of the national civil aviation security programme. 3.1.6 Each Contracting State shall require the appropriate authority to ensure the development and implementation of a national training programme for personnel of all entities involved with or responsible for the implementation of various aspects of the national civil aviation security programme. This training programme shall be designed to ensure the effectiveness of the national civil aviation security programme. 3.1.7 Recommendation. Each Contracting State should ensure that trainers and training programmes meet standards defined by the appropriate authority. 3.1.8 Each Contracting State shall ensure that the appropriate authority arranges for the supporting resources and facilities required by the aviation security services to be available at each airport serving civil aviation. 3.1.9 Each Contracting State shall make available to its airport and aircraft operators operating in its territory and other entities concerned, a written version of the appropriate parts of its national civil aviation security programme and/or relevant information or guidelines enabling them to meet the requirements of the national civil aviation security programme. 3.2 AIRPORT OPERATIONS 3.2.1 Each Contracting State shall require each airport serving civil aviation to establish, implement and maintain a written airport security programme appropriate to meet the requirements of the national civil aviation security programme. 3.2.2 Each Contracting State shall ensure that an authority at each airport serving civil aviation is responsible for coordinating the implementation of security controls. 3.2.3 Each Contracting State shall ensure that an airport security committee at each airport serving civil aviation is established to assist the authority mentioned under 3.2.2 in its role of coordinating the implementation of security controls and procedures as specified in the airport security programme. Work Package 3.4 Air Cargo Security Release 1.6 Page: 48
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference 3.2.4 Each Contracting State shall ensure that airport design requirements, including architectural and infrastructure related requirements necessary for the implementation of the security measures in the national civil aviation security programme are integrated into the design and construction of new facilities and alterations to existing facilities at airports. 3.3 AIRCRAFT OPERATORS 3.3.1 Each Contracting State shall ensure that commercial air transport operators providing service from that State have established, implemented and maintained a written operator security programme that meets the requirements of the national civil aviation security programme of that State. 3.3.2 Recommendation. Each Contracting State should ensure that each entity conducting general aviation operations, including corporate aviation operations, using aircraft with a maximum take-off mass greater than 5 700 kg, has established, implemented and maintained a written operator security programme that meets the requirements of the national civil aviation security programme of that State. 3.3.3 Recommendation. Each Contracting State should ensure that each entity conducting aerial work operations has established, implemented and maintained a written operator security programme that meets the requirements of the national civil aviation security programme of that State. The programme shall contain operations features specific to the type of operations conducted. 3.3.4 Recommendation. Each Contracting State should take into account the ICAO model as a basis for operators or entities security programmes under 3.3.1, 3.3.2 and3.3.3. 3.3.5 Recommendation. Each Contracting State should require operators providing service from that State and participating in code-sharing or other collaborative arrangements with other operators to notify the appropriate authority of the nature of these arrangements, including the identity of the other operators. 3.4 QUALITY CONTROL 3.4.1 Each Contracting State shall ensure that the persons implementing security controls are subject to background checks and selection procedures. 3.4.2 Each Contracting State shall ensure that the persons implementing security controls possess all competencies required to perform their duties and are appropriately trained according to the requirements of the national civil aviation security programme and that appropriate records are maintained up to date. Relevant standards of performance shall be established and initial and periodic Work Package 3.4 Air Cargo Security Release 1.6 Page: 49
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference assessments shall be introduced to maintain those standards. 3.4.3 Each Contracting State shall ensure that the persons carrying out screening operations are certified according to the requirements of the national civil aviation security programme to ensure that performance standards are consistently and reliably achieved. 3.4.4 Each Contracting State shall require the appropriate authority to develop, implement and maintain a national civil aviation security quality control programme to determine compliance with and validate the effectiveness of its national civil aviation security programme. 3.4.5 Each Contracting State shall ensure that the implementation of security measures is regularly subjected to verification of compliance with the national civil aviation security programme. The priorities and frequency of monitoring shall be determined on the basis of risk assessment carried out by the relevant authorities. 3.4.6 Each Contracting State shall arrange for security audits, tests, surveys and inspections to be conducted on a regular basis, to verify compliance with the national civil aviation security programme and to provide for the rapid and effective rectification of any deficiencies. 3.4.7 Each Contracting State shall ensure that the management, setting of priorities and organization of the national civil aviation security quality control programme shall be undertaken independently from the entities and persons responsible for the implementation of the measures taken under the national civil aviation security programme. Each Contracting State shall also: a) ensure that the personnel carrying out security audits, tests, surveys and inspections are trained to appropriate standards for these tasks in accordance with the national civil aviation security programme; b) ensure that the personnel carrying out security audits, tests, surveys and inspections are afforded the necessary authority to obtain information to carry out the tasks and to enforce corrective actions; c) supplement the national civil aviation security quality control programme by establishing a confidential reporting system for analysing security information provided by sources such as passengers, crew and ground personnel; and d) establish a process to record and analyse the results of the national civil aviation security quality control programme, to contribute to the effective development and implementation of the national civil aviation security programme, including identifying the causes and patterns of non-compliance and verifying that corrective Work Package 3.4 Air Cargo Security Release 1.6 Page: 50
Lead Partner Task Leader Project Project Identifier Name Instrument Title/ description of IN1 ICAO International Standard and Recommended Practices Annex 17 - Security - Safeguarding International Civil Aviation Against Acts of Unlawful Interference actions have been implemented and sustained. 3.4.8 Each Contracting State concerned with an act of unlawful interference shall require its appropriate authority to re-evaluate security controls and procedures and in a timely fashion take action necessary to remedy weaknesses so as to prevent recurrence. These actions shall be shared with ICAO. Missing Non Public Documents Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference (Doc 8973 Restricted). Work Package 3.4 Air Cargo Security Release 1.6 Page: 51
Lead Partner Task Leader Project 3.7 State Regulations U.S. C.F.R. Part 1546 Foreign Air Carrier Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description Type FOREIGN AIR CARRIER SECURITY Implementing Regulation Date Scope Interrelationship with other legislation Objective Applicability US including Third Countries ( by way of air carriers) US Code of Federal Regulations General principle: Provide for the safety and security of persons and property on an aircraft provided by the aircraft operator against an act of criminal violence, aircraft piracy, and the introduction of an unauthorized weapon, explosive, or incendiary onto an aircraft. 1546.1 Applicability of this part. This part prescribes aviation security rules governing the following: (a) The operation within the United States of each foreign air carrier holding a permit issued by the Department of Transportation under 49 U.S.C. 41302 or other appropriate authority issued by the former Civil Aeronautics Board or the Department of Transportation. (b) Each law enforcement officer flying armed aboard an aircraft operated by a foreign air carrier described in paragraph (a) of this section. [Subpart A General] Structure Subpart A General 1546.1 Applicability of this part. 1546.3 TSA inspection authority. Subpart B Security Program 1546.101 Adoption and implementation. 1546.103 Form, content, and availability of security program. 1546.105 Acceptance of and amendments to the security program. Subpart C Operations Work Package 3.4 Air Cargo Security Release 1.6 Page: 52
Lead Partner Task Leader Project Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description FOREIGN AIR CARRIER SECURITY 1546.201 Acceptance and screening of individuals and accessible property. 1546.202 XXX 1546.203 Acceptance and screening of checked baggage. 1546.205 Acceptance and screening of cargo. 1546.207 Screening of individuals and property. 1546.209 Use of X-ray systems. 1546.211 Law enforcement personnel. 1546.213 XXX 1546.215 XXX Subpart D Threat and Threat Response 1546.301 Bomb or air piracy threats. Subpart E Screener Qualifications When the Foreign Air Carrier Conducts Screening 1546.401 Applicability of this subpart. 1546.403 Current screeners. 1546.405 New screeners: Qualifications of screening personnel. 1546.407 New screeners: Training, testing, and knowledge of individuals who perform screening functions. 1546.409 New screeners: Integrity of screener tests. 1546.411 New screeners: Continuing qualifications for screening personnel. Relevance to the Study [Subpart A General] 1546.3 TSA inspection authority. Link to an amendment published at 71 FR 30511, May 26, 2006. (a) Each foreign air carrier must allow TSA, at any time or place, to make any inspections or tests, including copying records, to determine compliance of an airport operator, aircraft operator, foreign air carrier, indirect air carrier, or other airport tenants with (1) This subchapter and any security program under this subchapter, and part 1520 of this chapter; and Work Package 3.4 Air Cargo Security Release 1.6 Page: 53
Lead Partner Task Leader Project Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description FOREIGN AIR CARRIER SECURITY (2) 49 U.S.C. Subtitle VII, as amended. (b) At the request of TSA, each foreign air carrier must provide evidence of compliance with this subchapter and its security program, including copies of records. [Subpart B Security Program] 1546.101 Adoption and implementation. Link to an amendment published at 71 FR 30511, May 26, 2006. Each foreign air carrier landing or taking off in the United States must adopt and carry out a security program, for each scheduled and public charter passenger operation, that meets the requirements of (a) Section 1546.103(b) for each operation with an airplane having a passenger seating configuration of 61 or more seats; (b) Section 1546.103(b) for each operation that will provide deplaned passengers access to a sterile area, or enplane passengers from a sterile area, when that access is not controlled by an aircraft operator using a security program under part 1544 of this chapter or a foreign air carrier using a security program under this part; (c) Section 1546.103 (b) for each operation with an airplane having a passenger seating configuration of 31 or more seats but 60 or fewer seats for which TSA has notified the foreign air carrier in writing that a threat exists; and (d) Section 1546.103(c) for each operation with an airplane having a passenger seating configuration of 31 or more seats but 60 or fewer seats, when TSA has not notified the foreign air carrier in writing that a threat exists with respect to that operation. 1546.103 Form, content, and availability of security program. Link to an amendment published at 71 FR 30512, May 26, 2006. (a) General requirements. The security program must be: (1) Acceptable to TSA. A foreign air carrier's security program is acceptable only if TSA finds that the security program provides passengers a level of protection similar to the level of protection provided by U.S. air carriers serving the same airports. Foreign air carriers must employ procedures equivalent to those required of U.S. air carriers serving the same airport if TSA determines that such procedures are necessary to provide passengers a similar level of protection. Work Package 3.4 Air Cargo Security Release 1.6 Page: 54
Lead Partner Task Leader Project Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description FOREIGN AIR CARRIER SECURITY (2) In English unless TSA requests that the program be submitted in the official language of the foreign air carrier's country. (b) Content of security program. Each security program required by 1546.101(a), (b), or (c) must be designed to (1) Prevent or deter the carriage aboard airplanes of any unauthorized explosive, incendiary, or weapon on or about each individual's person or accessible property, except as provided in 1546.201(d), through screening by weapon-detecting procedures or facilities; (2) Prohibit unauthorized access to airplanes; (3) Ensure that checked baggage is accepted by a responsible agent of the foreign air carrier; and (4) Prevent cargo and checked baggage from being loaded aboard its airplanes unless handled in accordance with the foreign air carrier's security procedures. (c) Law enforcement support. Each security program required by 1546.101(d) must include the procedures used to comply with the applicable requirements of 1546.209 regarding law enforcement officers. (d) Availability. Each foreign air carrier required to adopt and use a security program under this part must (1) Restrict the distribution, disclosure, and availability of sensitive security information, as defined in part 1520 of this chapter, to persons with a need to know; and (2) Refer requests for sensitive security information by other persons to TSA. 1546.105 Acceptance of and amendments to the security program. (a) Initial acceptance of security program. Unless otherwise authorized by TSA, each foreign air carrier required to have a security program by this part must submit its proposed program to TSA at least 90 days before the intended date of passenger operations. TSA will notify the foreign air carrier of the security program's acceptability, or the need to modify the proposed security program for it to be acceptable under this part, within 30 days after receiving the proposed security program. The foreign air carrier may petition TSA to reconsider the notice to modify the security program within 30 days after receiving a notice to modify. (b) Amendment requested by a foreign air carrier. A foreign air carrier may Work Package 3.4 Air Cargo Security Release 1.6 Page: 55
Lead Partner Task Leader Project Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description FOREIGN AIR CARRIER SECURITY submit a request to TSA to amend its accepted security program as follows: (1) The proposed amendment must be filed with the designated official at least 45 calendar days before the date it proposes for the amendment to become effective, unless a shorter period is allowed by the designated official. (2) Within 30 calendar days after receiving a proposed amendment, the designated official, in writing, either approves or denies the request to amend. (3) An amendment to a foreign air carrier security program may be approved if the designated official determines that safety and the public interest will allow it, and the proposed amendment provides the level of security required under this part. (4) Within 45 calendar days after receiving a denial, the foreign air carrier may petition the Administrator to reconsider the denial. A petition for reconsideration must be filed with the designated official. (5) Upon receipt of a petition for reconsideration, the designated official either approves the request to amend or transmits the petition, together with any pertinent information, to the Administrator for reconsideration. The Administrator disposes of the petition within 30 calendar days of receipt by either directing the designated official to approve the amendment, or affirming the denial. (6) Any foreign air carrier may submit a group proposal for an amendment that is on behalf of it and other aircraft operators that co-sign the proposal. (c) Amendment by TSA. If the safety and the public interest require an amendment, the designated official may amend an accepted security program as follows: (1) The designated official notifies the foreign air carrier, in writing, of the proposed amendment, fixing a period of not less than 45 calendar days within which the foreign air carrier may submit written information, views, and arguments on the amendment. (2) After considering all relevant material, the designated official notifies the foreign air carrier of any amendment adopted or rescinds the notice. If the amendment is adopted, it becomes effective not less than 30 calendar days after the foreign air carrier receives the notice of amendment, unless the foreign air carrier petitions the Administrator to reconsider no later than 15 calendar days before the effective date of the amendment. The foreign air carrier must send the petition for reconsideration to the designated official. Work Package 3.4 Air Cargo Security Release 1.6 Page: 56
Lead Partner Task Leader Project Project Identifier US1 Name of Instrument Title 49 Transportation - 49 C.F.R. PART 1546 Title/ description FOREIGN AIR CARRIER SECURITY A timely petition for reconsideration stays the effective date of the amendment. (3) Upon receipt of a petition for reconsideration, the designated official either amends or withdraws the notice or transmits the petition, together with any pertinent information, to the Administrator for reconsideration. The Administrator disposes of the petition within 30 calendar days of receipt by either directing the designated official to withdraw or amend the amendment, or by affirming the amendment. (d) Emergency amendments. If the designated official finds that there is an emergency requiring immediate action with respect to safety in air transportation or in air commerce that makes procedures in this section contrary to the public interest, the designated official may issue an amendment, without the prior notice and comment procedures in paragraph (c) of this section, effective without stay on the date the foreign air carrier receives notice of it. In such a case, the designated official will incorporate in the notice a brief statement of the reasons and findings for the amendment to be adopted. The foreign air carrier may file a petition for reconsideration under paragraph (c) of this section; however, this does not stay the effectiveness of the emergency amendment. Subpart C Operations Each operational requirement is prefaced with the following text (Unless otherwise authorized by TSA), each foreign air carrier must use the measures/ equipment described in its security program to prevent or deter the carriage of any unauthorized explosive or incendiary.. Missing Non Public Documents Security program requirements (SSI) Work Package 3.4 Air Cargo Security Release 1.6 Page: 57
Lead Partner Task Leader Project 4. Evolving Air Cargo Regulatory Framework 4.1 Introduction As mentioned above the recent air cargo security threat discovered in Yemen in October 2010, has resulted in a number of emerging air cargo and supply chain security initiatives. These include the European action plan to strengthen air cargo security (IP/10/1651) included as Appendix 1; bringing forward of the TSA requirements for screening of air cargo entering the USA to 31 st December 2011; statements made at the 6 th Meeting of the International Civil Aviation (ICAO) Facilitation Panel (FALP) held in May 20108; and recent statements at a Hearing 9 of the US Senate Committee on Commerce, Science and Transportation held on Dec 2 2010. Consistently aviation security is being regarded as a sub-set of supply chain security with interest is being expressed in a risk-based holistic approach to securing all elements of the supply chain (air carriers, shippers, regulated agents, cargo handling operations and logistics service providers), across all categories of aviation (passenger and all cargo carriers) and related transport modes (air, road, rail, sea). Reliance on government-industry partnerships involving sharing of information is proposed; and, the vast majority of stakeholders are requiring that new ICAO Annex17 air cargo security standards be implemented world-wide. The above notwithstanding, the jury is still out on which, if either, of the current known shipper models EU independent validation of known consignors or the US Certified Cargo Screening model including shippers, regulated agents (or IACs) and independent cargo screening facilities (ICSFs) will be included in the revised ICAO Annex 17 measures. Therefore, it is proposed that the Baltic Air Cargo,net project will adopt a generic approach to preparation of air cargo security certification materials than will be suitable for the majority of participants in the project, and will be appropriate for any emerging and new standards. These proposed changes and the view of the world-wide air cargo industry are accurately summed in the mission statement of the newly formed Global Air Cargo Advisory Group (GACAG) that was launched in November 2011 by The International Air Cargo Association (TIACA). 10 8 http://www.icao.int/icao/en/atb/meetings/2010/falp6/docs/falp6_wp03_en.pdf 9 http://commerce.senate.gov/public/?a=files.serve&file_id=5cbe4680-f1f2-41a8-a4a5-03023232c5f6 10 http://www.fiata.com/index.php?id=388&l=en Work Package 3.4 Air Cargo Security Release 1.6 Page: 58
Lead Partner Task Leader Project 4.2 European action plan to strengthen air cargo security The information bulletin provided after these meetings argued for a holistic approach to strengthen air cargo security, by following a series of strategies simultaneously in terms of: New harmonized EU cargo and mail security controls; EU coordination; and Global approach. The recommendations in the action plan included the convening of an Air Cargo working group of Member State and industry experts to advise on regime changes and draw on the risk-based experience gained in the customs sector. The action plan included encouraging Members States to implement as soon as possible the additional requirements for EU known consignor validation and to strongly encourage Member states to give greater priority to air cargo in their national inspection programmes It proposed steps to establish, facilitate and strengthen information flows relating to incidents, new threats and emergency measures, and the development of a common all-source EU threat assessment capability The EU action plan also called for the swift implementation of the latest revision to ICAO Annex 17 with enhanced cargo security rules, and that adequate guidance should be developed and provided to help implement its standards and recommended practices and ICAO audits and capacity-building initiatives should be used as primary tools to strengthen aviation security including cargo supply chains in non-eu countries. 4.3 TSA 100% air cargo screening requirement TSA has pushed up the deadline for 100 percent cargo screening on all international passenger flights inbound for the U.S. to December 31, 2011. In previous testimony before the Subcommittee on Transportation Security and Infrastructure protection Committee on Homeland Security of the United States House of representatives on June 30, 2010 11, John P. Sammon, the Assistant Administrator at the office of Transportation Sector Network Management (TSNM), testified that it would take until 2013 before an all-cargo screening policy on international passenger aircraft could be effectively put into place. 11 Reported in the Air Cargo Security Policy Newsletter, dated July 12 2010 Work Package 3.4 Air Cargo Security Release 1.6 Page: 59
Lead Partner Task Leader Project On 14 th January 2011, Doug Brittin, the General Manager Air Cargo at TSNM sent out an e-mai 12 l to shippers and forwarders regarding the TSA decision to respond to recent global events by proposing updates to air carrier standard security programs to passenger airlines. These updates would require airlines to screen 100% of cargo uplifted on passenger aircraft inbound to the United States by December 31, 2011 4.4 6 th meeting of the ICAO Facilitation Panel (FALP) in May 2010 The European view on the significance of the security of the Supply Chain for all of its actors, and on harmonisation of customs and air cargo were mentioned in an ICAO working paper issued at the 6 th meeting of the Facilitation Panel (FALP) in May 2010 Items 2.6 and 2.7 of this document stated as follows: Also under item 2, in its information paper (AVSECP/21-IP/4) on cargo security, the European Community indicated that the secure supply chain concept may be a far greater guarantor of air cargo security, in many circumstances, than any available technology or methodology. The information paper provided information on appropriate new EU requirements that are going to be introduced with respect to each of the primary actors in a secure supply chain, i.e. the known and account consignors, regulated agents, hauliers, handling agents and air carriers [2.6], and Subsequent to its discussion on item 2, the AVSEC Panel concluded that that aviation security and facilitation measures related to supply chain security are currently driven by different objectives, but are worth considering, where feasible. It recommended that a strategic review of the approaches be undertaken with the objective of integrating aviation security and customs requirements for cargo security, insofar as this is practicable. It is anticipated that this recommendation would drive the future work of the Secretariat Study Group [2.7]. 4.5 Hearing of the US Senate Committee on Commerce, Science and Transportation held on Dec 2 2010 In their testimony, David Heyman of the Office of Policy at the US Department of Homeland Security (DHS) and Vicki Reeder from the Office of Global Strategies at TSA discuss what they called the October 28 Plot 13 and provide the following information on US Department of Homeland Security (DHS) and TSA initiatives: 12 Included as Appendix IV 13 PETN bombs found at East Midlands airport in the UK and Dubai airport hidden inside computer printers loaded onto all cargo aircraft in Yemen Work Package 3.4 Air Cargo Security Release 1.6 Page: 60
Lead Partner Task Leader Project First and foremost, DHS will accelerate work that has been ongoing since early this year to obtain critical information on the goods, conveyances, and entities involved in the shipment of air cargo to the United States prior to the loading of that cargo on an aircraft. The Department relies upon a risk-based and layered approach to security that allows us to focus our resources on the greatest threats and helps us speed delivery of lawful shipments. This approach is only as good as the data we gather about each shipment; and DHS is constantly striving to improve the quality and timeliness of the data we receive. We are exploring additional pilot programs to augment several of the pilots that have been operational since early 2010 to better understand the type, quality, and timeliness of the predeparture information we may require in the future. These pilots will ensure that we derive the most security benefit from any additional requirements and have considered the wide range of policy and operational factors that will need to be addressed. For instance, while some entities may be in a position to provide the necessary information now, others may need time to develop the appropriate technical systems or business processes. In addition, procedures for further inspecting and adjudicating suspicious cargo will need to be refined, as DHS does not currently have a physical presence in many airport locations where air carriers and host nation partners conduct the inspections. DHS is committed to moving forward with a pre-departure initiative and is developing a more detailed timeline and work plan. In addition to seeking pre-departure information, we are also working with our international and private sector partners to expand and strengthen other important layers of security including: prioritized engagement with worldwide cargo hubs and high-risk/high-threat shipping locations; development and sharing of intelligence and information gathering capabilities to target high risk cargo; continued promotion and development of next-generation technologies that can identify threat material; and coordination and mutual recognition of processes and programs among federal partners and also, where possible, among private and public sector partners with a role in aviation security. It is critical that DHS and other federal stakeholders work closely with the variety of private sector entities that own and operate the air cargo system to ensure that strong and sensible security measures are developed that both protect the aviation system and facilitate the movement of legitimate trade that is so essential to our economic prosperity. To highlight the crucial role of the private sector in this area, it is important to note that FedEx, UPS, DHL, and TNT together employ more than 1 million people around the world, and own or operate more than 1,700 aircraft. Each of these companies has operations in more than 200 countries. In 2008, air merchandise trade comprised almost 30 percent of U.S. exports by value, totaling approximately $390 billion, and almost 20 percent of U.S. imports by value, totaling more than $417 billion. Combined, that represents more than $800 billion of U.S.-international merchandise trade. An additional section of this testimony discussed strengthening aviation security measures and standards and included significant comments relating to the international community and to ICAO: Work Package 3.4 Air Cargo Security Release 1.6 Page: 61
Lead Partner Task Leader Project.In order to enhance global aviation security measures and standards, DHS initiated a broad international campaign to strengthen the global aviation system against the evolving threats posed by terrorism. After initial outreach following the December 2009 attempted attack that laid the groundwork for improved aviation security standards, Secretary Napolitano participated in four Regional Aviation Security conferences hosted by Mexico, Japan, Nigeria, and the United Arab Emirates while working in concert with the International Civil Aviation Organization (ICAO) to increase international awareness and strengthen global aviation security measures. Secretary Napolitano also traveled to Spain and met with European ministers during the Justice and Home Affairs Informal Meeting on January 22, 2010, to promote enhanced global aviation standards. These five regional conferences and meetings included broad participation from elected leaders, security ministers, and airline officials across Europe, the Western Hemisphere, the Asia Pacific region, Africa, and the Middle East and resulted in the signing of historic joint declarations on improved aviation security standards in each region. The ICAO General Assembly, held from September 28 to October 8 in Montréal, Canada, is a significant and essential global forum for advancing aviation security. Secretary Napolitano participated in this forum along with leaders from the majority of ICAO s 190 member states. Among the important security initiatives adopted by the General Assembly was the ICAO Declaration on Aviation Security, which was derived from the priorities and resulting Declarations endorsed at the five regional conferences and meetings held earlier in the year. The Declaration contains language on a number of key DHS aviation security priorities to help bolster global aviation security, including increased screening technology, improved information sharing, enhanced cargo and airport security, expanded onboard flight protection, and increased transparency of ICAO audits. ICAO has also developed the Comprehensive Aviation Security Strategy (ICASS) that establishes the strategic framework for ICAO s aviation security efforts for the next six years. Annex 17 to the ICAO Convention on International Civil Aviation has included cargo screening and security controls provisions well before September 11, 2001, and the provisions have been further updated in the most recent iteration, Amendment 12, adopted in November 2010. As with other aspects of aviation security, there is still a need to improve performance internationally. In order to advance this concept, on November 16, 2010 TSA leadership met with the ICAO Secretary General and representatives from several countries and industry to discuss near-, mid-, and longterm actions informed by the most current threat information and intelligence. Discussions focused on implementing a graduated approach, led by ICAO, to identify ways to enhance cargo security worldwide. This endeavor must be a collaborative mechanism for international counterparts from governments and industry to come together to discuss the threat from a risk perspective and identify actionable mitigation options. As this undertaking evolves, it will also serve as a model for the establishment of a mechanism for timely incident management led by ICAO, and also help to unify the global response as incidents occur. We anticipate that this effort will encourage collaboration among international partners including both industry and organizations. Key priorities include the prioritized engagement with key cargo hubs and high threat cargo shipment countries; the establishment of a standard definition of highrisk cargo; development of chain of custody requirements and compliance requirements; development of multinational compliance teams and technology teams; information sharing; training; and development of ICAO guidance related to air cargo security. This guidance will be built Work Package 3.4 Air Cargo Security Release 1.6 Page: 62
Lead Partner Task Leader Project upon the consensus of the international community along with outreach to industry and governments. Longer-term options under consideration include development of fortified devices to ensure minimal impact to the aircraft in addition to more rigorous standards for air cargo security at the international level. The Department continues to support ICAO s Universal Security Audit Program (USAP), an essential tool for overseeing the implementation of the security measures set forth in Annex 17 to the Convention on International Civil Aviation. DHS supports the use of audit results to prioritize technical cooperation and capacity development as well as the greater transparency of audit results among member states when significant security concerns are found and verified. Immediately following the air cargo incident, TSA participated in the ICAO Points of Contact Network and communicated directly with all countries with flights to the United States from the Western Hemisphere, Asia-Pacific, Europe, Africa, and the Middle East. In addition, TSA coordinates closely with the European Union (EU) on all transportation security issues of mutual concern, including through formal meetings twice per year of the U.S.-EU Transportation Security Coordination Group (TSCG). Immediately after we learned of the air cargo threat, TSA consulted with EU officials as new requirements were developed for flights to the United States and participated via video teleconference in the EU Aviation Security Emergency meeting on November 5, 2010, to specifically discuss air cargo. Additionally, we encourage the continuance of regional aviation security conferences to improve aviation standards amid evolving threats. In her opening remarks at the ICAO General Assembly, Secretary Napolitano encouraged other member states to continue to hold these conferences after the ICAO Assembly concluded. All of these priorities have and will continue to help strengthen aviation security standards and measures worldwide. 4.6 Proposals of the Global Air Cargo Advisory Group The Global Air Cargo Advisory Group (GACAG) was launched in November 2011 by The International Air Cargo Association (TIACA). While the formation of GACAG may not in itself be considered of primary significance in BSR, as it is doubtful if many of the BSR air cargo stakeholders will be members of GACAG and its participating members, the objectives of GACAG as described in the following paragraphs, indicate the direction of the international air cargo over the coming period, GACAG supports an ICAO Annex 17 approach to regulated agent and known consignor programmes, proposes to involve all elements of the air cargo supply chain, supports a holistic approach to all categories of air cargo shipments, and is focused on harmonisation of air cargo security procedures and best practices. The following extracts from statements issued by GACAG provide the underlying key principles of its approach The group will focus its efforts to enhance the security of the air cargo supply chain, defined as all components of the transportation chain from shipper to consignee, but this must be done in a manner that results in the minimum possible disruption to the Work Package 3.4 Air Cargo Security Release 1.6 Page: 63
Lead Partner Task Leader Project vital flow of commerce. This will require a global push by the air cargo industry and the relevant authorities to improve risk assessment, tighten standard air cargo supply chain processes, develop viable technology for the air cargo environment, and improve compliance. GACAG further expands the above as follows: A comprehensive Air Cargo Supply Chain Security solution should be built around a multilayered set of actions guided by the risk-based concept; Consistent with ICAO Annex 17, member states should introduce supply chain security programs established on common principles and platforms, such as those contained within Regulated Agent and Known Consignor programs; To facilitate integrated supply chain transportation, member states should be encouraged to mutually recognize quality supply chain security programs introduced by partner member states; Enhanced data intelligence, leveraging standardized electronic advance cargo information and consistent with the WCO Safe Framework of Standards, should underpin secure supply chain solutions to target high-risk cargo; Cargo security should be viewed on a holistic basis incorporating general cargo, express cargo, mail and baggage shipped as cargo, encompassing both freighter and combination aircraft; and Because our members operate in all countries and territories around the world, we are acutely aware that global harmonization of air cargo security procedures is essential, and we urge that best practices be adopted as soon as possible. The strategy of GACAG is based firmly on the regulated agent and known consignor paradigm, relies heavily on this being moved forward by ICAO, supports an inclusive holistic view of air cargo security including all participants in the air cargo supply chain and all modes of air cargo transportation. 4.7 Conclusion The significance of the regulatory changes discussed in this chapter for the Baltic Air Cargo.net initially relates to the fact that each of the proposed changes will in become legal requirements during the period of the research programme. Thus, for air cargo originating in BSR to be accepted as having been subjected to air cargo security controls equivalent to those applied in EU Member States it will be necessary to ensure that the following is performed: Work Package 3.4 Air Cargo Security Release 1.6 Page: 64
Lead Partner Task Leader Project certification of all air cargo stakeholders in BSR utilising standards and methodologies defined under EU legislation ( Regulation EC No 300/2008 and associated implementing regulations as defined in Ch 3; execution of 100% screening if shipments are destined for the USA, and integration of Customs security and targeting procedures and processes with air cargo certification procedures. Work Package 3.4 Air Cargo Security Release 1.6 Page: 65
Lead Partner Task Leader Project 5. Certification of Participants in the Air Cargo Supply Chain 5.1 Introduction Knowledge of business partners and suppliers is a key component in securing the supply chain, and is built into the air cargo and customs air cargo security frameworks. This knowledge is based on a certification or accreditation process carried out by governments, validators approved by governments, and in certain instances by international standards/certification associations. In any discussion of air cargo security certification, it is necessary to review the both the entities that will require to be certified and the alternatives methods of certification that are available. For Baltic Air Cargo,net it is necessary to review the measures and procedures that could be applied to: Air carriers Regulated agents Known consignors Airport air cargo handling firms (legislation as regulated agents) Trucking and warehouse service providers. It is not sufficient to look only at the facilities, assets (vehicles, aircraft, etc) of the above entities, but also at background checks performed on the personnel handling air cargo, in each of the above. In addition to the requirement to undertake certification, it is necessary to review how the certification and associated inspection/audit process can be performed by: Appropriate authorities Third party validators appointed by appropriate authorities (I,,e, EU known consignor validation) International standards/certification associations ( TAPA, ISO, IATA, etc) Chapter 5 will address the above issues by initially reviewing the issues relating to the lack of international standards (to which the Baltic Air Cargo net can make a valuable contribution), and the discussing alternative approaches to security programmes and certification. The final sections of this Chapter will address customs certification and chain of custody verification. Work Package 3.4 Air Cargo Security Release 1.6 Page: 66
Lead Partner Task Leader Project 5.2 International standards and certification challenges Notwithstanding the above developments, a constant challenge and cost for industry is the lack of accepted international standards for air cargo and supply chain security certification and the fact that there is little mutual recognition between the different certification authorities An initial divergence is found between the aviation security authorities (regulated agent & known consignor) and customs authorities (AEO) in Europe. This is however exacerbated by differences in the known consignor and AEO programs implemented by the Member States appropriate authorities (aviation) and customs administrations across the EU. Companies with EU wide operations will find that they are required to apply for both known consignor and AEO certifications which have differing requirements in each EU Member State. They will sometimes be certified by independent 3rd party validators appointed by the appropriate authority in one Member State, or by appropriate authority inspectors in another Member State. And, the customs administration officials that that are in contact with regarding AEO certification will be customs officers, who will require similar but different data during the application process, and will utilise a different inspection and verification approach. This approach in Europe has left the ground wide open for authorities in the US and other States, to claim that there is no one EU aviation or customs certification standard. Therefore, the US and other States are able to claim that companies certified as AEO s in Europe are not considered to have equivalent security measures in place as those certified by the US Customs and Border Protection (CBP) in the US AEO equivalent Customs and Trade Partnership against Terror (C- TPAT) programme. This, notwithstanding that the AEO programme, with emphasis on government certification of each participant in the programme, can be considered to be more comprehensive than the C-TPAT programme. The differences in the world-wide implementation of air cargo known consignor/ trusted trader systems are described in Table 2 below. Table 3 - Differences in the world-wide implementation of air cargo known consignor/trusted trader systems. State Description of Program Creation of Chain of Electronic Comments Program and status Participants Facility Custody Compliance Security Plans Monitoring tools US Certified Cargo Shippers, Electronic [Documentation Not provided Basis is that Screening Program IAC s, application not required] /required 100% of all (CCSP) Launched in Screening process no (screening cargo coming 2008, mandatory Facilities formal facility can only form certified since August 2010 - requirement for be one stop facilities has more than 1000 full facility removed from been inspected or participants security plans airport) screened Work Package 3.4 Air Cargo Security Release 1.6 Page: 67
Lead Partner Task Leader Project State Description of Program Creation of Chain of Electronic Comments Program and status Participants Facility Custody Compliance Security Plans Monitoring tools Canada Trusted Shipper Shippers Will be [Documentation Not provided program being required not required] /required evaluated EU Known Consignor Shippers Required in [Documentation Not provided 3 rd party programme in place (Consignors) certain EU not required] /required validation of all EU Member Member States participants re- States must ( e.g. validation every implement by 2013 Switzerland) - 3 years (in UK (currently operational most rely on and Ireland once in UK, France, check-list in 12 months) Ireland, Netherlands competed by and Switzerland) the 3 rd Party validator /auditor Australia Certified Known Shippers Will be Under Not provided Shipper program in required consderation in /required advanced planning conjunction with phase AACA logistcs service provider certification 5.3 Certification alternatives Two key 14 alternatives would be available to participants in the Baltic Air Cargo net project: 1. Certification by each of the relevant appropriate authorities in each State utilizing the paperwork ( Security plan templates currently available); or 2. Preparing a generic Baltic Air Cargo.net security programme, The goal of this generic program would be to initially provide one security programme template for all Baltic Sea Region air cargo stakeholders air carriers, regulated agents, known consignors, airport cargo handling service providers and logistics services providers. 14 As a secondary goal, the generic security programme would attempt ( in one BSR State, to integrate the requirements of air cargo and customs (AEO) security certification Work Package 3.4 Air Cargo Security Release 1.6 Page: 68
Lead Partner Task Leader Project Option 1 will reduce the burden on the project but will increase the burden on industry and limit the benefits generated from the project for BSR Should the Baltic Air Cargo.net consortium wish to move down the generic security programme route it will be necessary to meet with appropriate authorities in BSR countries (aviation and air cargo security) to understand the implementation schedule for regulatory initiatives in BSR and to obtain agreement that the measures being evaluated in the project will be acceptable. 5.4 Generic Security Programmes The vast majority of certification programs rely on the creation of a security programme or plan by the regulated entity, the submission of the plan to the relevant authority, and the auditing of the applicant by the certification authority. All security programmes have similar basic constructs. Although the requirements of security programmes for regulated agents, known consignors and the providers of logistics services are different in certain details, it is possible and beneficial to develop a generic security programme that will be utilised by all air cargo stakeholders participating in the Baltic Air Cargo.ner project. In the following discussion of the components of air cargo security programmes, we have used as an example the format of a security programme for a regulated agent /known consignor operating in the EU, and a generic program for third party logistics services providers. 5.4.1 Objectives of a generic security programme approach In Table 4 a number of the objectives of a generic security program have been extracted from the requirements of the security programmes for regulated agents in the EU. Similar requirements exist for all additional regulated parties. Table 4 - -Objectives of a Generic Security Programme Purpose (EU Specific) The Security Programme applies to all operating sites and complies with the standard set forth in Regulation 2320/2002 and subsequent implementing Regulation 820/2008 and Decision 4333/2008 and applicable National Legislations. The security program is intended to prevent or deter the unauthorized introduction of prohibited articles as listed in Regulation 2320/2002 into cargo to be carried by air. Applicability This security program applies any property to be transported by air for commercial gain by air carrier. All cargo, courier and express parcels intended to be carried on passenger or all-cargo aircraft will be subjected to the security controls detailed hereunder before being placed on board the aircraft. Cargo, courier and express parcels will be subject to the security controls detailed hereafter and in the Annex of Regulation 2320/2002. Such controls will be carried out in accordance with the National Aviation Security Program. Work Package 3.4 Air Cargo Security Release 1.6 Page: 69
Lead Partner Task Leader Project Regulatory Provisions and National Aviation Security Programme ( EU Specific) The EU Regulation 2320/2002 and its implementing regulations are the foundations for security measures contained in the National Aviation Security Programs (NASP) of all EU Member States. The National Aviation Security Program thus by default includes the binding EU requirements. The National provisions of the NASP may provide additional implementation details in order to meet the requirements of the objectives of the applicable EU Regulation. The Regulated Agent will note that the EU regulatory provisions are binding the Member States and the Regulated Agent and any other party subject of the scope of the Regulations, 20 days following the publication of such regulation in the European Communities Official Journal. This Program includes the regulatory provisions set forth in the Regulation 2320/2002, 820/2008, 4333/2008 and guidelines for proper implementation of those security standards. In addition to the EU Regulation 2320/2002, the following legislative acts are applicable: Commission Decision 3031/2001on handling of security sensitive information Regulation 1217/2003 on National Quality Control Program, powers of National Appropriate Authority and obligations for conduct of compliance monitoring on National Level. Regulation 1486/2003 on preparation and conduct of the Commission Inspections. National Acts under which the Appropriate Authority is established National Act which establishes and adopts the National Aviation Security Program as mandated by Article 5 of Regulation 2320/2002 National Act which establishes and adopts the National Aviation Security Quality Control Program to ensure proper implementation of the National Aviation Security Program, which is based on the provisions of the EU regulation 2320/2002. The regulated entity, will in addition to the EU requirements when undertaking cargo consignments which are intended to be carried by air on a US bound flight or transit via any US ports, will observe the additional requirements set forth in the Section 21 of this program. Inspections by National Appropriate Authority and European Commission The regulated entity will recognize that regardless if an entity is regulated or not, the commercial entity is subject of the regulatory provisions set in the Member States National Aviation Security Program (NASP) based on the mandatory requirements contained in the EU Regulation 2320/2002, 622/2003, 1138/2004 and other applicable EU regulations. The EU Regulation 2320/2002 and 1217/2003 requires that in each Member State an appropriate authority is designated to ensure implementation of the NASP and to undertake quality control of the implementation. Each Regulated Agent is therefore subject to compliance monitoring by the designated appropriate authority. Additionally, the regulated entity is subject to inspections by the European Commission as mandated by the EU Regulation 2320/2002 and 1486/2003. The inspections undertaken by the European Commission are unannounced. The regulated entity will Work Package 3.4 Air Cargo Security Release 1.6 Page: 70
Lead Partner Task Leader Project submit to such inspection by both National and European bodies and make available all records and staff as required. 5.4.2 Abbreviated table of contents for a regulated agent/known consignor security programme The standard table of contents in a regulated agent security programme are listed in Table 5. [In the following example where these are specific to regulated agents the abbreviation [RA] has been added] Table 5 - Abbreviated table of contents Regulated agent security programme 1. Purpose, applicability, definitions and abbreviations 2. Organisation, qualification and obligations of the regulated party 3. Cargo acceptance general requirements 4. Security controls 5. Access control to cargo and facility security 6. (Account) Consignor qualification and acceptance of cargo all aircraft [RA] 7. (Account) Consignor qualification and acceptance of cargo cargo aircraft [RA] 8. Cargo accepted from another regulated agent [RA] 9. Cargo accepted from an air carrier [RA] 10. Transfer of cargo to a passenger aircraft and other regulated agent [RA] 11. Ground movement of cargo 12. Annual re-validation of security programme 13. Recordkeeping requirements and Security Incident Reporting 14. Training of staff 15. Notification procedures 16. Inspections by the National Authority and the European Commission 17. Internal quality control 18. Annexes and declarations Work Package 3.4 Air Cargo Security Release 1.6 Page: 71
Lead Partner Task Leader Project 5.4.3 Abbreviated table of contents for a logistics/road transport security programme An example of a table of contents for a logistics/road transport security programme would be as follows: Table 6 - Abbreviated table of contents Logistics/road transport security programme 1. The Business 2. Personnel Security 3. Security Awareness 4. Access Control 5. Information Security 6. Cargo Acceptance 7. Ground Transportation and delivery 8. Security Incident Reporting 9. Annexes and Declarations 5.4.4 Comparison of security programme elements for multiple stakeholders [Drafting Note: To be developed in a future release of this document, after content approved by consortium] 5.4.5 High level design of a generic security program for BSR [Drafting Note: To be developed in a future release of this document, after content approved by consortium] Work Package 3.4 Air Cargo Security Release 1.6 Page: 72
Lead Partner Task Leader Project 5.5 Government certification authorities The alternatives available to Baltic Air Cargo,net with respect to the certification authorities that could be utilised to certify participants are either appropriate authorirties; third party validators appointed by appropriate authorities; or international standards/certification associations. 5.5.1 Appropriate authorities The appropriate authoritiy in each EU Member State is generally the Civil Aviation Authority in the Member State. In the majority of EU Member States the appropriate authority employs the air cargo inspectors responsible for the certification and inspection of regulated agents. In some Member States, this authority is held by the Ministry of Transport, which has delegated the task to another Government body. I i.e. Germany) Should the Baltic Air Cargo,net consortium decide to make use of existing EU certification mechanisms, these would be operated by appropriate authorities. In the BSR non-eu States, the responsibility for air cargo security will also be in the hands of employees of the Civil Aviation Authority, but there will most probably not be any formal mechanism in place for the certification of regulated agents [Drafting Note: This must be verified] 5.5.2 Third party validators The appropriate authorities in each EU Member State have been provided with the authority ( via legislation ) to appoint and monitor the actions of independent validatiors. However the establishment of a validation programme for known consignors utilising independent validators, requires knowledge of commercial procedures and issues not readily available to appropriate authorities. Many member States are finding difficulties in establishing the legal and operational mechanisms required to select, authorise, train and monitor organisations and/or individuals to operate as independent validators. The processes under which known consignors apply to and pay fees to independent validators, are new and unfamiliar. Establishing a tender to obtain commercial proposals from candidate validation firms is not trivial, especially where there is no accurate method of estimating the number of known consignor applicants, validations are performed once every five years, and the fees rates which would encourage consignors to be certified are unknown. Member State appropriate authorities are challenged to oversee the operations of the regulated agents subject to government certification and inspection. Experience in Member States with known consignor validation programmes indicates that launching and monitoring quality standards for independent validators has introduced new levels of complexity into the work-load of appropriate authority inspectors. Claims of conflict of interest have been raised when firms appointed as independent validators are also air cargo industry stakeholders. And, in smaller smaller countries, it is not clear that there is an economic justification for establishing a stand- alone validation programme. The set-up Work Package 3.4 Air Cargo Security Release 1.6 Page: 73
Lead Partner Task Leader Project costs and operational costs for both the appropriate authority, and any commercial validation organisation, may not be justified by the fees earned from validating 50-100 known consignors once every 5 years. The Baltic Air Cargo.net consortium could elect to evaluate the operation of a pilot independent validator project to certify and inspect the air cargo security stakeholders in BSR. As the Baltic Air Cargo.net project will operate in more than one State, this could be a pioneering move indicating cross-border EU cooperation and involving the certification of stakeholders also in third-countries ( non-bsr EU Member States) 5.6 Business certification/standards associations The business security certifications are standards, guidelines and recommendations issued by private stakeholders, non-governmental organizations, coalitions or non-profit organizations in which industries from different sectors participate to share and benchmark their security practices. Examples are the TAPA EMEA and the ISO certifications. 5.6.1 Transported Assets Protection Association (TAPA EMEA). TAPA EMEA is a voluntary security association started in Europe in May 1999 to create a network of secure transports and terminals to protect industries moving high value cargo from theft. The most relevant certifications from TAPA EMEA 15 are the Freight Security Requirements, FSR, and the Trucking Security Requirements, TSR:Fehler! Textmarke nicht definiert. The Freight Security Requirements (FSR). Standards included in this certification aim to ensure safety and security of in-transit storage and warehousing assets. The FSR uses three different levels of security, from A (highest) to C (lowest). Each of the security level may be recognized by implementing a specific set of security routines and technologies. The levels A and B are certified by an independent third party, using a scoring matrix. The Trucking Security Requirements (TSR). This certification includes standards for road cargo operators and should be seen as a complementary program to the FSR. The TSR uses three different levels, from A (highest) to C (lowest). Also in this case different combinations of security routines and technologies give compliance to diverse security levels. All the three levels of security are self assessed using a scoring matrix available to TAPA members. 5.6.2 International Organization for Standardization (ISO). To enable the application of security systems and the harmonization of operations among players in supply chains, security standards become a key element. These are being defined by the 15 TAPA EMEA, (2009), TAPA EMEA Transported Assets Protection Association, http://www.tapaemea.com/public/, accessed May 2009. Work Package 3.4 Air Cargo Security Release 1.6 Page: 74
Lead Partner Task Leader Project International Organization for Standardization (ISO). Some of these are, in chronological order, the following: 16 The ISO/PAS 20858:2004 provides guidelines to assess security of maritime port facilities. By the establishment of a framework, the ISO certification guarantees that the requirements of the ISPS Code are followed by the entitled ports. This standard also requires that a Port Facility Security Plan (PFSP) is draft by the competent authority. It is also specified how to document the processes to perform security assessment and how to record it to allow independent verification by a qualified agency. The ISO/PAS 28000:2005 handles the specifications for security management systems for the supply chain. The specifications comprise requirements about critical aspects of the supply chain within the areas of financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations. The ISO/PAS 28000:2005 can be applied to organizations of different sizes and type of business (manufacturing, service, storage or transportation). Its main scope is to establish, implement, maintain and improve a security management system and ensure compliance with security policies. The ISO/PAS 17712:2006 concerns mechanical freight container seals (high security seals) and their classification and approval by means of specific uniform procedures. The same document provides with a comprehensive list of approved mechanical seals for securing freight containers in international commerce. The ISO 28001:2006 gives further specifications on best practices for implementing supply chain security. ISO 18185:2006/2006. Five documents belong to this ISO and have been emitted in the years 2006 and 2007. These documents specify in order the following parts: Communication Protocol. Radio communication providing seal identification and communication to identify when a container has been opened. Application Requirements. A system for freight container seal identification system is specified together with its accuracy of use. Environmental Characteristics. Environmental requirements and their feasibility with existing ISO 10374 (Freight Containers Radio Frequency auto-id, RFID) and ISO 17363 (Supply chain applications on RFID) are described here. It is expected that the standards in the ISO 18185 correspond to the existing international standards for freight containers RF identification and supply chain applications on RFID. Data Protection. The data transmitted between tags and readers must respond to specific capabilities. These include the accessibility, confidentiality, data integrity, authentication and non-repudiation of stored data. Physical Layer. This last part concerns the air interface between the electronic seals and the RFID readers. It is expected that the standards used here correspond to existing international standards and will be able to use the same infrastructure. 16 ISO, (2008), International Organization for Standardization (ISO) International Standards for Business, Governments and Society, http://www.iso.org/iso/pressrelease.htm?refid=ref1086, April 2008. Work Package 3.4 Air Cargo Security Release 1.6 Page: 75
Lead Partner Task Leader Project 5.7 Customs (AEO) certification As discussed in Chapter 4 above, industry and ICAO are promoting the convergence of air cargo and customs certification requirements. As of now, there is no EU Member State that has made practical steps in this direction. The Authorized Economic Operator (AEO) is a concept integrated in the SAFE framework of standards designed by the World Customs Organization (WCO) to disseminate around the world the security requirements issued in the US and to facilitate global trade. 17 Hence, the scope of the AEO initiative is to detect high-risk cargo as early as possible in the supply chain and in a resourceefficient way. 18 The AEO interpretation of end-to-end supply chains includes manufacturers, exporters, freight forwarders, warehouse keepers, customs agents, carriers and importers (Figure 3). Figure 3: End-to-end supply chain. 19 To categorize the economic operators joining the AEO, Customs assesses the operators administrative organization and its internal control system, including business processes, procedures, measures taken to reduce fiscal and non fiscal risks, etc. 19 Existing relevant standards for safety and security are taken into account and recognized by the AEO as compatible (i.e., ISO 9001, 14001, 20858, 28000, 28001, 28004 and the ISPS code). More specifically, to gain the AEO certification, organizations have to comply with a set of four main criteria: 17,19 1. Appropriate Record of compliance with Customs requirements. Prospective members have to furnish a listing of information to the Customs authority. This information includes the volume of business (annual turnover, profits and losses, stock capacity, etc.) and statistics on Customs matters (tariff classification, % of import duties, % of VAT, origin of goods, Customs VAT value, etc.); 2. Appropriate Record-Keeping. Operators are required to maintain and store import and export operations in an accurate, complete, timely and verifiable manner. In addition, information has to be carefully protected (i.e., by continuous data back-up and recovery). This is necessary to allow easy and appropriate Customs controls of fiscal and non-fiscal irregularities as well as keep track of other committed infringements over the last 3 years; 17 CP3 Group (2006), AEO Guidelines, http://www.cp3group.com/attachments/aeo%20guidelines.pdf, 2006. 18 CP3 Group (2005), Benefits from implementation of the WCO framework of Standards to Secure and Facilitate Global Trade, http://www.cp3group.com/attachments/wco_benefits.pdf, April 2005. 19 EU Commission (2007), Authorized Economic Operators GUIDELINES, TAXUD/2006/1450 (accessed 29 June 2007). Work Package 3.4 Air Cargo Security Release 1.6 Page: 76
Lead Partner Task Leader Project 3. Proven Financial Solvency. Financial solvency for the past three years has to be proven. This is necessary in order to ensure the commitments of operators applying to the certification; and 4. Security and Safety Standards. The operators have to show a high level of awareness on security and safety measures. A self assessment to identify risks and threats and measures in place may be performed by the operators. Recommendations about 1) physical security of buildings (including entry and access), cargo units, 2) procedures for incoming goods, 3) storage production and loading of goods, 4) personnel security, 5) security requirements imposed on business partners and policies about the hiring of external security services, are provided in the AEO guidelines. Finally, the supply chain companies that are AEO granted can be further classified into three categories depending on what AEO criteria are fulfilled and what benefits are earned: 19 1. AEO-C (Customs Simplifications). This certificate is given to operators that fulfil the criteria of customs compliance, appropriate record-keeping and financial solvency. The benefits of this certificate are easier admittance to customs simplifications (Customs authorities don t need to re-examine the conditions examined when granting the AEO status), fewer physical and document controls, priority treatment and the possibility to choose the place for control. 2. AEO-S (Security and Safety). To obtain this certification, the operators have to show that they are able to maintain appropriate safety and security standards. Benefits of this certification include prior notification of inspection (Customs may notify the AEOS operator when the cargo has been selected for further physical control), a reduced data set for summary declarations, fewer physical and document based controls, and the possibility to request a specific place for the control. 3. AEO-F (Customs Simplifications/Security and Safety). To obtain this status operators are requested to fulfill the criteria for customs compliance, appropriate record keeping, and financial solvency, and maintain proper security and safety standards. The benefits will be all those related to AEO customs simplification and AEO security and safety certifications. There is however an opportunity for the Baltic Air Cargo.net consortium to approach one of the BRS states and propose a pilot certification programme that would enable project participants to be certified both as air cargo and customs programme participants. Again, such an initiative on the part of the consortium would require agreement with the Customs Administration in participating States. [Drafting Note: information on the number of AEO certified companies in each EU Member State in BSR should be included] 5.8 Employee background Checks One of the key requirements of all air cargo security programmes is the provision of background checks on employees. Most of the participants in the air cargo supply chain, either perform this activity using internal resources, or contract this activity to an eternal service provider, Work Package 3.4 Air Cargo Security Release 1.6 Page: 77
Lead Partner Task Leader Project There would be appear to be an opportunity for the Baltic Air Cargo.net consortium to examine the alternatives that are available and to determine if a link could be established to a centralized source of employee information [Drafting Note: To be expanded in a future release of the Document] 5.9 Conclusion The certification of air cargo stakeholders participating in the Baltic Air Cargo.net will be a key requirement, bit in terms of mutual recognition of air cargo security measures, and also in ensuring that BSR states are able to participate fully in the international air cargo market-place without disadvantage due to unacceptable security standards. In addition to adopting a Baltic Air Cargo.net strategy for stakeholder certification and audit, it will be appropriate to determine if it would be possible to demonstrate a generic standard for air cargo security certification acceptable in the jurisdictions defined in Table 3 above (air cargo) and also integrate this with the Cargo Administration (AEO) requirements in one BSR State. Baltic Air Cargo.net should consider the implementation of a certification strategy based on the utilisation of one or more independent validators, as this is becoming the standard for supply chain certifications world-wide. As an alternative to working with one or more independent validators, the Baltic Air Cargo.net consortium could approach one of the business certification/standards associations defined above, to propose a pilot accreditation program utilising the certification methodology and approach of these authorities. Work Package 3.4 Air Cargo Security Release 1.6 Page: 78
Lead Partner Task Leader Project 6. Screening of air cargo 6.1 Introduction Each of the initiatives discussed in Chapter 4 the Evolving Air Cargo Regulatory Environment, supports what has been described in the strategy of GACAG as Protocols for transferred cargo should take into account screening that was performed prior to the original flight. These requirements must be added to the proposal to follow the international standard set by the World Customs Organization on advance cargo information to facilitate risk-assessment. Cargo screening can include the physical examination of the cargo to determine that the shipment contains the materials described in the airway-bill and that no illegal substances have been introduced into the shipment, and can also refer to the transmission of shipment data to IT systems that will review the shipment details, origin, destination, route, contents, etc to identify potentially suspicious shipments. 6.2 Physical examination (screening) of air cargo shipments Although out-with the scope of the Baltic Air Cargo.net project, this activity is already being performed on air cargo shipments, and as discussed in Chapter 4 above, additional physical screening of shipments will be required over time. 6.3 Electronic screening of shipment information Customs entry and exit summary declarations have been introduced in Europe already in July 2009 on a voluntary basis. In principle operators moving goods from and to Europe could provide information about the goods entering or leaving the Community customs territory in advance. In particular, the operators that had the possibility to exchange information with Member States administration had the possibility to send the data electronically.20 From the 1st of January 2011, the advance declaration has become compulsory for traders and the requested security data have to be sent to Customs before the arrival of the goods on the EU customs territory. In case the Entry/Exit summary declaration (ENS) is not sent in advance, operators have to immediately declare the goods on arrival at the border. This will however delay the procedures for customs clearance that will have to wait for the results of the risk analysis for safety and security purposes.20 20 European Customs Information Portal (2011), Security Amendment to the Customs code, http://ec.europa.eu/ecip/security_amendment/index_en.htm (20 Jan 2011) Work Package 3.4 Air Cargo Security Release 1.6 Page: 79
Lead Partner Task Leader Project The data that is required by the Customs include the number of items, names of consignor and consignee, goods description, types of packages, etc. According to the legislation, the time to submit the entry or exit summary declaration to the Customs varies from 1 hour to 24 hours, depending on the mode of transport used, shipment origin, shipment length, as well as the typology of the cargo. 21 As a result of the EU ecustoms programme, operators have also the possibility to communicate electronically the security data to the Customs (Entry or Exit summary declarations, ENS). This is possible after the development of Import and Export Control Systems (respectively ICS and ECS) that allow the Customs to exchange information with logistics or transport operators. Technical specifications for traders to comply with the requirements for ICS and ECS are available on the European Customs Information portal. 22 6.4 Chain of custody validations The highest level of risk associated with air cargo shipments occur at the point where cargo is being handed-over from one mode of transit to another i.e. Manufacturer to logistics service provider ( road transport) ; logistics service provider to regulated agent; regulated agent to air carrier, etc. Although the majority of such risks tend to relate to theft, these are also the points in the air cargo supply chain where illegal items can be introduced into the supply chain and/or legitimate packages replaced/exchanged for illegal items. 6.5 Conclusion A large number of the air cargo shipments originating from within or being transshipped across BSR States will be subject to both physical screening and to the requirement to submit data relating to the shipment to customs authorities. The Baltic Air Cargo.net consortium could elect to validate a shipment chain of custody approach utilizing low-cost IT and devices such as cell phones to verify that the shipment is being received from a regulated party and that the driver handing-over or receiving the shipment is a bona fide employee of the regulated party. The Baltic Air Cargo.net project consortium must review the above mentioned developments and include in the IT support provided for air cargo security in BSR, the ability to transmit shipment information to customs administrations, to act upon information received back from customs 21 Tullverket (2011), Entry and Exit Summary Declarations, http://www.tullverket.se/en/startpage/keywordsaz/az/entryandexitsummarydeclarations/entrysummarydeclaratio n.4.735e3ebf11b045e6ea280001931.html (20 Jan 2011) 22 European Customs Information Portal (2011b), About the first phase of the European Customs Information Portal, http://ec.europa.eu/ecip/index_en.htm (20 Jan 2011) Work Package 3.4 Air Cargo Security Release 1.6 Page: 80
Lead Partner Task Leader Project administrations relating to individual shipments (load/ no load instructions) and the ability to identify shipments that have or have not been subject to physical screening. Work Package 3.4 Air Cargo Security Release 1.6 Page: 81
Lead Partner Task Leader Project 7. BSR air cargo security awareness and Incident reporting 7.1 Introduction To ensure the security of the supply chain, to disrupt criminal operations against the air cargo supply chain, and to maintain compliance with EU air cargo security legislation, it will be necessary to: raise security awareness amongst participants in the Baltic Air cargo.net; and, capture information on evolving threats though a automated BSR air cargo security incident reporting system Security awareness is often described using the term aviation security training. However the term training implies that this is a one off or relatively infrequent activity. With the ever changing air cargo security environment, and the requirement to address ever changing air cargo security threats, it is essential that this be converted into an on-going activity, integrated with the operational tasks of the air cargo industry. Once training is replaced by the concept of security awareness, the need for a security incident reporting mechanism becomes crucial, as this, together with information from external security and police authorities will provide additional and essential inputs into the awareness building process. 7.2 Security awareness building and training Awareness building should cover all elements in the air cargo supply chain. Inadequate training of personnel and business partners is often considered as a bottleneck in supply chain security management. Proper training programs and tools should help personnel to focus their attention to the most relevant aspects. This can include also further development in Good practice guidebook(s) for supply chain security. Integration of awareness building and training materials into the operational procedures of firms is essential to ensure that operators are aware of current and changing security procedures and threats in real time. By so doing it will be possible to replace the current situation where out-of-date formal security plans or programmes, created solely for the purpose of achieving security certification, are held on file in case of a visit by the certification authority, and are not integrated into the active knowledge base of supply chain operators. Awareness building and training should address both internal and external materials. Internal integration requirements will relate to incident and threat reporting. The awareness building and training scenario will require to be integrated with external sources of security awareness and training materials and with the providers of security training products and services. Work Package 3.4 Air Cargo Security Release 1.6 Page: 82
Lead Partner Task Leader Project 7.3 Security incident reporting The rapid and timely collection and secure distribution of (and acting on) supply chain security (and crime) incident data is an essential component of any supply chain security effort. Establishing a wide network (or footprint) to capture this data will provide essential intelligence required to secure the supply chain. The incident data must be seen as secure, confidential and trustworthy. The challenge in this relates to how the information can be obtained, analysed and distributed, and the level of data that can be obtained. Furthermore, the benefit to the supply chain from only collecting user information from supply chain operators (drivers, cargo handlers, etc) will be much reduced if this information cannot be aggregated with, and added to, supply chain crime information that is being obtained (also on a real time basis) by EU and overseas agencies involved in mitigating supply chain disruption (police, customs etc). The incident reporting module should address both internal and external sources of information. Internal integration requirements will relate to incident and threat reporting, transport security, and provide input to awareness and training. With respect to external integration, the crime incident reporting scenario will require to be integrated with EU Customs advanced information system; police and intelligence threat/risk data 7.4 Conclusion The operation of a security awareness building and incident reporting within the Baltic Air Cargo.net is out with the scope of the project. However it is worthy of the consideration of the Baltic Air Cargo.net consortium to include the provision of IT support for both security awareness building and incident reporting, as elements of the air cargo security proposition. Work Package 3.4 Air Cargo Security Release 1.6 Page: 83
Lead Partner Task Leader Project Work Package 3.4 Air Cargo Security Release 1.6 Page: 84
Lead Partner Task Leader Project Appendix I Air Cargo Security Definitions 1. Accompanied Commercial Courier Consignments Cargo associated with a passenger who receives specific compensation to accompany it, when tendered by (i) an Regulated Agent Carrier within the United States or (ii) a regulated agent or IATA-registered agent outside of the United States. 2. Agent For purposes of this security program, a contractor, or other person engaged to perform specific services for or on behalf of the indirect air carrier with the indirect air carrier s authorization and consent. 3. Air Cargo Property of 250 grams or greater in weight, tendered for air transportation, including unaccompanied baggage, accounted for on an air waybill. All accompanied commercial courier consignments, whether or not accounted for on an air waybill, are also classified as cargo. Mail, protected diplomatic pouches and aircraft operator company material (COMAT) are not considered cargo under this section. 4. Aircraft Operator An air carrier licensed in accordance with EC Regulation 2407/92 and conducting transportation of passengers and cargo. 5. All-Cargo Aircraft Operator An air carrier licensed in accordance with EC Regulation 2407/92 and conducting transportation of cargo. 6. All-Cargo Operation Any operation for compensation or hire that is other than a passengercarrying operation. 7. Appropriate Authority The designated will mean the national authority designated by a Member State pursuant to Article 5(2) of the Regulation (EC) No 2320/2002 to be responsible for the co-ordination and monitoring of the implementation of its national civil aviation security program. 8. Regulated Agent ": An agent, freight forwarder or other entity who conducts business with an operator and provides security controls that are accepted or required by the appropriate authority in respect of cargo, courier and express parcels or mail. 9. Known Consignor "Known Consignor": For Cargo: The originator of property for transportation by air for his own account and who has established business with a regulated agent or air carrier on the basis of criteria detailed in this Annex. For Mail: The originator of mail for transportation by air for his own account and who has established business with a regulated postal authority/administration. 10. Known Cargo -Cargo received from a known consignor (according to the criteria from 6.4 or 6.5 of EU Regulation 2320/2002) either by the regulated agent or by the aircraft operator may only be classified as known cargo provided the regulated agent and/or aircraft operator verified that he is in possession of the known consignor s signed security declaration certifying that all cargo sent for carriage by air as known cargo has been prepared and transported in Work Package 3.4 Air Cargo Security Release 1.6 Page: 85
Lead Partner Task Leader Project accordance with the security measures described in the National Aviation Security Program (NASP). 11. Mail: Dispatches of correspondence and other objects tendered by and intended for delivery to postal administrations. A postal authority/administration is defined by Member States. 12. Station Any office or facility owned and operated by an RA or its agent or contractor that is located within the EU and out of which business is conducted and where company records are maintained or are available for inspection by the Member States appropriate authority and European Commission. 13. Unknown Consignor A shipper that does not meet the requirements of a known consignor. 14. Unknown Cargo - Cargo received from an unknown consignor and/or unregulated agent or any cargo which has not been protected against unauthorized interference at all times will be considered as unknown cargo and subject to screening prior loading onto an aircraft. At all times unaccompanied baggage, personal effects will be considered as unknown cargo and subjected to screening prior loading onto an aircraft. Any cargo delivered by an agent who has been withdrawn from the CAA list of regulated agents will be considered as unknown cargo and subjected to screening prior loading onto an aircraft. 15. Undertaking - means any natural person, any legal person, whether profit-making or not, or any official body whether having its own legal personality or not. Work Package 3.4 Air Cargo Security Release 1.6 Page: 86
Lead Partner Task Leader Project Appendix II Air Cargo Security Abbreviations AA AVSEC AWB CAA COMAT CSRA EA Appropriate Authorities, will mean the national authority designated by a Member State pursuant to Article 5(2) of the Regulation (EC) No 2320/2002 to be responsible for the coordination and monitoring of the implementation of its national civil aviation security program. Aviation Security Air Waybill Civil Aviation Authorities (CAA) or Directorate General for Civil Aviation (DGAC) Company Material Critical part of security restricted area Emergency Amendment ID IED KC LEO MAWB RA Identification card Improvised Explosive Device Known Consignor Law Enforcement Officer Master Air waybill Regulated Agent: An agent, freight forwarder or other entity who conducts business with an operator and provides security controls that are accepted or required by the appropriate authority in respect of cargo, Courier and express parcels or mail. SD SSE SSI SRA TREN ULD URA Security Directive Shipper s Security Endorsement Sensitive Security Information Security restricted area European Commission Directorate charged with transportation security in the EU Unit Load Device Un Regulated Agent, agent or freight forwarder or other entity that conducts business with an operator but is not accepted or recognized by the appropriate authority in respect handling of cargo, courier and express parcels or mail. Work Package 3.4 Air Cargo Security Release 1.6 Page: 87
Lead Partner Task Leader Project Appendix III EU action plan to strengthen air cargo security EU DOCUMENT - IP/10/1651 BRUSSELS, 2 DECEMBER 2010 A EUROPEAN ACTION PLAN TO STRENGTHEN AIR CARGO SECURITY Vice-President Siim Kallas and Commissioner Cecilia Malmström present today at the Transport Council and Home Affairs Council, as agreed with the Belgian Presidency, a European action plan to strengthen air cargo security. The action plan is a response to the recent discovery of explosive devices concealed in air cargo originating from Yemen. The action plan will allow the emergency security measures put in place by several EU Member States to be replaced by a joint EU approach to address the new threat caused to civil aviation. The transport Commissioner, Siim Kallas, said: "Security standards at European airports are widely acknowledged as being amongst the highest in the world. Our legislation already sets out stringent standards for air cargo security, but the threat is evolving and we must keep our defences under constant review. That is why we convened rapidly a high-level group involving Commission and Presidency to draw up a joint set of EU actions to address the new threat within a short timeframe. I call on the Council to endorse the action plan." The Commissioner for Home Affairs, Ms Cecilia Malmström, added that "to ensure an adequate response to terrorist threats a more streamlined cooperation and coordination between the transport and justice and home affairs sector must be developed at EU level. This challenge is of crucial importance to aviation security but goes far beyond this specific threat. In its recent communication on the EU Internal Strategy in Action, the Commission has set out its broader reflections on how the EU should respond in order to improve common EU risk assessments, increase transport security and enhance resilience." The measures proposed The high-level group argues for a holistic approach to strengthen air cargo security, by following a series of strategies simultaneously. 1. New harmonised EU cargo and mail security controls - The Commission will reconvene the air cargo working group - Member State and industry experts who have previously provided significant and valuable input into all EU cargo provisions to advise on all necessary regime changes. Work Package 3.4 Air Cargo Security Release 1.6 Page: 88
Lead Partner Task Leader Project - Working with this group, the Commission will bring forward new measures in relation to cargo originating from non-eu countries. The proposals will also draw on experience gained in the customs sector, using a risk-based approach and requiring more advance information about shipments. - Criteria to identify cargo presenting a particular risk will be defined as well as a mechanism to allow for the evaluation of security standards of airports outside of the EU. Specific commitments on consignment security will be sought from EU carriers operating from non-eu countries. The Commission is ready to quickly organise a joint EU mission to Yemen to assess the specific risk situation. - Member States will be encouraged to implement as soon as possible, the additional requirements for EU known consignor validation, which has to be fully implemented in any case by April 2013. - Consideration will be given to the development of standardised training packages, to ensure harmonised understanding of the EU rules. - Research will be conducted in order to enhance existing screening methods and technologies for cargo and develop new possibilities. - The EU inspection regime will be expanded to ensure that the agreed security controls are properly implemented on the ground. Member States will also be strongly encouraged to give greater priority to air cargo in their national inspection programmes. 2. EU coordination - It is vital that information about incidents, new threats and emergency measures is shared as quickly as possible, so that new threats and risks can be tackled immediately. Steps will be taken to establish, facilitate and strengthen such information flows. - A common all-source EU threat assessment capability will also be developed, with input from all relevant agencies at Member State and EU level. On this basis, the Commission will produce aviation security risk assessments on a regular basis. Member States committed themselves to produce their own national assessments and inform systematically Europol and Eurojust of all serious incidents. 3. Global approach Cargo and mail is by its nature a global business. The sound implementation of a cargo security regime requires a global approach. - information sharing via the International Civil Aviation Organization (ICAO) should be strengthened. - the latest revision to the ICAO Convention Annex 17, which enhances cargo security rules, should be swiftly implemented by ICAO contracting states; adequate guidance should be developed and provided to help implement its standards and recommended practices. - ICAO audits and capacity-building initiatives should be used as primary tools to strengthen aviation security, including cargo supply chains in non-eu Work Package 3.4 Air Cargo Security Release 1.6 Page: 89
Lead Partner Task Leader Project countries. The EU should play an active role in these activities as such actions will not only improve the security in non-eu countries but will also vastly benefit global trade. The members of the high-level group are confident that this coordinated and multilayered approach will provide the strongest defence against possible future terrorist attacks. The report and action plan on enhancing aviation security were discussed today by both the Council of Transport Ministers and the Council of Home Affairs Ministers. Work Package 3.4 Air Cargo Security Release 1.6 Page: 90
Lead Partner Task Leader Project Appendix IV TSA 100% Screening Communication January 14, 2011 Message to the Air Freight Forwarding / Global Shipping Community The Implementing Recommendations of the 9/11 Act of 2007 (9/11 Act) required the Transportation Security Administration (TSA) to develop a system to screen 100% of all cargo transported on passenger aircraft to provide a level of security commensurate with the level of security for passenger checked baggage no later than August 3, 2010. With the help of airlines, and through the Certified Cargo Screening Program, TSA successfully completed the mission for cargo loaded on passenger aircraft inside the United States. Due to the complex challenges of screening international inbound cargo, Assistant Administrator John Sammon testified before Congress in June 2010 that cargo moving into the United States would be screened at 100% no later than 2013. Recent global events have proven that there is a compelling need to attain the 100% goal sooner than originally suggested. Today, TSA proposed updated air carrier standard security programs to passenger airlines that would require the air cargo industry to screen 100% of the cargo that is uplifted on passenger aircraft bound for the United States by December 31, 2011. Carriers will have 30-45 days to comment on the new 100% screening requirement, and TSA will review and evaluate the industry comments prior to finalizing and making the requirement effective. TSA established increased screening percentages for airlines in May 2010. Most carriers established new acceptance procedures for cargo from forwarders and dramatically increased screening percentages as a result. TSA is pursuing this latest proposed change after reviewing the data provided by industry which indicates that air carriers are currently screening a high percentage overall of cargo inbound to the Work Package 3.4 Air Cargo Security Release 1.6 Page: 91
Lead Partner Task Leader Project United States. Many air carriers, including a high number of wide-body operators, are already at or close to 100% screening of air cargo inbound to the United States. As air carriers increase their screening percentages, they may require operational changes for shipments tendered at non-u.s. locations. TSA recommends that shippers communicate with their supply chain partners as soon as possible to understand the potential impact that 100% screening of inbound air cargo may have on their supply chain. Work Package 3.4 Air Cargo Security Release 1.6 Page: 92
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements Part A.2 Compliance Data Acquisition Work Package # Task # Task Leader 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air cargo security regulations - implementation & transfer [ICE] Version / Release 1.4 Date 13 November 2012 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Air Cargo and Supply Chain Security Data Acquisition... 4 1.1 Introduction... 4 2. Relationship to other EU Supply Chain security projects... 4 2.1 LOGSEC... 4 2.2 The LOGSEC roadmap demonstration... 5 2.3 Components, measures of success, potential benefits for participants... 6 2.4 Stakeholders and management tools for the Demonstration project... 9 2.5 Impact on society... 11 3. Baltic Air Cargo Security Data Acquisition... 12 3.1 Introduction... 12 3.2 Subjects to be included in the questionnaires (high level)... 12 3.3 Target stakeholders for air cargo security questionnaires... 13 3.4 Structure of the questionnaires... 14 3.5 Conclusion... 14 Appendix I Industry Questionnaires... 15 Appendix II Government Questionnaires... 24 Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 2
Lead Partner Task Leader Project List of Tables Table 1 - LOGSEC Clusters and Components... 5 Table 2 LOGSEC Roadmap Demonstration Projects... 6 Table 3 - Security Questionnaire Structure... 13 Table 4 - Security Questionnaire Structure... 14 Table 5 Industry Questionnaires... 15 Table 6 - Government Questionnaires... 24 Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 3
Lead Partner Task Leader Project 1. Air Cargo and Supply Chain Security Data Acquisition 1.1 Introduction In order to evaluate air cargo and supply chain security procedures and processes that will enable airports and air cargo stakeholders in BSR to be accepted as having equivalent security procedures to those in EU Member States, and thus be considered as equal members of the air cargo community across Europe and Worldwide it was proposed, prior to the enactment of Regulation (EU) No 1082/2012 9 November 2012 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation, to survey the level of security compliance at BSR airports, To this end a set of questionnaires were developed, to support data collection and analysis. The initial section of this document will review the findings of a similar but different supply chain roadmap data collection project the results of which were considered to be of relevance to the supply chain security objectives of the Baltic Air Cargo Net Project. 2. Relationship to other EU Supply Chain security projects 2.1 LOGSEC There are many gaps in supply chain security, according to industry and governmental 1 organizations close to the subject. The LOGSEC project team has uncovered these gaps and condensed them into 3 key areas, referred to as clusters : 1. inadequate knowledge and awareness of crimes, the threats they pose and what to do about them; 2. an inability to successfully authenticate and trust the information, data, people and companies used in managing supply chain and logistics activities; and 3. being unable to effectively protect the freight in transit. The LOGSEC project has concluded that future Supply Chain Security (SCS) demonstration projects should focus on the integration of these three areas as a way to provide an overall framework to address the primary gaps in supply chain security, and to have a significant impact on 1 LOGSEC (project number 241676) is co-funded by the European Commission under the FP7 Security Program. LOGSEC was executed by a Consortium of 8 partners; EFP Consulting (UK) Ltd, Cross Border Research Association; (Europe) Ltd; European Shippers Council; CLECAT, European Association for Forwarding, Transport, Logistics and Customs Services; ATOS-Origin; Warsaw School of Economics; and, Swiss Federal Customs Administration. (www.logsec.org) Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 4
Lead Partner Task Leader Project the fight against crime which costs the European economy billions of Euros every year, as well as to mitigate the risk of terrorist acts in the supply chains. 2.2 The LOGSEC roadmap demonstration A suggested demonstration project to address the LOGSEC SCS gaps is depicted by focussing on the most significant themes identified within each of the above clusters. This constitutes the LOGSEC roadmap. The proposed roadmap demonstration would not seek to revisit previous FP7 and other security projects that have addressed individual transportation assets, components and elements in terms of maritime, road, rail and aviation, such as sea-ports, air carriers, road transportation and container security. Rather, it will address the totality of supply chain risks as these were viewed and experienced by the manufacturers and shippers of products who participated in the LOSEC study, irrespective to the modes of transport involved. As such it will also enhance the trust of citizens who can be assured that the goods they are ordering and paying for using electronic means will in fact be received without fraud. Suppliers and shippers of goods, demand assurance that the products they have manufactured or ordered will be delivered without being stolen; that their supply chain staff will not be injured or taken hostage; that product integrity will not be compromised by the substitution of counterfeit items; that goods and payments will not be diverted through cyber crime directed at supply chain ICT systems; and/or, that their supply chains will not be utilised by terrorist or homegrown radicals to infiltrate and/or transport prohibited items. The importance of an integrated, secure supply chain to these organisations is not only the direct costs of a compromised supply chain, but also the more intangible damage to the commercial reputations of companies who are the subject of supply chain organised crime. Table 1 indicates the supply chain components were identified as indicating the highest risks to a secure supply chain by the LOGSEC participants: Table 1 - LOGSEC Clusters and Components Cluster Component Authentication, certification and data Protection of supply chain IT systems protection Security Authentication of companies, documents and products awareness and risk management Risk management processes and tools Security training and awareness building Security compliance management and audit tools Intelligence on current and evolving threats Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 5
Lead Partner Task Leader Project Cluster Component Physical transportation security and Protection of Vehicles, cargo, loads and containers cargo monitoring In effect the project concluded by tentatively suggesting that priority be given to components of the supply chain dealing firstly with protection of supply chain IT systems, followed by those components that focus on authentication of companies and of documents, and on risk management processes and tools, and equal priority thereafter to components relating to security training and awareness building, security compliance management and audit tools, intelligence on current and evolving threats, and the protection of vehicles and of cargo, loads and containers 2.3 Components, measures of success, potential benefits for participants Table 2 below indicates the sub-project areas for an integrated demonstration project to enhance the security of the supply chain. Table 2 LOGSEC Roadmap Demonstration Projects 2 Demonstration objective Deliverables Measure success of Participant benefits of To reduce attempts to Tools and procedures Identification of IPR supply chain IT systems steal data, to alter to the unauthorised data, and to cause identification and access; any type of harm in authentication e-trade, supply chain and management, order unauthorised access supply and to, computer systems systems and before Component Protection fulfilment logistics and, platforms; to ensure the integrity of data enhance to of, block databases supporting the supply chain. 2 and to secure supply chain measures of systems; of findings chain reliability and implementation measures after of sharing of with participants for further validation; trust improved of exchanges government, data between cargo owners (shippers) and suppliers; Component the component of the supply chain addressed in this element of the integrated demonstration; Demonstration objective the objective of the defined element; Deliverables the technologies/methodologies that will be developed and evaluated; Measures of success the measures of success for each component; and Participant benefits The benefits that will accrue and the categories of stakeholders who will benefit from the results of the demonstration Work Package 3.4 Air Cargo Security PART A.2 Security Guideline tools procedures developed comparison transfers supporting risk based targeting on Page: 6 reduced
Lead Partner Task Leader Project 2 Component Demonstration Deliverables Measure objective of Participant benefits success threat to general public due to illegal transactions. Authentication To of manufacturing, trade, procedures personnel, logistics, validate and compare significance of developed; documents, logistics, the false, or trust boxes, products service companies in and qualifications of inaccurate and materials the supply chain are business and supply information about owners authentic, in chain partners; tools supply chain suppliers; and, for the of and business companies, raw ensure that reverse and other and possession and levels methods identify prevent documents the to security required licences; to to forged in the Reduction including personnel suppliers and, citizens to from knowledge that to products; and, in relating to supply chain transactions is valid; compromise the tools procedures that description, based the on before and after measures content of shipments reflects the description on or company paperwork; otherwise) regarding to aid recognition of the content of boxes, various containers and seals counterfeit (i.e. what s on the and box is in the box forgeries and vice versa ), and verification the of company and to personnel data integrity packaging; and identify and filter out counterfeit products and falsified product certificates in supply chain.. Risk To management and/or develop processes tools existing to types of products certification ; and of against trusted databases etc.. the new integrate models, Model to decision focus enable makers their processes and tools management to manage risks in resources Work Package 3.4 Air Cargo Security PART A.2 Security Guideline documentation shipment contents to ensure (documentary ordering the trust declarations public raw etc; to increase the of partners (shippers); and and authenticity supply chain between cargo materials supply chain; and greater the counterfeit logistics of in minimize their ability credentials, trade and documents to comparison products and between take action on and evaluation tools documents; documents the forged IPR trade relating chain and and employees; in supply chain and to in in volume introduction of false supply and Standards IT Variance between IPR on tools and to the cost of security procedures security per saleable item leadership in Quality produced management; to the and before after efficiency Page: 7 ; gains and
Lead Partner Task Leader Project 2 Component Demonstration Deliverables Measure objective of Participant benefits of cost success the supply chain, both areas of high risks; implementation from upgrade adapt Risk Management management tools and the private sector as well as the risk public system sector and integrated processes reductions exposed; lower vulnerability to crime; greater supply chain perspective, e.g. to with deliverables from cooperation model intelligence project cargo criminal hazards, to identify sub- between owners (shippers) and and prioritise supply suppliers; chain vulnerabilities, benefits identify effective and through lack of cost disruption to supply chain the efficient countermeasures, indirect to citizens monitor effectiveness, etc Security training To raise the overall Content and process Perception and awareness building level of architecture before and knowledge crime awareness of for implementation security security security awareness in supply building and chains, thus influencing the after efficient supply chain and threats study: and operational training of IPR on software developed for implementing training /delivering and awareness building measures awareness training real time and and on for management and developed and tested attitudes of various staff; with private updates awareness-building course modules and public on-going on new sector actors towards vulnerabilities more secure supply chains. (integrated with deliverables from intelligence project) sub- Security To simplify and focus Standardised compliance the flexible approach for before management and audit tools management effective demonstration creation security and and of programs to implementation but and Perception survey IPR after and and compliance on compliance audit tools of developed; real time tools, identification of gaps in facilitate verification of security to determine compliance for measures related to whether goals of integrated advice as to related audits, storing operational simplification and how to resolve them; and environments and standardisation conversion of security circumstances; and have programmes preparation providing information for the required external internal and security audits, and to identify a consistent methodology Work Package 3.4 Air Cargo Security PART A.2 Security Guideline and establishment of independent validation guidelines. been and into achieved and are operational standards beneficial; which fulfil the needs evaluation and of government, cargo comparison owners (shippers) and ( before and after) suppliers; and logistics Page: 8
Lead Partner Task Leader Project 2 Demonstration Component Deliverables Measure objective Participant benefits success approach for of the results of independent validators. Intelligence of service providers internal and external audits on To identify, analyze Demonstration of A risk assessment IPR current and evolving threats and share intelligence methods and systems of threats (risk level assessment evolving crime threats in supply chains. for Intelligence experience of supply and chain sources; implementation of the demonstration networks/intelligence sharing mechanisms Survey on a) value Information and insight to into best practices and integrated with public-private and private-private of To provide enhanced Catalogue protection for trucks validated loads containers and and other vehicles after of equipment users practice technology and for cargo, loads procedures through providers; and the implementation technology and to technologies; b) production of buyer catalogue to support against any type of and evaluation of new feedback to the needs of cargo intrusion, while and existing tools for owners (shippers) and balancing the validate original audit of technology; conveyance suppliers, and measures to protect protection such as logistics vehicles with the protection of drivers anti-burglary providers; increased solutions, alarms with protection for local and distant the public against being sold stolen and detection counterfeit goods, and sensors, and blocking brakes removal devices, dangers satellite controlled trip detectors, location engine geo- of traffic caused by movement of stolen vehicles on roads dynamic controllers, etc., and good/best practice Stakeholders and management tools for the Demonstration project The LOGSEC report provides further leadership in the thinking behind a future large-scale demonstration project by offering various considerations which will be important when evaluating Work Package 3.4 Air Cargo Security PART A.2 Security Guideline service functionalities, engine 2.4 collaborative sharing bets containers of tools; v probability) before vehicles, cargo, and use gathering from public intelligence schemes. Protection and Page: 9
Lead Partner Task Leader Project the conditions under which the demonstration project based on the Roadmap Clusters will enhance supply chain security across the EU, and beyond. Stakeholder participation In order for the Demonstration project to be successful, a wide variety of private and public sector actors and stakeholders should participate. This includes representatives from the private sector (manufacturers, retailers, other cargo owners, and logistics service providers) and private sector equipment and IT service providers. Public sector participants should include customs, police, intelligence and transport security agencies, with the addition of product safety, data security, and civil protection agencies. Integration requirements Projects to resolve supply chain security gaps must address both internal (as a core element of any additional scenarios within a Demonstration project) and external (in relation to other sources of supply chain information) integration. Internal integration requirements will relate to incident and threat reporting, information security, knowledge of business partners, and provide input to awareness and training. With respect to external integration, the project must demonstrate integration with business, police, intelligence and other sources of threat/risk data. Context dependencies Supply Chain Security management is very much context dependent, i.e. the design and implementation of optimum security responses depends highly on the manufacturing sector/ commodity types (e.g. high value goods, consumer goods, dangerous goods etc.); on transportation modes (road/ rail/ maritime/ air etc.); on geographical location and transport routes; on geopolitical situations; on financial circumstances (global and local); etc. For LOGSEC Demonstration project, the context must be taken into account, both during planning and assessment phases (before-and-after). Baseline assessment A precursor to any demonstration project is a baseline assessment. It is important to identify where in the supply chain any measures are implemented and where any benefits will be obtained. In order to evaluate the success or otherwise of a demonstration project one must also establish performance criteria that can be compared prior to, during and after the project. This requires measures to be taken before the implementation of a project; along those parts of the supply chain where the proposed security solutions are implemented; and, where they are expected to manifest themselves. A LOGSEC logistics flow map, which was developed by the project team, and applied as an aid in the collection of information from private sector respondents to the study, forms a solid basis for this crucial mapping and impact assessment exercise. Demonstration metrics and performance measures As a key component in any supply chain security demonstration it is necessary to define the set of metrics to be applied before-during-after the demonstration. Just as it is with any operation and Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 10
Lead Partner Task Leader Project supply chain management project or process, it is crucial to develop, apply and monitor concrete metrics and key performance indicators, and which support budgeting and investment planning, risk/threat analysis, in the day-to-day security project management, and other associated activities. Principles of standardisation Standards play an important role in any management systems, including SCS management. For the Demonstration project(s), one should both refer and, if appropriate, build upon existing standards, as well as propose and develop new standards during the Demonstration work, when appropriate. Standards should, however, provide sufficient flexibility in their application in order to cater for different conditions, circumstances and environments, and not be restrictive or force standards into circumstances that might prove to be unnecessary, costly or inappropriate. Also good practices from existing sources should be taken into consideration, on a case-by-case basis. Existing SCS related standards and also good practices to consider can be checked e.g. with the International Standards Organization (ISO); European Committee for Standardisation (CEN); any national European standards body, e.g. in the UK (BSi) and in Germany (DIN); Transported Asset Protection Association (TAPA); and ASIS International (ASIS). Third-country involvement Lastly, related to the stakeholder participation and context dependencies aspects mentioned before, some considerations regarding potential involvement of third countries in LOGSEC Demonstration project(s) are made. High risk locations per crime type need to be considered when considering imports from third countries to Europe, e.g. certain Latin American countries as sources or points-of-transit for narcotics; certain Asian countries for counterfeit products; certain African countries for endangered species; etc. In addition, considering SCS compliance and mutual recognition aspects, participation of US companies and regulatory authorities would be beneficial to the Demonstration project. 2.5 Impact on society The Demonstration project proposed by the LOGSEC team will contribute to strengthen the security of supply chains and thereafter ensure public safety. Other impacts may be identified in higher quality of transportation services which directly promote the competitiveness and economic development of European supply chain companies. Securing supply chains is beneficial to hamper the growing power of criminal organizations. If correct actions are not taken, these organizations will increase their presence in our societies and increase criminal activities, including corruption and fraud, in other sectors, resulting in economic degradation Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 11
Lead Partner Task Leader Project 3. Baltic Air Cargo Security Data Acquisition 3.1 Introduction Information will be collected utilising security questionnaires. Security questionnaires will be provided to selected stakeholders. The findings from the questionnaires will be utilised to: Understand the level of air cargo security awareness in BSR; Provide guidance as to the requirements of interviewees to be utilised when proposing potential demonstration certification scenarios with regulatory authorities in the Baltic Sea Region developing the content of the components of the certification regime - security programmes; audit modules, etc for participants Enable the project team to select appropriate Baltic States/ Participants in the evaluation of the air cargo security actions to be evaluated in the project; To achieve the above it will be necessary to develop questionnaires for both industry ( multiple categories) and government stakeholders. The completed questionnaires will be utilised to further understand the current and planned air cargo security measures in place in BSR, and to enable the project to assist companies in the BSR to prepared themselves for the new EU and worldwide air cargo security environment, based on the world wide validation of regulated agents and known consignors. 3.2 Subjects to be included in the questionnaires (high level) The subjects to be included in the questionnaires for industry will relate to: Identification details of the company including size, locations, staff etc and the name and role of the participants in the interview Areas of commercial activities Current and planned membership of existing air cargo and customs security certifications in BSR, Outside BSR (including parent organizations) - Regulated Agent, Known Consignor, ISO 2800, TAPA, C-TPAT, AEO, other Security procedures currently performed internally, relating to different areas of the business and are these self- audited, external audits The subjects to be included in the questionnaires for government agencies will relate to: Identification details of the agency and the name and role participants in the interview Current and planned air cargo security certifications Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 12
Lead Partner Task Leader Project 3.3 Activities performed with other agencies Target stakeholders for air cargo security questionnaires The stakeholders to be interviewed can be broadly divided into two related but separate groups: Industry Government 3.3.1 Industry The industry air cargo security questionnaire will directed at the categories of industry stakeholders defined in Table 3: Table 3 - Security Questionnaire Structure # Industry Category Examples 1 Transport Services Provider Passenger Air Carriers Baltic Airlines All Cargo Airlines Cargolux Integrators DHL, UPS, etc Freight Forwarders Panalpina Airport Agents Cargo Notes Handling Customs Brokers Storage facilities Logistics ( Trucking) 2 Companies Shippers Manufacturers Distributors 3 Independent Validators Cargo Security Services Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Looking to establish credentials as known consignor validators Page: 13
Lead Partner Task Leader Project 3.3.2 Government Government air cargo security questionnaires will be directed at: Aviation security authorities ( appropriate authorities) Customs Authorities 3.4 Structure of the questionnaires The general structure (table of contents) of the questionnaires will be as described in Table 4 Table 4 - Security Questionnaire Structure #. Subject Area Removable Instructions for the interviewer Introduction Background to Question and objective Explanation - of the the questionnaire Questionnaire Number chapter of Subject area of the Question text and Question question for the question and the answer Explanation of the follow up process 3.5 Explanation - Conclusion The stakeholder data collection process, utilising air cargo security questionnaires will provide the project with information which will establish an understanding as to the level of security awareness, and security procedure intentions of the stakeholders; will support the selection of candidate Baltic States and stakeholders in the selected States.. Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 14
Lead Partner Task Leader Project Appendix I Industry Questionnaires Table 5 Industry Questionnaires Section I Instructions for the Interviewer The objective of this questionnaire is to obtain information as to current and future plans for air cargo supply chain security operational processes and procedures in the area of commercial air cargo activities The categories of stakeholders of particular interest to the project are: Ref Type of respondent 1 Passenger Air Carrier 2 All Cargo Airline 3 Integrator 4 Freight Forwarder 5 Airport Cargo Handling Agent 6 Customs Broker 7 Storage Facility 8 Logistics Service (Trucking) 9 Manufacturers (Shipper) 10 Distributors (Shipper) 11 Independent Validator Prior to undertaking the interview, ICE will provide to the interviewee, background materials on the status of such regulations of the Baltic Sea States The interview should start with a short description of the Baltic Air Cargo Net project. During this phase an interviewer can create interest in the project and establish trust between the interviewer and the interviewee. Please make it clear to the interviewee that any information provided will remain confidential; and, if and where information obtained from you is being referenced in any material published by the Baltic Air Cargo Net, the name of respondent and his or her Agency will not be mentioned.. Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 15
Lead Partner Task Leader Project Section II Background for the Interviewee 1. Background document explaining the general objectives of the Baltic Air 3 Cargo Net Project 2. 3. The air cargo security element of the Baltic Air Cargo Net Project has been designed to contribute to the overall objectives of : Ensuring enhanced air cargo security without impeding the flows of cargo Supporting the harmonisation of BSR air cargo security regulations and procedures with those of the EU and other major trading nations to enable BSR companies to participate in one-stop air cargo security related shipment transfers into and across the USA All information provided by you will remain confidential, and, if and where information obtained from you is being referenced in any material published by the Baltic Air Cargo Net, the name of respondent and his or her corporate affiliation will not be mentioned. 3 This document is currently not available ( as at 13th June 2010 Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 16
Lead Partner Task Leader Project Section III Questionnaire 1. Personal details 1.1. Name 1.2. Professional title 1.3. Your Primary role and responsibility 1.4. Percentage of your time spend dealing with cargo security 2. Corporate details 2.1. Name and address of the Company that you work for and is being interviewed ( interview company) 2.2. Size of the Company and number of employees for company and parent as per the following: Entity Name Loc n Emp s Revenue Primary EURO Business 4 annual activity Security Certification in place at the 5 location Office of company being interviewed Regional HQ (in EU) XXX XXX Corporate HQ XXX XXX Worldwide Corporate Operations 4 5 6 XXX XXX 6 XXX Enter one or more of: 1- Passenger Air Carrier; 2 - All Cargo Airline; 3 Integrator; 4 Freight Forwarder; 5 - Airport Cargo Handling Agent; 6 Customs Broker; 7 Storage Facility ; 8 Logistics Service (Trucking) ; 9 Manufacturer ( Shipper) ; 10 Distributor ( Shipper); 11 Independent Validator. Enter one or more of : RA (EU Regulated Agent); KC (EU Known Consignor); AEO (EU Authorised Economic Operator); C-TPAT (US Customs Certification) ; TAPA ( EU Trusted asset Protection Association); ISO ( ISO 28000); Other (Give details) Information not required Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 17
Lead Partner Task Leader Project 2.3. What is your Department/Section in the interview company 2.4. What is the role of your department regarding cargo security issues in the interview company 2.5. Is the area of security (please provide details) : 2.5.1. Managed centrally within the State where your office is located 2.5.2. Managed regionally (out of regional corporate offices) 2.5.3. Managed worldwide out of Corporate headquarters. 3. Is your Department/section in the interview company involved with the control of cross border trade; if yes do you deal with the following ( please indicate which industries/sectors if appropriate): 3.1. Export 3.2. Import 3.3. Transit 3.4. Other 4. Is the interview company involved in sourcing products/components; if so please provide details of the procedures used to manage the sourcing process from: 4.1. other corporate locations 4.2. outside suppliers 4.3. other 5. Which of the following transport modes are relevant to the cargo security related work of the interview company 5.1. Air 5.2. Rail 5.3. Road 5.4. Sea (international) 5.5. Sea (inland waterways) 6. Certification procedures relating to cargo security 6.1. Please describe how the interview company has gone about obtaining any of the cargo security certifications currently held and provide details of : 6.1.1. When certification was first obtained 6.1.2. Set up process 6.1.3. If assistance was obtained from Corporate/Regional HQ/ external consultants 6.1.4. How often are self audits performed and by whom Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 18
Lead Partner Task Leader Project 6.1.5. How often are external (government /other) audits performed 6.2. If you are able please provide at a high level similar data for any regional and or corporate HQ certifications 6.3. Were you involved in implementing any security measures in the interview company to support an EU or world-side certification process at HQ level ( ie US C-TPAT) 7. Cargo security risk management practices of the organisation 7.1. Risk Management 7.1.1. Please describe any cargo security risk management process followed at the interview company 7.1.2. If you are able, please describe any cargo security risk management process followed at the Corporate/Regional HQ 7.2. Security Training 7.2.1. Please describe any initial and recurring cargo security training performed at the interview company; provide details of the methods and frequency of training ; explain how it is delivered (internal trainers, web-based, external consultants, external courses, etc) ; explain how internal audits are performed 7.2.2. If you are able, please describe similar processes followed at the Corporate/Regional HQ 7.3. Security manuals 7.3.1. Please describe any security manuals that have been prepared for and are used at the interview company; provide details of the methods and frequency of access to and updating of these manuals ; explain how they were created (internal authors, external consultants, external courses, etc) ; explain how relevancy is checked 7.3.2. If you are able, please describe similar processes followed at the Corporate/Regional HQ 7.4. Cargo Screening/Inspection 7.4.1. Do you screen/inspect cargo at the interview company; and if so please describe the screening methods and equipment in place. 7.4.2. If you are able, please describe similar processes followed at the Corporate/Regional HQ 7.5. Security Programmes (Plans) 7.5.1. Please describe if any formal security programmes (plans) have been prepared for and are used at the interview company; provide details of the methods and frequency of access to and updating of these plans ; explain how they were created (internal authors,, external consultants, external courses, etc) ; explain how the plans are audited Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 19
Lead Partner Task Leader Project 7.5.2. If you are able, please describe similar processes followed at the Corporate/Regional HQ 7.5.3. Please indicate which of the following sections/headings are included in these security plans: 8. Declarations Emergency Contacts & immediate response Corporate data and services provided Authorised cargo Security personnel Employee hiring processes and background checks Security training and exercises Security audits Security information and materials protection Record keeping Cargo acceptance procedures Cargo storage procedures Cargo search and screening procedures Physical security warehouse Physical security ground transportation Reporting security occurrences Restoring security after breech Other Collaboration (relating to security matters) 8.1. Does your department/section collaborate/cooperate organisations with respect to addressing cargo security risks: with other 8.1.1. In the BSR State where the interview company is located 8.1.2. With other BSR States 8.1.3. With the EU Commission 8.1.4. With Specific EU Member States (Not BSR Members) 8.1.5. With other third country states Please describe who these organisations are and if there are any international standards involved: - Government agencies ( police, intelligence, appropriate authority, customs Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 20
Lead Partner Task Leader Project etc) - Private sector (security consultants; guard companies, etc) - Industry Associations (TAPA, etc) 8.2. Are you aware if your Regional/Corporate HQ collaborate/cooperate with other organisations with respect to addressing cargo security risks: 8.2.1. In the BSR State where the interview company is located 8.2.2. With other BSR States 8.2.3. With the EU Commission 8.2.4. With Specific EU Member States (Not BSR Members) 8.2.5. With other third country states Please describe who these organisations are and if there are any international standards involved: - Government agencies ( police, intelligence, appropriate authority, customs etc) - Private sector (security consultants; guard companies, etc) - Industry Associations (TAPA, etc) 8.3. Does the interview company exchange any information relating to cargo security risks with other businesses ( associates, competitors, etc) to address cargo security risks and threats and if so what does this entail 8.4. Do you have an internal/corporate formal/informal system of reporting cargo security incidents; and if so please describe how this is achieved, who has access to the information and what actions have in the past resulted from such information 9. Cargo security threats facing the interview company 9.1. What are the most serious cargo security threats that present the highest priorities for your company 9.2. Does your company differentiate between security measures relating to criminal activities and to terrorist actions (in relation to the cargo supply chain) 9.3. Have you recently perceived any significant changes or trends in criminal/ terrorist activities that have required a change to your modus operandi; if so, please provide details 9.4. Which of the following risks does your agency view as posing the greatest threat to cargo security in your State in the future: 9.4.1. Terrorism and sabotage 9.4.2. Cyber crime and data contamination threats 9.4.3. Theft of goods in transport Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 21
Lead Partner Task Leader Project 9.4.4. Insider fraud 9.4.5. Customs and VAT fraud and smuggling ( of goods and persons) 9.4.6. Counterfeiting and product substitution 9.4.7. Corporate identity theft and bogus companies 9.5. Can you provide examples of how these threats have in the past/ could in the future harm industry and the public 9.6. Can you explain what kind of security measures you have in place to mitigate or counter these threats; are these measures working as designed; what has been the most successful about how they have worked; what has been the least successful about how they have worked 10. Assessment of your security measures 10.1. How did the security measures work in practice (fully eliminated the problem, substantially reduced the problem, reduced the consequences caused by the problem, dealt with a problem more efficiently, transferred the problem to other areas of the supply chain or onto others). How were the results measured 10.2. Did the security measures increase the capability of the company employees to detect anomalies that might point to a security threat or actual breach of security 10.3. Were you satisfied with the results 10.4. Can you share statistics or your personal assessment before and after implementation 10.5. Is there technology or other security measures available, which possibly could have given better results Is the technology or other security measure(s) significantly more expensive 10.6. Was it possible to apply the same measures globally through the organization and its operations 10.7. How much knowledge and guidance was/is required to implement similar security measures within the whole organization? 10.8. Did they create any impediments to the running and management of other business operations? 10.9. Did they cause unexpected costs? 10.10. Were security measures readily or eventually accepted within the whole organization? Did they limit the privacy of employees? Did they improve the overall security culture within the organization? 10.11. Did the security measures have any positive side effects (reduced insurance premiums, better visibility and operational control, more customers, fewer regulatory inspections etc. ) How were these effects Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 22
Lead Partner Task Leader Project measured? 10.12. Did the security measures have any unwanted consequences (perhaps transferring the problem to others elsewhere, and/or creating more serious problems elsewhere)? 11. Planned new measures 11.1. Are you planning to implement new measures or programmes to address the above cargo security threats; if yes 11.1.1. What measures/certifications 11.1.2. Which time frame 11.1.3. Will the measures involve only the interview company or also regional/corporate HQ 11.1.4. What will be the financial impact on these measures on your company Section IV Follow Up Your answers to this questionnaire will be reviewed and be utilised to assist in the selection of candidate BSR States for participation in demonstration scenarios where selected participants will be provided with certification (security programme) templates which will be appropriate for multiple certifications (eg AEO and KC) Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 23
Lead Partner Task Leader Project Appendix II Government Questionnaires Table 6 - Government Questionnaires Section I Instructions for the Interviewer The objective of this questionnaire is to obtain information as to current and future plans for air cargo supply chain security regulation and operational processes and procedures in the areas of Aviation Security (Appropriate Authority) and Customs (Customs Administration) in Baltic Sea States. The certification programs of specific interest to the project are as follows: Programme Agency EU State Member Non EU Member State Regulated Agent Appropriate Authority Mandatory Requirement as per regulation 300/2008 Voluntary requirement by April 2014 for shipments to EU Known Consignor ( Independent Validation) Appropriate Authority Voluntary Requirement as per Regulation No (EC) 300/2008 as of st 31 March 2013 Voluntary requirement by April 2014 for shipments to EU Authorised Economic Operator Customs Administration Voluntary Requirement under Regulation No (EC) 1875/2006 No Requirement Prior to undertaking the interview, ICE will provide to the interviewee, background materials on the status of such regulations of the Baltic Sea States The interview should start with a short description of the Baltic Air Cargo Net project. During this phase an interviewer can create interest in the project and establish trust between the interviewer and the interviewee. Please make it clear to the interviewee that any information provided will remain confidential; and, if and where information obtained from you is being referenced in any material published by the Baltic Air Cargo Net, the name of respondent and his or her Agency will not be mentioned. Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 24
Lead Partner Task Leader Project Section II Background for the Interviewee 1. Background document explaining the general objectives of the Baltic Air Cargo Net Project 2. The air cargo security element of the Baltic Air Cargo Net Project has been designed to contribute to the overall objectives of : 3. Ensuring enhanced air cargo security without impeding the flows of cargo Supporting the harmonisation of BSR air cargo security regulations and procedures with those of the EU and other major trading nations to enable BSR States to participate in one-stop air cargo security related shipment transfers into and across the USA All information provided by you will remain confidential, and, if and where information obtained from you is being referenced in any material published by the Baltic Air Cargo Net, the name of respondent and his or her Agency will not be mentioned. Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 25
Lead Partner Task Leader Project Section III Questionnaire 1. Personal details 1.1. Name 1.2. Professional title 1.3. Your Primary role and responsibility 1.4. Percentage of your time spend dealing with cargo security 2. Government Agency details 2.1. Agency that you work in 2.2. Your Department/Section in the Agency 2.3. What is the role of your agency regarding cargo security issues in your country 2.4. Is the area of security 2.4.1. Managed centrally 2.4.2. Managed regionally 3. Is your Agency involved with the control of cross border trade; if yes do you deal with the following ( please indicate which industries/sectors if appropriate): 3.1. Export 3.2. Import 3.3. Transit 3.4. Other 4. Which of the following transport modes are relevant to the cargo security related work of your Agency: 4.1. Air 4.2. Rail 4.3. Road 4.4. Sea (international) 4.5. Sea (inland waterways) 5. Regulations relating to cargo security 5.1. Please advise and provide details of any actions by your Agency with respect to the implementation of National legislation related to cargo security due to/ as a result of : 5.1.1. Own Parliament legislation 5.1.2. Transposition of EU Directives into national law Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 26
Lead Partner Task Leader Project 5.1.3. To comply with EU Regulations 6. Regulatory procedures relating to cargo security 6.1. Please describe the certification procedures followed (AEO/Regulated Agent/ Known Consignor/Other) 6.2. Please describe the risk management process followed 7. Agency/departmental collaboration (relating to security matters) 7.1. Does your agency/department collaborate/cooperate with other governmental Agencies which have a similar roles ( I.e. Customs vs Aviation) to that of your Agency ( with respect to cargo security): 7.1.1. In your own State 7.1.2. With other BSR States 7.1.3. With the EU Commission 7.1.4. With Specific EU Member States ( Not BSR Members) 7.1.5. With other third country states Please describe : - to what extent (1 small level of cooperation; 5 high level of cooperation) - please provide details of the departments/roles involved - please describe the collaboration/cooperation - are there any international protocols/standards involved 7.2. Does your agency/department collaborate/cooperate with other governmental Agencies which have a different role (( I.e. intelligence a) to that of your Agency (with respect to cargo security): 7.2.1. In your own State 7.2.2. With other BSR States 7.2.3. With the EU Commission 7.2.4. With Specific EU Member States ( Not BSR Members) 7.2.5. With other third country states Please describe : - to what extent (1 small level of cooperation; 5 high level of cooperation) - please provide details of the departments/roles involved - please describe the collaboration/cooperation - are there any international protocols/standards involved 7.3. Does your Agency provide (mutual) assistance to other countries; if so what does this entail Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 27
Lead Partner Task Leader Project 8. Cargo security threats in your State 8.1. What are the most serious cargo security threats that present the highest priorities for your Agency 8.2. Does your Agency monitor cargo security events; monitor cargo security statistics; and /or provide/support a reporting mechanism for cargo security incidents 8.3. Does your agency differentiate between security measures relating to criminal activities and to terrorist actions (in relation to the cargo supply chain) 8.4. Have you recently perceived any significant changes or trends in criminal/ terrorist activities that have required a change to your modus operandi; if so, please provide details 8.5. Which of the following risks does your agency view as posing the greatest threat to cargo security in your State in the future: 8.5.1. Terrorism and sabotage 8.5.2. Cyber crime and data contamination threats 8.5.3. Theft of goods in transport 8.5.4. Insider fraud 8.5.5. Customs and VAT fraud and smuggling ( of goods and persons) 8.5.6. Counterfeiting and product substitution 8.5.7. Corporate identity theft and bogus companies 8.6. Can you provide examples of how these threats have in the past/ could in the future harm industry and the public 8.7. Can you explain what kind of security measures you have in place to mitigate or counter these threats; are these measures working as designed; what has been the most successful about how they have worked; what has been the least successful about how they have worked 9. Planned new measures 9.1. Are you planning to implement new measures or programmes to address the above cargo security threats; if yes 9.1.1. What measures/certifications 9.1.2. Which time frame 9.1.3. Will the measures be mandatory or voluntary 9.1.4. What will be the financial impact on these measures on your Agency and on industry Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 28
Lead Partner Task Leader Project Section IV Follow Up Your answers to this questionnaire will be reviewed and be utilised to assist in the selection of candidate BSR States for participation in demonstration scenarios where selected participants will be provided with accreditation templates for validation purposes. Work Package 3.4 Air Cargo Security PART A.2 Security Guideline Page: 29
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART B.1 ACC3 Regulation Background & Impact in BSR Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 2.2 - FINAL Date 21.07.2013 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Executive Summary... 3 2. Objectives of this document... 4 3. Background the New ACC3 Regulation... 5 4. Challenges associated with the New ACC3 Regulation... 8 4.1 Defining road-maps for ACC3 validations... 8 4.2 Validation of regulated agents/handling agents (and known consignors)... 11 4.3 Logistics, coordination and cooperation... 13 4.4 Training of EU aviation security validators... 15 5. BSR leadership in EU aviation security validation... 20 5.1 Third country civil aviation authority and airport education materials... 22 5.2 Third country validation preparations... 22 6. Appendix New ACC3 Regulation and Validation Checklist ( External PDF File)... 25 Table of Figures Figure 1 New ACC3 Regulation - Implementation Timeline... 7 Figure 2 Designation/Validation of ACC3s... 10 Figure 3 - Regulated agent and known consignor validation alternatives... 12 List of Tables Table 1 - Challenges and approaches... 21 Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 2
Lead Partner Task Leader Project 1. Executive Summary This document has been prepared on behalf of Europe Ltd for the Baltic Air Cargo Net To address the challenges that have been presented to the EU and international air cargo industry and to the authorities responsible for implementing Regulation No EU 1082/2012 1 (the New ACC3 Regulation). A key challenge of the regulation is the ability of each Baltic sea airport subject to the new ACC3 regulation, to assist the air carriers, regulated agents, handling agents and known consignors operating out of the airport to achieve EU aviation security validation prior to 30 th June 2014. This document describes a series of actions that could be undertaken at one Baltic Sea region airport to evaluate a methodology and approach that would by be valid for all BSR airports, and would reduce the burden on the region as a whole. The New ACC3 Regulation will require a high level of expertise and knowledge of the operational needs and constraints of all categories of air cargo stakeholders future EU aviation security validators; entities requiring to be EU aviation security validated; EU appropriate authorities; and, third country civil aviation authorities. The Commission has not seen fit to establish a central oversight body to manage the third country validation process, but rather has decided to leave this up to individual Member States, in a manner similar to that for the (as yet to be proved successful) independent validation of known consignors within EU Member States. The known consignor programme requires a lower level of third party validation expertise (validating the security procedures of a consignor is a very different task from validating the security procedures of an air carrier and/or a regulated agent/handling agent) and did not envisage cooperation between Member States. The third country validation process will only be successful if the challenges of third country validation logistics, coordination and cooperation are addressed. The Commission has placed the responsibility of addressing these challenges firmly in the arena of the Member States. The authors of this paper believe that an opportunity exists for the BSR to move forward as an early-adopter of the New ACC3 Regulation and by so doing to establish a methodology and approach that could ensure the successful implementation of the New ACC3 Regulation in the Baltic Sea Region. 1 Member States shall demonstrate to the Commission how they contribute to the implementation of point 11.6 (European Security Validation) in respect of point 6.8 of the Annex to Regulation (EU) No 185/2010 (protection of cargo and mail being carried into the Union from third countries) by 31 January 2013 at the latest. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 3
Lead Partner Task Leader Project This document describes the new ACC3 regulation and the implementation challenges in some detail and proposes actions that the participants in BSR could further develop a cooperation between the European Commission and BSR airports. 2. Objectives of this document The objective of this document to describe and review a number of potential approaches that could be adopted in BSR to address the challenges posed by the launch of the third country EU aviation security validation requirements 2. It will develop an approach would enable BSR airports to a) demonstrate a high level of support of the actions of the Commission and the Union in the implementation of the new ACC3 Regulation, and as such establish BSR airports as supporters of the Commission. Why is such an approach required? The New ACC3 Regulation requires the rapidly completion of a significant number of BRS 3 validations prior to July 1 st 2014. This will involve third country validations of air carriers and at a minimum regulated agents and cargo handling agents. However, the vast majority of Union Member States have not yet completed the task, required under Commission Regulation (EU) No 185/2010, of validating national known consignors, which must be completed by April 29, 2013 4. And now, those EU Member States that are still involved in competing the establishment of EU aviation security validation (previously called independent validation 5 ) for EU known consignors operating within the boundaries of their own Member States, are now required to implement a similar but more challenging process 6 world wide. For this Regulation to be implemented, and the goal of enhancing the security of air cargo shipments entering the EU to be achieved, it will be necessary to educate 2 Commission Implementing Regulation (EU) No 1082/2012 of 9 November 2012 amending Commission Regulation (EU) No 185/2010 in respect of EU Aviation Security Validation ( hereinafter, the New ACC3 Regulation). 3 The exact number is available to EU Member State persons with appropriate levels of EU Security Clearance. 4 The period provided for this considerably less complex task, to be undertaken by either appropriate authority personnel or 3 rd parties to be appointed and monitored by appropriate authorities was 3 years. 5 During the process of drafting the New ACC3 Regulation, the previously utilised terminology of independent validation/validators was replaced by EU aviation security validation/validators. The formal explanation was to reduce confusion, but a more cynical reasoning could attribute this change to the desire to imply to third country civil aviation authorities that the individuals presenting themselves as EU aviation security validators were in fact representing EU authorities as opposed to being private citizens (or corporation) acting on the instructions of an EU Member State, and receiving payment for their services. 6 Involving in addition air carriers, regulated agents and cargo handling agents, who are today inspected/certified by Member State air cargo inspectors) Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 4
Lead Partner Task Leader Project third countries as to the requirements of the new ACC3 Regulation ; to develop expertise as to the air cargo operational constraints in individual third countries which must be addressed prior to performing validations; and, develop mechanisms and approaches to coordinate multiple validations (of all relevant entities) at third country locations. 3. Background the New ACC3 Regulation Commission Implementing Regulation (EU) No 1082/2012 was enacted into law on 9 November 2012. This Regulation supplements and amends an air cargo aviation security framework established by Commission Regulation (EU) No 185/2010 in respect of establishing common basic standards for EU aviation security validations. Prior to Regulation 1082/2012, Commission Regulation (EU) No 859/2011 was enacted as part of this air cargo aviation security framework. This Regulation introduced rules for cargo and mail being carried to Union airports from third countries in order to: protect civil aviation that was carrying such cargo from acts of unlawful interference; and work towards achieving enhanced cooperation on aviation security, supporting the implementation and application of standards and principles in third countries equivalent to those of the Union where this was effective to meet global threats and risks Air Carriers require to be designated as ACC3s (air cargo or mail carrier bringing air cargo into the Union from third countries) by either the Member State 7 that issued the air carriers Air Operators Certificate or by the Member State where the carrier has its major base of operations. The New ACC3 Regulation requires that ACC3s subject their operations at each relevant third country airport to EU aviation security validation 8 by an approved EU aviation security validator 9, by June 30, 2014. The EU aviation security validator must perform an on-site validation (inspection) of the ACC3 s operations at each required 7 Union and EU Member States includes the 27 EU Member States and the European Economic Area States 8 All non-exempted third countries 9 It is understood that both IATA and ECAC have made recommendations to their respective management boards to launch training initiatives (IATA will train private individuals to be validators; wheras ECAC will offer training to EU Member State appropriate authorities). However it is not expected that any validator training will be launched prior to March-April 2013. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 5
Lead Partner Task Leader Project and relevant third country airport. A written validation report 10 will be provided to the Member State responsible for the designation of the ACC3. The MS appropriate authority will have the right to accept or reject this report. All validated ACC3 locations will be recorded in the EU database of regulated agents and known consignors, once necessary software upgrades have been completed to support this change. Figure 1 provides a timeline for the implementation of EU aviation security validations in third countries 10 The regulation provides a validator check list to be used for ACC3 validations and the Commission is working with the air cargo industry to include check lists for regulated agent and known consignor validations Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 6
Lead Partner Task Leader Project Figure 1 New ACC3 Regulation - Implementation Timeline Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 7
Lead Partner Task Leader Project 4. Challenges associated with the New ACC3 Regulation Implementing the New ACC3 Regulation will challenge the capabilities of the EU air cargo industry in meeting the requirements of EU aviation security validation in a timely fashion, and in addition will be a test of the ability of Member States appropriate authorities to launch and oversee the third country validation process. These challenges present opportunities that could benefit those Member States appropriate authorities able to dedicate the necessary expertise and resources required to launch and operate third country validations. It is believed that only a very few Member States will be willing and able to adopt this approach, and as such become early adopters. Early adopters will on the one hand be considered as pioneers in the implementation of the programme, but will in turn benefit from a rapid learning process, which will support the development of internal third country related methodologies and approaches required to support the programme. As the time frame for completion of validations reduces, and most especially if the expected provision of commercial validation services does not materialise, both Member States and industry stakeholders will approach the early adopter third countries for advice and assistance. Challenges relating to the implementation of the New ACC3 Regulation can be found in the following elements of the Regulation: 1) Defining road-maps for ACC3 validations; 2) Validation of regulated agents/handling agents (and known consignors); 3) Logistics, coordination and cooperation; and 4) Training of EU aviation security validators 4.1 Defining road-maps for ACC3 validations It is the responsibility of each air carrier to ensure that its operations at relevant third country airports have been validated by 30th June 2014. However, the New ACC3 Regulation permits ACC3s with appropriate internal security quality assurance programmes in place to propose to appropriate authorities a road-map of a percentage of ACC3 locations (at least 4 locations or 5% of locations per year) which could be validated as a representative sample of the ACC3s operations at relevant third county airports. Several caveats are attached to this dispensation, as follows: Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 8
Lead Partner Task Leader Project 100% of airport locations in high risk third countries must be validate Each MS appropriate authority can decide, per ACC3, at what level the dispensation will be applied (5%, 10% or more per year); Notwithstanding the 5 year re-validation cycle, all validations for the ACC3s locations will expire on the expiry date of the first validation performed under the road map ; and If an ACC3 is found to be non compliant at any location being validated, the MS has the right to increase the number of annual validations (i.e. to double this for each remaining year of the road map). Furthermore, where there are objective reasons 11 for not being able to complete ACC3 validations prior to June 30, 2012, the appropriate MS will be able to extend the designation of an ACC3 for a further limited period, ending on 30 June 2016 at the latest. Designation (prior to June 30, 2014, and thereafter EU aviation security validation) of air carriers bringing cargo or mail into the Union from an airport in any third country (apart from airports in third countries listed in Attachment 6-F) is the responsibility of the appropriate authority of a single Member State (the identity of which will be established in accordance with point 6.8.1.1 of the Annex to the new ACC3 Regulation). By default this will be the Member State that issued the carrier's Air Operator's Certificate where applicable. However the New ACC3 Regulation provides that designation and validation can be by any other appropriate authority of the Union by agreement with that appropriate authority, for air carriers not holding an Air Operator s Certificate issued by a Member State and not listed in the Annex to Regulation (EC) No 748/2009. 12 Figure 2 provides a diagrammatic overview of the ACC3 designation process. 11 E.g. lack of availability of a sufficient number of approved EU air cargo validators 12 Articles 6.8.1 and 6.8.2.2 of the Annex to Regulation No (EU) 1082/2012 Although the New ACC3 Regulation clearly states that Designation/Validation can be undertaken by agreement with than appropriate authority for air carriers not holding an Air Operator s Certificate issued by a Member State and not listed in the Annex to Regulation (EC) No 748/2009, some Member States have interpreted this to imply that Member States might be able to reach understandings as to the responsible appropriate authority with respect to individual air carriers. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 9
Lead Partner Task Leader Project Figure 2 Designation/Validation of ACC3s The responsibilities of the ACC3 under the new Regulation include ensuring that all cargo and mail carried for transfer, transit or unloading at a Union airport is screened 13, unless 1) the required security controls have been applied to the consignment by an EU aviation security validated regulated agent or EU aviation security validated known consignor, or an account consignor 14, and the consignment has been protected from unauthorized interference from the time that those security controls were applied and until loading; or 2) the consignment is exempted from screening 15. 13 Until 30 th June 2014 this screening will be at a minimum to ICAO standards and after this date it will be to EU Standards (screening by one of the means or methods listed in point 6.2.1 of Commission Decision 2010/774/EU to a standard sufficient to reasonably ensure that it contains no prohibited articles). Entities that have been EU aviation security validated prior to this date will have to show how they intend to meet this requirement thereafter. 14 under the responsibility of an EU aviation security validated regulated agent. These shipments can only be carried on all cargo aircraft 15 in accordance with point 6.1.1.d of Commission regulation (EU) No 185/2010 and protected from unauthorised interference from the time that it became identifiable air cargo or identifiable air mail until loading. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 10
Lead Partner Task Leader Project 4.2 Validation of regulated agents/handling agents (and known consignors) In drafting the new Regulation, the Member States have placed the responsibility of EU aviation security validation firmly in the lap of the air carriers, but done so in such a manner as to require a pro-active approach from regulated agents. The responsibility for validating the application of third country air cargo security measures by the ACC3 is that of the Member State where it has been designated. In addition, it is the responsibility of the Member State to review the validation reports prepared by the EU aviation security validators and to accept the findings from the validation process, which can, as explained below, include findings from the EU aviation security validation of the regulated agents and known consignors included in the security plan of the ACC3. However, the responsibility for validating regulated agents and known consignors remains that of each ACC3 utilising the services of these entities within its third party supply chain. The new Regulation allows for two alternative routes for regulated agent/handling agent (and known consignor) validations: 1. Inclusion in the security programme of an ACC3 Under this option, the ACC3 can arrange for regulated agents (and cargo handling agents) that support its operations at third country airports, and known consignor clients, to be validated as an element of the ACC3 s own validation. Under this option the ACC3 would require to coordinate these validations with its suppliers and clients, and could be expected to participate in certain of the costs associated with these validations. However such validations are only effective for the specific ACC3 that has ordered the validation, and therefore if a number of ACC3s at one third country airport location are using the same regulated agent (or cargo handling agent), this regulated agent would have to be validated by each of the relevant ACC3s, that have included the regulated agent in their security programmes. 2. Validation of the regulated agent by an EU aviation security validator (on its own account) Under this option, a regulated agent with operations at a third country airport served by a number of ACC3s could elect to become EU aviation security validated on Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 11
Lead Partner Task Leader Project its own account. The regulated agent would contact one or more EU aviation security validators 16, request price quotation(s) 17 and select an EU aviation security validator, who would then perform the validation. If successful, the regulated agent would receive a validation certificate issued by the selected EU aviation security validator 18,which it could then provide to all of the ACC3s that it is working with at this airport location. Figure 3 provides a visual illustration of these alternatives. Regulated Agent and Known Consignor Validation Alternatives Validation in ACC3 Security Programme (SP) ACC3 (a) ACC3 (b) EU aviation security Validation of Security Controls in ACC3 (a) SP EU aviation security Validation of Security Controls in ACC3 (b) SP. Third Country regulated agent and known consignor ACC3 (c) ACC3 (...) EU aviation security Validation of Security Controls in ACC3 (c) SP EU aviation security Validation of Security Controls in ACC3 (..) SP Validation on own account EU Aviation Security Validation Figure 3 - Regulated agent and known consignor validation alternatives 19 It is however the responsibility of each ACC3 to maintain a database 20 containing the details of each of the regulated agents and known consignors that it has either had 16 It is not totally clear how this contact will be made. The list of approved EU aviation security validators will be held in the EU database of regulated agents and known consignors. It is expected that once approved EU aviation security validators will make their status known to the international air cargo industry 17 As it is currently envisaged that a majority of EU aviation security validators could be private individuals, it might be necessary to ask validators to team up to provide quotations, as although it is not in the regulation, best practice would suggest that validations be performed by a team of at least two validators 18 it is not clear if the oversight of these regulated agent validations is the responsibility of the Member State that approved the EU aviation security validator performing this validation. It is assumed that this will be the case. 19 Figure 1 provides a visual explanation of the two approaches to EU aviation security validation open to third country entities considered to provide services to air carriers in third countries that are the equivalent of the services offered by similar entities in the EU. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 12
Lead Partner Task Leader Project validated under alternative 1) or that have presented it with validation certificates, obtained under alternative 2), which will include the following information: the company details, including the bona fide business address, the nature of the business, excluding business sensitive information, contact details, including those of the person(s) responsible for security, the company registration number, if applicable, where available and at the latest as of 1 July 2014, the validation report. 4.3 Logistics, coordination and cooperation Fehler! Textmarke nicht definiert. The Evaluation Report found that more than 1200 EU aviation security validations will require to be performed by the end of June 2014; that EU aviation security validations are required at 812 third country airports: that at 178 of such airports there are more than 8 ACC3 s; and, 10 third country airports have in excess of 50 ACC3 operations, which have been designated by up to 15 appropriate authorities. Hence, our comments in the report, on the need for overall coordination and oversight. It further stated: As part of the proposed solution, Member States should ensure that an 'appropriate AVSEC forum' is utilised to provide an element of centralisation and oversight of the entire programme. This would provide for a degree of flexibility and rapid response in respect of AVSEC issues, as well as providing for co-ordination of activities at a high level. By way of example, a centralised body could decide what training is required in respect of particular changes or risks identified from time to time (at the moment, the Member States decide for themselves when and how to provide training and retraining). Similarly, a central point of contact and coordination could serve to promote efficiency and the overall success of the ACC3 framework, by seeking to coordinate the approach taken across each stage of the ACC3 framework and across all stakeholders. The role of such a centralised, coordinating entity could include: a centralised analysis of the ACC3 framework as whole, and dissemination of up-to-date knowledge when applicable; 20 The details of EU aviation security designated and (after June 30, 2014) Member States will enter validated ACC3 into the EU database of regulated agents and known consignors. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 13
Lead Partner Task Leader Project providing coordinated responses to international industry players, third country stakeholders and EU aviation security validator queries; providing assistance with logistics at third country airports; and maintaining an overall view of the operation of the ACC3 framework. We believe that the success of the EU aviation security validation scheme will depend on a number of factors. The first of these will be the availability (and skills set) of a pool of approved EU aviation security validators. The second will depend on logistic coordination and cooperation between air carriers and regulated agents with regard to the performance of EU aviation security validations. Although the air carriers have been given a dispensation to work with Member States to approve road maps of representative airports, such dispensation does not include the regulated agents and known consignors working with these ACC3. If an ACC3 has air cargo operations in a third country airport that has not been validated by an EU aviation security validator prior to July 1, 2014 for any reason whatsoever 21, the ACC3 will no longer be able to accept cargo for transport into the Union from this regulated agent unless the: Regulated agent has obtained EU aviation security validation on its own account; ACC3 has amended its road-map with the MS to include the validation of the ACC3 operations and the regulated agent operations (included in the ACC3 security programme) at this third country airport; or ACC3 will itself screen the cargo received from the regulated agent to EU standards 22 From the point of view of the air carriers, it would be very beneficial if the key regulated agents and cargo handling agents operating at third country airports would take the necessary steps to become EU aviation security validated and, in addition, advise the ACC3s in advance of their intention to do so prior to June 30, 2014. This would greatly assist ACC3 in developing their road maps and submitting these for approval by the relevant Member State. The ACC3s would be able to adjust their road maps to take into account locations of validated regulated agents. However this in in itself would not be sufficient, as at many third county airports screening is 21 The specific third country airport is not included in the ACC3s road-map agreed with the MS, and/or it is included in the road-map of the ACC3 but has not yet been validated 22 It is possible that this issue could be avoided if the cargo agent operating at this third country has been EU aviation security validated on its own account Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 14
Lead Partner Task Leader Project performed by cargo handling agents, and it would be of limited benefit for the ACC3 road-mapping process without these cargo agents also being EU aviation security validated 23. When considering the above, however, it is necessary to also take into account the benefits for Member States, ACC3s and regulated agents, from grouping validations at third country airport locations. The Evaluation Report on the New ACC3 Regulation Fehler! Textmarke nicht definiert. found that out of 812 relevant third country airport locations more than 180 have over 8 ACC3 designations each (22%), and 24 relevant third country airports have more than 30 ACC3 designations. Planning and organising teams of EU aviation security validators (supported, where appropriate 24 by an EU Member State inspector) to perform a number of ACC3 and regulated agent (or even only regulated agent and cargo handling agent) validations during a visit period, planned in advance, would be far more efficient and benefit from cost savings 25. 4.4 Training of EU aviation security validators The New ACC3 Regulation includes detailed provisions relating to the provision of EU aviation security validator instructors and the training of EU aviation security validators 26 and cover: The qualification of instructors; EU aviation security validation; The approval of EU aviation security validators; and Recognition and discontinuation of EU aviation security validators; 4.4.1 Qualification of Instructors The New ACC3 regulation requires appropriate authorities to maintain or have access to lists of certified instructors who have successfully completed a background check (in accordance with point 11.1.3 in Regulation (EU) No 185/2010 - Job specific 23 It is not yet clear what outreach will be made to third country cargo handling agents to advise them about the new Regulation and its requirements. 24 For example in third countries where screening is performed by government authorities 25 The simple activity of obtaining airport passes for EU aviation security validators has already (during two pilot validations performed on behalf of the Commission) been found to be one that takes time and effort. Rather than having each ACC3/regulated agent visit to a third country airport requiring a separate airport pass for 2 validators, a one time application could be for a group of validators to validate a number of entities in one visit. 26 Section 11.5 and 11.6 of the Appendix to the New ACC3 Regulation Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 15
Lead Partner Task Leader Project training for persons implementing security controls) and produce evidence of relevant qualifications or knowledge. If the instructors were recruited or were providing training specified in this Regulation before it came into force they shall, as a minimum, satisfy the appropriate authority that they have knowledge and competencies as specified; and they are delivering only courses approved by the appropriate authority. In order to be certified as an instructor qualified to give training (as defined in the Regulation) a person shall have knowledge of the work environment in the relevant aviation security field and qualifications and competencies in instructional techniques; and in the security elements to be taught. The appropriate authority can either itself provide training for instructors or approve and maintain a list of appropriate security training courses. The appropriate authority shall ensure that instructors receive regular training or information on developments in the relevant fields. If the appropriate authority is no longer satisfied that training delivered by a qualified instructor is resulting in the relevant competencies, it shall either withdraw approval of the course or ensure that the trainer is suspended or removed from the list of qualified instructors, as appropriate. 4.4.2 EU aviation security validation The New ACC3 Regulation specifies that EU aviation security validation is a standardised, documented, impartial and objective process for obtaining and evaluating evidence to determine the level of compliance of the validated entity with requirements set out in regulation (EC) No 300/2008 and its implementing acts. An EU aviation security validation may be performed by an appropriate authority or a validator approved as EU aviation security validator or a validator recognised as equivalent to it. The Validator shall assess security measures applied under the responsibility of the validated entity or parts thereof for which the entity seeks validation. At least the validation shall consist of an evaluation of security relevant documentation, including the validated entity's security programme or equivalent; and, a verification of the implementation of aviation security measures, which shall include an on-site verification of the validated entity's relevant operations, unless otherwise stated. Such EU aviation security validations shall be recognised by all Member States Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 16
Lead Partner Task Leader Project 4.4.3 Approval of EU aviation security validators Member States shall approve EU aviation security validators based on conformity assessment capacity, which shall comprise Independence from the validated industry, unless otherwise stated; appropriate personnel competence in the security area to be validated as well as methods to maintain such competence; and the functionality and appropriateness of validation processes Where relevant, the approval shall take account of accreditation certificates in relation to the relevant harmonised standards, namely with EN-ISO/IEC 17020 instead of re-assessing conformity assessment capacity. An approved EU aviation security validator can be any individual or a legal entity. The national accreditation body established pursuant to Regulation (EC) No 765/200827 may be empowered to accredit the conformity assessment capacity of legal entities to perform EU aviation security validation, adopt administrative measures in that respect and carry out the surveillance of EU aviation security validation activities. Every individual performing EU aviation security validation shall have appropriate competence and background, and shall have been subject to a background check that shall be re-current at least every 5 years; perform EU aviation security validation impartially and objectively, shall understand the meaning of independence and apply methods to avoid situations of conflict of interest in respect of the validated entity. The EU aviation security validator shall have sufficient theoretical knowledge and practical experience in the field of quality control as well as respective skills and personal attributes to collect, record and assess findings based on a checklist. In particular regarding compliance monitoring principles, procedures and techniques; factors affecting human performance and supervision; the role and powers of the validator, including on conflict of interest. The EU aviation security validator shall provide proof of appropriate competence based on training and/or a minimum work experience in respect of the areas of, general aviation security principles of Union and ICAO aviation security standards; specific standards related to the activity validated and how they are applied to operations; and security technologies and techniques relevant for the validation process. The EU aviation security validator will undergo recurrent training at a frequency sufficient to ensure that existing competencies are maintained and new competencies 27 OJ L 218, 13.8.2008, P.30 Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 17
Lead Partner Task Leader Project are acquired to take account of developments in the field of aviation security. (The appropriate authority shall either itself provide training for EU aviation security validator or approve and maintain a list of appropriate security training courses). The approval of an EU aviation security validator shall expire after a maximum period of 5 years. 4.4.4 Recognition and discontinuation of EU aviation security validators An EU aviation security validator shall not be considered as approved until its details are listed in the 'Union database for regulated agents and known consignors'. Every EU aviation security validator shall be provided with proof of its status by or on behalf of the appropriate authority. For the period the Union database for regulated agents and known consignors cannot accommodate entries with regard to EU aviation security validators, the appropriate authority shall communicate the necessary details of the EU aviation security validator to the Commission, which shall make them available to all Member States. Approved EU aviation security validators shall be recognised by all Member States. If an EU aviation security validator demonstrates it no longer meets the requirements referred to (in points 11.6.3.1 or 11.6.3.5), the appropriate authority/authorities that approved it shall withdraw approval and remove the validator from the 'Union database for regulated agents and known consignors'. Industry associations and entities under their responsibility operating quality assurance programmes may be approved as EU aviation security validators provided equivalent measures of those programmes ensure impartial and objective validation. Recognition shall be done in cooperation of the appropriate authorities of at least two Member States. The Commission may recognise validation activities undertaken by authorities or aviation security validators under the jurisdiction of and recognised by a third country or an international organisation where it can confirm their equivalency to EU aviation security validation. A list thereof shall be kept in Attachment 6Fiii. 4.4.5 Implication of the training requirements Although the training of EU aviation security validators is the responsibility of the appropriate authorities, it is believed to be unlikely that more than a very small number of Member States will actually provide such training. The majority of Member States are expecting that this task will be taken on by one or more third parties. This will avoid the requirement for these Member States to address the issue of training of instructors and limit their involvement in launching the programme to making available Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 18
Lead Partner Task Leader Project to interested parties the names of the EU aviation 28 security validators listed in the Union database of regulated agents and known consignors. It is questionable if the above will satisfy the Commission when it reviews responses to how Member States contribute to the implementation of the regulation? 1 Furthermore, the Commission envisages that in the longer term the business opportunities offered will encourage corporate entities to request approval from Member States as EU aviation security validators. It is not clear that many, if any, of the relevant certification authorities active in the aviation field and/or other related audit fields will in fact participate in the scheme. This view is supported by discussions that has convened with relevant certification concerns, and by the fact that IATA, although prepared to provide training courses for EU aviation security validators, has taken a decision not to offer to perform EU aviation security validations, notwithstanding that this could be offered as an additional element of the existing IATA Operational Safety Audit (IOSA) programme 29. Therefore it must be assumed that the majority of EU independent security validators being trained would in fact be private individuals 30. If this proves to be the case, the complexity associated with performing third country validations will actually be considerably increased. Although not written expressly in the New ACC3 Regulation, the drafters of the regulation have assumed that two validators will be required for each on-site third country validation one (junior) validator who will document the validation (completing the validator checklist) and a more experienced validator who will interview the applicant and review the security measures and procedures. 31 This requirement, with add further complexity to the validation process, and render the logistics associated with multiple validations at one third country airport location difficult. If only individual validators are involved, how will an ACC3, or regulated agent contract for the validation - will it nominate a senior validator who will bring a junior validator as his or her subcontractor? 28 It is not known when this addition to the functionality of the Union database will become operational. 29 Early in the discussion of the New ACC3 Regulation, IATA explained to the Commission that some 30 IOSA auditors, who with minimal additional training by IOSA would be able to undertake aviation security audits. 30 If EU aviation security validator training is not being provided by Member State appropriate authorities, it is not clear who in fact will pay the costs of these courses will private individuals be willing to invest in such training? 31 To a large extent, this challenge is associated with the validation check-list included in the regulation (currently only for ACC3s), which requires an interview process; rather than performing an inspection where the inspected party provides documentary evidence of its operational processes and procedures, this is review by the inspector prior to an on-site visit, and Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 19
Lead Partner Task Leader Project The alternative that would be generally preferred by the EU air cargo industry would be the utilization of appropriate authority air cargo inspectors to perform validations. It is questionable if there are more than a small handful of appropriate authorities that will be able to rapidly increase their air cargo inspection staff to train and make available sufficient develop sufficient third country validation capacity. Herein lies the opportunity for early-adopter appropriate authorities. 5. BSR leadership in EU aviation security validation Taking into account the challenges described in Section 4 above, it would appear that some form of higher-level coordination, at the level of one or more airports, would greatly assist in reducing the logistic and coordination efforts that will inevitably be associated with the launch of the EU aviation security validation scheme as envisaged by the new Regulation. Such an approach will in addition help to reduce the efforts and costs that will be incurred by the international regulated agent community in complying with the New ACC3 Regulation. Member States are required to make efforts regarding the recruitment and training of EU aviation security validators and rapidly start performing the required validations. The majority of the Member States are relying on organisations such as IATA to provide such training, however there remain issues as to when this IATA training will start, and how will it be funded by Member States, and/or by private individuals wishing to become EU aviation security validators. Due to the complexity of performing EU aviation security validations for international air cargo entities in third countries with differing regulatory environments, on behalf of the EU appropriate authority that has designated each ACC3,it would be most beneficial if airport operators, where the validations are required to be completed, will be proactive in establishing co-ordination efforts for their own airport and as such negotiate centrally with EU aviation security validators, and with the entities requiring validation at their airports. This will ensure a smooth, efficient and lower cost validation process. This is the view of both the EU air carriers and regulated agent communities. It is especially relevant for the regulated agent stakeholders, who are particularly uneasy with permitting ACC3s (who are still today considered by regulated agents as Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 20
Lead Partner Task Leader Project competitors) to assume responsibility for performing (possibly) multiple validations of their operations at third country airports. Regulated agent stakeholders understand that they need to move forward with obtaining EU aviation security validation, but they are not knowledgeable as to how to do so 32. Table 1 provides an initial list of challenges identified by and the definition of corresponding third country approaches that could be put in place by early adopter third countries. Table 1 - Challenges and approaches Challenge/Opportunity Resources to be developed/acquired Baltic Air Cargo Approach 1. Awareness of regulatory Procedures and materials for Third country airport impact in BSR Airports introducing managers in BSR airports authority to ACC3 introductory the requirements of the New ACC3 materials regulation 2. Support for BSR Airport Structured approach, Third country airport EU Managers in ensuring that their methodology, and related administrative aviation security validation clients ( ACCs, RAs and KC3s actions to support validation logistics, guide meet the EU deadline coordination and cooperation It should be noted that there is a considerable overlap with respect to the information collection and dissemination aspects of each of the proposed approaches. The remainder of this Section 5 will address the approaches that could be implemented as an element of the Baltic Air Cargo net programme. The discussion for each of the above challenges will be structured as follows: Background and objectives Benefit for BSR Description of the approach 32 One of the issues affecting regulated agents who wish to be pro-active in being validated will be from whom they can obtain information about the programme and details of approved EU aviation security validators, especially during the initial stage of the programme. To which appropriate authority should a regulated agent who wishes to be validated apply? There is no dispensation regarding the possibility of validation at a representative number of third country locations (as for ACC3s) the pressure on regulated agents could initially greater than that on ACC3s. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 21
Lead Partner Task Leader Project 5.1 Third country civil aviation authority and airport awareness materials Background and objectives One of the major tasks that must be performed to promote the New ACC3 Regulation will be educating the airport authorities in third countries on the requirements of the Regulation, and preparing the ground for the arrival of EU aviation security validators who will visit these airports. This will enable the airports to be pro-active, and to establish the procedures and processes that will support the validation of the air carriers and other entities operating at their airports. awareness. In addition third country authorities could benefit from cargo screening Benefit for BSR BSR will be recognized as supporting the efforts of the European Commission to enhance air cargo security and this will increase the standing of BSR with third country aviation authorities who will view BSR airports as pioneers in the implementation of the new ACC3 Regulation and as sources of as expertise relating to the new ACC3 regulation. BSR airports will be able to invite their colleagues from other regions to see how they are implementing the New ACC3 Regulation. Furthermore BSR airport managers will be able to present the actions that they have taken to implement the new ACC3 Regulation to international professional forums. Description of the approach Preparation of materials for introducing third country airport managers to the requirements of the New ACC3 regulation Delivery of materials at one location, and update after feedback 5.2 Third country validation preparations Background and objectives It is unlikely that many EU aviation security validators, for reasons suggested in section 4 above, will be available to perform validations prior to the end of the Baltic Air Cargo project. Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 22
Lead Partner Task Leader Project It is therefore proposed that the participants at one BRS airport be prepared for the future validation process prior to the end of the project, This will enable the Baltic Air Cargo net project to prepare materials and an approach to address issues related to logistics and coordination at BRS airports, and to provide awareness training to the entities that will require validation to ensure that when a formal EU aviation security validation is undertaken, it will be efficient, effective and successful. Furthermore, the success of the new Regulation will be determined, to a large extent, by the ability of the industry and Member States to jointly perform airport visits, where a number of validations can be performed on the ACC3s, regulated agents and known consignors operating out of a particular third country airport. The provision of third country validation preparations would permit the development of procedures, process and tools to support the validation process. Benefit for BSR BSR airport authorities could develop capabilities that will permit all airports in the BSR to benefit from the implementation of the New ACC3 Regulation. This will provide an important example of the benefits for BSR airports from the Baltic Air Cargo Net programme. In addition BSR airports could offer support tailored to the requirements of regulated agents/cargo handling agents needs, which differ significantly from those of ACC3s. Description of the product/service offering This approach could include: 1. Publishing of air cargo security newsletters discussion the new ACC3 regulation and implementation issues/concerns 2. Preparation of EU aviation security validation guides for BSR airport managers Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 23
Lead Partner Task Leader Project Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 24
Lead Partner Task Leader Project 6. Appendix New ACC3 Regulation and Validation Checklist (External PDF File) Work Package 3.4 Air Cargo Security PART B.1 ACC3 Regulation Impact on BSR Airports Page: 25
EN 11.7.2013 Official Journal of the European Union L 190/1 II (Non-legislative acts) REGULATIONS COMMISSION IMPLEMENTING REGULATION (EU) No 654/2013 of 10 July 2013 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation checklists for third country entities (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EC) No 300/2008 of the European Parliament and the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 ( 1 ) and in particular Article 4(3) thereof, Whereas: (1) Commission Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security ( 2 ) contains detailed rules for EU aviation security validation. (2) Checklists are the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU/EEA bound air cargo or air mail. It is necessary to add two further checklists to the existing ones in order to establish full implementation of the EU aviation security validation regime. (3) Regulation (EU) No 185/2010 should therefore be amended accordingly. (4) The measures provided for in this Regulation are in accordance with the opinion of the Committee on Civil Aviation Security set up by Article 19(1) of Regulation (EC) No 300/2008. HAS ADOPTED THIS REGULATION: Article 1 The Annex to Regulation (EU) No 185/2010 is amended in accordance with the Annex to this Regulation. Article 2 This Regulation shall enter into force on the date of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, 10 July 2013. For the Commission The President José Manuel BARROSO ( 1 ) OJ L 97, 9.4.2008, p. 72. ( 2 ) OJ L 55, 5.3.2010, p. 1.
EN L 190/2 Official Journal of the European Union 11.7.2013 ANNEX The Annex to Regulation (EU) No 185/2010 is amended as follows: 1) The following Attachment is inserted after Attachment 6-C: ATTACHMENT 6-C2 VALIDATION CHECKLIST FOR THIRD COUNTRY EU AVIATION SECURITY VALIDATED REGULATED AGENTS Third country entities have the option to become part of an ACC3 s (Air cargo or mail carrier operating into the Union from a third country airport) secure supply chain by seeking designation as a third country EU aviation security validated Regulated Agent (RA3). An RA3 is a cargo handling entity located in a third country that is validated and approved as such on the basis of an EU aviation security validation. An RA3 shall ensure that security controls including screening where applicable have been applied to consignments bound for the European Union and the consignments have been protected from unauthorised interference from the time that those security controls were applied and until the consignments are loaded onto an aircraft or are otherwise handed over to an ACC3 or other RA3. The prerequisites for carrying air cargo or air mail into the Union (*) or Iceland, Norway and Switzerland are required by Regulation (EU) No 185/2010. The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU/EEA bound air cargo or air mail (**) by or under the responsibility of the entity seeking designation as an RA3. The checklist is to be used only in the cases specified in point 6.8.4.1(b) of the Annex to Regulation (EU) No 185/2010. In the cases specified in point 6.8.4.1(a) of that Annex, the EU aviation security validator shall use the ACC3 checklist. If the EU aviation security validator concludes that the entity has succeeded in complying with the objectives referred to in this checklist, a validation report shall be given to the validated entity. The validation report shall state that the entity is designated Third Country EU aviation security validated Regulated Agent (RA3). The RA3 shall be able to use the report in its business relations with any ACC3. Integral parts of the validation report shall include at least all of the following: (a) the completed checklist (attachment 6-C2 set out in the Annex to Regulation (EU) No 185/2010) signed by the EU aviation security validator and where applicable commented by the validated entity; (b) the declaration of commitments (Attachment 6-H2 set out in the Annex to Regulation (EU) No 185/2010) signed by the validated entity; (c) an independence declaration (Attachment 11-A set out in the Annex to Regulation (EU) No 185/2010) in respect of the entity validated signed by the EU aviation security validator. Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report s integrity. By default, the validation report shall be in English. Part 5 Screening and Part 6 High risk cargo or mail (HRCM) shall be assessed against the requirements of Chapters 6.7 and 6.8 of the Annex to Regulation (EU) No 185/2010. For those parts that cannot be assessed against the requirements of Regulation (EU) No 185/2010, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted). If the EU aviation security validator concludes that the entity has failed to comply with the objectives referred to in this checklist, the entity shall receive a copy of the completed checklist stating the deficiencies.
EN 11.7.2013 Official Journal of the European Union L 190/3 Completion notes: (1) All parts of the checklist must be completed. Where no information is available, this must be explained. (2) After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met. 1.1. Date(s) of validation PART 1 Identification of the entity validated and the validator Use exact date format, such as 01.10.2012 to 02.10.2012 dd/mm/yyyy 1.2. Date of previous validation where applicable dd/mm/yyyy Previous RA3 registration number, where available AEO certificate/c-tpat status/other certifications, where available 1.3. Aviation security validator information Name Company/Organisation/Authority Unique Alphanumeric Identifier (UAI) E-mail address Telephone number including international codes 1.4. Name of entity Name Company number (e.g. commercial register identification number, if applicable) Number/Unit/Building Street Town Postcode State (where relevant) Country P.O. Box address, if applicable 1.5. Main address of organisation (if different from site to be validated) Number/Unit/Building Street Town Postcode
EN L 190/4 Official Journal of the European Union 11.7.2013 State (where relevant) Country P.O. Box address, if applicable 1.6. Nature of business More than one business type may be applicable a) air cargo only b) air and other modes of transport c) freight forwarder with cargo premises d) freight forwarder without cargo premises e) handling agent f) others 1.7. Does the applicant? a) receive cargo from another 3rd country regulated agent b) receive cargo from 3rd country known consignors c) receive cargo from 3rd country account consignors d) receive exempted cargo e) screen cargo f) store cargo g) other, please specify 1.8. Approximate number of employees on site Number 1.9. Name and title of person responsible for third country air cargo/air mail security Name Job title E-mail address Telephone number including international codes PART 2 Organisation and responsibilities of the third country EU aviation security validated regulated agent Objective: No air cargo or air mail shall be carried to the EU/EEA without being subject to security controls. Cargo and mail delivered by an RA3 to an ACC3 or another RA3 may only be accepted as secure cargo or mail if such security controls are applied by the RA3. Details of such controls are provided in the following Parts of this checklist. The RA3 shall have procedures in place to ensure that appropriate security controls are applied to all EU/EEA bound air cargo and air mail and that secure cargo or mail is protected until being transferred to an ACC3 or another RA3. Security controls shall consist of one of the following: (a) Physical screening which shall be of a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment;
EN 11.7.2013 Official Journal of the European Union L 190/5 (b) Other security controls, part of a supply chain security process, that reasonably ensure that no prohibited articles are concealed in the consignment and which have been applied by another RA3, KC3 or AC3 designated by the RA3. Reference: Point 6.8.3. 2.1. Has the entity established a security programme? YES or NO If NO go directly to point 2.5. 2.2. Entity security programme Date use exact format dd/mm/yyyy Version Is the security programme submitted and/or approved by the appropriate authority of the state of the entity? If YES please describe the process. 2.3. Does the security programme sufficiently cover the elements mentioned in the checklist (parts 3 to 9)? YES or NO If NO, describe why detailing the reasons 2.4. Is the security programme conclusive, robust and complete? YES or NO If NO, specify the reasons 2.5. Has the entity established a process to ensure that air cargo or air mail is submitted to appropriate security controls before being transferred to an ACC3 or another RA3? YES or NO If YES, describe the process 2.6. Has the entity a management system (e.g. instruments, instructions) in place to ensure that the required security controls are implemented? YES or NO If YES, describe the management system and explain if it is approved, checked or provided by the appropriate authority or another entity. If NO, explain how the entity ensures that security controls are applied in the required manner. 2.7. Conclusions and general comments on the reliance, conclusiveness and robustness of the process. Comments from the entity Comments from the EU aviation security validator PART 3 Staff recruitment and training Objective: To ensure the required security controls are applied, the RA3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to secured air cargo must possess all the competencies required to perform their duties and shall be appropriately trained.
EN L 190/6 Official Journal of the European Union 11.7.2013 To fulfil that objective, the RA3 shall have procedures in place to ensure that all staff (permanent, temporary, agency staff, drivers, etc.) with direct and unescorted access to air cargo/air mail to which security controls are being or have been applied: (a) have been subject to initial and recurrent pre-employment checks and/or background checks, which are at least in accordance with the requirements of the local authorities of the RA3 premise validated; and (b) have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the RA3 premise validated. Note: A background check means a check of a person s identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual s suitability to implement a security control and/or for unescorted access to a security restricted area (ICAO Annex 17 definition). A pre-employment check shall establish the person s identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding 5 years (Union definition). Reference: Point 6.8.3.1. 3.1. Is there a procedure ensuring that all staff with direct and unescorted access to secured air cargo/air mail is subject to a pre-employment check that assesses background and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. 3.2. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 3.3. Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. 3.4. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details)
EN 11.7.2013 Official Journal of the European Union L 190/7 Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 3.5. Do staff with direct and unescorted access to secured air cargo/air mail receive security training before being given access to secured air cargo/air mail? YES or NO If YES, describe the elements and duration of the training 3.6. Do staff that accept, screen and/or protect air cargo/air mail receive specific job-related training? YES or NO If YES, describe the elements and durations of training courses. 3.7. Do staff referred to in points 3.5 and 3.6 receive recurrent training? YES or NO If YES, specify the elements and the frequency of the recurrent training 3.8. Conclusion: do the measures concerning staff recruitment and training ensure that all staff with access to secured air cargo/air mail have been properly recruited and trained to a standard sufficient to be aware of their security responsibilities? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 4 Acceptance procedures Objective: The RA3 may receive cargo or mail from another RA3, a KC3, an AC3 or from an unknown consignor. The RA3 shall have appropriate acceptance procedures for cargo and mail in place in order to establish whether a consignment comes from a secure supply chain or not and subsequently which security measures need to be applied to it. An RA3 may maintain a database giving at least the following information for each regulated agent or known consignor that has been subject to EU aviation security validation in accordance with point 6.8.4.1, from which it directly accepts cargo or mail to be delivered to an ACC3 for carriage into the Union: (a) the company details, including the bona fide business address, (b) the nature of the business, excluding business sensitive information, (c) contact details, including those of the person(s) responsible for security, (d) the company registration number, if applicable, (e) where available, the validation report. Reference: Points 6.8.3.1 and 6.8.4.3. Note: An RA3 may only accept cargo from an AC3 as secure cargo, if this RA3 has designated this consignor itself as AC3 and accounts for the cargo delivered by this consignor.
EN L 190/8 Official Journal of the European Union 11.7.2013 4.1. When accepting a consignment, does the entity establish whether it comes from another RA3, a KC3, an AC3 or an unknown consignor? YES or NO If YES, how? 4.2. Does the entity establish and maintain a database containing information for each RA3, KC3 and AC3 from which it directly accepts air cargo or air mail to be delivered to an ACC3 for carriage into the Union? YES or NO If YES, specify the information included in the database. If NO, how does the entity know that cargo comes from another RA3, KC3 or AC3? 4.3. Does the entity designate consignors as AC3? YES or NO If YES, describe the procedure and the safeguards required by the entity from the consignor. 4.4. When accepting a consignment, does the entity establish whether its destination is an EU/EEA airport? YES or NO explain 4.5. If YES does the entity submit all air cargo or air mail to the same security controls when the destination is an EU/EEA airport? YES or NO If YES, describe the procedure 4.6. When accepting a consignment, does the entity establish whether it is to be regarded as high risk cargo and mail (HRCM) (see definition in part 6), including for consignments that are delivered by other modes of transport than by air? YES or NO If YES, how?describe the procedure 4.7. When accepting a secured consignment, does the validated entity establish whether it has been protected from unauthorised interference and/or tampering? YES or NO If YES, describe (seals, locks, inspection, etc.) 4.8. Is the person making the delivery required to present an official identification document containing a photo? YES or NO 4.9. Is there a process in place to identify consignments that require screening? YES or NO If YES, how? 4.10. Conclusion: Are the acceptance procedures sufficient to establish that air cargo/air mail to an EU/EEA airport destination comes from a secure supply chain or needs to be subject to screening?
EN 11.7.2013 Official Journal of the European Union L 190/9 YES or NO If NO, specify reasons Comments from the entity Comments from EU aviation security validator PART 5 Screening Objective: Where the RA3 accepts cargo and mail which does not come from a secure supply chain, the RA3 needs to subject these consignments to appropriate screening before it may be delivered to an ACC3 as secure cargo. The RA3 shall have procedures in place to ensure that EU/EEA bound air cargo and air mail for transfer, transit or unloading at an Union airport is screened by the means or methods referred to in Union legislation to a standard sufficient to reasonably ensure that it contains no prohibited articles. Where screening of air cargo or air mail is performed by or on behalf of the appropriate authority in the third country, the RA3 shall declare this fact and specify the way adequate screening is ensured. Note: Although point 6.8.3.2 allows applying ICAO standards as a minimum to implement the provisions of point 6.8.3.1 until 30 June 2014, the EU aviation security validation takes into account the EU screening requirements, even if the validation is performed before 1 July 2014. Reference: Point 6.8.3. 5.1. Is screening applied on behalf of the entity by another entity? YES or NO If YES, Specify the nature of these entities and provide details: Private screening company Government regulated company Government screening facility or body Other Specify the nature of the agreement/contract between the validated entity and the entity that applies the screening on its behalf. 5.2. What methods of screening are used for air cargo and mail? Specify, including details of equipment used for screening air cargo and air mail (e.g. manufacturer, type, software version, standard, serial number etc.) for all the methods deployed. 5.3. Is the equipment or method (e.g. explosive detection dogs) used included in the most recent EU, ECAC or TSA compliance list? YES or NO If YES, provide details If NO, give details specifying the approval of the equipment and date thereof, as well as any indications that it complies with EU equipment standards.
EN L 190/10 Official Journal of the European Union 11.7.2013 5.4. Is the equipment used in accordance with the manufacturers CONOPS (concept of operations) and is the equipment regularly tested and maintained? YES or NO If YES, describe the process 5.5. Is the nature of the consignment taken into consideration during screening? YES or NO If YES, describe how it is ensured that the screening method selected is employed to a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment. 5.6. Is there a process for the resolution of the alarm generated by the screening equipment? (For some equipment (e.g. X-ray equipment), the alarm is triggered by the operator himself). YES or NO If YES, describe the process of resolving alarms to reasonably ensure the absence of prohibited articles. If NO, describe what happens to the consignment 5.7. Are any consignments exempt from security screening? YES or NO 5.8. Are there any exemptions that do not comply with the Union list? YES or NO If YES, detail 5.9. Is access to the screening area controlled to ensure that only authorised and trained staff are granted access? YES or NO If YES, describe 5.10. Is an established quality control and/or testing regime in place? YES or NO If YES, describe 5.11. Conclusion: Is air cargo/air mail screened by one of the means or methods listed in point 6.2.1 of Decision 2010/774/EU to a standard sufficient to reasonably ensure that it contains no prohibited articles? YES or NO If NO, specify reason Comments from the entity Comments from the EU aviation security validator PART 6 High Risk Cargo or Mail (HRCM) Objective: Consignments which originate from or transfer in locations identified as high risk by the Union or which appear to have been significantly tampered with are to be considered as high risk cargo and mail (HRCM). Such
EN 11.7.2013 Official Journal of the European Union L 190/11 consignments have to be screened in line with specific instructions. The RA3 shall have procedures in place to ensure that EU/EEA bound HRCM is identified and subject to appropriate controls as defined in the Union legislation. The ACC3 to which the RA3 delivers air cargo or mail for transportation shall be authorised to inform the RA3 about the latest state of relevant information on high risk origins. The RA3 shall apply the same measures, irrespective of whether it receives high risk cargo and mail from an air carrier or through other modes of transportation. Reference: Point 6.7. Note: HRCM cleared for carriage into the EU/EEA shall be issued the security status SHR, meaning secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements. 6.1. Do staff responsible for performing security controls know which air cargo and mail is to be treated as high risk cargo and mail (HRCM)? YES or NO If YES, describe 6.2. Does the entity have procedures in place for the identification of HRCM? YES or NO If YES, describe 6.3. Is HRCM subject to HRCM screening procedures according to Union legislation? YES or NO If NO, indicate procedures applied 6.4. After screening, does the entity issue a security status declaration for SHR in the documentation accompanying the consignment? YES or NO If YES, describe how security status is issued and in which document 6.5. Conclusion: Is the process put in place by the entity relevant and sufficient to ensure that all HRCM has been properly treated before loading? YES or NO If NO, specify reason Comments from the entity Comments from EU aviation security validator PART 7 Protection of secured air cargo and mail Objective: The RA3 shall have procedures in place to ensure EU/EEA bound air cargo and/or air mail is protected from unauthorised interference and/or any tampering from the point of security screening or other security controls are applied or from the point of acceptance after screening or security controls have been applied, until loading or transferring to an ACC3 or another RA3. If previously secured air cargo and mail is not protected afterwards, it may not be loaded or transferred to an ACC3 or another RA3 as secure cargo or mail. Protection can be provided by different means such as physical (barriers, locked rooms, etc.), human (patrols, trained staff, etc.) and technological (CCTV, intrusion alarm, etc.).
EN L 190/12 Official Journal of the European Union 11.7.2013 EU/EEA bound secured air cargo or mail should be separated from air cargo or mail which is not secured. Reference: Point 6.8.3.1. 7.1. Is protection of secured air cargo and air mail applied on behalf of the validated entity by another entity? YES or NO If YES, Specify the nature of these entities and provide details: Private screening company Government regulated company Government screening facility or body Other 7.2. Are security controls and protection in place to prevent tampering during the screening process? YES or NO If YES, describe Specify what kind(s) of protection(s) are put in place: Physical (fence, barrier, building of solid construction, etc.) Human (patrols etc.) Technological (CCTV, alarm system, etc.) And explain how they are organised. 7.3. Is the secure air cargo/air mail only accessible to authorised persons? YES or NO If YES, describe Specify how all access points (including doors and windows) to identifiable and secured air cargo/air mail are controlled. 7.4. Are there procedures in place to ensure EU/EEA bound air cargo/air mail to which security controls have been applied are protected from unauthorised interference from the time it has been secured until its loading or is transferred to an ACC3 or another RA3? YES or NO If YES, describe how it is protected (physical, human, technological, etc.) Specify also if the building is of solid construction and what kinds of materials are used, if available. If NO, specify reasons 7.5. Conclusion: Is the protection of consignments sufficiently robust to prevent unlawful interference? YES or NO
EN 11.7.2013 Official Journal of the European Union L 190/13 If NO, specify reason Comments from the entity Comments from EU aviation security validator PART 8 Documentation Objective: The security status of a consignment shall be indicated in the documentation accompanying the consignment, either in the form of an air waybill, equivalent postal documentation or in a separate declaration and either in an electronic format or in writing. The security status shall be issued by the RA3. Reference: Points 6.3.2.6(d) and 6.8.3.4. Note: the following security statuses may be indicated: SPX, meaning secure for passenger, all-cargo and all-mail aircraft, or SCO, meaning secure for all-cargo and all-mail aircraft only, or SHR, meaning secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements. 8.1. Does the entity specify in the accompanying documentation (e.g. air waybill) the status of the cargo and how this was achieved? YES or NO If NO, explain 8.2. Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation which specifies the correct security status? YES or NO If NO, specify reason Comments from the entity Comments from EU aviation security validator PART 9 Transportation Objective: Air cargo and air mail must be protected from unauthorised interference or tampering from the time it has been secured until its loading or is transferred to an ACC3 or another RA3. This includes protection during transportation to the aircraft, otherwise to the ACC3 or to another RA3. If previously secured air cargo and mail is not protected during transportation, it may not be loaded or transferred to an ACC3 or another RA3 as secure cargo. During transportation to an aircraft, an ACC3 or another RA3, the RA3 is responsible for the protection of the secure consignments. This includes cases where the transportation is undertaken by another entity, such as a freight forwarder, on its behalf. This does not include cases whereby the consignments are transported under the responsibility of an ACC3 or another RA3. Reference: Point 6.8.3. 9.1. How is the air cargo/air mail conveyed to the ACC3/another RA3? (a) Validated entity s own transport? YES or NO
EN L 190/14 Official Journal of the European Union 11.7.2013 (b) Other RA3 s/acc3 s transport? YES or NO (c) Contractor used by the validated entity? YES or NO 9.2. Is the air cargo/air mail tamper evidently packed? YES or NO If YES, how 9.3. Is the vehicle sealed or locked before transportation? YES or NO If YES, how 9.4. Where numbered seals are used, is access to the seals controlled and are the numbers recorded? YES or NO If YES, specify how 9.5. If applicable, does the respective haulier sign the haulier declaration? YES or NO 9.6. Has the person transporting the cargo been subject to specific security controls and awareness training before being authorised to transport secured air cargo and/or air mail? YES or NO If YES, please describe what kind of security controls (pre-employment check, background check, etc.) and what kind of training (security awareness training, etc.). 9.7. Conclusion: Are the measures sufficient to protect air cargo/air mail from unauthorised interference during transportation? YES or NO If NO, specify reasons Comments from the entity Comments from EU aviation security validator PART 10 Compliance Objective: After assessing the nine previous parts of this checklist, the EU aviation security validator has to conclude if its on-site verification confirms the implementation of the security controls in compliance with the objectives listed in this checklist for the EU/EEA bound air cargo/air mail. Two different scenarios are possible. The EU aviation security validator concludes that the entity: (a) has succeeded in complying with the objectives referred to in this checklist. The validator shall provide the validated entity with the original of the validation report and state that the entity is designated EU aviation security validated 3rd country regulated agent; (b) has failed in complying with the objectives referred to in this checklist. In that case, the entity is not authorised to deliver secured air cargo or mail for EU/EEA destination to an ACC3 or another RA3. It shall receive a copy of the completed checklist stating the deficiencies.
EN 11.7.2013 Official Journal of the European Union L 190/15 In general, the EU aviation security validator has to decide if cargo and mail handled by the validated entity is treated in such a way that at the moment it is delivered to an ACC3 or another RA3 it may be deemed to be secure to be flown to the EU/EEA in accordance with the applicable Union regulations. The EU aviation security validator has to keep in mind that the assessment is based on an overall objective-based compliance methodology. 10.1. General conclusion: Assessment (and notification) (highlight the one that applies) If it is a PASS the entity will be considered designated as a 3rd country EU aviation security validated regulated agent (RA3). Pass/Fail Where the overall assessment is a fail, list below the areas where the entity fails to achieve the required standard of security or has a specific vulnerability. Also, advice on the adjustments needed to achieve the required standard and thus to pass. Comments from EU aviation security validator Comments from the entity Name of the validator: Date: Signature: ANNEX List of persons and entities visited and interviewed Providing the name of the entity, the name of the contact person and the date of the visit or interview. Name of entity Name of contact person Date of visit/interview (*) European Union Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom. (**) EU/EEA bound air cargo/air mail/aircraft in this validation checklist is equivalent to EU and Iceland, Norway and Switzerland bound air cargo/air mail/aircraft. 2) The following Attachment is inserted after Attachment 6-C3: ATTACHMENT 6-C4 VALIDATION CHECKLIST FOR THIRD COUNTRY EU AVIATION SECURITY VALIDATED KNOWN CONSIGNORS Third country entities have the option to become part of an ACC3 s (Air cargo or mail carrier operating into the Union from a third country airport) secure supply chain by seeking designation as a third country EU aviation security validated
EN L 190/16 Official Journal of the European Union 11.7.2013 Known Consignor (KC3). A KC3 is a cargo handling entity located in a third country that is validated and approved as such on the basis of an EU aviation security validation. A (KC3) shall ensure that security controls have been applied to consignments bound for the Union and the consignments have been protected from unauthorised interference from the time that those security controls were applied and until transferring to an ACC3 or a third country EU aviation security validated regulated agent (RA3). The prerequisites for carrying air cargo or air mail into the Union (EU) or Iceland, Norway and Switzerland are required by Regulation (EU) No 185/2010 as amended by Implementing Regulation (EU) No 859/2011 and Commission Implementing Regulation (EU) No 1082/2012 (*). The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU/EEA bound air cargo or air mail by or under the responsibility of the entity seeking designation as a KC3. The checklist is to be used only in the cases specified in point 6.8.4.1(b) of the Annex to Regulation (EU) No 185/2010. In cases specified in point 6.8.4.1(a) of said Annex, the EU aviation security validator shall use the ACC3 checklist. If the EU aviation security validator concludes that the entity has succeeded in complying with the objectives in this checklist, a validation report shall be given to the validated entity. The validation report shall state that the entity is designated third country EU aviation security validated known consignor (KC3). The KC3 shall be able to use the report in its business relations with any ACC3 and any RA3. Integral parts of the validation report shall include at least all of the following: (a) the completed checklist (attachment 6-C4 set out in the Annex to Regulation (EU) No 185/2010) signed by the EU aviation security validator and where applicable commented by the validated entity; (b) the declaration of commitments (Attachment 6-H3 set out in the Annex to Regulation (EU) No 185/2010) signed by the validated entity; and (c) an independence declaration (Attachment 11-A set out in the Annex to Regulation (EU) No 185/2010) in respect of the entity validated signed by the EU aviation security validator. Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report s integrity. By default, the validation report shall be in English. For those parts that cannot be assessed against the requirements of Regulation (EU) No 185/2010, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted). If the EU aviation security validation concludes that the entity has failed to comply with the objectives referred to in this checklist, this entity shall receive a copy of the completed checklist stating the deficiencies. Completion notes: (1) All parts of the checklist must be completed. Where no information is available, this must be explained. (2) After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met. PART 1 Organisation and responsibilities 1.1. Date(s) of validation Use exact date format, such as 01.10.2012 to 02.10.2012 dd/mm/yyyy 1.2. Date of previous validation where applicable. dd/mm/yyyy Previous KC3 registration number, where available
EN 11.7.2013 Official Journal of the European Union L 190/17 AEO certificate/c-tpat status/other certifications, where available 1.3. Aviation security validator information Name Company/Organisation/Authority Unique Alphanumeric Identifier (UAI) E-mail address Telephone number including international codes 1.4. Name of entity Name Company number (e.g. commercial register identification number, if applicable) Number/Unit/Building Street Town Postcode State (where relevant) Country P.O. Box address, if applicable 1.5. Main address of organisation (if different from site to be validated) Number/Unit/Building Street Town Postcode State (where relevant) Country P.O. Box address, is applicable 1.6. Nature of business Types of cargo processed What is the nature of business(es) type of cargo processed in the applicant s premises? 1.7. Is the applicant responsible for? a) Production b) Packing c) Storage d) Despatch e) Other, please specify 1.8. Approximate number of employees on site Number
EN L 190/18 Official Journal of the European Union 11.7.2013 1.9. Name and title of person responsible for third country air cargo/air mail security Name Job title E-mail address Telephone number including international codes PART 2 Organisation and responsibilities of the third country EU aviation security validated known consignor Objective: No air cargo or air mail shall be carried to the EU/EEA without being subject to security controls. Cargo and mail delivered by a KC3 to an ACC3 or RA3 may only be accepted as secure cargo or mail if such security controls are applied by the KC3. Details of such controls are provided by the following Parts of this checklist. The KC3 shall have procedures in place to ensure that appropriate security controls are applied to all EU/EEA bound air cargo and air mail and that secure cargo or mail is protected until being transferred to an ACC3 or a RA3. Security controls shall consist of measures that reasonably ensure that no prohibited articles are concealed in the consignment. Reference: Point 6.8.3. 2.1. Has the entity established a security programme? YES or NO If NO, go directly to point 2.5 2.2. Entity security programme information Date use exact format dd/mm/yyyy Version Is the security programme submitted to and/or approved by the appropriate authority of the state in which the entity is located? If YES, please describe the process. 2.3. Does the security programme sufficiently cover the elements mentioned in the checklist (parts 4 to 11)? YES or NO If NO, describe why, detailing the reasons 2.4. Is the security programme conclusive, robust and complete? YES or NO If NO, specify the reasons 2.5. Has the entity established a process to ensure that EU/EEA bound air cargo or air mail is submitted to appropriate security controls before being transferred to an ACC3 or an RA3? YES or NO If YES, describe the process
EN 11.7.2013 Official Journal of the European Union L 190/19 2.6. Has the entity a management system (e.g. instruments, instructions, etc.) in place to ensure that the required security controls are implemented? YES or NO If YES, describe the management system and explain if it is approved, checked or provided by the appropriate authority or other entity. If NO, explain how the entity ensures that security controls are applied in the required manner. 2.7. Conclusions and general comments on the reliance, conclusiveness and robustness of the process. Comments from the entity Comments from the EU aviation security validator PART 3 Identifiable air cargo/air mail ( Targetability ) Objective: To establish the point (or place) where cargo/mail becomes identifiable as air cargo/air mail. Targetability is defined as being able to assess when/where the cargo/mail is identifiable as air cargo/air mail. 3.1. By inspection of the production, packing, storage, selection, despatch and any other relevant areas, ascertain where and how a consignment of EU/EEA bound air cargo/air mail becomes identifiable as such. Describe Comments from the entity Comments from the EU aviation security validator N.B. Detailed information should be given on the protection of identifiable air cargo/air mail from unauthorised interference or tampering in Parts 6 to 9. PART 4 Staff recruitment and training Objective: To ensure that the required security controls are applied, the KC3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to identifiable air cargo possesses all the competencies required to perform their duties and are appropriately trained. To fulfil that objective, the KC3 shall have procedures in place to ensure that all staff (permanent, temporary, agency staff, drivers, etc.) with direct and unescorted access to air cargo/air mail to which security controls are being or have been applied: (a) have been subject to initial and recurrent pre-employment checks and/or background checks, which are at least in accordance with the requirements of the local authorities of the KC3 premise validated; and (b) have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the KC3 premise validated. Note: A background check means a check of a person s identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual s suitability to implement a security control and/or for unescorted access to a security restricted area (ICAO Annex 17 definition).
EN L 190/20 Official Journal of the European Union 11.7.2013 A pre-employment check shall establish the person s identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding 5 years (Union definition). Reference: Point 6.8.3.1. 4.1. Is there a procedure ensuring that all staff with access to identifiable air cargo/air mail is subject to a preemployment check that assesses background check and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-emplyment check and state which entity carries it out. 4.2. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 4.3. Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. 4.4. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 4.5. Do staff with access to identifiable air cargo/air mail receive training before being given access to identifiable air cargo/air mail? YES or NO If YES, describe the elements and duration of the training 4.6. Do staff referred to in point 4.5 receive recurrent training? YES or NO
EN 11.7.2013 Official Journal of the European Union L 190/21 If YES, specify the elements and the frequency of the recurrent training 4.7. Conclusion: do measures concerning staff recruitment and training ensure that all staff with access to identifiable EU/EEA bound air cargo/air mail have been properly recruited and trained to a standard sufficient to be aware of their security responsibilities? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 5 Physical security Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail. The entity has to demonstrate how its site or its premises is protected and that relevant access control procedures are in place. It is essential that access to the area where identifiable air cargo/air mail is processed or stored, is controlled. All doors, windows and other points of access to secure EU/EEA bound air cargo/air mail need to be secured or subject to access control. Physical security can be, but is not limited to: Physical obstacles such as fencing or barriers; Technology using alarms and/or CCTV systems; Human security such as staff dedicated to carry out surveillance activities. Reference: Point 6.8.3.1. 5.1. Are all access points to identifiable air cargo/air mail subject to access control and is access limited to authorised persons? YES or NO If YES, how is access controlled? Explain and describe. Multiple answers may be possible. By security staff By other staff Manual checking if persons are allowed to enter the area Electronic access control systems Other, specify If YES, how is it ensured that a person is authorised to enter the area? Explain and describe. Multiple answers may be possible. Use of a company identification card Use of another type of identification card such as passport or driver s licence List of authorised persons used by (security) staff Electronic authorisation, e.g. by use of a chip
EN L 190/22 Official Journal of the European Union 11.7.2013 Distribution of keys or access codes only to authorised personnel Other, specify 5.2. Are all access points to identifiable air cargo/air mail secured? This includes access points which are not permanent in use and points which are normally not used as access points, such as windows YES or NO If YES, how are these points secured? Explain and describe. Multiple answers may be possible. Presence of security staff Electronic access control systems which allow access to one person at a time Barriers, e.g. shutters or locks CCTV system Intruder detection system 5.3. Are there additional measures to enhance the security of the premises in general? YES or NO If YES, explain and describe what they are Fencing or barriers CCTV system Intruder detection system Surveillance and patrols Other, specify 5.4. Is the building of solid construction? YES or NO 5.5. Conclusion: Are the measures taken by the entity sufficient to prevent unauthorised access to those parts of the site and premises where identifiable EU/EEA bound air cargo/air mail is processed or stored? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 6 Production Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering during the production process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail. The entity has to demonstrate that access to the production area is controlled and the production process is supervised. If the product becomes identifiable as EU/EEA bound air cargo/air mail in the course of production, the entity has to show that measures are taken to protect air/cargo/air mail from unauthorised interference or tampering from this stage.
EN 11.7.2013 Official Journal of the European Union L 190/23 Answer these questions where the product can be identified as EU/EEA bound air cargo/air mail in the course of the production process. 6.1. Is access to the production area controlled and limited to authorised persons? YES or NO If YES, explain how the access is controlled and limited to authorised persons 6.2. Is the production process supervised? YES or NO If YES, explain how it is supervised 6.3. Are controls in place to prevent tampering at the stage of production? YES or NO If YES, describe 6.4. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU/EEA bound air cargo/air mail from unauthorised interference or tampering during production? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 7 Packing Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering during the packing process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail. The entity has to demonstrate that access to the packing area is controlled and the packing process is supervised. If the product becomes identifiable as EU/EEA bound air cargo/air mail in the course of packing, the entity has to show that measures are taken to protect air cargo/air mail from unauthorised interference or tampering from this stage. All finished goods need to be checked prior to packing. Answer these questions where the product can be identified as EU/EEA bound air cargo/air mail in the course of the packing process. 7.1. Is access to the packing area controlled and limited to authorised persons? YES or NO If YES, explain how the access is controlled and limited to authorised persons 7.2. Is the packing process supervised? YES or NO If YES, explain how it is supervised 7.3. Are controls in place to prevent tampering at the stage of packing? YES or NO If YES, describe
EN L 190/24 Official Journal of the European Union 11.7.2013 7.4. Describe the finished outer packaging: (a) Is the finshed outer packing robust? YES or NO Describe (b) Is the finished outer packaging tamper evident? YES or NO If YES, describe which process is used to make the packaging tamper evident, for example by use of numbered seals, special stamps or security tape, etc. If NO, describe what protection measures that ensure the integrity of the consignments are taken. 7.5. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU/EEA bound air cargo/air mail from unauthorised interference or tampering during packing? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 8 Storage Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering during storage. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail. The entity has to demonstrate that access to the storage area is controlled. If the product becomes identifiable as EU/EEA bound air cargo/air mail while being stored, the entity has to show that measures are taken to protect air cargo/air mail from unauthorised interference or tampering from this stage. Answer these questions where the product can be identified as EU/EEA bound air cargo/air mail in the course of the storage process. 8.1. Is access to the storage area controlled and limited to authorised persons? YES or NO If YES, explain how the access is controlled and limited to authorised persons 8.2. Is the finished and packed air cargo/air mail stored securely and checked for tampering? YES or NO If YES, describe If NO, explain how the entity ensures that the finished and packed EU/EEA bound air cargo and air mail is protected against unauthorised interference and any tampering.
EN 11.7.2013 Official Journal of the European Union L 190/25 8.3. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU/EEA bound air cargo/air mail from unauthorised interference or tampering during storage? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 9 Despatch Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering during the despatch process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail. The entity has to demonstrate that access to the despatch area is controlled. If the product becomes identifiable as EU/EEA bound air cargo/air mail in the course of despatch, the entity has to show that measures are taken to protect air cargo/air mail from unauthorised interference or tampering from this stage. Answer these questions where the product can be identified as EU/EEA bound air cargo/air mail in the course of the despatch process. 9.1. Is access to the despatch area controlled and limited to authorised persons? YES or NO If YES, explain how the access is controlled and limited to authorised persons 9.2. Who has access to the despatch area? Multiple answers may be possible. Employees of the entity Drivers Visitors Contractors Others, specify 9.3. Is the despatch process supervised? YES or NO If YES, explain how it is supervised 9.4. Are controls in place to prevent tampering in the despatch area? YES or NO If YES, describe 9.5. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU/EEA bound air cargo/air mail from unauthorised interference or tampering during the despatch process? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator
EN L 190/26 Official Journal of the European Union 11.7.2013 PART 10 Consignments from other sources Objective: The KC3 shall have procedures in place to ensure that cargo or mail which it has not originated itself, shall not be forwarded to an ACC3 or an RA3 as secure cargo or mail. A KC3 may pass consignments which it has not itself originated to a RA3 or an ACC3, provided that: (a) they are separated from consignments which it has originated; and (b) the origin is clearly indicated on the consignment or an accompanying documentation. All such consignments must be screened by an RA3 or ACC3 before they are loaded onto an aircraft. 10.1. Does the entity accept consignments of cargo or mail intended for carriage by air from any other entity? YES or NO If YES, how are these consignments kept separate from the company s own cargo or mail and how are they identified to the regulated agent/haulier? Comments from the entity Comments from the EU aviation security validator. PART 11 Transportation Objective: The KC3 shall have procedures in place to ensure identifiable air cargo and/or air mail bound for the EU/EEA is protected from unauthorised interference and/or any tampering during transportation. If such cargo or mail is not protected, it cannot be accepted by an ACC3 or RA3 as secure cargo or mail. During transportation, the KC3 is responsible for the protection of the secure consignments. This includes cases where the transportation is undertaken by another entity, such as a freight forwarder, on its behalf. This does not include cases whereby the consignments are transported under the responsibility of an ACC3 or RA3. Answer these questions where the product can be identified as EU/EEA bound air cargo/air mail when transported. 11.1. How is the air cargo/air mail conveyed to the ACC3 or RA3? (a) Validated entity s own transport? YES or NO (b) ACC3/RA3 s transport? YES or NO (c) Contractor used by the validated entity? YES or NO 11.2. Is the air cargo/air mail tamper evidently packed? YES or NO If YES, how
EN 11.7.2013 Official Journal of the European Union L 190/27 11.3. Is the vehicle sealed or locked before transportation? YES or NO If YES, how 11.4. Where numbered seals are used, is access to the seals controlled and are the numbers recorded? YES or NO If YES, specify how 11.5. If applicable, does the respective haulier sign the haulier declaration? YES or NO 11.6. Has the person transporting the cargo been subject to specific security controls and awareness training before being authorised to transport secured air cargo and/or air mail? YES or NO If YES, please describe what kind of security controls (pre-employment check, background check, etc.) and what kind of training (security awareness training, etc.) 11.7. Conclusion: Are the measures sufficient to protect air cargo/air mail from unauthorised interference during transportation? YES or NO If NO, specify reasons Comments from the entity Comments from the EU aviation security validator PART 12 Compliance Objective: After assessing the eleven previous parts of this checklist, the EU aviation security validator has to conclude if its on-site verification confirms the implementation of the security controls in compliance with the objectives listed in this checklist for EU/EEA bound air cargo/air mail. Two different scenarios are possible. The EU aviation security validator concludes that the entity: (a) has succeeded in complying with the objectives referred to in this checklist. The validator shall provide the validated entity with the original of the validation report and state that the entity is designated third country EU aviation security validated known consignor (KC3); (b) has failed in complying with the objectives referred to in this checklist. In that case, the entity is not authorised to deliver air cargo or mail for EU/EEA destination to an ACC3 or RA3 without it being screened by an authorised party. It shall receive a copy of the completed checklist stating the deficiencies. In general, the EU aviation security validator has to decide if cargo and mail handled by the validated entity is treated in such a way that at the moment it is delivered to an ACC3 or an RA3 it may be deemed to be secure to be flown to the EU/EEA in accordance with the applicable Union regulations. The EU aviation security validator has to keep in mind that the assessment is based on an overall objective-based compliance methodology.
EN L 190/28 Official Journal of the European Union 11.7.2013 12.1. General conclusion: Assessment (and notification) (highlight the one that applies) If it is a PASS the entity will be considered designated as a 3rd country EU aviation security validated known consignor (KC3). Pass/Fail Where the overall assessment is a fail, list below the areas where the entity fails to achieve the required standard of security or has a specific vulnerability. Also advice on the adjustments needed to achieve the required standard and thus to pass. Comments from EU aviation security validator Comments from the entity Name of the validator: Date: Signature: ANNEX List of persons and entities visited and interviewed Providing the name of the entity, the name of the contact person and the date of the visit or interview. Name of entity Name of contact person Date of visit/interview (*) OJ L 324, 22.11.2012, p. 25. 3) The following Attachments are inserted after Attachment 6-H1: ATTACHMENT 6-H2 DECLARATION OF COMMITMENTS THIRD COUNTRY EU AVIATION SECURITY VALIDATED REGULATED AGENT (RA3) On behalf of [name of RA3] I take note of the following: This report establishes the level of security applied to EU/EEA bound air cargo operations in respect of the security standards listed in the checklist or referred to therein. [Name of RA3] can only be designated third country EU aviation security validated regulated agent (RA3) once an EU aviation security validation has been successfully completed with a PASS by an EU aviation security validator listed in the Union database for the regulated agents and known consignors.
EN 11.7.2013 Official Journal of the European Union L 190/29 If the report establishes a non-compliance in the security measures it refers to, this could lead to the withdrawal of [name of RA3] designation as a RA3 already obtained for this premise which will prevent [name of RA3] from delivering secured air cargo or mail for EU/EEA destination to an ACC3 or another RA3. The report is valid for five years and shall therefore expire on... at the latest. On behalf of [name of RA3] I declare that: (a) [name of RA3] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report. (b) Any changes to [name of RA3] operations not requiring full re-validation will be noted on the original report by adding the information while keeping the previous information visible. This may concern the following changes: (1) the overall responsibility for security is assigned to anyone other than the person named in point 1.8 of Attachment 6-C2 to Regulation (EU) No 185/2010; (2) any other changes to premises or procedures likely to significantly impact on security. (c) [name of RA3] will inform the ACC3 and RA3 s to which it delivers secured air cargo and/or air mail if [name of RA3] ceases trading, no longer deals with air cargo/air mail or can no longer meet the requirements validated in this report. (d) [name of RA3] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated RA3 where security standards were identified as insufficient, until the subsequent validation of [name of RA3] activities. On behalf of [name of RA3] I accept full responsibility for this declaration. Name: Position in company: Date: Signature: ATTACHMENT 6-H3 DECLARATION OF COMMITMENTS THIRD COUNTRY EU AVIATION SECURITY VALIDATED KNOWN CONSIGNOR (KC3) On behalf of [name of KC3] I take note of the following: This report establishes the level of security applied to EU/EEA bound (*) air cargo operations in respect of the security standards listed in the checklist or referred to therein (**). [Name of KC3] can only be designated third country EU aviation security validated known consignor (KC3) once an EU aviation security validation has been successfully completed with a PASS by an EU aviation security validator listed in the Union database for the regulated agents and known consignors. If the report establishes a non-compliance in the security measures it refers to, this could lead to the withdrawal of [name of KC3] designation as a KC3 already obtained for this premise which will prevent [name of KC3] from delivering secured air cargo or mail for EU/EEA destination to an ACC3 or a third country EU aviation security validated regulated agent (RA3). The report is valid for five years and shall therefore expire on... at the latest. On behalf of [name of KC3] I declare that: (a) [name of KC3] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report. (b) Any changes to [name of KC3] operations not requiring full re-validation will be noted on the original report by adding the information while keeping the previous information visible. This may concern the following changes: (1) the overall responsibility for security is assigned to anyone other than the person named in point 1.9 of Attachment 6-C4 to Regulation (EU) No 185/2010; (2) any other changes to premises or procedures likely to significantly impact on security.
EN L 190/30 Official Journal of the European Union 11.7.2013 (c) [name of KC3] will inform the ACC3 and the RA3 s to which it delivers secured air cargo and/or air mail if [name of KC3] ceases trading, no longer deals with air cargo/air mail or can no longer meet the requirements validated in this report. (d) [name of KC3] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated KC3 where security standards were identified as insufficient, until the subsequent validation of [name of KC3] activities. On behalf of [name of KC3] I accept full responsibility for this declaration. Name: Position in company: Date: Signature: (*) Airports situated in Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom as well as Iceland, Norway and Switzerland. (**) Regulation (EU) No 185/2010 as amended by Implementing Regulation (EU) No 859/2011 and (EU) No 1082/2012.
EN 22.11.2012 Official Journal of the European Union L 324/25 COMMISSION IMPLEMENTING REGULATION (EU) No 1082/2012 of 9 November 2012 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation (Text with EEA relevance) THE EUROPEAN COMMISSION, HAS ADOPTED THIS REGULATION: Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 establishing common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 ( 1 ) and in particular Article 4(3) thereof, Whereas: Article 1 The Annex to Regulation (EU) No 185/2010 is amended in accordance with the Annex to this Regulation. Article 2 Member States shall demonstrate to the Commission how they contribute to the implementation of point 11.6 in respect of point 6.8 of the Annex to Regulation (EU) No 185/2010 by 31 January 2013 at the latest. (1) Commission Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security ( 2 ) does not contain detailed rules for EU aviation security validation. It is necessary to introduce such rules in order to harmonise the conditions by which compliance is established in respect of aviation security. (2) Regulation (EU) No 185/2010 should therefore be amended accordingly. (3) The measures provided for in this Regulation are in accordance with the opinion of the Committee on Civil Aviation Security set up by Article 19(1) of Regulation (EC) No 300/2008, Independent validators certified before the entry into force of this Regulation remain qualified to perform EU aviation security validation of known consignors in Member States until the certification expires or for a period of five years, whichever is less. Article 3 The Commission will assess and evaluate the application of the measures provided for in this Regulation and if appropriate make a proposal by 30 June 2015 at the latest. Article 4 This Regulation shall enter into force on the date of publication. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, 9 November 2012. For the Commission The President José Manuel BARROSO ( 1 ) OJ L 97, 9.4.2008, p. 72. ( 2 ) OJ L 55, 5.3.2010, p. 1.
EN L 324/26 Official Journal of the European Union 22.11.2012 ANNEX A. The Annex to Regulation (EU) No 185/2010 is amended as follows: (1) point 6.3.1.2(b) is amended as follows: (a) in the first subparagraph, independent validator is replaced by EU aviation security validator ; (b) in the second subparagraph, independent validator is replaced by EU aviation security validator ; (2) point 6.4.1.2(b) is amended as follows: (a) in the first subparagraph, independent validator is replaced by EU aviation security validator ; (b) in the second subparagraph, independent validator is replaced by EU aviation security validator ; (c) in the third subparagraph, independent validator is replaced by EU aviation security validator ; (d) in the fifth subparagraph, independent validator is replaced by EU aviation security validator. B. Point 6.8 is replaced by the following: 6.8. PROTECTION OF CARGO AND MAIL BEING CARRIED INTO THE UNION FROM THIRD COUNTRIES 6.8.1. Designation of air carriers 6.8.1.1. Any air carrier carrying cargo or mail from an airport in a third country not listed in Attachment 6-F for transfer, transit or unloading at any airport falling within the scope of Regulation (EC) No 300/2008 shall be designated as an Air Cargo or Mail Carrier operating into the Union from a Third Country Airport (ACC3): (a) by the appropriate authority of the Member State that issued the air carrier s Air Operator s Certificate; (b) by the appropriate authority of the Member State listed in the Annex to Commission Regulation (EC) No 748/2009 ( 1 ) as amended by Regulation (EU) No 394/2011 ( 2 ) on the list of aircraft operators which had performed an aviation activity within the meaning of Annex I to Directive 2003/87/EC of the European Parliament and of the Council ( 3 ) on or after 1 January 2006, for air carriers that do not hold an Air Operator s Certificate issued by a Member State; (c) by the appropriate authority of the Member State where the air carrier has its major base of operations in the Union, or any other appropriate authority of the Union by agreement with that appropriate authority, for air carriers not holding an Air Operator s Certificate issued by a Member State and not listed in the Annex to Regulation (EC) No 748/2009. 6.8.1.2. The designation of an air carrier as ACC3 in respect of its cargo and mail operations from an airport for which ACC3 designation is required (hereafter, the relevant cargo operations ) shall be based on (a) the nomination of a person with overall responsibility on the air carrier s behalf for the implementation of cargo or mail security provisions in respect of the relevant cargo operation; and (b) until 30 June 2014, a Declaration of commitments ACC3 as set out in attachment 6-H confirming the implementation of the security programme covering the points as specified in Attachment 6-G. The declaration shall be signed on behalf of the air carrier by its legal representative or by the person responsible for security. Either a copy or the original shall be retained by the appropriate authority until the expiry date of the ACC3 designation; (c) from 1 July 2014, an EU aviation security validation report confirming the implementation of security measures.
EN 22.11.2012 Official Journal of the European Union L 324/27 6.8.1.3. The appropriate authority shall allocate to the ACC3 designated a unique alphanumeric identifier in the standard format identifying the air carrier and the third country airport for which the air carrier has been designated to carry cargo or mail into the Union. 6.8.1.4. The designation shall be valid from the date the appropriate authority has entered the ACC3 s details into the Union database of regulated agents and known consignors, for a maximum period of five years. 6.8.1.5. An ACC3 listed on the Union database of regulated agents and known consignors shall be recognised in all Member States for all operations from the third country airport into the Union. 6.8.2. EU aviation security validation for ACC3 6.8.2.1. The EU aviation security validation in respect of an air carrier s relevant cargo operations shall consist of (a) an examination of the air carrier s security programme ensuring its relevance and completeness in respect of all points set out in Attachment 6-G; and (b) verification of the implementation of aviation security measures in respect of the relevant cargo operations by using the checklist set out in Attachment 6-C3. 6.8.2.2. The EU aviation security validation s verification of the implementation shall be on-site, to one of the following degrees: 1. At the airport from which the air carrier has relevant cargo operations before ACC3 designation can be granted for that airport. If the EU aviation security validation thereupon establishes the non-implementation of one or more of the objectives listed in the checklist set out in Attachment 6-C3, the appropriate authority shall not designate the air carrier as ACC3 for the relevant cargo operations without proof of the implementation of measures by the air carrier rectifying the deficiency identified. 2. At a representative number of airports with relevant cargo operations of an air carrier before ACC3 designation is granted for all airports with relevant cargo operations of that air carrier. The following conditions apply: (a) this option is requested by an air carrier which operates several relevant air cargo operations; (b) the appropriate authority has verified that the air carrier applies an internal security quality assurance programme that is equivalent to EU aviation security validation; (c) the representative number shall be at least 3 or 5 %, whichever is the higher, and all airports situated in a high risk origin; (d) the appropriate authority has agreed to a roadmap that ensures EU aviation security validations for every year of the designation at additional airports for which ACC3 designation will be granted or until all airports are validated. Those validations shall each year be at least equal in number to those required in (c). The roadmap shall state the reasons underpinning the choice of additional airports; (e) all ACC3 designations shall end on the same day; (f) where one of the EU aviation security validations agreed under the roadmap establishes the nonimplementation of one or more of the objectives listed in the checklist set out in Attachment 6-C3, the designating appropriate authority shall require proof of the implementation of measures rectifying the deficiency identified at that airport, and, depending on the seriousness of the deficiency, request: EU aviation security validation of all airports for which ACC3 designation is required in accordance with point 6.8.2.2.1 within a deadline set by the appropriate authority, or twice the number of the EU aviation security validations established under (d) per each of the remaining years of ACC3 designations.
EN L 324/28 Official Journal of the European Union 22.11.2012 6.8.2.3. The appropriate authority can designate an air carrier as ACC3 for a limited period, ending on 30 June 2016 at the latest, where an EU aviation security validation could not take place for objective reasons beyond the responsibility of the air carrier. Where such a designation is granted for a period of more than three months the appropriate authority shall have verified that the air carrier applies an internal security quality assurance programme that is equivalent to EU aviation security validation. 6.8.2.4. Where the EU aviation security validation of an ACC3 took place before 1 July 2014 and did not confirm implementation of the requirements of the second sentence of point 6.8.3.2, the ACC3 shall provide the appropriate authority with proof of implementation of these requirements, by 1 July 2014 at the latest. Proof shall consist of an update of the respective part of the security programme and may consist of a follow-up on-site verification. 6.8.2.5. The EU aviation security validation shall be recorded in a validation report consisting at least of the declaration of commitments as set out in Attachment 6-H1, the checklist set out in Attachment 6-C3 and a declaration by the EU aviation security validator as set out in Attachment 11-A. The EU aviation security validator shall submit the validation report to the appropriate authority and provide the validated air carrier with a copy. 6.8.3. Security controls for cargo and mail arriving from a third country 6.8.3.1. The ACC3 shall ensure that all cargo and mail carried for transfer, transit or unloading at a Union airport is screened, unless: (a) the required security controls have been applied to the consignment by an EU aviation security validated regulated agent and the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading; or (b) the required security controls have been applied to the consignment by an EU aviation security validated known consignor and the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading; or (c) the required security controls have been applied to the consignment by an account consignor, under the responsibility of an EU aviation security validated regulated agent, the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading, and it is not carried on a passenger aircraft; or (d) the consignment is exempted from screening in accordance with point 6.1.1.d of Regulation (EU) No 185/2010 and protected from unauthorised interference from the time that it became identifiable air cargo or identifiable air mail and until loading. 6.8.3.2. Until 30 June 2014, the screening requirements set out in point 6.8.3.1 shall, as a minimum, meet ICAO standards. Thereafter, cargo and mail carried into the Union shall be screened by one of the means or methods listed in point 6.2.1 of Commission Decision 2010/774/EU to a standard sufficient to reasonably ensure that it contains no prohibited articles. 6.8.3.3. The ACC3 shall ensure in respect of: (a) transfer and transit cargo or mail that screening in accordance with point 6.8.3.2 or security controls have been applied at the point of origin or elsewhere in the supply chain and such consignments have been protected from unauthorised interference from the time that those security controls were applied and until loading. (b) high risk cargo and mail that screening in accordance with point 6.7 has been applied by itself or by an EU aviation security validated entity at the point of origin or elsewhere in the supply chain, that such consignments have been labelled SHR and have been protected from unauthorised interference from the time that those security controls were applied and until loading. 6.8.3.4. The unique alphanumeric identifier of the ACC3 and the security status of the consignment as referred to in point 6.3.2.6(d) and issued by an EU aviation security validated regulated agent shall be indicated in the accompanying documentation, either in the form of an air waybill, equivalent postal documentation or in a separate declaration and either in an electronic format or in writing. 6.8.3.5. In the absence of a regulated agent referred to in point 6.8.4, the ACC3 or an air carrier arriving from a third country listed in Attachment 6Fii may issue the security status declaration.
EN 22.11.2012 Official Journal of the European Union L 324/29 6.8.4. Validation of regulated agents and known consignors 6.8.4.1. In order to become EU aviation security validated regulated agent or known consignor third country entities shall be validated according to one of the following two options and be listed in the database of the ACC3(s) to which it directly delivers cargo or mail for carriage into the Union: (a) the ACC3 s security programme shall set out details of security controls implemented on its behalf by third country entities from which it accepts cargo or mail directly for carriage into the Union. The EU aviation security validation of the ACC3 shall validate the security controls applied by those entities; or (b) the third country entities submit the relevant cargo handling activities to an EU aviation security validation at intervals not exceeding five years and provide ACC3(s) with a copy of the validation report. 6.8.4.2. If the EU aviation security validation according to point 6.8.4.1(b) concludes that the entity (a) has succeeded in complying with the objectives referred to in the relevant checklist, the validation report shall state that the entity is designated EU aviation security validated regulated agent or known consignor. The validator shall provide the validated entity with the original of the validation report; (b) has failed to comply with the objectives referred to in the relevant checklist, the entity is not authorised to operate cargo for carriage into the EU. It shall receive a copy of the completed checklist stating the deficiencies. 6.8.4.3. The ACC3 shall maintain a database giving at least the following information for each regulated agent or known consignor that has been subject to EU aviation security validation in accordance with point 6.8.4.1, from which it directly accepts cargo or mail for carriage into the Union: (a) the company details, including the bona fide business address; (b) the nature of the business, excluding business sensitive information; (c) contact details, including those of the person(s) responsible for security; (d) the company registration number, if applicable; (e) where available and at the latest as of 1 July 2014, the validation report. The database shall be available for inspection of the ACC3. Other EU aviation security validated entities may maintain such a database. 6.8.5. Non-compliance and discontinuation of ACC3 designation 6.8.5.1. Non-compliance 1. If the Commission or an appropriate authority identifies a serious deficiency relating to an ACC3 operation which is deemed to have a significant impact on the overall level of aviation security in the Union it shall: (a) inform the ACC3 concerned promptly, request comments and appropriate measures rectifying the serious deficiency; (b) promptly inform the Commission and other Member States. 2. Where an appropriate authority has not achieved rectification, the Commission may, after consulting the regulatory committee for civil aviation security, conclude that the carrier can no longer be recognised as an ACC3, either for specific or for all routes from third countries into the Union. In such cases, details of the ACC3 shall be removed from the Union database of regulated agents and known consignors. 3. An air carrier whose recognition as an ACC3 has been withdrawn in accordance with point 6.8.5.1 shall not be reinstated or included in the Union database of regulated agents or known consignors until an EU aviation security validation has confirmed that the serious deficiency has been rectified and the committee on civil aviation security has been informed thereof by the relevant appropriate authority.
EN L 324/30 Official Journal of the European Union 22.11.2012 6.8.5.2. Discontinuation The appropriate authority that designated the ACC3 is responsible for removing the ACC3 from the Union database of regulated agents and known consignors : (a) at the request or in agreement with the air carrier; or (b) where the ACC3 does not pursue relevant cargo operations and does not react to a request for comments or otherwise obstructs the assessment of risk to aviation. ( 1 ) OJ L 219, 22.8.2009, p. 1. ( 2 ) OJ L 107, 27.4.2011, p. 1. ( 3 ) OJ L 275, 25.10.2003, p. 32.. C. The following Attachment is inserted after Attachment 6-C: ATTACHMENT 6-C3 VALIDATION CHECKLIST FOR ACC3 ACC3 (Air cargo or mail carrier operating into the Union from a third country airport) designation is the prerequisite for carrying air cargo or air mail into the European Union ( 1 ) (EU) or Iceland, Norway and Switzerland and is required by Regulation (EU) No 185/2010 as amended by Commission Implementing Regulation (EU) No 859/2011 ( 2 ). ACC3 designation is in principle ( 3 ) required for all flights carrying cargo or mail for transfer, transit or unloading at EU/EEA airports. The appropriate authorities of the Member States of the European Union, Iceland, Norway and Switzerland are each responsible for the designation of specific air carriers as ACC3. The designation is based on the security programme of an air carrier and on an on-site verification of the implementation in compliance with the objectives referred to in this validation checklist. The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU/EEA bound air cargo or air mail ( 4 ) by or under the responsibility of the ACC3 or an air carrier applying for ACC3 designation. A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification. Integral parts of the validation report shall be at least: the completed checklist signed by the EU aviation security validator and where applicable commented by the validated entity, the declaration of commitments (Attachment 6-H1 set out in the Annex to Regulation (EU) 185/2010) signed by the validated entity, and an independence declaration (Attachment 11-A set out in the Annex to Regulation (EU) 185/2010) in respect of the entity validated signed by the EU aviation security validator. Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report s integrity. By default the validation report shall be in English. Part 3 Security programme of the air carrier, Part 6 Database, Part 7 Screening and Part 8 High risk cargo or mail (HRCM) shall be assessed against the requirements of Chapters 6.7 and 6.8 of Regulation (EU) No 185/2010. For the other parts, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted). Completion notes: All parts of the checklist must be completed. Where no information is available, this must be explained. After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met.
EN 22.11.2012 Official Journal of the European Union L 324/31 1.1. Date(s) of validation Use exact date format, such as 01.10.2012 to 02.10.2012 dd/mm/yyyy PART 1 Identification of the entity validated and the validator 1.2. Date of previous validation and Unique Alphanumeric Identifier (UAI) of the ACC3 where available dd/mm/yyyy UAI 1.3. Aviation security validator information Name Company/Organisation/Authority UAI Email address Telephone number including international codes 1.4. Name of air carrier to be validated Name AOC (Air Operators Certificate) issued in (name of State): IATA (International Air Transport Association) code or ICAO (International Civil Aviation Organisation) code if IATA code does not exist for the air carrier. Specify which code State responsible for designating air carrier as ACC3 1.5. Details of third country airport location to be validated or cargo/mail facilities linked to it Name IATA (or ICAO) code for the airport Country 1.6. Nature of air carrier s business More than one business type may be applicable (a) Passenger and cargo/mail carrier (b) Cargo and mail only carrier (c) Cargo only carrier (d) Mail only carrier (e) Integrator (f) Charter 1.7. Name and title of person responsible for third country air cargo/air mail security Name Job title Email address Telephone number including international codes 1.8. Address of the air carrier s main office at the airport being visited Number/Unit/Building/Airport Street
EN L 324/32 Official Journal of the European Union 22.11.2012 Town Postcode State (where relevant) Country 1.9. Address of the air carrier s main office, e.g. the corporate headquarters Number/Unit/Building/Airport Street Town Postcode State (where relevant) Country PART 2 Organisation and responsibilities of the ACC3 at the airport Objective: No air cargo or mail shall be carried to the EU/EEA without being subject to security controls. Details of such controls are provided by the following Parts of this checklist. The ACC3 shall not accept cargo or mail for carriage on an EU-bound aircraft unless the application of screening or other security controls is confirmed and accounted for by an EU aviation security validated regulated agent, an EU aviation security validated known consignor or an account consignor of a EU aviation security validated regulated agent, or such consignments are subject to screening in accordance with EU regulations. The ACC3 shall have a process to ensure that appropriate security controls are applied to all EU/EEA bound air cargo and air mail unless it is exempted from screening in accordance with Union legislation and that cargo or mail is protected thereafter until loading onto aircraft. Security controls shall consist of: physical screening which shall be of a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment, or other security controls which are part of a Supply Chain Security process that reasonably ensure that no prohibited articles are concealed in the consignment applied by EU aviation security validated regulated agents or known consignors or by an account consignor of a EU aviation security validated regulated agent. Reference: Point 6.8.3 2.1. Has the air carrier established a process to ensure that air cargo or air mail is submitted to appropriate security controls prior to being loaded onto an EU/EEA bound aircraft? YES or NO If YES, describe the process 2.2. Are the security controls applied by the air carrier or on its behalf by an entity covered under the air carrier s security programme? If YES, provide details If NO, which entities not covered by the air carrier s security programme apply security controls to air cargo or mail carried by this air carrier into the EU/EEA? Specify the nature of these entities and provide details Private handling company Government regulated company Government screening facility or body Other
EN 22.11.2012 Official Journal of the European Union L 324/33 2.3. By which instruments and instructions does the air carrier ensure that security controls are applied in the required manner? 2.4. Is the air carrier able to request the appropriate security controls in case the screening is carried out by entities which are not covered by the air carrier s security programme, such as government facilities? YES or NO If NO, provide details 2.5. Has a regulated agent/known consignor programme for air cargo and mail been put in place in accordance with ICAO standards in the State of the airport at which the validation visit takes place? If YES, describe the elements of the programme and how it has been put in place 2.6. Conclusions and general comments on the reliance, conclusiveness and robustness of the process. Comments from the air carrier Comments from the EU aviation security validator PART 3 Security programme of the air carrier Objective: The ACC3 shall ensure that its security programme includes all the aviation security measures relevant and sufficient for air cargo and mail to be transported into the EU. The security programme and associated documentation of the air carrier shall be the basis of security controls applied in compliance with the objective of this checklist. The air carrier may wish to consider passing its documentation to the EU aviation security validator in advance of the site visit to help acquaint him with the details of the locations to be visited. Reference: Point 6.8.2.1 and Attachment 6-G Note: The following points listed in Attachment 6-G set out in the Annex to Regulation (EU) No 185/2010 shall be appropriately covered: (a) description of measures for air cargo and mail; (b) procedures for acceptance; (c) regulated agent scheme and criteria; (d) known consignor scheme and criteria; (e) account consignor scheme and criteria; (f) standard of screening and physical examination; (g) location of screening and physical examination; (h) details of screening equipment; (i) details of operator or service provider; (j) list of exemptions from security screening or physical examination; (k) treatment of high risk cargo and mail.
EN L 324/34 Official Journal of the European Union 22.11.2012 3.1. Air carrier security programme Date use exact date format dd/mm/yyyy Version Has the programme been submitted to an EU/EEA appropriate authority at an earlier stage? If YES when for ACC3 designation? Other purposes? 3.2. Does the security programme cover sufficiently the elements of the list above? YES or NO If NO, describe why detailing the reasons 3.3. Are the aviation security measures described by the security programme relevant and sufficient to secure EU/EAA bound air cargo/ air mail according to the required standards? YES or NO If NO, describe why detailing the reasons 3.4. Conclusion: Is the security programme conclusive, robust and complete? YES or NO If NO, specify reasons Comments from the air carrier Comments from the EU aviation security validator PART 4 Staff recruitment and training Objective: The ACC3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to secured air cargo possess all the competencies required to perform their duties and are appropriately trained. To fulfil that objective, the ACC3 shall have a procedure to ensure that all staff (permanent, temporary, agency staff, drivers, etc.) with direct and unescorted access to air cargo/air mail to which security controls are being or have been applied: have been subject to initial and recurrent pre-employment checks and/or background checks, which are at least in accordance with the requirements of the local authorities of the airport validated, and have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the airport validated. Reference: Point 6.8.3.1 Note: A background check means a check of a person s identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual s suitability to implement a security control and/or for unescorted access to a security restricted area (ICAO Annex 17 definition). A pre-employment check shall establish the person s identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding five years (Union definition).
EN 22.11.2012 Official Journal of the European Union L 324/35 4.1. Is there a procedure ensuring that all staff with direct and unescorted access to secured air cargo/air mail are subject to pre-employment checks that assesses background and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. 4.2. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 4.3. Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence? YES or NO If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. 4.4. Does this procedure include? Background check Pre-employment check Check of criminal records Interviews Other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. 4.5. Do staff with direct and unescorted access to secured air cargo/air mail receive security training before being given access to secured air cargo/air mail? YES or NO If YES, describe the elements and duration of the training 4.6. Do staff that accept, screen and/or protect air cargo/ air mail receive specific job related training? YES or NO If YES, describe the elements and durations of training courses. 4.7. Do staff referred to in points 4.5 and 4.6 receive recurrent training? YES or NO If YES, specify the elements and the frequency of the recurrent training 4.8. Conclusion: do the measures concerning staff recruitment and training ensure that all staff with access to secured air cargo/air mail have been properly assigned and trained to a standard sufficient to be aware of their security responsibilities? YES or NO If NO, specify reasons Comments from the air carrier Comments from the EU aviation security validator
EN L 324/36 Official Journal of the European Union 22.11.2012 PART 5 Acceptance procedures Objective: The ACC3 shall have a procedure in place in order to assess and verify upon acceptance the security status of a consignment in respect of previous controls. The procedure shall include the following elements: verification of whether the consignment is delivered by a person nominated by the EU aviation security validated regulated agent or known consignor as listed in its database (Part 6) or an account consignor of such a regulated agent, verification of whether the consignment is presented with all the required security information (air waybill and security status information on paper or by electronic means) that corresponds to the air cargo and mail consignments being delivered, verification of whether the consignment is free from any signs of tampering, and verification of whether the consignment has to be treated as high risk cargo and mail (HRCM). Reference: Point 6.8.3.1 Note: A regulated agent or a known consignor is an entity handling cargo which has been successfully validated by an EU aviation security validator or whose security measures have been included in the EU validated ACC3 security programme (in that case, the ACC3 is co-responsible for the security measures). An account consignor is an entity handling cargo for its own account under the responsibility of an EU aviation security validated regulated agent. This regulated agent fully accounts for the security controls applied by the account consignor. The person nominated corresponds to the person tasked to deliver the air cargo or air mail to the air carrier. The person delivering the consignment to the air carrier shall present an identity card, passport, driving license or other document, which includes his or her photograph and which has been issued or is recognised by the national authority. 5.1. When directly accepting a consignment, does the air carrier establish whether it comes from a regulated agent, a known consignor or an account consignor validated or recognised according to Union air cargo legislation and listed in the database kept by the air carrier? YES or NO If YES, describe the procedure 5.2. When directly accepting a consignment, does the air carrier establish whether its destination is an EU/EEA airport? YES or NO explain 5.3. If YES does the air carrier submit all cargo or mail to the same security controls when the destination is an EU/EEA airport? YES or NO If YES, describe the procedure 5.4. When directly accepting a consignment, does the air carrier establish whether it is to be regarded as high risk cargo and mail (HRCM), including for consignments that are delivered by other modes of transport other than air? YES or NO If YES, how? Describe the procedure
EN 22.11.2012 Official Journal of the European Union L 324/37 5.5. When accepting a secured consignment, does the air carrier establish whether it has been protected from unauthorised interference and/or tampering? YES or NO If YES, describe (seals, locks, etc.). 5.6. If the air carrier accepts transit air cargo/air mail at this location (cargo/mail that departs on the same aircraft it arrived on), does the air carrier establish on the basis of the given data whether or not further security controls need to be applied? YES or NO If YES, how is it established? If NO, what controls are applied to ensure security of EU/EEA bound cargo and mail? 5.7. If the air carrier accepts transfer air cargo/air mail at this location (cargo/mail that departs on a different aircraft to the one it arrived on), does the air carrier establish on the basis of the given data whether or not further security controls need to be applied? YES or NO If YES, how is it established? If NO, what controls are applied to ensure security of EU/EEA bound cargo and mail? 5.8. Is the person delivering secured known air cargo to the air carrier required to present an official identification document containing a photograph? YES or NO 5.9. Conclusion: Are the acceptance procedures sufficient to establish whether air cargo or air mail comes from a secure supply chain or that it needs to be subjected to screening? YES or NO If NO, specify reasons Comments from the air carrier Comments from the EU aviation security validator PART 6 Database Objective: Where the ACC3 is not obliged to apply 100 % screening to EU/EAA bound air cargo or air mail, the ACC3 shall ensure the cargo or mail comes from an EU aviation security validated regulated agent or known consignor or an account consignor of a regulated agent. For monitoring the security relevant audit trail the ACC3 shall maintain a database giving the following information for each entity or person from which it directly accepts cargo or mail: the status of the involved entity (regulated agent or known consignor), the company details, including the bona fide business address, the nature of the business, excluding business sensitive information, contact details, including those of the person(s) responsible for security, the company registration number, if applicable.
EN L 324/38 Official Journal of the European Union 22.11.2012 When receiving air cargo or mail the ACC3 has to check in the database whether the entity is listed. If the entity is not included in the database, the air cargo or air mail delivered by it will have to be screened before loading. Reference: Points 6.8.4.1 and 6.8.4.3 6.1. Does the air carrier maintain a database including, as appropriate, the details referred to above, of: EU aviation security validated regulated agents, EU aviation security validated known consignors, account consignors of a regulated agent (on voluntary basis)? YES or NO If YES, describe the database If NO, explain why 6.2. Does staff accepting air cargo and air mail have easy access to the database? YES or NO If YES, describe the process 6.3. Is the database updated in a regular manner as to provide reliable data to the staff accepting air cargo and air mail? YES or NO If NO, explain 6.4. Conclusion: Does the air carrier maintain a database that ensures full transparency on its relation to entities from which it directly receives (screened or security controlled) cargo or mail for transport into the Union/EEA? YES or NO If NO, specify reasons Comments from the air carrier Comments from the EU aviation security validator PART 7 Screening Objective: Where the ACC3 accepts cargo and mail from an entity which is not an EU aviation security validated or the cargo received has not been protected from unauthorised interference from the time security controls were applied, the ACC3 shall ensure this air cargo or air mail is screened before being loaded onto an aircraft. The ACC3 shall have a process to ensure that EU/EEA bound air cargo and air mail for transfer, transit or unloading at an Union airport are screened by the means or methods referred to in EU legislation to a standard sufficient to reasonably ensure that it contains no prohibited articles. Where the ACC3 does not screen air cargo or air mail itself, it shall ensure that the appropriate screening is carried out according to EU requirements. Screening procedures shall include where appropriate the treatment of transfer-/transitcargo and -mail. Where screening of air cargo or mail is performed by or on behalf of the appropriate authority in the third country, the ACC3 receiving such air cargo or air mail from the entity shall declare this fact in its security programme, and specify the way adequate screening is ensured. Note: Although point 6.8.3.2 allows for ACC3 s to apply as a minimum ICAO standards to implement the provisions of point 6.8.3.1 until 30 June 2014, the EU aviation security validation takes into account the EU screening requirements, even if the validation is performed before 1 July 2014. Reference: Points 6.8.3.1, 6.8.3.2, 6.8.3.3
EN 22.11.2012 Official Journal of the European Union L 324/39 7.1. Is screening applied by the air carrier or on its behalf by an entity covered under the air carrier s security programme? If YES, provide details. If applicable, provide details of the entity or entities covered under the air carrier s security programme: Name Site specific address Presence of AEO status, if applicable If NO, which entities not covered by the air carrier s security programme apply screening to air cargo or mail carried by this air carrier into the EU/EEA? Specify the nature of these entities and provide details Private handling company Government regulated company Government screening facility or body Other 7.2. What methods of screening are used for air cargo and air mail? Specify, including details of equipment used for screening air cargo and air mail (manufacturer, type, software version, standard, serial number etc.) for all the methods deployed 7.3. Is the equipment or method (e.g. explosive detection dogs) used included in the most recent EU, ECAC or TSA compliance list? YES or NO If YES, provide details If NO, give details specifying the approval of the equipment and date thereof, as well as any indications that it complies with EU equipment standards 7.4. Is the equipment used in accordance with the manufacturers CONOPS (concept of operations) and is the equipment regularly tested and maintained? YES or NO If YES, describe the process 7.5. Is the nature of the consignment taken into consideration during screening? YES or NO If YES, describe how it is ensured that the screening method selected is employed to a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment 7.6. Is there a process for the resolution of the alarm generated by the screening equipment? YES or NO If YES, describe the process of resolving alarms to reasonably ensure the absence of prohibited articles. If NO, describe what happens to the consignment.
EN L 324/40 Official Journal of the European Union 22.11.2012 7.7. Are any consignments exempt from security screening? YES or NO 7.8. Are there any exemptions that do not comply with the Union list? YES or NO If YES, detail 7.9. Is access to the screening area controlled to ensure that only authorised and trained staff is granted access? YES or NO If YES, describe 7.10. Is an established quality control and/or testing regime in place? YES or NO If YES, describe 7.11. Conclusion: Is air cargo/air mail screened by one of the means or methods listed in point 6.2.1 of Decision 2010/774/EU to a standard sufficient to reasonably ensure that it contains no prohibited articles? YES or NO If NO, specify reason Comments from the air carrier Comments from the EU aviation security validator PART 8 High risk cargo or mail (HRCM) Objective: Consignments which originate from or transfer in locations identified as high risk by the EU or which appear to have been significantly tampered with are to be considered as high risk cargo and mail (HRCM). Such consignments have to be screened in line with specific instructions. High risk origins and screening instructions are provided by the appropriate EU/EEA authority having designated the ACC3. The ACC3 shall have a procedure to ensure that EU/EEA bound HRCM is identified and subject to appropriate controls as defined in the Union legislation. The ACC3 shall remain in contact with the appropriate authority responsible for the EU/EEA airports to which it carries cargo in order to have available the latest state of information on high risk origins. The ACC3 shall apply the same measures, irrespective of whether it receives high risk cargo and mail from another air carrier or through other modes of transportation. Reference: Points 6.7 and 6.8.3.4 Note: HRCM cleared for carriage into the EU/EEA shall be issued the security status SHR, meaning secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements. 8.1. Does the air carrier staff responsible for performing security controls know which air cargo and mail is to be treated as high risk cargo and mail (HRCM)? YES or NO If YES, describe 8.2. Does the air carrier have procedures in place for the identification of HRCM? YES or NO If YES, describe
EN 22.11.2012 Official Journal of the European Union L 324/41 8.3. Is HRCM subject to HRCM screening procedures according to EU legislation? YES or NO If NO, indicate procedures applied 8.4. After screening, does the air carrier issue a security status declaration for SHR in the documentation accompanying the consignment? YES or NO If YES, describe how security status is issued and in which document 8.5. Conclusion: Is the process put in place by the air carrier relevant and sufficient to ensure that all HRCM has been properly treated before loading? YES or NO If NO, specify reason Comments from the air carrier Comments from EU aviation security validator PART 9 Protection Objective: The ACC3 shall have processes in place to ensure EU/EEA bound air cargo and/or air mail is protected from unauthorised interference from the point security screening or other security controls are applied or from the point of acceptance after screening or security controls have been applied, until loading. Protection can be provided by different means such as physical (barriers, locked rooms, etc.), human (patrols, trained staff, etc.) and technological (CCTV, intrusion alarm, etc.). EU/EAA bound secured air cargo or mail should be separated from air cargo or mail which is not secured. Reference: Point 6.8.3 9.1. Is protection of secured air cargo and air mail applied by the air carrier or on its behalf by an entity covered under the air carrier s security programme? If YES, provide details If NO, which entities not covered by the air carrier s security programme apply protection measures to secured air cargo or mail carried by this air carrier into the EU/EEA? Specify the nature of these entities and provide details Private handling company Government regulated company Government screening facility or body Other 9.2. Are security controls and protection in place to prevent tampering during the screening process? YES or NO If YES, describe 9.3. Are there processes in place to ensure EU/EEA bound air cargo/air mail to which security controls have been applied are protected from unauthorised interference from the time it has been secured until its loading? YES or NO If YES, describe how it is protected If NO, specify reasons
EN L 324/42 Official Journal of the European Union 22.11.2012 9.4. Conclusions: Is the protection of consignments sufficiently robust to prevent unlawful interference? YES or NO If NO specify reason Comments from the air carrier Comments from EU aviation security validator Objective: The ACC3 shall ensure that: PART 10 Accompanying documentation (1) the security status of the consignment is indicated in the accompanying documentation, either in the form of an air waybill, equivalent postal documentation or in a separate declaration and either in an electronic format or in writing; and (2) its unique alphanumeric identifier appears on documentation accompanying the consignments carried, either in electronic format or in writing. Reference: Points 6.3.2.6 (d), 6.8.3.4 and 6.8.3.5 Note: the following security statuses may be indicated: SPX, meaning secure for passenger, all-cargo and all-mail aircraft, or SCO, meaning secure for all-cargo and all-mail aircraft only, or SHR, meaning secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements. In the absence of a regulated agent, the ACC3 or an air carrier arriving from a third country exempted from the ACC3 regime may issue the security status declaration. 10.1. Are consignments accompanied by documentation that confirms previous and current security controls? YES or NO If YES, describe the content of the documentation If NO, explain why and how the cargo or mail is treated as secure by the air carrier if it is loaded onto an aircraft 10.2. Does the documentation include the air carrier s ACC3 unique alphanumeric identifier? YES or NO If NO, explain why 10.3. Does the documentation specify the security status of the cargo and how this status was achieved? YES or NO 10.4. Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation which specifies the correct security status? YES or NO If NO specify reason Comments from the air carrier Comments from EU aviation security validator
EN 22.11.2012 Official Journal of the European Union L 324/43 PART 11 Compliance Objective: After assessing the ten previous parts of this checklist, the EU aviation security validator has to conclude if its on-site verification corresponds with the content of the part of the air carrier security programme describing the measures for the EU/EAA bound air cargo/ air mail and if the security controls sufficiently implements the objectives listed in this checklist. For your conclusions distinguish between four possible main cases: (1) the air carrier security programme is in compliance with Attachment 6-G set out in the Annex to of Regulation (EU) No 185/2010 and the on-site verification confirms compliance with the objective of the checklist; or (2) the air carrier security programme is in compliance with Attachment 6-G set out in the Annex to of Regulation (EU) No 185/2010 but the on-site verification does not confirm compliance with the objective of the checklist; or (3) the air carrier security programme is not in compliance with Attachment 6-G set out in the Annex to of Regulation (EU) No 185/2010 but the on-site verification confirms compliance with the objective of the checklist; or (4) the air carrier security programme is not in compliance with Attachment 6-G set out in the Annex to of Regulation (EU) No 185/2010 and the on-site verification does not confirm compliance with the objective of the checklist. 11.1. General conclusion: Indicate the case closest to the situation validated 1, 2, 3 or 4 Comments from EU aviation security validator Comments from the air carrier Name of the validator: Date: Signature: ANNEX List of persons and entities visited and interviewed Providing the name of the entity, the name of the contact person and the date of the visit or interview. ( 1 ) European Union Member States: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom. ( 2 ) OJ L 220, 26.8.2011, p. 9. Point 6.8.1.1 of Regulation (EU) No 185/2010: Any air carrier carrying cargo or mail from an airport in a third country not listed in Attachment 6-F for transfer, transit or unloading at any airport falling within the scope of Regulation (EC) No 300/2008 shall be designated as an Air Cargo or Mail Carrier operating into the Union from a Third Country Airport (ACC3). ( 3 ) This does not apply to air cargo or mail that is carried from a small number of countries exempted from ACC3 regime. ( 4 ) EU/EEA bound air cargo/air mail/aircraft in this validation checklist is equivalent to EU and Iceland, Norway and Switzerland bound air cargo/air mail/aircraft..
EN L 324/44 Official Journal of the European Union 22.11.2012 D. Attachment 6-F is replaced by the following: ATTACHMENT 6-F CARGO AND MAIL 6-Fi THIRD COUNTRIES, AS WELL AS OVERSEAS COUNTRIES AND TERRITORIES WITH SPECIAL RELATIONS TO THE UNION ACCORDING TO THE TREATY ON THE FUNCTIONING OF THE EUROPEAN UNION AND TO WHICH THE TRANSPORT TITLE OF THAT TREATY DOES NOT APPLY, RECOGNISED AS APPLYING SECURITY STANDARDS EQUIVALENT TO THE COMMON BASIC STANDARDS 6-Fii THIRD COUNTRIES, AS WELL AS OVERSEAS COUNTRIES AND TERRITORIES WITH SPECIAL RELATIONS TO THE UNION ACCORDING TO THE TREATY ON THE FUNCTIONING OF THE EUROPEAN UNION AND TO WHICH THE TRANSPORT TITLE OF THAT TREATY DOES NOT APPLY, FOR WHICH ACC3 DESIGNATION IS NOT REQUIRED Third countries as well as countries and territories with special relations to the Union according to the Treaty on the Functioning of the European Union or the Treaty on the European Union for which ACC3 designation is not required are listed in a separate Commission Decision. 6-Fiii VALIDATION ACTIVITIES OF THIRD COUNTRIES AS WELL AS OVERSEAS COUNTRIES AND TERRITORIES WITH SPECIAL RELATIONS TO THE UNION ACCORDING TO THE TREATY ON THE FUNCTIONING OF THE EUROPEAN UNION AND TO WHICH THE TRANSPORT CHAPTER OF THAT TREATY DOES NOT APPLY, RECOGNISED AS EQUIVALENT TO EU AVIATION SECURITY VALIDATION. E. The following Attachment is inserted after Attachment 6-H ATTACHMENT 6-H1 DECLARATION OF COMMITMENTS EU AVIATION SECURITY VALIDATED ACC3 On behalf of [name of air carrier] I take note of the following: This report establishes the level of security applied to EU/EEA bound ( 1 ) air cargo operations in respect of the security standards listed in the checklist or referred to therein ( 2 ). [Name of air carrier] can only be designated Air Cargo or Mail carrier operating into the Union from a Third Country Airport (ACC3) once an EU validation report has been submitted to and accepted by the appropriate authority of a Member State of the European Union or Iceland, Norway or Switzerland for that purpose, and the details of the ACC3 have been entered in the Union database for the regulated agents and known consignors. If the report establishes a non-compliance in the security measures it refers to, this could lead to the withdrawal of [name of air carrier] designation as an ACC3 already obtained for this airport which will prevent [name of air carrier] transport air cargo or mail into the EU/EEA area for this airport. The report is valid for five years and will therefore expire on at the latest. On behalf of [name of air carrier] I declare that: [name of air carrier] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report. Any changes to [name of air carrier] operations not requiring full re-validation will be noted on the original report by adding the information while keeping the previous information visible. This may concern the following changes: (1) the overall responsibility for security is assigned to anyone other than the person named in point 1.7 of Attachment 6-C3 to Regulation (EU) No 185/2010; (2) any other changes to premises or procedures likely to significantly impact on security;
EN 22.11.2012 Official Journal of the European Union L 324/45 [name of air carrier] will inform the authority that designated it as ACC3 if [name of air carrier] ceases trading, no longer deals with air cargo/air mail or can no longer meet the requirements validated in this report. [name of air carrier] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated ACC3 where security standards were identified as insufficient, until the subsequent validation of [name of air carrier s] activities. On behalf of [name of air carrier] I accept full responsibility for this declaration. Name: Position in company: Date: Signature: ( 1 ) Airports situated in Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom as well as Iceland, Norway and Switzerland. ( 2 ) Regulation (EU) No 185/2010 as amended by Implementing Regulation (EU) No 859/2011.. F. In point 8.1.3.2(b) an independent validator is replaced by an EU aviation security validator. G. In chapter 11, Point 11.0.5 is deleted. H. In chapter 11, Sections 11.5 and 11.6 are replaced by the following: 11.5. QUALIFICATION OF INSTRUCTORS 11.5.1. The appropriate authority shall maintain or have access to lists of certified instructors who have met the requirements set out in point 11.5.2 or 11.5.3. 11.5.2. Instructors shall have successfully completed a background check in accordance with point 11.1.3 and produce evidence of relevant qualifications or knowledge. 11.5.3. Instructors who were recruited or who were providing training specified in this Regulation before it came into force shall, as a minimum, satisfy the appropriate authority that they: (a) have knowledge and competencies as specified in point 11.5.5; and (b) are delivering only courses approved by the appropriate authority in accordance with point 11.2.1.3. 11.5.4. In order to be certified as an instructor qualified to give training defined in points 11.2.3.1 to 11.2.3.5 and in points 11.2.4 and 11.2.5, a person shall have knowledge of the work environment in the relevant aviation security field and qualifications and competencies in the following areas: (a) instructional techniques; and (b) security elements to be taught. 11.5.5. The appropriate authority shall either itself provide training for instructors or approve and maintain a list of appropriate security training courses. The appropriate authority shall ensure that instructors receive regular training or information on developments in the relevant fields.
EN L 324/46 Official Journal of the European Union 22.11.2012 11.5.6. If the appropriate authority is no longer satisfied that training delivered by a qualified instructor is resulting in the relevant competencies, it shall either withdraw approval of the course or ensure that the trainer is suspended or removed from the list of qualified instructors, as appropriate. 11.6. EU AVIATION SECURITY VALIDATION 11.6.1. EU aviation security validation is a standardised, documented, impartial and objective process for obtaining and evaluating evidence to determine the level of compliance of the validated entity with requirements set out in regulation (EC) No 300/2008 and its implementing acts. 11.6.2. EU aviation security validation (a) may be a requirement for obtaining or maintaining a legal status under Regulation (EC) No 300/2008 and its implementing acts; (b) may be performed by an appropriate authority or a validator approved as EU aviation security validator or a validator recognised as equivalent to it, in accordance with this Chapter; (c) shall assess security measures applied under the responsibility of the validated entity or parts thereof for which the entity seeks validation. At least, it shall consist of: (1) an evaluation of security relevant documentation, including the validated entity s security programme or equivalent; and (2) a verification of the implementation of aviation security measures, which shall include an on-site verification of the validated entity s relevant operations, unless otherwise stated; (d) shall be recognised by all Member States. 11.6.3. Approval requirements for EU aviation security validators 11.6.3.1. Member States shall approve EU aviation security validators based on conformity assessment capacity, which shall comprise: (a) independence from the validated industry, unless otherwise stated; (b) appropriate personnel competence in the security area to be validated as well as methods to maintain such competence at the level referred to in 11.6.3.5; and (c) the functionality and appropriateness of validation processes. 11.6.3.2. Where relevant, the approval shall take account of accreditation certificates in relation to the relevant harmonised standards, namely with EN-ISO/IEC 17020 instead of re-assessing conformity assessment capacity. 11.6.3.3. An EU aviation security validator can be any individual or a legal entity. 11.6.3.4. The national accreditation body established pursuant to Regulation (EC) No 765/2008 of the European Parliament and of the Council ( 1 ) may be empowered to accredit the conformity assessment capacity of legal entities to perform EU aviation security validation, adopt administrative measures in that respect and carry out the surveillance of EU aviation security validation activities. 11.6.3.5. Every individual performing EU aviation security validation shall have appropriate competence and background, and shall: (a) have been subject to a background check in accordance with 11.1.3 that shall be recurrent at least every five years; (b) perform EU aviation security validation impartially and objectively, shall understand the meaning of independence and apply methods to avoid situations of conflict of interest in respect of the validated entity;
EN 22.11.2012 Official Journal of the European Union L 324/47 (c) have sufficient theoretical knowledge and practical experience in the field of quality control as well as respective skills and personal attributes to collect, record and assess findings based on a checklist. In particular regarding (1) compliance monitoring principles, procedures and techniques; (2) factors affecting human performance and supervision; (3) the role and powers of the validator, including on conflict of interest; (d) provide proof of appropriate competence based on training and/or a minimum work experience in respect of the following areas: (1) general aviation security principles of Union and ICAO aviation security standards; (2) specific standards related to the activity validated and how they are applied to operations; (3) security technologies and techniques relevant for the validation process; (e) undergo recurrent training at a frequency sufficient to ensure that existing competencies are maintained and new competencies are acquired to take account of developments in the field of aviation security. 11.6.3.6. The appropriate authority shall either itself provide training for EU aviation security validator or approve and maintain a list of appropriate security training courses. 11.6.3.7. Member States may limit the approval of an EU aviation security validator to validation activities which are carried out solely on the territory of that Member State on behalf of the appropriate authority of that Member State. In such cases, the requirements of point 11.6.4.2 do not apply. 11.6.3.8. The approval of an EU aviation security validator shall expire after a maximum period of five years. 11.6.4. Recognition and discontinuation of EU aviation security validators 11.6.4.1. An EU aviation security validator shall not be considered as approved until its details are listed in the Union database for regulated agents and known consignors. Every EU aviation security validator shall be provided with proof of its status by or on behalf of the appropriate authority. For the period the Union database for regulated agents and known consignors cannot accommodate entries with regard to EU aviation security validators, the appropriate authority shall communicate the necessary details of the EU aviation security validator to the Commission which shall make them available to all Member States. 11.6.4.2. Approved EU aviation security validators shall be recognised by all Member States. 11.6.4.3. If an EU aviation security validator demonstrates it no longer meets the requirements referred to in points 11.6.3.1 or 11.6.3.5, the appropriate authority/authorities that approved it shall withdraw approval and remove the validator from the Union database for regulated agents and known consignors. 11.6.4.4. Industry associations and entities under their responsibility operating quality assurance programmes may be approved as EU aviation security validators provided equivalent measures of those programmes ensure impartial and objective validation. Recognition shall be done in cooperation of the appropriate authorities of at least two Member States. 11.6.4.5. The Commission may recognise validation activities undertaken by authorities or aviation security validators under the jurisdiction of and recognised by a third country or an international organisation where it can confirm their equivalency to EU aviation security validation. A list thereof shall be kept in Attachment 6Fiii.
EN L 324/48 Official Journal of the European Union 22.11.2012 11.6.5. EU aviation security validation report ( the validation report ) 11.6.5.1. The validation report shall record the EU aviation security validation and contain at least: (a) a completed checklist signed by the EU aviation security validator, and where requested commented by the validated entity in the necessary detail; (b) a declaration of commitments signed by the validated entity; and (c) an independence declaration in respect of the entity validated signed by the individual performing the EU aviation security validation. 11.6.5.2. The EU aviation security validator shall establish the level of compliance with the objectives contained in the checklist and record these findings in the appropriate part of the checklist. 11.6.5.3. A declaration of commitment shall state the validated entity s commitment to continue operation under the successfully validated operation standards. 11.6.5.4. The validated entity may declare its agreement or disagreement to the validation report s established compliance level. Such a declaration shall become an integral part of the validation report. 11.6.5.5. Page numbering, date of the EU aviation security validation and initialling by the validator and the validated entity on each page shall prove the validation report s integrity. 11.6.5.6. By default the report shall be in English and delivered to the appropriate authority, where applicable, along with the validated entity within a maximum of one month after the on-site verification. 11.7. MUTUAL RECOGNITION OF TRAINING 11.7.1. Any competencies acquired by a person in order to meet the requirements under Regulation (EC) No 300/2008 and its implementing acts in one Member State shall be recognised in another Member State. ATTACHMENT 11-A INDEPENDENCE DECLARATION EU AVIATION SECURITY VALIDATOR (a) I confirm that I have established the level of compliance of the validated entity in an impartial and objective way. (b) I confirm that I am not, and have not in the preceding two years, been employed by the validated entity. (c) I confirm that I have no economic or other direct or indirect interest in the outcome of the validation activity, the validated entity or its affiliates. (d) I confirm that I have, and have had in the preceding 12 months no business relations such as training and consultancy beyond the validation process with the validated entity in areas related to aviation security. (e) I confirm that the EU aviation security validation report is based on a thorough fact finding evaluation of relevant security documentation, including the validated entities security programme or equivalent, and on-site verification activities. (f) I confirm that the EU aviation security validation report is based on an assessment of all security relevant areas on which the validator is required to give an opinion based on the relevant EU checklist. (g) I confirm that I have applied a methodology that allows for separate EU aviation security validation reports in respect of each entity validated and ensures objectivity and impartiality of the fact finding and evaluation, where several entities are being validated in a joint action.
EN 22.11.2012 Official Journal of the European Union L 324/49 (h) I confirm that I accepted no financial or other benefits, other than a reasonable fee for the validation and a compensation of travel and accommodation costs. I accept full responsibility for the EU aviation security validation report. Name of the individual performing the validation: Name of the EU aviation security validator: Date: Signature: ( 1 ) OJ L 218, 13.8.2008, p. 30..
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART B.2 Air Cargo Security Newsletters Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 2.2 - FINAL Date 21.07.2013 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Executive Summary... 3 List of Tables Table 1 Newsletter Titles... 3 Work Package 3.4 Air Cargo Security PART B.2 Air Cargo Security Newsletters Page: 2
Lead Partner Task Leader Project 1. Executive Summary This document includes a number of Air Cargo Security Newsletters authored by during the course of the Baltic Air Cargo Net project. These Newsletters specifically relate to air cargo security and the considerations relevant to the implementation of this regulation Table 1 Newsletter Titles Date of Issue Sep 11, 2012 Sep 13, 2012 Oct 19, 2012 Nov 23, 2012 Nov 26, 2012 Dec 11, 2012 Dec 13, 2012 Dec 16, 2012 Feb 03, 2013 Jun 02, 2013 Sep 03, 2013 Title 100% Screening revisited US Aviation Security a decade later 100% Screening debate and US foreign policy Challenges of third party auditing Third Party auditing, continued Third Party Auditing III TSA Aviation Security Initiatives Aviation Security II Air Cargo and supply chain security International air cargo security Flawed overseas inspections Work Package 3.4 Air Cargo Security PART B.2 Air Cargo Security Newsletters Page: 3
AIR CARGO SECURITY POLICY NEWSLETTER US Aviation and Maritime Security A decade later September 13, 2012 In the aftermath of the 9/11 terrorist attacks, the Transportation Security Administration (TSA) was created to help restore confidence in aviation security. Congress provided TSA with the flexibility to set policies and procedures for screening people and goods as they moved through our transportation systems. Unfortunately, that flexibility has been exploited by TSA in recent years. Its operations are in many cases costly, counterintuitive, and poorly executed. Despite the reality that we have not endured another successful terrorist attack since 2001, TSA is failing to meet taxpayers expectations. Rebuilding TSA into a Leaner, Smarter Organisation is a report by Republican politicians to explore why. Two new GAO reports are introduced: Aviation Security: 9/11 Anniversary Observations on TSA's Progress and Challenges in Strengthening Aviation Security, by Stephen M. Lord, director, homeland security and justice issues, and Maritime Security: Progress and Challenges 10 Years after the Maritime Transportation Security Act, by Stephen L. Caldwell, director, homeland Security and justice 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 Rebuilding TSA into a Leaner, Smarter Organisation This new majority (Republican) staff report was released on the anniversary of 9/11 to comment on the operations of TSA. That it was authored by the political party responsible for establishing TSA is conveniently overlooked. During the 112th Congress, the Subcommittee on Transportation Security of the Committee on Homeland Security launched a thorough examination of TSA s operations, rules, and regulations and their impact on job-creating transportation industry stakeholders. This examination included 22 hearings, 15 Member briefings, 7 site visits, and an in-depth review by the Subcommittee s Majority Members and Staff. The United States is not alone in the war against terrorism. Al-Qaeda and its affiliates are tirelessly working to exploit any weaknesses within the global transportation network including targeting countries with lenient aviation security standards. Most of the recent terrorist activity against U.S. aviation has originated abroad in countries with less stringent standards, such as Yemen. In October 2010, two explosive devices originating from Yemen were found aboard cargo planes in Britain and Dubai bound for the United States. The explosive devices were hidden within printer cartridges and assembled by members of al-qaeda in the Arabian Peninsula. The plot was disrupted based on an intelligence tip, but the close-call scenario proves TSA and other federal agencies have a lot of work to do, in cooperation with our foreign partners. We cannot rely solely on intelligence to stop the next attack. It is TSA s responsibility to represent U.S. interests and work toward harmonization of standards for both passenger and all-cargo aircraft and ensure those standards are continuously strengthened. To that end, TSA participates in meetings and deliberations of the International Civil Aviation Organization among other global activities. However, disparities in security standards still exist. The Subcommittee Staff believes TSA has failed to effectively implement its mandate because the agency maintains a reactive approach to security; does not adequately test new technologies and procedures; and ultimately is too bogged down in managing its bloated federal workforce. The full Subcommittee report can be accessed at: http://homeland.house.gov/sites/homeland.ho use.gov/files/092012_tsa_reform_report.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 Aviation Security: 9/11 Anniversary Observations on TSA's Progress and Challenges in Strengthening Aviation Security Why GAO Did This Study Securing commercial aviation operations remains a daunting task, with hundreds of airports, thousands of aircraft, and thousands of flights daily carrying millions of passengers and pieces of carry-on and checked baggage. The attempted terrorist bombing of Northwest flight 253 on December 25, 2009, and the October 2010 discovery of explosive devices in air cargo packages on an all-cargo aircraft bound for the United States from Yemen highlight the continuing need for effective passenger, cargo, and baggage screening. This statement discusses actions TSA has taken to (1) validate the scientific basis of its behaviorbased passenger screening program (the Screening of Passengers by Observation Techniques, or SPOT); (2) strengthen the security of inbound air cargo (3) acquire checked baggage screening technology in accordance with established guidance; and (4) vet foreign nationals training at U.S. flight schools. This statement is based on GAO's work issued from September 2009 through July 2012, and includes selected updates on air cargo screening conducted from July through September 2012. For the selected updates, GAO interviewed TSA officials. What GAO Found The Transportation Security Administration (TSA) has taken actions to validate the science underlying its behavior-based passenger screening program, the Screening of Passengers by Observation Techniques, or SPOT, program, but more work remains. GAO reported in May 2010 that (1) TSA deployed SPOT before first determining whether there was a scientifically valid basis for using behavior and appearance indicators to reliably identify passengers who may pose a risk; and (2) it is unknown if the SPOT program has ever resulted in the arrest of anyone who is a terrorist, or who was planning to engage in terrorist related activity, although there is other evidence that terrorists have transited through SPOT airports. GAO recommended in May 2010 that the Department of Homeland Security (DHS) convene an independent panel of experts to review the methodology of the ongoing validation study on the SPOT program to determine whether it is sufficiently comprehensive to validate the program. DHS concurred and subsequently revised its validation study to include an independent expert review. DHS's study, completed in April 2011, found that SPOT was more effective than random screening to varying degrees; however, DHS noted limitations to the study, such as that it was not designed to comprehensively validate whether SPOT can be used to reliably identify individuals who pose a security risk. GAO is currently reviewing the program and will issue our report next year. TSA has taken actions to enhance the security of cargo on inbound aircraft, but challenges remain. For example, TSA issued new screening requirements aimed at enhancing the security of cargo on aircraft, such as prohibiting the transport of air cargo on passenger aircraft from Yemen. In June 2010, GAO recommended that TSA develop a mechanism to verify the accuracy of all screening data. TSA concurred in part and required air carriers to report inbound cargo screening data, but has not yet fully addressed 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 the recommendation. In June 2012, TSA required air carriers to screen 100 percent of inbound air cargo transported on passenger aircraft by December 3, 2012. However, air carriers and TSA face challenges in implementing this requirement and in providing reasonable assurance that screening is being conducted at reported levels. DHS and TSA have experienced difficulties establishing acquisition program baselines, schedules, and cost estimates for the Electronic Baggage Screening Program (EBSP). For example, GAO reported in July 2011 that TSA had established a schedule for the acquisition of the explosives detection systems (EDS) TSA deploys to screen checked baggage, but it did not fully comply with leading practices. GAO recommended that DHS develop and maintain a schedule for the EBSP in accordance with leading practices. DHS concurred. GAO reported in July 2012 that TSA has worked to enhance general aviation security, such as though issuing regulations, but there are weaknesses in its process for vetting foreign flight school student applicants, and in DHS's process for identifying flight school students who may be in the country illegally. For example, TSA's program to help determine whether flight school students pose a security threat does not determine whether they entered the country legally. GAO recommended actions that DHS and TSA could take to address these concerns, with which DHS and TSA have concurred, and are starting to take actions. This GAO report can be accessed at: http://www.gao.gov/assets/650/647996.pdf Maritime Security: Progress and Challenges 10 Years after the Maritime Transportation Security Act Why GAO Did This Study Ports, waterways, and vessels handle billions of dollars in cargo annually and an attack on this maritime transportation system could impact the global economy. November 2012 marks the 10-year anniversary of MTSA, which required a wide range of security improvements. DHS is the lead federal department responsible for implementing MTSA and it relies on its component agencies, such as the Coast Guard and CBP, to help implement the act. The Coast Guard is responsible for U.S. maritime security interests and CBP is responsible for screening arriving vessel crew and cargo. This testimony summarizes GAO's work on implementation of MTSA requirements over the last decade and addresses (1) progress the federal government has made in improving maritime security and (2) key challenges that DHS and its component agencies have encountered in implementing maritime security-related programs. GAO was unable to identify all related federal spending, but estimated funding for certain programs. For example, from 2004 through May 2012, CBP obligated over $390 million to fund its program to partner with companies to review the security of their supply chains. This statement is based on GAO products issued from August 2002 through July 2012, as well as updates on the status of recommendations made and budget data obtained in August 2012. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 What GAO Found GAO's work has shown that the Department of Homeland Security (DHS), through its component agencies, particularly the Coast Guard and U.S. Customs and Border Protection (CBP), have made substantial progress in implementing various programs that, collectively, have improved maritime security. In general, GAO's work on maritime security programs falls under four areas: (1) security planning, (2) port facility and vessel security, (3) maritime domain awareness and information sharing, and (4) international supply chain security. DHS has, among other things, developed various maritime security programs and strategies and has implemented and exercised security plans. For example, the Coast Guard has developed Area Maritime Security Plans around the country to identify and coordinate Coast Guard procedures related to prevention, protection, and security response at domestic ports. In addition, to enhance the security of U.S. ports, the Coast Guard has implemented programs to conduct annual inspections of port facilities. To enhance the security of vessels, both CBP and the Coast Guard receive and screen advance information on commercial vessels and their crews before they arrive at U.S. ports and prepare risk assessments based on this information. Further, DHS and its component agencies have increased maritime domain awareness and have taken steps to better share information by improving risk management and implementing a vessel tracking system, among other things. For example, in July 2011, CBP developed the Small Vessel Reporting System to better track small boats arriving from foreign locations and deployed this system to eight field locations. DHS and its component agencies have also taken actions to improve international supply chain security, including developing new technologies to detect contraband, implementing programs to inspect U.S.-bound cargo at foreign ports, and establishing partnerships with the trade industry community and foreign governments. Although DHS and its components have made substantial progress, they have encountered challenges in implementing initiatives and programs to enhance maritime security since the enactment of the Maritime Security Transportation Act (MTSA) in 2002 in the areas of: (1) program management and implementation; (2) partnerships and collaboration; (3) resources, funding, and sustainability; and (4) performance measures. For example, CBP designed and implemented an initiative that placed CBP staff at foreign seaports to work with host nation customs officials to identify high-risk, U.S.-bound container cargo, but CBP initially did not have a strategic or workforce plan to guide its efforts. Further, the Coast Guard faced collaboration challenges when developing and implementing its information management system for enhancing information sharing with key federal, state, and local law enforcement agencies because it did not systematically solicit input from these stakeholders. Budget and funding decisions have also affected the implementation of maritime security programs. For example, Coast Guard data indicate that some of its units are not able to meet selfimposed standards related to certain security activities--including boarding and escorting vessels. In addition, DHS has experienced challenges in developing effective performance measures for assessing the progress of its 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 maritime security programs. For example, the Coast Guard developed a performance measure to assess its performance in reducing maritime risk, but has faced challenges using this measure to inform decisions. This GAO report can be accessed at: http://www.gao.gov/assets/650/647999.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER 100% Screening and Secure Supply Chains September 11, 2012 During a congressional hearing, held in July 2012, Homeland Security Secretary Janet Napolitano was informed of continuing concerns over the inability of the Department of Homeland Security to scan 100 percent of cargo coming into US ports for nuclear or radiological materials. Congressmen Jerrold L. Nadler, Edward J. Markey, and Bennie G. Thompson made a plea for the Obama administration to fully implement the Secure Freight Initiative to comply with Section 232 of the Safe Ports Act of 2006. A New York Times reporter in an article entitled Cargo, the Terrorists Trojan Horse claims that this requirement has been among the most highly politicized and poorly understood provisions of homeland security law. We review the background to 100% screening in some detail and include a compendium of recent and not so recent studies and reports from Rand Corporation on supply chain and issues of supply chain security, The final item in this newsletter reports on recent C-TPAT and AEO developments, as 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 documented in the US based Shaptalk newsletter 100% Screening Again DHS admit no 100% screening of cargo coming into US ports In a recent hearing of the House of Representatives Committee on Homeland Security entitled Understanding the Homeland Threat Landscape frustrated Republicans and Democrats alike told Homeland Security Secretary Janet Napolitano they were unhappy with the inability of the Department of Homeland Security (DHS) to scan 100 percent of cargo coming into US ports for nuclear or radiological materials. Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, led the questioning of Secretary Napolitano on why DHS could not meet the maritime cargo scanning mandate set by the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53), a law that he introduced and shepherded through Congress. In a letter dated May 2, Secretary Napolitano formally informed Congress that DHS would not meet a deadline of July 2012 to meet the maritime cargo scanning mandate and that she would extend that deadline for two years under the authority provided to her by the same law. Rep. Thompson protested that the direction of Congress could not be ignored indefinitely. Thompson summed up his view in a letter he sent to Napolitano after the hearing - You, like your predecessor, refuse to implement the law, as evidenced most recently by your signing of a blanket two-year waiver of the requirement. Instead, you have stated that you support an alternative approach what you call a layered, riskbased approach to maritime cargo security targeting only those containers you believe to be high risk, And, in fact, Napolitano said exactly that. DHS uses specialized algorithms to make determinations as to what cargo is high risk and then it scans that cargo. On top of that, the department scans a random selection of other containers, but a very small percentage of them. There are a lot of ways to protect the ports of the United States from dangerous cargo, Napolitano commented. DHS has done everything it can to work through US Customs and Border Protection and the US Coast Guard as well as other agencies to mitigate any threat posed by nuclear or radiological material being shipped by seabound cargo, Napolitano insisted. But 100 percent scanning of maritime cargo remains impractical because of the high cost of doing so, the cost to business of delays in legitimate commerce due to scanning, and the lack of access to many foreign ports where DHS would prefer to scan cargo before it ships to the United States. Coupled with the 100 percent scanning of highrisk cargo, Napolitano expressed confidence that DHS was actively keeping US ports safe from nuclear or radiological threats with additional methods, including intelligence-driven analysis and certification of trusted shippers. Napolitano could not tell Thompson exactly what percent of maritime cargo was being scanned and where, nor what percentage of maritime cargo constituted high-risk cargo, prompting the congressman to formally request that information in his letter. In previous House hearings, DHS officials have testified that the rate of overall scanning of 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 maritime cargo stands at about 5 percent, Rep. Candice Miller (R-Mich.), chairwoman of a maritime security subcommittee, told Napolitano. DHS previously estimated the cost of scanning all maritime cargo at roughly $15 billion to $20 billion annually, she added. Miller said legislation she sponsored and that was passed by the House June 28 the Securing Maritime Activities through Risk-based Targeting (SMART) for Port Security Act (HR 4251) would task DHS with conducting a riskbased assessment of how to best secure US ports to include leveraging partnerships with state and local law enforcement agencies and trusted shipping partners participating in the Customs Trade Partnership Against Terrorism. Laura Richardson (D-Calif.) reminded Napolitano that she wrote to the Government Accountability Office on May 7 to examine the cost and relationships involved in 100 percent scanning of maritime cargo. In response to inquiries from Richardson, Ambassador Ron Kirk, the US trade representative (USTR), said he had not been working with DHS on the issue of gaining access to foreign ports to scan US-bound cargo. Although that is true, Napolitano said, DHS and USTR staff have held discussions and often security concerns are communicated from port to port. However, she indicated she would be happy to talk to Kirk about how DHS and USTR could work together on the issue. examination of port security gaps the Gauging American Port Security (GAPS) Act(HR 4005). In a statement after the hearing, Hahn said, It is clear to me that DHS is not convinced that scanning 100 percent of incoming cargo is feasible, but I disagree. I understand how difficult this goal is but I believe the new technology coming online will make it possible to achieve without slowing down commerce. I want to continue to work with DHS to improve our port security, that is why I authored and the House passed the GAPS Act. Secretary Napolitano s statement for the record can be accessed at: http://homeland.house.gov/sites/homela nd.house.gov/files/testimony- Napolitano_0.pdf Testimony from Matthew G. Olsen Director National Counterterrorism Center can be accessed at: http://homeland.house.gov/sites/homela nd.house.gov/files/testimony-olsen.pdf Janice Hahn (D-Calif.) noted that 44 percent of maritime cargo enters the United States through the Port of Los Angeles and Long Beach, making the issue of cargo scanning of particular interest to Californians. She too introduced a bill passed by the House to direct DHS to conduct a comprehensive 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 100% Screening Backgrounder In a recent New York Times op-ed, Congressmen Jerrold L. Nadler, Edward J. Markey, and Bennie G. Thompson 1 made a plea for the Obama administration to fully implement the Secure Freight Initiative to comply with Section 232 of the Safe Ports Act of 2006 2. This provision in the law mandates that 100 percent of cargo containers shipped from overseas to U.S. ports be scanned using noninvasive imaging (e.g., x-ray machines) and radiation detection equipment. Since its passage, this requirement has been among the most highly politicized and poorly understood provisions of homeland security law. Like the congressmen, advocates of 100 percent inspection of U.S.- bound containers paint a picture of a looming catastrophe. My early analysis of securing the global supply chain 3 described how the system's vastness both drives the global economy and makes it an attractive way to move illicit materials. As the recent op-ed highlights, another RAND study 4 described how if a terrorist were to successfully import a nuclear weapon into the United States in a container and detonate it, the resulting catastrophe could exceed even those global disasters the world has seen in Katrina, Fukushima, or Haiti. A study by researchers at the University of Southern California 5 shows that even a dirty bomb would be a disaster. To address this threat, Steve Flynn and colleagues from the Wharton School 6 show that it is possible to implement container inspection globally. From this perspective, container shipping is a gaping security vulnerability that can and must be closed before any threat is able to reach U.S. shores. Unfortunately, the story is not that simple and there are several reasons why we should pause before spending billions on container inspection. First, inspecting containers is just one way to reduce risks to the global supply chain. The White House National Strategy for Global Supply Chain Security 7 recommends increasing awareness through information sharing and resilience of the system by planning for how to restart shipping following a disruption views supported by work by RAND 8 and the World Economic 1 http://www.nytimes.com/2012/06/27/opinion /the-dangerous-delay-on-port-security.html 2 http://www.gpo.gov/fdsys/pkg/plaw 109publ347/html/PLAW 109publ347.htm 3 http://www.rand.org/pubs/technical_reports/tr21 4.html 4 http://www.rand.org/pubs/technical_reports/tr39 1.html 5 http://wwwbcf.usc.edu/~winterfe/a%20risk%20and%20econom ic%20analysis%20of%20dirty%20bomb%20attacks% 20on%20the%20ports%20of%20Los%20Angeles%20 and%20long%20beach.pdf 6 http://opim.wharton.upenn.edu/risk/library/j2011 MS_NB,SF,NG_ContainerInspections.pdf 7 http://www.whitehouse.gov/sites/default/files/nati onal_strategy_for_global_supply_chain_security.pdf 8 http://www.rand.org/pubs/technical_reports/tr39 1.html 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 Forum 9. intelligence, nuclear counter proliferation, and source control also certainly have an important role in reducing the risks of nuclear terrorism. Second, 100 percent inspection may not be enough to deter nuclear terrorism. Game theory, a method of analysis of adversarial behavior 10, suggests the existence of other smuggling routes and limits on performance of detectors severely constrain the effect of 100 percent scanning on decisions of a terrorist intent on launching a nuclear attack on the United States. chain security. However, precipitous changes to how the global supply chain operates do not seem warranted, may not in fact improve security, and could have costly unintended consequences. Instead, the administration and Congress should consider the lessons learned in the past five years, and armed with an objective analysis, decide whether the best choice is adoption of 100 percent scanning, repeal of Section 232 of the Safe Ports Act of 2006, or other changes in law and best practice. Finally, cost-benefit analysis 11 of container inspection suggests that the costs of 100 percent inspection are far larger than the costs of equipment needed to scan containers. The global supply chain is a complex system, optimized for efficiency. Mandating new security rules could lead companies to change which countries they import from and which ports they use to ship goods. This could lead to unintended changes in the global supply chain that may or may not improve security, but will likely decrease the system's efficiency. It is good that the congressmen have asked the Obama administration to revisit supply 9 http://www.weforum.org/content/pages/supplychain and transport risk initiative/ 10 http://www.rand.org/pubs/occasional_papers/op 281.html 11 http://www.rand.org/pubs/reprints/rp1220.html 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 Learning More (from Rand Corporation) The global supply chain consists of the supply, manufacturing, storage, distribution, and retail entities that transform raw materials into finished products in the hands of consumers. Historically, the main security concern has been loss of cargo, but increased concern about terrorism has brought the vulnerability of shipping containers to attention. Since an attack on a port could be deadly and economy-crippling, new security measurements have proliferated some of which may add delays and damage efficiency. But has all this made the system more secure or less secure? How will we know? This report lays out a framework for analyzing the structure of the container supply chain and how the parts interact. The authors offer a series of preliminary conclusions about gaps in the current security approach, then lay out directions for further research. The authors recommend, for instance, that the public sector seek to bolster the fault tolerance and resilience of the system, while the government should be responsible for assessing security and for decisions to close ports. http://www.rand.org/pubs/technical_reports/t R214.html In recent years, there has been a growing concern that targeted acts of terrorism, focused on critical economic infrastructure, could produce cascading social and economic effects on a very wide scale. The authors carry out a scenario analysis and strategic gaming revolving around a catastrophic terrorist attack on the Port of Long Beach. The authors describe the results from this investigation and provide many of the primary results from the analysis in the appendixes. The analysis tools developed by the authors for this study lay the groundwork for research exploring both the short- and long-term effects of catastrophic events. The need is pressing to continue such investigations, particularly of longer-term economic repercussions. This work would entail developing scenarios for a new generation of strategic games. The overarching goals would be to gain insight into the decision landscape in the months following attacks of this magnitude with a focus on identifying where existing systems are likely to fail and evaluating the benefits of a range of potential economic policies. With these types of tools, policymakers could start to anticipate the types of decisions they might be called upon to make, reflect in times of relative calm on their options, and plan well in advance for contingencies. http://www.rand.org/content/dam/rand/pubs/tec hnical_reports/2006/rand_tr391.pdf As U.S. maritime security adapts to the terrorist threat, we argue that quantitative analysis should be used to evaluate security initiatives and present a case study of one proposed measure: 100 percent scanning of containers entering the United States. By assessing the minimum attack likelihood required to justify increased inspection costs, we conclude that 100 percent scanning is cost-effective only if the attack damages or likelihood of an attack are quite high. Even so, additional land and labor transaction costs could render adoption infeasible unless scanning technologies improve significantly. http://www.rand.org/pubs/reprints/rp1220.html 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
7 Deterrence a central feature of counterterrorism security systems and a major factor in the cost-effectiveness of many security programs is not well understood or measured. To develop a simple analytic framework for evaluating the relative value of deterrent measures, the authors build on a growing literature that examines terrorist decisionmaking by examining the role of deterrence in counterterrorism strategy. They discuss deterrence at the strategic, operational, and tactical levels and consider adaptations that would-be attackers are likely to make in response to security efforts. They also explore the connection between deterrence and risk transfer, which is the possibility that successful deterrence may result in increased danger to other targets, including those of higher value to the defender. This paper offers a conceptual model for understanding how security systems may deter (or merely displace) attacks and a measurement framework for establishing the relative deterrent value of alternative security systems. Because deterrence may be the most important effect of some counterterrorism security programs, this framework may be useful to security policymakers who are trying to increase the security benefits they can achieve with limited resources. http://www.rand.org/pubs/occasional_papers/op 281.html C-TPAT and AEO developments The following information was published by Samuel Shapiro and Company Inc, in their recent Shaptalk newsletter. Mutual Recognition Phase One U.S. Customs and Border Protection (CBP) and the European Union Taxation and Customs Union Directorate signed a Mutual Recognition Decision between the Customs-Trade Partnership Against Terrorism (C-TPAT) and the EU s Authorized Economic Operator (AEO) programs in May of this year. The first implementation phase commenced in July 2012 and has two components. C-TPAT will now recognize and accept the status of an AEO company in the EU as part of the overall validation process. No foreign validation visit will be needed as part of a validation or revalidation of a C-TPAT member if the foreign facility is AEO certified. If a validation or revalidation visit was already scheduled, it will still occur. CBP will conduct a C-TPAT validation visit on an AEO certified company from time to time in order to ensure that both programs remain compatible. The second component will be CBP s recognition of shipments from AEO companies as secure shipments with a lower targeting score in the Automated Targeting System, whether or not the shipment is being imported by a C-TPAT member. The shipment will be identified as coming from an AEO company based on the reported Manufacturer ID number. AEO members are being instructed by their national customs administrations to input their information into the C-TPAT portal so that CBP can collect their MID numbers, and shipments can be recognized in the targeting system. The AEO member only needs to input its information in the C-TPAT portal if it is shipping to a non-c- 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
8 TPAT importer. C-TPAT members importing from AEO certified companies in the EU already receive the targeting benefit based on their importer of record number. No action is needed by C-TPAT members for this first implementation phase. However, Customs recommends that C-TPAT members with upcoming validations and revalidations advise their Supply Chain Security Specialists if they have a foreign supplier that is AEO certified. The second implementation phase is expected in January 2013 where the EU will start to reciprocate by recognizing shipments from C- TPAT members. C-TPAT currently has over 10,000 certified members. AEO has over 5,000 12 members. The U.S. has mutual recognition with Canada, New Zealand, Jordan, Japan, and Korea. The EU has mutual recognition with Switzerland, Norway, and Japan. CBP Expands Trusted Trader Programs In an effort to protect national security Customs & Border Protection (CBP) seeks to broaden and expand current trusted trader programs such as the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Importer Self- Assessment (ISA) programs. CBP is working to expand the programs through the following recommendations: 1. An increase in Mutual Recognition which results in increased transparency, lower costs through joint validations, and simplified security procedures. The newest agreement was made effective on July 1st for C-TPAT and the EU s Authorized Economic Operator (AEO) programs (see article above). The U.S. already has agreements in place with Canada, Korea, Japan, New Zealand, and Jordan. China is likely to join at a later date and is currently allowing CBP and the EU to jointly validate Chinese businesses. 2. An increase in C-TPAT participation by expanding the types of companies eligible for membership including bonded warehouse facilities and foreign trade zones. CBP is also considering expanding its definition of 3rd party logistics providers to include non-asset based providers that arrange international transportation, and foreign consolidators. 3. Expanding C-TPAT to cover exports for current members by adding additional criteria to participate, although CBP has not yet determined what the additional criteria/requirements might be. According to CBP, C-TPAT validations already cover information that would be required if the participation was expanded to cover exports as both import and export processes are similar. CBP has conducted some export validation tests under C-TPAT to determine what types of information import validations may not cover, and CBP will inquire further input from the trade community. The expansion would include only current import C-TPAT members, but strictly export companies/members would be added for participation at a later date. 12 It is not known if this figure is accurate 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
9 4. Expanding the reach of C-TPAT by identifying overlapping areas with other government agencies such as the Transportation Security Administration (TSA). CBP found that C-TPAT validations and the TSA s Certified Cargo Screening Program had similar criteria and requirements. CBP and the TSA are now conducting a pilot program with foreign air carriers to jointly validate and inspect facilities to help identify duplicate processes. The model may expand to other government agencies as well and could lead to a mutual recognition type agreement between CBP and the TSA. 5. Merging C-TPAT with ISA to attract greater participation in the ISA program. CBP will be working to add more and improved incentives to pull companies into a merged program. Recent participation has dropped in the ISA program due to a perception that the benefits of participation don t offset the costs of participating. holders. Valid indicators would result in quicker CBP releases for importers. The data base could also help CBP identify gray market imports more quickly. 7. In summary CBP has stated that it will be procuring information from other government agencies and the trade community to co-create a pilot program in distribution chain management which will address the stated recommendations. The full Shaptalk Newsletter can be accessed at: http://www.shapiro.com/docs/shaptalk/shap Talk125.pdf 6. An intellectual Property Rights (IPR) partnership program modeled on C- TPAT for licensees and importers to ensure that rights are not violated. The participants would demonstrate the controls and methodologies they have in place to ensure importation rights and authenticity of the goods. Licensees would have to demonstrate the legitimacy of their agreements and be able to keep track of the licensing period against expiration. The program would allow importers to submit an IPR indicator in the cargo release data which would link to a validation data base based on information provided by rights 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER 100% Screening Debate and US Foreign Policy October19, 2012 The U.S. Chamber of Commerce and other business groups want Congress to overhaul a rule that all cargo shipped to the United States from foreign ports be scanned for security. The groups argue the requirement, a key element of the 2007 law implementing the recommendations of the 9/11 Commission, will raise costs for businesses by slowing international trade and could raise havoc on the U.S. economy. groups contend. The final U.S. presidential debate, scheduled for Monday night, is also the only one focused entirely on foreign policy. Here, RAND researchers examine six issues that merit discussion on Monday issues that the next president will have to confront in 2013 and beyond. They also argue security measures already in place make the scanning unnecessary. Requiring 100 percent scanning would do little to increase security but could cripple trade, the 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 Central component of 9/11 reform targeted in lame duck session By Alexander Bolton - 10/13/12 06:05 PM ET The U.S. Chamber of Commerce and other business groups want Congress to overhaul a rule that all cargo shipped to the United States from foreign ports be scanned for security. The groups argue the requirement, a key element of the 2007 law implementing the recommendations of the 9/11 Commission, will raise costs for businesses by slowing international trade and could raise havoc on the U.S. economy. They also argue security measures already in place make the scanning unnecessary. Requiring 100 percent scanning would do little to increase security but could cripple trade, the groups contend. Supporters of the mandate say it is the best safeguard against the nightmare scenario of a ship sailing into the Globe Marine Terminal in Jersey City or another busy port with a dirty bomb or other devastating weapon. It passed Congress overwhelmingly five years ago: 85 to 8 in the Senate and 371 to 40 in the House. When Congress approved the 9/11 Commission bill, it had hoped that the Department of Homeland Security would already be meeting the 100 percent scanning requirement. But DHS isn t close to meeting the goal. As of the end of June, customs officials had scanned less than 5 percent of the millions of containers shipped to the United States. It is difficult to imagine DHS meeting the new goal anytime soon, thought the 2007 law sets it out as a marker. The business groups are backing legislation sponsored by Sen. Susan Collins (Maine), the ranking Republican on the Senate Homeland Security Committee, and Sen. Patty Murray (D- Wash.) that would grant the Homeland Security secretary the power to waive the 100-percent scanning requirement if certain conditions are met. The panel has tentatively scheduled a mark-up of the legislation for November, according to a source tracking it. Leslie Phillips, a spokeswoman for the panel, said the markup schedule has not been set but added that Homeland Security Chairman Joe Lieberman (I-Conn.) supports the bill and it is on a list of legislation that may be ready for consideration in the lame-duck session. Those backing the 100 percent scanning requirement fear the Collins-Murray bill will be quietly added to must-past legislation in the lame-duck, and that hopes of meeting the stringent requirement will be lost for good. We believe there are people that are in opposition to the mandate and have been working to have it repealed or significantly neutered. It s a variety of people. They argue the technology does not exist and that it s not affordable. We believe we ve answered all three of those questions, said Stanton Sloane, CEO of Decision Sciences International Corporation. Sloane s company claims it has developed technology that can scan cargo containers in 30 to 35 seconds without kicking off the damaging radiation of x-rays. If so, it could be in line to make heavy profits if the 100 percent scanning requirement remains. Approving the 9/11 Commission recommendations was a part of the House Democrats six in 2006 campaign after they won the House, and remains politically important with key members of the party, including Sen. Dianne Feinstein (D-Calif.), chairwoman of the Energy and Water Development Appropriations Subcommittee, and Rep. Edward Markey (D- Mass.). In a statement commemorating the 11th anniversary of the 9/11 attacks, Markey pledged to work with his colleagues to urge the homeland security department to stop its delay sand meet the 100-percent scanning mandate consistent with the law. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 While Collins and Murray both voted for the 100 percent scanning requirement in 2007, it has opponents throughout Washington including Homeland Security Secretary Janet Napolitano. We have experienced first-hand the array of diplomatic, financial, and logistical challenges associated with even a limited scanning regime, she wrote in a letter to Congress in May. We conclude that the specific approach established under current legislation is neither the most efficient nor a cost-effective way to secure our nation and global supply chains against nuclear terrorism. The Chamber supports a multi-layered security approach, which would not depend on all cargo meeting a scanning requirement. The Chamber is a strong supporter of the multilayered, risk-based approach as it is the most effective way to secure the country and facilitate legitimate trade, said Adam Salerno, director of national security and emergency preparedness at the U.S. Chamber. This approach includes supply chain security programs, risk-based targeting, scanning of high-risk containers and a series of other programs that both government and the private sector work together on. factor it s going to have on the global supply chain, he said. A European Commission staff working paper estimates the scanning requirement could cost the European Union and the United States about 10 billion euros annually. Sloane said he is aware of concerns that the U.S. Chamber and its allies may try to repeal and replace the scanning requirement in the lame duck. That s something I have heard. It seems strange to me that anyone would like to do something to reduce the safety and security of the United States, he said This blog, published by the Hill can be accessed at: http://thehill.com/blogs/on-themoney/1005-trade/261767-centralcomponent-of-911-reform-targeted-inlame-duck-session The 100-percent scanning mandate abandons the risk-based model, and diverts critical resources away from programs that provide far greater security, he added. The National Retail Federation also supports language in the Collins-Murray bill allowing the department of homeland security to waive the scanning mandate if other security requirements are met. We ve had a problem with it ever since it was introduced. We don t think it adds to the multilayered risk based approach that the department of homeland security has established, Jonathan Gold, vice president of supply chain and customs policy at the National Retail Federation, said of the scanning requirement. The pilot program has shown that it is wrought with problems. There are issues dealing with the technology itself, the implementation, the cost 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 Must reads for Monday s US Presidential Debate on Foreign Policy - America's Role in the World Andrew R. Hoehn 1 CBS News's Bob Schieffer, moderator of the upcoming presidential debate on foreign policy, has made clear that he will be asking the candidates to delve into the nature of America's role in the world. The topic could not be more ripe for debate. American leadership and influence have been defining factors on the global scene for more than seven decades. At various times during that stretch we have heard speculation, in the U.S. and abroad, of an inevitable American decline only to watch American influence come roaring back. overall belief in the American system? It is time to be clear-headed again about the influence the U.S. has in the world. And it is time for the country to show the confidence not to be confused with arrogance that the rest of the world seems to have in it. President Obama and Governor Romney can give voice to this need in Monday's debate. The visions they set forth should be telling All of the `Rand Corporation best reads can be accessed at: http://www.rand.org/policy-currents/thisweek.html We appear now to have entered another period of declinist thinking a changing global landscape, China's rise, a struggling American economy, a population tired of war, a vague vision of America's future. But is the rest of the world ready for American decline? Partners around the globe maintain their calls for help. Allies, old and new, are seeking messages of reassurance. Time after time, there is a plea for American leadership true, it's occasionally reluctant. The global economy seems poised to surge ahead should there be even a spark of hope from the United States. So what is it that America's partners see that perhaps is not so clear from the vantage point of Washington? A steady hand on the wheel? A confidence that America will work things out? An 1 Andrew Hoehn is senior vice president for research and analysis at the RAND Corporation. He is responsible for all U.S.- based research and analysis, quality assurance, and recruitment and oversight of RAND's 950 research staff. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER Third Country Auditing (Continued) & the New Global Rulers November 26, 2012 In a follow up to the Newsletter of Friday last, we provide the response of Social Accountability Accreditation Services (SAAS) to the Ali Enterprises fire in Karachi. We further provide a short review of a recent book entitled The New Global Rulers: The Privatisation of Regulation in the World by Tim Buthe and Walter Mattli, that has just been awarded the 2012 Best Book Award of the International Studies Association 1 This 1 http://www.isanet.org/about isa/ book addresses the role and influence of international standards bodies. Büthe and Mattli find that global rule making by technical experts is highly political, and that even though rule making has shifted to the international level, domestic institutions remain crucial. Influence in this form of global private governance is not a function of the economic power of states, but of the ability of domestic standard setters to provide timely information and speak with a single voice. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 SAAS Releases Statement on Activities in Pakistan (November 2012) In response to the tragic fire at Ali Enterprises in Karachi, SAAS implements country-wide actions to investigate and enhance the SA8000 system On November 8, 2012, Social Accountability Accreditation Services) released a statement that details SAAS' actions taken in response to the tragic fire in which nearly 300 workers died. Among these are the initiation of a broad country-wide factory safety investigation in Pakistan. These steps were determined after intense deliberation with the SAAS Board of Directors and taking into account advice from the 3-day SAI Advisory Board meeting in October 2012. In 2011 and 2012, SAAS has been working with SAI and the SAAS Advisory Committee to review and revise its accreditation and certification methodology, improving and clarifying the requirements for the SA8000 system. The following is an excerpt from SAAS' statement on activities and decisions that have been implemented: All certification bodies (CBs) undertaking SA8000 activity in Pakistan are being required by SAAS to conduct unannounced fire safety inspections at all existing SA8000 clients. changes to its accreditation and certification procedures that are identified as necessary. SAAS has temporarily suspended consideration of all new accreditation applications 2 due to the ongoing investigations and the anticipated revisions and changes to accreditation and certification methodology. These revisions will include an increase in the number of unannounced SA8000 audits in high-risk countries, requirements for more in-depth stakeholder consultations, and more rigorous requirements for health and safety and management. The CB that issued the Ali Enterprises certificate, RINA, has agreed to suspend all new activities in Pakistan until the internal investigations and independent assessments of the audit process and outcomes have been completed. SAAS provides oversight services for various standard-setting organizations to assess that audits to their sustainability standards are undertaken impartially, competently and effectively. SAAS works with several standardsetting organizations to provide independent assurance that auditing organizations (certification bodies or CBs) are holding their clients accountable to the requirements of the relevant standard(s). Among those standards is SA8000, published by Social Accountability International (SAI). For more information, readers can visit www.saasaccreditation.org/news.htm. SAAS itself will conduct a set of independent, unannounced fire safety inspections at a sampling of SA8000 certified clients in four locations in Pakistan, bringing in qualified inspectors from the Turkish non-profit organization, AKUT Search and Rescue Association. AKUT is a highly respected nonprofit organization that delivers emergency and disaster relief. This process will include substantial stakeholder consultation. SAAS has notified all CBs active in Pakistan that no new SA8000 certificates are to be issued until SAAS can conclude its analysis and make any 2 http://www.saintl.org/index.cfm?fuseaction=page.viewpage&pagei d=1119 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 The New Global Rulers 3 The New Global Rulers: The Privatization of Regulation in the World Economy (Princeton UP, 2011) tim Buthe and Walter Mattli Over the past two decades, governments have delegated extensive regulatory authority to international private-sector organizations. This internationalization and privatization of rule making has been motivated not only by the economic benefits of common rules for global markets, but also by the realization that government regulators often lack the expertise and resources to deal with increasingly complex and urgent regulatory tasks. The New Global Rulers examines who writes the rules in international private organizations, as well as who wins, who loses--and why. Tim Büthe and Walter Mattli examine three powerful global private regulators: the International Accounting Standards Board, which develops financial reporting rules used by corporations in more than a hundred countries; and the International Organization for Standardization and the International Electrotechnical Commission, which account for 85 percent of all international product standards. Büthe and Mattli offer both a new framework for understanding global private regulation and detailed empirical analyses of such regulation 3 Tim Büthe is associate professor of political science and a senior fellow of the Rethinking Regulation Center at Duke University. Walter Mattli is professor of international political economy and a fellow of St. John's College, University of Oxford. His books include The Politics of Global Regulation (Princeton). based on multi-country, multi-industry business surveys. They find that global rule making by technical experts is highly political, and that even though rule making has shifted to the international level, domestic institutions remain crucial. Influence in this form of global private governance is not a function of the economic power of states, but of the ability of domestic standard-setters to provide timely information and speak with a single voice. Büthe and Mattli show how domestic institutions' abilities differ, particularly between the two main standardization players, the United States and Europe. Review: "The New Global Rulers is an example of firstrate research that offers thick descriptions, compelling theory, and convincing empirical results. The authors have done a masterful job in expanding our knowledge and understanding of globalization, and the book deserves to be widely read."-- John Doces, Comparative Political Studies "Their comprehensive survey provides compelling evidence of their theory and invaluably enhances our understanding of international standard setting.... The authors can... take credit for having developed a convincing theory on the main drivers of power within this specific and widespread phenomenon of global ruling. The book is, without a doubt, highly recommended. While it is primarily intended for scholars, it provides very interesting insights for anyone interested in how global standard setting works, in its historical, political, and socio economic background, and in its significance for global governance in general."-- Matthias Schmidt, Accounting Review "This interesting book about an overlooked subject has a misleading title. The global rulers 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 in question are relatively anonymous nongovernmental groups that set international standards. Business exerts its power, both directly and through government, in selecting and influencing the rule makers. The rules help to determine winners and losers in the marketplace, as well as the public welfare. These rules also provide advantages to specific countries and regions. At a time when government regulation has fallen out of favor, the power of these unaccountable nongovernmental authorities deserves the closer scrutiny that this book provides Extract from Chapter 1:..The ISO, for example, characterizes its standards as based on international consensus among the experts in the field... [and reflecting] the state of the art of science and technology. Similarly, the International Accounting Standards Board (IASB) notes that nationality and other political considerations play no part in the appointment and decisions of its expert rule-makers. They are chosen because they have the best available combination of technical skills and background experience of relevant international business and market conditions in order to contribute to the development of high quality global accounting standards. We argue that such views are naïve. Standards do not embody some objective truth or undisputed scientific wisdom professed by experts. And global regulatory processes are not apolitical, for two reasons. First, expertise is not a single correct set of beliefs about what works or does not. A German accountant, or Wirtschaftsprüfer, who underwent eight years of studies, training, and examinations, is every bit as expert as an American Certified Public Accountant (CPA). Nevertheless, these experts are likely to disagree vigorously on how best to approach a wide range of financial reporting challenges, because any accounting tradition or school is deeply rooted in the business and legal cultures of a given country. As an official of the Accounting Standards Board of Japan (ASBJ) puts it: There is no right or wrong answer.... It s like religion - Christianity or Buddhism. Global standardization is rarely about reaching a compromise among different regulatory models and approaches (a fusion between Christianity and Buddhism would be impossible to engineer) but instead about battles for preeminence of one approach or solution over another. The language accompanying these processes is technical; the essence of global rule-making, however, is political. Such rule-making typically has important distributional implications, generating winners and losers. To lose may mean higher production costs, steeper costs of switching to international standards, lower international competitiveness, loss of export markets, and even risk of corporate demise. As discussed in greater detail in chapters 4 and, and nicely put by James Barcia, U.S. congressman and member of the Subcommittee on Environment, Technology and Standards: New [international] standards can be the source of enormous wealth or the death of corporate empires. With so much at stake, standards arouse violent passions. In short, global private regulation should be understood and analyzed as an intensely political process, even if the politics may be hidden beneath a veneer of technical rhetoric. The Princeton University Press website publishing this book can be accessed at: http://press.princeton.edu/titles/9470.html The first chapter is available to download on PUP website at http://press.princeton.edu/chapters/s9470.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER Challenges of Third Party Auditing November 23, 2012 This newsletter reports on a recent fire in a Pakestani apparel plant which had been certified as safe by inspectors who had provided it with a prestigious SA 8000 certification, meaning it had met international standards in nine areas, including health and safety, child labor and minimum wages. The two inspectors were working on behalf of Social Accountability International, a nonprofit monitoring group based in New York that obtains much of its financing from corporations and relies on 21 affiliates around the world to do most of its inspections. A workshop on third party auditing that grew out of a paper by Isadore Rosenthal, a senior research fellow at the Wharton Risk Management and Decision Processes Center, provides insights on the challenges of third party auditing. Although this discussion is on the subject of safety auditing and its relationship to societal norms, it provides material for though as we move forward into the arena of third party auditing for international aviation security. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 It highlights the responsibility for oversight and coordination which in the case of air cargo lies firmly in the hands of the appropriate authorities. Inspectors Certified Pakistani Factory as Safe before the Disaster ISLAMABAD, Pakistan A prominent factory monitoring group heavily financed by industry gave a clean bill of health to a Pakistani apparel plant last month, just weeks before a fire engulfed the premises and killed nearly 300 workers, many of them trapped behind locked exit doors In August, two inspectors who visited the factory, Ali Enterprises in Karachi, to examine working conditions gave it a prestigious SA8000 certification, meaning it had met international standards in nine areas, including health and safety, child labor and minimum wages. The two inspectors were working on behalf of Social Accountability International, 1 a nonprofit monitoring group based in New York that obtains much of its financing from corporations and relies on 21 affiliates around the world to do most of its inspections. Weeks later, a fire swept the plant on Sept. 12, trapping hundreds of workers in a building with barred windows and just one open exit, resulting in one of the worst industrial disasters in history one that killed nearly twice as many workers as the landmark Triangle shirtwaist factory fire of 1911 in New York. The Karachi tragedy is a huge embarrassment to the factory monitoring system, in which many Western garment and electronics companies rely on auditing groups to provide a coveted seal of approval to their low-cost suppliers in the developing world. 1 http://www.sa intl.org 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 As the blaze spread much as the Triangle fire did a century earlier some workers were forced to leap from upper-floor windows, suffering serious injuries; many more died of smoke inhalation and from searing temperatures inside the building. A German discount textile chain has said its jeans were being manufactured in the plant at the time. The calamity has led to bitter recriminations in Pakistan, where textile exports play a vital role in a faltering economy. For international rights campaigners, the fact that the factory had been certified by a respected Western organization made clear the failings of a controversial 15- year-old industry initiative. The whole system is flawed, said Scott Nova, executive director of the Worker Rights Consortium, 2 a monitoring group based in Washington that is financed by American universities. This demonstrates, more clearly than ever, that corporate-funded monitoring systems like S.A.I. cannot and will not protect workers. Social Accountability International said it had suspended work in Pakistan with the RINA Group, an Italian company that carried out the Ali Enterprises audit on its behalf. It added that it was engaged in a broad review of its entire certification process. We re trying to find out what went wrong, Eileen Kohl Kaufman, executive director of Social Accountability International, said in an interview. It s unimaginably horrible. The only thing we can hope for is clear answers so as to show how to take preventive action. 2 http://www.workersrights.org The three owners of the Ali Enterprises factory, who fled Karachi in the hours after the fire broke out, appeared this week at a courthouse in Larkana, 200 miles to the northeast. The State Bank of Pakistan has frozen the owners bank accounts, which hold more than $5 million, according to news media reports. Their passports have been confiscated, and they may face criminal charges. On Monday, a two-person government commission of inquiry started investigating the circumstances around the fire. It has already uncovered evidence of gross failings in Pakistan s regulatory system, which is riddled with corruption, political interference and poor management. During a hearing on Tuesday, electrical safety inspectors struggled to define the rules and regulations of their own department. One said they had formally stopped doing factory inspections in 2003. Records showed that the Ali Enterprises factory had officially registered just 250 workers even though in reality as many as 1,000 people worked there, said Mirza Ikhtiar Baig, senior adviser on textiles to the prime minister. There is an urgent need to review our safety features, he said. But the disaster has also revived scrutiny of the procurement policies of the Western companies that have their clothes made in factories like Ali Enterprises. In a statement about the fire, Social Accountability International said, The enormity of this tragedy points to endemic issues in the apparel industry for decent working conditions. The SA8000 certification, which was begun in 1997, is central to the work of Social Accountability International, whose stated mission is to advance the human rights of 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 workers around the world, and which is supported by companies like Gap; Gucci, in Italy; and Groupe Carrefour, in France, as well as representatives of some labor rights groups. Based on International Labor Organization and United Nations standards, the group says on its Web site that the certification has improved the lives of over 1.8 million workers in over 3,000 factories, across 65 countries and 66 industrial sectors. But Richard M. Locke, a professor of political science at the M.I.T. Sloan School of Management who has written extensively about monitoring, said the Ali Enterprises fire suggested that such claims were exaggerated. Even after a decade or more of such private monitoring efforts, these programs no matter how well funded or designed or how well trained their auditors are simply do not in and of themselves produce sustained and significant improvements in labor standards in most supply chain factories, Professor Locke said. The RINA Group, which carried out the Ali Enterprises audit, has performed 540 factory certifications for Social Accountability International, according to the international organization s Web site, including nearly 100 in Pakistan. Although Ali Enterprises was a well-established textiles plant, largely in the supply of denim products, so far just one of its Western customers has come forward publicly: the German textile discount chain KiK, which operates 3,200 stores in Germany, Austria and six Eastern European countries. KiK an acronym for Kunde ist König, which means the customer is king has previously faced criticism for its supply-chain practices in Bangladesh. In an e-mail, a company spokeswoman told European labor rights activists that it had obtained three independent audits of Ali Enterprises. The factory failed to meet fire safety standards during a 2007 check, but those problems were remedied by the time of a subsequent check in December 2011, she said. KiK said it had started a relief fund for the families of the dead and injured workers in conjunction with other Western producers that use the plant. But the identities of those producers remain a mystery. One reporter found a pair of jeans bearing the Diesel brand on the factory s premises after the fire, but Diesel has denied any links to the plant. In recent years, many factory monitors have come under criticism. For instance, various audits of Foxconn, which assembles iphones and ipads for Apple in China, have been heavily criticized for failing to stop child labor, illegal amounts of overtime and dangerous conditions. Ms. Kaufman of Social Accountability International said the two inspectors spent four days at the Karachi plant. She noted that because this was an initial audit for certification, the plant s managers had been warned of the visit. She said future inspections would have been without advance notice. Tessel Pauli, coordinator for the Clean Clothes Campaign, a European antisweatshop group, criticized the audit process. Workers are often told what to tell the auditor, she said. The inspections are announced, and there is time to do things like open exit doors that other times are locked. After the Ali Enterprises fire, some surviving workers said they had been warned of a visit by inspectors and coached to lie about their working conditions, under threat of dismissal. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 New York Times reporters - Declan Walsh reported from Islamabad, and Steven Greenhouse from New York. This New York Time article can be accessed at: http://www.nytimes.com/2012/09/20/world/asia/p akistan-factory-passed-inspection-beforefire.html?pagewanted=all THIRD PARTY AUDITING Workshop A workshop on third party auditing that grew out of a paper by Isadore Rosenthal, a senior research fellow at the Wharton Risk Management and Decision Processes Center 3, as well as a series of studies on the feasibility of third party inspections conducted by Rosenthal and his colleagues at the Center beginning over a decade ago. The challenge of regulation is daunting, explained Cary Coglianese, the Edward B. Shils professor of law and professor of political science at the University of Pennsylvania and director of the Penn Program on Regulation. Therefore you have to look at innovative alternatives. Third party auditing is a prime candidate. He noted, however, that third party audits also can pose their own challenges. The first of the workshop s three panels focused on the distinct challenges of using third party inspectors. For example, who pays for the inspection? If the company pays, can the company s relationship with the inspector be set up in a way that avoids a conflict of interest? What is the relationship between the third party and the regulatory agency particularly in light of the fact that the third party has no inherent authority to enforce the regulations? The next panel examined how third party inspections could be combined with insurance protection to encourage firms to reduce their safety risks. Since the government can t be everywhere all the time, the question is, What can the government do to create incentives for the private sector to police itself? Coglianese 3 http://www.wharton.upenn.edu/riskcenter/ 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 said. Howard Kunreuther, the James G. Dinan professor of business and public policy at Wharton and co-director of the Wharton Risk Center, explained that a mandatory insurance scheme could create a market incentive whereby firms that take steps to reduce risk would be rewarded with lower insurance premiums. Because individuals tend to focus on short-term horizons and often regard potential disasters as below their threshold of concern, well-enforced long-term insurance contracts that include short-term economic incentives are needed, Kunreuther said. The final panel focused on the need to assess the effectiveness of third party auditing from a societal perspective and the challenges associated with integrating such audits into a larger system of process safety regulation. Many of the same challenges facing third party inspectors also confront government inspectors, such as how to determine during discrete visits how well a company manages its overall process safety system over time. Despite the challenges to deploying third party inspectors to increase safety, Rosenthal remained optimistic. Given that the United States is faced with decreasing resources for regulatory enforcement, he said, it seems likely that firms will need to be encouraged to assist in the process of keeping themselves within the law The paper by Isadore Rosenthal can be accessed at: http://opim.wharton.upenn.edu/risk/library/wp20 10-10-01_IR_ThirdPartyRoles.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER EU and US Air Cargo and Supply Chain Security Challenges February 03, 2013 Throughout 2012, concerns have remained about externalthreats to supply chains (such as natural disasters and demand shocks) and systemic vulnerabilities (such as oil dependence and information fragmentation). Additionally, growing concern around cyber risk, rising insurance and trade finance costs are leading supply chain experts to explore new mitigation options. Accenture research indicates that more than 80% of companies are now concerned about supply chain resilience. A new report by the World Economic Forum entitled Building Resilience in Supply Chains, explores government and industry sector views on systemic supply chain risks and building a resilience framework to manage them. The report findings are based on expert level workshops and data gathering throughout 2012. Notable differences in perspectives stem from government responsibility for public security and long term risks compared to industry s focus on ensuring that supply chains work effectively on a day to day basis. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 One of the US Transportation Security Agency s (TSA) security layers is the National Canine Program (NCP), composed of over 760 deployed explosives detection canine teams, including Passenger Screening Canine (PSC) teams trained to detect explosives on passengers. The US Government Accountability Office (GAO) examined (1) data TSA has on its canine program, what these data show, and to what extent TSA analyzed these data to identify program trends, and (2) the extent to which TSA deployed PSC teams using a risk based approach and determined their effectiveness prior to deployment. GAO found that TSA is collecting and using key data on its canine program, using the Canine Website System (CWS), a central management database. but could better analyze these data to identify program trends. TSA uses CWS to capture the amount of time canine teams conduct training as well as searching for explosives odor, among other functions. However, TSA has not fully analyzed the data it collects in CWS to identify program trends and areas that are working well or in need of corrective action. Such analyses could help TSA to determine canine teams' proficiency, inform future deployment efforts, and help ensure that taxpayer funds are used effectively The New ACC3 Regulation will be cost efficient to implement without reducing the strength of the measures proposed to enhance the security of flights bringing cargo from third countries into the EU. The New ACC3 Regulation contributes towards the goal of enhancing third country air cargo security without overburdening the air cargo industry. A supply chain approach to air cargo security is utilised in the New ACC3 Regulation. In recognising that different actors in the supply chain have different security vulnerabilities and strengths, the new ACC3 Regulation will enable third country entities that have been EU aviation security validated to benefit from streamlined security protocols. The ACC3 framework supplements ICAO's Chicago Convention. This newsletter provides a link to the report published on the Security Web Page of DG MOVE. An Evaluation Report of European Commission Implementing Regulation (EU) No 1082/2012 (the New ACC3 Regulation) undertaken by and DLA Piper UK LLP found that: 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 World Economic Forum s Supply Chain Risk Initiative Building Resilience in Supply Chains Executive Summary Global supply chains and transport networks form the backbone of the global economy, fuelling trade, consumption and economic growth. Disruptions to supply chains can prove costly, as highlighted most recently by Hurricane Sandy. According to research conducted by Accenture, signifcant supply chain disruptions have been found to cut the share price of impacted companies by 7% on average. The World Economic Forum s Supply Chain Risk Initiative first started exploring systemic risks and vulnerabilities to global supply chains and transport networks in 2011. The initiative s phase I report, New Models for Addressing Supply Chain and Transport Risk, launched at the World Economic Forum Annual Meeting 2012 in Davos-Klosters, examines the systemic supply chainrisk landscape and the possibility of these risks causing serious disruptions to global supply chains. It highlights the need to shift focus from reactive to proactive risk management. At the same time as the launch of this report, the US government launchedits Strategy for Global Supply Chain Security 1, calling for a global multi-stakeholder dialogue to effectively safeguard supply chains. Throughout 2012, concerns have remained about externalthreats to supply chains (such as natural disasters and demand shocks) and systemic vulnerabilities (such as oil dependence and information fragmentation). Additionally, 1 http://www.dhs.gov/national strategy globalsupply chain security growing concern around cyber risk, rising insurance and trade finance costs are leading supply chain experts to explore new mitigation options. Accenture research indicates that more than 80% of companies are now concerned about supply chain resilience. This report, Building Resilience in Supply Chains, developed during phase II of the initiative, explores government and industry sector views on systemic supply chain risks and building a resilience framework to manage them. The report findings are based on expert level workshops and data gathering throughout 2012. Notable differences in perspectives stem from government responsibility for public security and long-term risks compared to industry s focus on ensuring that supply chains work effectively on a day-to-day basis. Differences in regional perspectives, attributed to differences in disruption histories and growth expectations, also point to the need for a harmonized resilience framework. However, the top risk concerns in Europe, North America and Asia in 2012 showed little change from the previous year apart from a sharp rise in concern about extreme weather. Of emerging non-traditional risks, cyber risk is perceived to have the greatest implications for supply chains. The workshops and dialogues have produced suggestions on how to ensure that business and government approaches to building resilience are complementary. Three must have requirements have emerged from our analysis: the need for a common risk vocabulary; improved data and information sharing across supply chain actors; and building greater agility and flexibility into resilience strategies. This led to the creation of an overall blueprint for resilient supply chains based on four core components: partnerships, policy, strategy and information technology (IT). This blueprint underpins a set of 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 recommendations to guide multi-stakeholder engagement. Systemic risks have global geographic scope, cross-industry relevance, uncertainty as to how and when they will occur, and high levels of economic and/or social impact requiring a multi stakeholder response. These risks are also magnified by the way supply chain systems are configured; and cannot be mitigated by individual actors. Risk management must be an explicit but integral part of supply chain governance. To achieve this, several steps are recommended: Institutionalize a multi-stakeholder supply chain risk assessment process rooted in a broad-based and neutral international body Mobilize international standards bodies to further develop, harmonize and encourage the adoption of resilience standards Incentivize organizations to follow agile, adaptable strategies to improve common resilience Expand the use of data sharing platforms for risk identification and responses The full WEF report can be accessed at: http://www3.weforum.org/docs/wef_rrn_mo_ BuildingResilienceSupplyChains_Report_2013.p df TSA Explosive Detection Canine Program Why GAO Did the Study TSA has implemented a multilayered system composed of people, processes, and technology to protect the transportation system. One of TSA's security layers is NCP, composed of over 760 deployed explosives detection canine teams, including PSC teams trained to detect explosives on passengers. As requested, GAO examined (1) data TSA has on its canine program, what these data show, and to what extent TSA analyzed these data to identify program trends, and (2) the extent to which TSA deployed PSC teams using a risk-based approach and determined their effectiveness prior to deployment. To address these questions, GAO conducted visits to four geographic locations selected based on the number and type of canine teams deployed. The results of these site visits are not generalizable, but provided insights into NCP. GAO also analyzed TSA data from 2011 through 2012, such as utilization data; reviewed documents, including response protocols; and interviewed DHS officials. What GAO Found The Transportation Security Administration (TSA), the federal agency that administers the National Canine Program (NCP), is collecting and using key data on its canine program, but could better analyze these data to identify program trends. TSA collects canine team data using the Canine Website System (CWS), a central management database. TSA uses CWS to capture the amount of time canine teams conduct training as well as searching for explosives odor, among other functions. However, TSA has not fully analyzed the data it collects in CWS to identify program trends and areas that are working well or in need of 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 corrective action. Such analyses could help TSA to determine canine teams' proficiency, inform future deployment efforts, and help ensure that taxpayer funds are used effectively. For example: GAO analysis of canine team training data from May 2011 through April 2012 showed that some canine teams were repeatedly not in compliance with TSA's monthly training requirement, which is in place to ensure canine teams remain proficient in explosives detection. GAO analysis of TSA's cargo-screening data from September 2011 through July 2012 showed that canine teams primarily responsible for screening air cargo placed on passenger aircraft exceeded their monthly screening requirement. This suggests that TSA could increase the percentage of air cargo it requires air cargo canine teams to screen or redeploy teams. TSA has not deployed passenger screening canines (PSC)--trained to identify and track explosives odor on a person--consistent with its risk-based approach, and did not determine PSC teams' effectiveness prior to deployment. TSA's 2012 Strategic Framework calls for the deployment of PSC teams based on risk; however, GAO found that PSC teams have not been deployed to the highest-risk airport locations. TSA officials stated that the agency generally defers to airport officials on whether PSC teams will be deployed, and some airport operators have decided against the use of PSC teams at their airports because of concerns related to the composition and capabilities of PSC teams. As a result of these concerns, the PSC teams deployed to higher-risk airport locations are not being used for passenger screening as intended, but for other purposes, such as screening air cargo or training. TSA is coordinating with aviation stakeholders to resolve concerns related to PSC team deployment, but has been unable to resolve these concerns, as of September 2012. Furthermore, TSA began deploying PSC teams in April 2011 prior to determining the teams' operational effectiveness and before identifying where within the airport these teams would be most effectively utilized. TSA is in the process of assessing the effectiveness of PSC teams in the operational environment, but testing is not comprehensive since it does not include all areas at the airport or compare PSCs with already deployed conventional canines (trained to detect explosives in stationary objects). As a result, more comprehensive testing could provide TSA with greater assurance that PSC teams are effective in identifying explosives odor on passengers and provide an enhanced security benefit. This is a public version of a sensitive report that GAO issued in December 2012. Information TSA deemed Sensitive Security Information has been redacted. What GAO Recommends GAO is recommending that TSA (1) regularly analyze data to identify program trends and areas working well or in need of corrective action, and (2) take actions to comprehensively assess the effectiveness of PSCs. If PSCs are determined to be effective, GAO is recommending that TSA coordinate with stakeholders to deploy PSC teams to the highest-risk airport locations and utilize them as intended. DHS concurred with GAO's recommendations. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 TSA Recommendations for Executive Action 1: To help ensure TSA analyzes canine team data to identify program trends, and determines if PSC teams provide an added security benefit to the civil aviation system, and if so, deploys PSC teams to the highest-risk airports, the Administrator of the Transportation Security Administration should direct the Manager of the NCP to regularly analyze available data to identify program trends and areas that are working well and those in need of corrective action to guide program resources and activities. These analyses could include, but not be limited to, analyzing and documenting trends in proficiency training, canine utilization, results of short notice assessments Explosive De(covert tests) and final canine responses, performance differences between LEO and TSI canine teams, as well as an assessment of the optimum location and number of canine teams that should be deployed to secure the U.S. transportation system. Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. 2: To help ensure TSA analyzes canine team data to identify program trends, and determines if PSC teams provide an added security benefit to the civil aviation system, and if so, deploys PSC teams to the highest-risk airports, the Administrator of the Transportation Security Administration should direct the Manager of the NCP to expand and complete testing, in conjunction with DHS S&T, to assess the effectiveness of PSCs and conventional canines in all airport areas deemed appropriate (i.e., in the sterile area, at the passenger checkpoint, and on the public side of the airport) prior to making additional PSC deployments to help (1) determine whether PSCs are effective at screening passengers, and resource expenditures for PSC training are warranted, and (2) inform decisions regarding the type of canine team to deploy and where to optimally deploy such teams within airports. Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. 3: To help ensure TSA analyzes canine team data to identify program trends, and determines if PSC teams provide an added security benefit to the civil aviation system, and if so, deploys PSC teams to the highest-risk airports, the Administrator of the Transportation Security Administration should, if PSCs are determined to provide an enhanced security benefit, coordinate with airport stakeholders to deploy future PSC teams to the highest-risk airports, and ensure that deployed PSC teams are utilized as intended, consistent with its statutory authority to provide for the screening of passengers and their property. Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information The full GAO report can be accessed at: http://www.gao.gov/assets/660/651725.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
7 Evaluation Report on the new EU ACC3 Regulation The following is taken from the Executive Summary of the Evaluation Context The New ACC3 Regulation augments an air cargo aviation security framework established by Commission Regulation (EU) No 185/2010 in respect of establishing common basic standards for EU aviation security validations. Prior to the New ACC3 Regulation, Commission Regulation (EU) No 859/2011 was enacted as part of this air cargo aviation security framework. This Regulation introduced rules for cargo and mail being carried to Union airports from third countries in order to: protect civil aviation that was carrying such cargo from acts of unlawful interference; and work towards achieving enhanced cooperation on aviation security, supporting the implementation and application of standards and principles in third countries equivalent to those of the Union where this was effective to meet global threats and risks. Analysis of the New ACC3 Regulation Over a period of six months (March through August 2012) in which we developed the content of this report, we provided the Commission with comments and suggestions relating to the wording of the differing drafts of the New ACC3 Regulation. Many of these observations were taken into account and were implemented in successive drafts of the New ACC3 Regulation. Likewise, we have included in this report some final suggestions that we believe could assist industry in implementing the ACC3 framework in text boxes entitled 'Soft issues to ease the facilitation of the New ACC3 Regulation.' We have detailed the security controls which need to be implemented by an ACC3 and how they must either screen EU bound air cargo or ensure a secure supply chain, and to what extent and effect. This is followed by an overview of the validation process, including what options Member States can choose from when establishing an EU aviation security validation scheme and how validations of ACC3 should be performed. Cost of implementing the New ACC3 Regulation It is our opinion that the changes introduced into the final draft of the New ACC3 Regulation, when compared with the requirements of Commission Regulation (EU) No 859/2011, have significantly lowered the overall cost of implementing the New ACC3 Regulation without reducing the strength of the measures proposed to enhance the security of flights bringing cargo from third countries into the EU. This lowering of costs is evinced by the model we constructed to support the New ACC3 Regulation. Certifying costs: This model indicates the costs of certifying 166 EU aviation security validators (180 being recruited and trained) of 1,039,360 Euros. This figure shows significant savings over the sum of 2,774,293 Euros required to certify 401 EU aviation security validators required to support the implementation of Regulation (EU) No 859/2011. Screening costs: The most strict scenario envisaged in this report, namely a 0.05 Euros surcharge per Kilo applied to a total volume of approximately 1.7 billion Kilo of cargo transported by air from relevant third countries into the Union, will result in the total annual additional costs related to the 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
8 screening of shipments to EU standards amounting to 85.3 million Euros. In a more probable case this figure could be around 38.3 million Euros. The cost of 18,014,400 Euros for performing 5,069 EU aviation security validations every five years shows a considerable reduction when compared against the sum of 23,569,200 Euros required to perform 10,323 EU aviation security validations to support the implementation of Regulation (EU) No 859/2011. We believe that the changes introduced in the New ACC3 Regulation both reduce the absolute numbers of third country on-site inspections that will be performed and in addition contributes positively towards the goal of enhanced third country air cargo security. The benefit of reducing the overall number of EU aviation security validators required to operate the programme will allow the professional standards for the validators to be maintained at a high level. This will remove the danger of a lowering of standards in order to rapidly fill the ranks of the considerable number of EU aviation security validators required to launch the programme, as would have been required, to implement Regulation (EU) No 859/2011. Furthermore, it will be easier to support the knowledge base of a smaller cadre of dedicated, professional EU aviation security validators with respect to emerging trends and threats. This will permit individual and or teams of EU aviation security validators to specialise in handling validations relating to specific categories of industry stakeholders, and/or to establish expertise in addressing the particularities of individual third countries. Grouped validations can be planned to include validators who are third country experts and, where necessary, include EU Commission and/or Member States Cargo inspectors who can transfer their own knowledge to these specialists. We believe that the decision to take note of and address the internal security quality assurance capabilities of the air carriers within the New ACC3 Regulation is a prime example of joint regulator/industry cooperation that will have a significant impact on the overall goal of improving the security of air cargo from third countries. ICAO and the New ACC3 Regulation The ACC3 framework should be seen as a supplement to the Chicago Convention which could and possibly should be transposed into the ICAO framework. With this in mind, two key dates are worth noting. First, 1 July 2014 is the deadline by which actors in the air cargo supply chain must apply the revised requirements in the New ACC3 Regulation. As a result of this, two parallel schemes - ICAO's and the EU's - will be in force from that date (although an ACC3 scheme already exists, it is from this date that robust security will be enforceable). The second date is 30 June 2015, which signifies the deadline for the Commission to assess, evaluate and, if appropriate, make a proposal relating to the ACC3 measures. With sufficient focus, and after obtaining feedback from the operation of the New ACC3 Regulation, this could also mark when elements of the ACC3 framework could be formally proposed as an amendment to the Chicago Convention. The full Report can be accessed at: http://ec.europa.eu/transport/modes/air/security/ doc/new_acc3_regulation_final_report.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER Aviation Security Developments - II December 16, 2012 Two teams led by Boeing Research & Technology have completed 18-month studies on that question and have submitted their findings to NASA under a program called N+3, which denotes three generations beyond the current transport fleet. After examining various subsonic and supersonic concepts, the teams have come up with potential configurations that may offer dramatic improvements in operational and environmental performance over the aircraft of today to meet aggressive goals set by NASA. A recent conference entitled Aviation Security against Terrorist Threats, was initiated by the Cyprus Presidency of the EU to increase the awareness on the importance of aviation security against terrorist threats. The Conclusions that were drafted and presented at the Council of Ministers have been published as draft Council Conclusions on aviation security. The Transportation Security Administration (TSA) may soon receive the authority to skip the rescreening of checked luggage for travelers flying to the United States through certain international airports. The House passed the Senate version of the bill, the No-Hassle Flying 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 Act of 2012 (S. 3452), introduced by Sen. Amy Klobuchar (D-Minn.), to empower TSA to determine whether to rescreen luggage that already underwent screening at a departure airport. Security is both a feeling and a reality, and the two are different things. People can feel secure when they re actually not, and they can be secure even when they believe otherwise. This discord explains much of what passes for our national discourse on security policy. Security measures often are nothing more than security theater, making people feel safer. We include a review of a new book entitled Against Security: How We Go Wrong at Airports, Subways, and Other Sites of Ambiguous Danger, by Harvey Molotch, published by Princeton University Press. Israeli tourism industry and foreign airlines operating to Israel are reacting angrily to news that Israel has put off signing an "open skies" aviation pact with the European Union. The agreement, which would give unfettered landing rights in Israel and Europe to airlines from either origin, was to be signed in Brussels this week, but the Transportation Minister, backed out. Israeli officials said the delay came because of a reluctance to make major decisions prior to next month's elections 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 Envisioning tomorrow's aircraft By Daryl Stephenson What might future commercial airplane designs look like 25 to 30 years from now? BOEING IMAGE A look at the subsonic (left) and supersonic airplane concepts Boeing submitted to NASA for the agency's N+3 program, which sought concepts for designs for future commercial airplanes that offer improvements in operational and environmental performance. Two teams led by Boeing Research & Technology have completed 18-month studies on that question and have submitted their findings to NASA under a program called N+3, which denotes three generations beyond the current transport fleet. After examining various subsonic and supersonic concepts, the teams have come up with potential configurations that may offer dramatic improvements in operational and environmental performance over the aircraft of today to meet aggressive goals set by NASA. The Boeing subsonic team, which includes BR&T, Boeing Commercial Airplanes, General Electric and Georgia Tech, has looked at five concepts as part of the SUGAR (Subsonic Ultra Green Aircraft Research) project. The concepts include two conventional reference configurations, similar in appearance to a 737 (nicknamed SUGAR Free and Refined SUGAR), two versions of a new design high span, strutbraced wing aircraft (referred to as SUGAR High and SUGAR Volt), and a hybrid wing body configuration (called SUGAR Ray). The team s report provides detailed benefits and drawbacks as well as recommendations for further study, but doesn t show favorites. No single concept met all of the study goals, so we 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 did not pick a preferred concept, said team leader Marty Bradley of BR&T. For the subsonic concept, hybrid electric engine technology "is a clear winner because it can potentially improve performance relative to all of the NASA goals." However, the team has found that the SUGAR Volt concept (which adds an electric battery gas turbine hybrid propulsion system) can reduce fuel burn by greater than 70 percent and total energy use by 55 percent when battery energy is included. Moreover, the fuel burn reduction and the greening of the electrical power grid can produce large reductions in emissions of life cycle CO2 and nitrous oxide. Hybrid electric propulsion also has the potential to shorten takeoff distance and reduce noise. The SUGAR team s report concludes that hybrid electric engine technology is a clear winner, because it can potentially improve performance relative to all of the NASA goals. However, Bradley said, in order for the hybrid electric concept to be competitive, battery technology needs to improve many, many times over what we have today. Battery technology is being worked around the world, especially in the auto and electronics industries. We need to leverage that work to see if we can get the improvement we need in an aviation compatible package. The SUGAR team identified hybrid electric engine technology as a high-risk high-payoff technology, Bradley said. At this point, the SUGAR Volt is only a concept configuration that we are using to assess the potential of hybrid electric engine technology. For conventional propulsion, a combination of improvements to air traffic management, airframe and propulsion could reduce fuel burn by 44 to 58 percent, the SUGAR team s report says. Other improvements include use of sustainable biofuels, which could reduce CO2 emissions even more and use of advanced combustor technology, which could reduce nitrous oxide emissions by 75 percent. For noise reduction, the best performing concept is the SUGAR Ray (the hybrid wing body), which achieved a 37 decibel reduction relative to today s aircraft, said Bradley. That s well short of the NASA goal, so more work needs to be done in this area. The Boeing SUGAR team was one of four that received contracts from NASA in 2008 to study subsonic concepts for the 2030 to 2035 timeframe. The other teams were led by GE Aviation, Massachusetts Institute of Technology and Northrop Grumman. All four teams have submitted proposals for a second phase of studies to begin developing new technologies that will be necessary to meet the national goals related to an improved air transportation system with increased energy efficiency. Contract award for Phase II, which will start later this year, is expected in the next few months. The Boeing supersonic team, which includes BR&T, BCA, Pratt & Whitney, Rolls Royce, General Electric, Georgia Tech, Wyle and M4 Engineering, has focused on four concepts that include a low fuel burn / low boom swing-wing arrow configuration, a low sonic boom concept with a V-tail to shield noise and control the sonic boom, a joined wing alternate concept and an oblique scissor wing alternative concept. Based on conceptual design studies, the team has recommended to NASA a fixed wing configuration (nicknamed Icon II) with V-tails and upper surface engines as the technology reference concept plane for N+3, said team leader Bob Welge of BR&T. The Icon II concept 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 can carry 120 passengers in a two-class, singleaisle interior, and can cruise at Mach 1.6 to Mach 1.8 with a range of about 5,000 nautical miles. The study acknowledges that supersonic aircraft inherently have less fuel efficiency than subsonic aircraft, but points out they offer offsetting productivity benefits because of speed. The study concludes that advanced technologies can reduce fuel burn enough that a supersonic aircraft could be viable, economically and environmentally, in multiple markets. The study also indicates that these efficiencies can be achieved while meeting the same community noise certification limits as subsonic aircraft with a reduction of the sonic boom noise en route to 65 to 75 decibels. That may make it possible for a supersonic transport to operate at maximum cruise speed -- even over land, Welge said. The Boeing-led team was one of two that received contracts from NASA to study supersonic concepts. The other was led by Lockheed Martin. The NASA N+3 supersonic program does not provide the option for a Phase II system study, but Welge explained that technology development research announcements are anticipated in the near term. Draft Council Conclusions on aviation security against terrorist threats A recent conference entitled Aviation Security against Terrorist Threats, was initiated by the Cyprus Presidency of the EU to increase the awareness on the importance of aviation security against terrorist threats. Other purposes of the conference were to establish a link between all the relevant actors in aviation security in order to develop a comprehensive security approach, to promote public and private cooperation as well as the exchange of best practices. Among the participants of the meeting were the EU Counter Terrorism Coordinator, the National Counter Terrorism Coordinator, members of the General Secretariat of the EU Council, of the EU Commission and of the European External Action Service as well as members of the Terrorist Working Group - TWG and COTER. The Conclusions that were drafted and presented at the Council of Ministers have been published as draft Council Conclusions on aviation security. The Conclusions can be accessed at: http://register.consilium.europa.eu/pdf/en/12/ st17/st17008.en12.pdf This Boeing report can be accessed at: http://www.boeing.com/features/2010/06/corp_e nvision_06_14_10.html 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 TSA to Skip re-screening of checked baggage The Transportation Security Administration (TSA) soon will receive the authority to skip the rescreening of checked luggage for travelers flying to the United States through certain international airports. The House passed the Senate version of the bill, the No-Hassle Flying Act of 2012 (S. 3452), introduced by Sen. Amy Klobuchar (D-Minn.), to empower TSA to determine whether to rescreen luggage that already underwent screening at a departure airport. This determination enables TSA to extend its risk-based security initiatives for travelers going through Customs at US airports.under the bill, TSA would have the option of skipping rescreening of checked luggage for travelers coming from international airports that sign a preclearance agreement. Designated airports must have US-equivalent baggage scanning equipment and procedures.klobuchar hailed the legislation as a common-sense measure to ease international travel, particularly between the United States and Canada."As thousands of Americans travel internationally this holiday season, too many will have to deal with the hassle of rescreening their luggage," Klobuchar said in a statement Wednesday. "Requiring luggage to undergo the exact same screening process twice in one trip puts a burden on both our international aviation security system and travelers. "This bill is now headed to the president's desk to be signed into law to help the TSA ensure the security of luggage more efficiently and effectively while reducing delays for passengers," she added.sen. Roy Blunt (R-Mo.), the bill's co-sponsor, also hailed the efficiencies strengthened by the bill.in the House, Rep. Joe Walsh (R-Ill.) introduced companion legislation (HR 6028), which was originally passed by that chamber in September. Walsh said the legislation sent to the White House Wednesday would save money and streamline security."as I've been saying all year, double-security does not equal doublesafety. Passage of our bill will allow TSA agents to focus on high-risk travelers and save the taxpayers money. Washington has already overburdened Americans and streamlining baggagescreening requirements is a promising start to reducing these unnecessary regulations. I'm proud to have been part of the efforts," Walsh said in a statement.rep. Peter King (R-NY), outgoing chairman of the House Homeland Security Committee, praised the bill as one that would "improve the efficiency of the Department of Homeland Security's operations."the senators noted that US Customs and Border Protection (CBP) preclears many travelers overseas at 14 airports in Canada, Ireland and the Caribbean, but that preclearance process currently does not include screening of checked luggage, which is rescreened upon entry at US airports. Canadian airports have begun installing baggage-screening technology that meets US standards, lawmakers said. As such, S. 3452 would allow TSA to waive rescreening baggage traveling from those airports. President Barack Obama is expected to sign the bill. The bill text can be accessed at: http://www.gpo.gov/fdsys/pkg/bills- 112s3542enr/pdf/BILLS-112s3542enr.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
7 Unsafe Security A sociologist aptly analyzes our failures in topdown protection. Review by Bruce Schneier 1 Against Security: How We Go Wrong at Airports, Subways, and Other Sites of Ambiguous Danger, by Harvey Molotch, Princeton University Press 2 A lot of psychological research has tried to make sense out of security, fear, risk, and safety. But however fascinating the academic literature is, it often misses the broader social dynamics. New York University s Harvey Molotch helpfully brings a sociologist s perspective to the subject in his new book Against Security. Molotch delves deeply into a few examples and uses them to derive general principles. He starts Against Security with a mundane topic: the security of public restrooms. It s a setting he knows better than most, having authored Toilet: The Public Restroom and the Politics of Sharing (New York University Press) in 2010. It turns out the toilet is not a bad place to begin a discussion of the sociology of security. People fear various things in public restrooms: crime, disease, embarrassment. Different cultures either ignore those fears or address them in culture-specific ways. Many public lavatories, for example, have no-touch flushing mechanisms, no-touch sinks, no-touch towel dispensers, and even no-touch doors, while some Japanese commodes play prerecorded sounds of water running, to better disguise the embarrassing tinkle. Security is both a feeling and a reality, and the two are different things. People can feel secure when they re actually not, and they can be secure even when they believe otherwise. This discord explains much of what passes for our national discourse on security policy. Security measures often are nothing more than security theater, making people feel safer without actually increasing their protection. 1 http://www.schneier.com 2 http://press.princeton.edu/titles/9840.html Restrooms have also been places where, historically and in some locations, people could do drugs or engage in gay sex. Sen. Larry Craig (R-Idaho) was arrested in 2007 for soliciting sex in the bathroom at the Minneapolis-St. Paul International Airport, suggesting that such behavior is not a thing of the past. To combat these risks, the managers of some bathrooms men s rooms in American bus stations, in particular have taken to removing the doors from the toilet stalls, forcing everyone to defecate in public to ensure that no one does anything untoward (or unsafe) behind closed doors. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
8 Subsequent chapters discuss security in subways, at airports, and on airplanes; at Ground Zero in lower Manhattan; and after Hurricane Katrina in New Orleans. Each of these chapters is an interesting sociological discussion of both the feeling and reality of security, and all of them make for fascinating reading. Molotch has clearly done his homework, conducting interviews on the ground, asking questions designed to elicit surprising information. Molotch demonstrates how complex and interdependent the factors that comprise security are. Sometimes we implement security measures against one threat, only to magnify another. He points out that more people have died in car crashes since 9/11 because they were afraid to fly or because they didn t want to deal with airport security than died during the terrorist attacks. Or to take a more prosaic example, special high-entry subway turn-stiles make it much harder for people to sneak in for a free ride but also make platform evacuations much slower in the case of an emergency. The common thread in Against Security is that effective security comes less from the top down and more from the bottom up. Molotch s subtitle telegraphs this conclusion: How We Go Wrong at Airports, Subways, and Other Sites of Ambiguous Danger. It s the word ambiguous that s important here. When we don t know what sort of threats we want to defend against, it makes sense to give the people closest to whatever is happening the authority and the flexibility to do what is necessary. In many of Molotch s anecdotes and examples, the authority figure a subway train driver, a policeman has to break existing rules to provide the security needed in a particular situation. Many security failures are exacerbated by a reflexive adherence to regulations. Molotch is absolutely right to hone in on this kind of individual initiative and resilience as a critical source of true security. Current U.S. security policy is overly focused on specific threats. We defend individual buildings and monuments. We defend airplanes against certain terrorist tactics: shoe bombs, liquid bombs, underwear bombs. These measures have limited value because the number of potential terrorist tactics and targets is much greater than the ones we have recently observed. Does it really make sense to spend a gazillion dollars just to force terrorists to switch tactics? Or drive to a different target? In the face of modern society s ambiguous dangers, it is flexibility that makes security effective. We get much more bang for our security dollar by not trying to guess what terrorists are going to do next. Investigation, intelligence, and emergency response are where we should be spending our money. That doesn t mean mass surveillance of everyone or the entrapment of incompetent terrorist wannabes; it means tracking down leads the sort of thing that caught the 2006 U.K. liquid bombers. They chose their tactic specifically to evade established airport security at the time, but they were arrested in their London apartments well before they got to the airport on the strength of other kinds of intelligence. In his review of Against Security in Times Higher Education, aviation security expert Omar Malik takes issue with the book s seeming trivialization of the airplane threat and Molotch s failure to discuss terrorist tactics. Nor does he touch on the multitude of objects and materials that can be turned into weapons, Malik laments. But this is precisely the point. Our fears of terrorism are wildly out of proportion to the actual threat, and an analysis of various movie-plot threats does nothing to make us safer. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
9 In addition to urging people to be more reasonable about potential threats, Molotch makes a strong case for optimism and kindness. Treating every air traveler as a potential terrorist and every Hurricane Katrina refugee as a potential looter is dehumanizing. Molotch argues that we do better as a society when we trust and respect people more. Yes, the occasional bad thing will happen, but 1) it happens less often, and is less damaging, than you probably think, and 2) individuals naturally organize to defend each other. This is what happened during the evacuation of the Twin Towers and in the aftermath of Katrina before official security took over. Those in charge often do a worse job than the common people on the ground. While that message will please skeptics of authority, Molotch sees a role for government as well. In fact, many of his lessons are primarily aimed at government agencies, to help them design and implement more effective security systems. His final chapter is invaluable on that score, discussing how we should focus on nurturing the good in most people by giving them the ability and freedom to self-organize in the event of a security disaster, for example rather than focusing solely on the evil of the very few. It is a hopeful yet realistic message for an irrationally anxious time. Whether those government agencies will listen is another question entirely. Cheaper airfares put on hold as Israeli election looms Israeli hoteliers and foreign airlines operating here are reacting angrily to news that Israel has put off signing an "open skies" aviation pact with the European Union. The agreement, which would give unfettered landing rights in Israel and Europe to airlines from either origin, was to be signed in Brussels this week, but Transportation Minister Yisrael Katz backed out. Israeli officials said the delay came because of a reluctance to make major decisions prior to next month's Knesset elections. However, the Transportation Ministry has come under heavy pressure from Israeli airlines not to sign the pact because they say they it will harm their business. El Al officials say they don't oppose competition but maintain the current draft agreement leaves them at a competitive disadvantage. The delay will hold up implementation of the pact, which was supposed to be carried out over a five-year period beginning next year and was expected to reduce fares and increase flight capacity to and from Israel. "It's underhanded political opportunism after years of expectations for this agreement," said Ami Federmann, president of the Israel Hotel Association. European airline officials who asked not to be identified said the biggest loser from the delay would be the Israeli traveler who, they say, will be deprived of lower airfares, while the major beneficiary will be El Al. These officials say the delay will cause cancelation of European airlines' plans to add flights and new destinations in their service to and from Israel. This article published in the Haaretz newspaper can be accessed at: http://www.haaretz.com/business/cheaper-airfares- put-on-hold-as-israeli-election-looms.premium- 1.485035 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
AIR CARGO SECURITY POLICY NEWSLETTER TSA Aviation Security Initiatives December 13, 2012 RAND Corporation recently evaluated a terrorism risk modeling tool developed by the Transportation Security Administration (TSA) and Boeing to help guide program planning for aviation security; the Risk Management Analysis Tool, or RMAT, simulates terrorist behavior and success in attacking vulnerabilities in the domestic commercial air transportation system, drawing on estimates of terrorist resources, capabilities, preferences, decision processes, intelligence collection, and operational planning The Transportation Security Administration (TSA) is planning to re-compete a contract to network together is passenger and baggage screening technologies. Under the program, known as the Security Technology Integrated Program (STIP), TSA seeks to connect screening technologies in a single network to centralize data collection and threat response information. These TSA requirements, explained in the body of the newsletter, are challenging, and will be difficult and costly to achieve. The Department of Homeland Security Office of Inspector General (OIG) has published a report entitled Personnel Security and Internal Control at TSA s Legacy Transportation Threat Assessment and Credentialing Office. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 OIG found that there has been a pattern of poor management practices and inappropriate use of informal administrative processes to assess and address misconduct. The third item relates to an on-going debate regarding the TSA s new PreCheck program, which gives certain frequent fliers 24 hours notice that they will receive expedited security screening at the airport. The final item in this newsletter is a link to an August 2012 TSA presentation 1 by Susan Tashiro, a deputy assistant administrator at TSA, explaining how TSA is evolving into a high performance counterterrorism organization. Modeling terrorism risk to the air transportation system RAND evaluated a terrorism risk modeling tool developed by the Transportation Security Administration and Boeing to help guide program planning for aviation security. This tool the Risk Management Analysis Tool, or RMAT is used by TSA to estimate the terrorism risk-reduction benefits attributable to new and existing security programs, technologies, and procedures. RMAT simulates terrorist behavior and success in attacking vulnerabilities in the domestic commercial air transportation system, drawing on estimates of terrorist resources, capabilities, preferences, decision processes, intelligence collection, and operational planning. It describes how the layers of security protecting the air transportation system are likely to perform when confronted by more than 60 types of attacks, drawing on detailed blast and other physical modeling to understand the damage produced by different weapons and attacks, and calculating expected loss of life and the direct and indirect economic consequences of that damage. This report describes RAND's conclusions about the validity of RMAT for TSA's intended uses and its recommendations for how TSA should perform cost-benefit analyses of its security programs RAND findings were as follows: Risk Management Analysis Tool (RMAT) Appears to Capture the Key Features Relevant to Security at Most Airports 1 http://www.acina.org/sites/default/files/susan_tashiro.pdf With good information about an adversary's capabilities and intentions, the RMAT defender model can provide credible and useful estimates of the likelihood of detecting and interdicting an adversary. RMAT has proven to be of great value to the Transportation Security Administration (TSA) 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 in driving a more sophisticated understanding of terrorism risks to the air transportation system. The RMAT Model Has Some Gaps Even if the conceptual models on which RMAT is built were sound and comprehensive, the input data requirements exceed what subject matter experts or science can estimate with precision, and the imprecision of those estimates is subject to unknown sources and ranges of error. RMAT may not be well suited for the kinds of exploratory analysis required for highstakes decision support, because of its reliance on a large number of uncertain parameters and conceptual models. This RAND report can be accessed at: http://www.rand.org/pubs/monographs/mg1241. html Networking together passenger and baggage screening technologies The Transportation Security Administration (TSA) is planning to re-compete a contract held by General Dynamics One Source LLC, Fairfax, Va., to network together is passenger and baggage screening technologies. Under the program, known as the Security Technology Integrated Program (STIP), TSA seeks to connect screening technologies in a single network to centralize data collection and threat response information. TSA asked industry Wednesday to provide input on structuring a new program to move the effort forward. The current contract held by General Dynamics runs from September 2010 through May 2013 with a value of about $17 million.stip s goals currently include collecting and disseminating data to increase situational awareness and riskbased security, improve the capabilities of screening technology to respond dynamically, and to address any equipment issues through robust monitoring of the equipment.the screening equipment in question include explosive detection systems for checked baggage, explosive trace detectors, advanced image technology (AIT) or whole body scanners, bottle liquid scanners, metal detectors, and the Credential Authentication Technology/Boarding Pass Scanner System (CAT/BPSS).TSA has not yet announced its plans to re-compete STIP but in a request for information released Wednesday, it sought the input of the private sector on how to structure current STIP services and to deploy its Remote Maintenance and Monitoring component in support of the goals of data collection, threat analysis and remote maintenance.the new contract would engage a contractor to move forward with networking existing and future screening technologies at US airports.in its solicitation 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 Wednesday, TSA prescribed some key characteristics of the future STIP system. The agency said it should use open data architecture based on standards and non-proprietary architecture. STIP should increase the accuracy and reliability of data collected from screening equipment. It also should improve the availability of networked screening equipment to meet screening capacity.in addition, STIP must provide real-time remote monitoring of equipment for 15,000 pieces of equipment at more than 450 airports to support remote maintenance, the solicitation said. STIP will implement software upgrades of screening technology remotely and it will manage inventories and track the movement of equipment.stip also will store, search and process collected data as well as protect it. It will automate maintenance alerts and analyze technology failures and anomalies, TSA said. STIP also will automate analysis of the performance of screeners who use airport screening technology, producing a measure of how accurate a screener is at identifying threats.tsa asked for industry feedback on the project What is STIP STIP is an agency-wide data management system that provides a centralized focal point connecting passenger and baggage screening security technologies to one network, addressing current data, threat response and equipment challenges. STIP assists managers in effectively administering Technology Security Equipment (TSE), deploying personnel and adapting to changing security needs. The priorities of DHS and TSA guide STIP?s direction, and its three strategic goals to increase performance of key activities: (1) Enables the automatic collection, standardization, analysis and dissemination of critical asset and personnel performance data, improving TSA?s situational awareness and risk-based decision making processes; (2) Remotely manage TSE threat detection capabilities, enhancing TSA?s ability to respond to new and emerging threats; and (3) Enables TSA to remotely monitor, diagnose, troubleshoot and manage TSEs, allowing TSA to address equipment issues, prevent failures and reduce the need for on-site visits. STIP will leverage and be fully integrated into TSA's Operating Platform (TOP), which is TSA's existing computing infrastructure. By integrating with TOP, STIP will be able to utilize the existing operations and maintenance environment that is currently employed for TSA systems. STIP will be expanded to enhance its interface with existing DHS and TSA systems, including Sunflower, Performance Indicator Management System (PIMS), Performance Management Information System (PMIS), and Regal, which will allow them to share information more efficiently than the currently existing manual processes. STIP will allow all systems to remotely capture and transmit data in "real time," providing on-the-fly capability for assessing risk, determining performance, and conveying accurate and timely information. The program has a wide variety of stakeholders who are the primary beneficiaries, including Airport personnel, TSA leadership, the Passenger Screening Program (PSP) and the Electronic Baggage Screening Program (EBSP). As the technology component of PSP and EBSP, STIP will seek to meet the information collection, retrieval, and dissemination requirements of both programs, as well as address potential areas of improvements within operations and maintenance for airport security equipment. STIP enablement is dependent on the readiness of the screening technologies and availability of 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 network infrastructure provided by the TSA Office of Information Technology. STIP Background and Objectives STIP is an agency wide Enterprise Management System that connects passengers and baggage screening security technologies to one network to address current data, threat response, and equipment challenges. A summary of STIP s objectives is as follows: Improve Information Sharing and Management: STIP collects and disseminates critical data related to Transportation Security Equipment (TSE), improving situational awareness and riskbased decision making processes. Improve Security Agility: STIP enhances TSA s ability to respond to emerging threats by establishing an environment where the equipment responds dynamically. Increase Operational Efficiency: STIP enables TSA to remotely monitor, diagnose, troubleshoot, and manage TSE, allowing TSA to address equipment issues, prevent failures, and reduce the need for on-site visits. Transportation Security Equipment includes: Explosive Detection Systems (EDS), Advanced Technology (AT), Explosive Trace Detectors (ETD), Advanced Image Technology (AIT), Bottle Liquid Scanner (BLS), Walk Thru Metal Detectors (WTMD) and Credential Authentication Technology/Boarding Pass Scanner System (CAT/BPSS). General Dynamics One Source LLC currently provides TSA STIP support with Operations and Maintenance (O&M) activities and provides overall engineering support services for the STIP Application Suite (STIPAS). General Dynamics also provides systems software support services, training, vendor support, and documentation Requirements of the New TSA system The TSA is re-competing the contract with General Dynamics and requires support with the currently provided services, in addition to O&M of the Remote Maintenance and Monitoring (RMM) deployment for STIP. RMM is a business process improvement solution, which promotes data collection, trend analysis, and remote maintenance monitoring from a centralized location. In support of the re-compete, STIPAS will nationally network existing and future airport security equipment. Security equipment includes CAT/BPSS, BLS, WTMD, AT, ETD, EDS, and AIT. This will provide for administrative and technical communications such as RMM, property control, down load new software revisions, as well as, equipment and monitoring of screener performance. STIPAS will include the following properties: 1. Provide Open Data Architecture that utilizes standards based/non-proprietary open architecture; 2. Increase the accuracy and reliability of the security equipment transferred data from online TSA services and facilities within the airport environment to a designated remote location; 3. Maintain TSA throughput by ensuring that appropriate equipment assets will be available to provide the capacity needed to handle projected demands; 4. Provide near-real time remote maintenance monitoring and equipment performance data retrieval at 450+ federalized airports on 15,000 pieces of security equipment; 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 5. Provide security equipment inventory management and movement tracking; 6. Provide a solution to effectively manage 15,000 pieces of security equipment via remote maintenance. A coherent, consistent, distributed means to manage large data sets. The solution should accommodate: 7. Staged data storage among on-line, near real time, and off-line data. 8. Transparent access to security equipment data independent of its physical location 14. Agile Development The solution should illustrate the use of agile development processes and procedures. The full US Government RFI document can be accessed at: https://www.fbo.gov/index?s=opportunity&mo de=form&id=c0559c250ada183dc9d948573d3d 50c4&tab=core&_cview=1https://www.fbo.gov /index?s=opportunity&mode=form&id=c0559c2 50ada183dc9d948573d3d50c4&tab=core&_cvi ew=1 9. Open systems approach to accommodate diversity in airport security equipment operating systems, databases, languages, and communications. 10. Robust distributed computational support to catalog, search, and process data. Appropriate system integrity to protect the value of large data collections. 11. Automated maintenance alerts and notification. The solution should accommodate analysis of equipment anomalies, failures and alarm data. 12. Automated analysis of end-user performance. The solution should accommodate real time evaluation of airport security equipment screener performance data that determines the accuracy of the screener to identify a threat. 13. Configuration management. The solution should accommodate the ability to upload airport security equipment software changes and revisions, and assess airport security equipment systems to ensure configuration management revision levels and security adherence. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
7 Personnel Security and Internal Control at TSA s Legacy Transportation Threat Assessment and Credentialing Office Executive Summary The Department of Homeland Security s (DHS) Transportation Security Administration (TSA) Transportation Threat Assessment and Credentialing Office was established as the lead for conducting security threat assessments and credentialing initiatives for domestic passengers on public and commercial modes of transportation, transportation industry workers, and individuals seeking access to critical infrastructure. Two programs, the Secure Flight Operations Center and the Security Threat Assessment Operations Adjudication Center, were established to conduct case-specific adjudications of potential threats to transportation security. In 2010, TSA initiated an administrationwide restructuring that includes reviewing all personnel position descriptions and realigning Transportation Threat Assessment and Credentialing Office functions under other TSA offices. Assessment Operations Adjudication Center identified potential insider threat risks; however, limited resources weaken internal control at the Security Threat Assessment Adjudication Center, and the shift and supervisory structure at the Secure Flight Operation Center uses resources inefficiently. Within the legacy Transportation Threat Assessment and Credentialing Office, there has been a pattern of poor management practices and inappropriate use of informal administrative processes to assess and address misconduct. We are making eight recommendations to improve background investigations, internal controls, staffing models, data system development coordination, and use of TSA or DHS formal complaint processes, and to establish an independent panel for legacy Transportation Threat Assessment and Credentialing employees to request review of reassignments. This OIG Report can be accessed at: http://www.oig.dhs.gov/assets/mgmt/2013/oig_ 13-05_Oct12.pdf We reviewed TSA s oversight of personnel in the legacy Transportation Threat Assessment and Credentialing Office. Specifically, we reviewed whether position descriptions and background investigations are appropriate for employees authority and responsibility levels. We also reviewed whether there are adequate internal controls to provide oversight of personnel workplace activities. We determined that TSA employee background investigations met Federal adjudicative standards, but were not timely. The Secure Flight Operations Center and the Security Threat 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
8 TSA PreCheck Screening TSA Launches PreCheck Screening at Honolulu International Airport- October 23, 2012 TSA has launched TSA PreCheck passenger screening operations at Honolulu International Airport (HNL). Under TSA PreCheck, U.S. citizens traveling domestically who are select Alaska, American, Delta, United and US Airways frequent travelers or are members of U.S. Customs and Border Protection (CBP) Trusted Traveler programs are now eligible to participate and may receive expedited screening benefits. The TSA PreCheck lane is located at Checkpoint 3. TSA PreCheck is part of the agency s larger effort to implement risk-based security concepts that enhance security by focusing efforts on travelers considered high-risk and about whom the agency knows less. To date, more than 3.5 million passengers have experienced TSA PreCheck. TSA PreCheck is now available in 29 airports for Alaska Airlines, American Airlines, Delta Air Lines, United Airlines and US Airways frequent travelers. Eligible passengers include U.S. citizens flying on participating airlines, as well as those who are members of CBP Trusted Traveler programs, including Global Entry 2, SENTRI and NEXUS. Beginning Nov. 15, Canadian citizens traveling domestically in the United States who are members of NEXUS are also qualified to participate in TSA PreCheck. If TSA determines that a passenger is eligible for expedited screening through PreCheck,information is imbedded in the barcode of the passenger s boarding pass. TSA reads the barcodes at the designated 2 http://www.globalentry.gov checkpoints, and those passengers may be referred to the TSA PreCheck lane, where they will undergo expedited screening, which could include being able to leave on their shoes, light outerwear and belt, allowing them to keep their laptops in their cases and their 3-1-1 compliant liquids/gels bags in carry-on luggage. Fake Boarding Pass Fears Inflated 3 With the holiday season upon us, the number of Americans traveling by air will be climbing. Airline reservations for this Christmas are already more than 50% higher than the same time last year. So security concerns about the increasing ease of reading or modifying the bar codes on boarding passes are also soaring. Blame technology. Widely available free smartphone and Web-based applications can be used to read or alter the information on boarding passes, which can be accessed online 24 hours before a flight. This includes passenger identification, flight data and the information that determines whether a passenger is eligible for expedited screening. For some security analysts, expedited screening poses the biggest concern because those passengers are allowed to keep their shoes and belts on, and to keep their laptops and small containers of liquids in their baggage at checkpoints. TSA wrongly bashed Not surprisingly, critics have chastised the Transportation Security Administration for its latest policy innovation. In this case, the critics 3 This comment by RAND Corporation was authored by Jack Riley who is vice president and director of the National Security Research Division and by Lily Ablon who is an information systems analyst at the non profit, non partisan RAND Corporation. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
9 have got it wrong. The TSA should be applauded, and the program should be dramatically expanded beyond the five airlines and 29 airports that currently participate. It's called PreCheck, and it enables certain frequent fliers to receive expedited screening at the airport. PreCheck is configured so that these passengers are not supposed to know whether they will receive expedited screening until their boarding pass is scanned at the airport entrance to security. Given the free applications to decode the information, however, passengers have been able to determine their PreCheck status before they arrive at the airport. The ability to decode your boarding pass raises two fears. First is that you might be able to change the data in a boarding pass to give yourself PreCheck status and then use that status to smuggle contraband. Second, the fear is that if a terrorist knows he's getting PreCheck in advance, he could better plan an attack. Both fears are unfounded. Layers of security A number of other security measures are in place. Carry-on bags are still X-rayed, metal detectors can be configured to randomly select PreCheck travelers for additional security, and anyone caught trying to circumvent security can be denied PreCheck in the future. The boarding passes of most, but not all, airlines contain a digital signature to ensure that the ticket and any of the personal information in the bar code has not been modified. Though the other elements of security are a hedge against this fraud, more countries and airlines should implement a digital signature, which then gets properly checked by the TSA. With this ability to verify that no information has been changed, the spoofing of a boarding pass will not be an option. The reality is that locked cockpit doors and passenger and crew knowledge of the need to intervene during an incident provide a high level of security. Instead of ratcheting back the PreCheck program because of manufactured fears about security lapses, TSA should be encouraged to expand this program to more airlines, more airports and more infrequent travelers. It's a Christmas present that more travelers deserve. This RAND Corporation blog article with links to associated materials can be accessed at: http://www.rand.org/blog/2012/12/fake-boardingpass-fears-inflated.html Security analyst says random airport checks of preferred passengers is undermined by a flaw in boarding passes. Widely available smartphone applications can scan airline boarding passes to see if passengers are scheduled for additional screening by the Transportation Security Administration, which a security expert flags as a flaw in the system. The flaw involves PreCheck passengers, who are typically allowed to keep their shoes and belts on, and their laptops and small containers of liquids in their bags at checkpoints. By scanning the bar code on a boarding pass printed up to 24 hours before a flight, passengers can see whether they qualify for PreCheck's expedited screening or will face a more intrusive, regular screening. "If people can verify their PreCheck status at home 24 hours before the flight, the randomness is gone," says Chris Soghoian, a security analyst 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
10 at the American Civil Liberties Union. "The randomness needs to occur the moment you are in line, when it's too late to swap bags with your colleague or it's too late to throw something in the trash." Word of the ability to read the boarding-pass codes has been circulating on aviation blogs for weeks. It's the latest wrinkle in TSA shifting from blanket screening of everyone to a more riskbased screening that focuses attention on passengers considered the biggest threats. The TSA says in a statement that PreCheck is only one step in a series of security measures at the airport that monitor passengers based on the risks they represent. All passengers go through a metal detector and a full-body scanner, with their bags going through an X-ray. Other layers of protection include intelligence gathering, explosives detection, canine teams, behavior-detection officers who look for suspicious behavior in the airport and federal air marshals who fly undercover on planes. "TSA does not comment on specifics of the screening process, which contain measures both seen and unseen," the agency said in a statement. "In addition, TSA incorporates random and unpredictable security measures throughout the traveling process." Travelers join PreCheck through their frequentflier programs at five participating airlines Alaska, American, Delta, United and US Airways. To participate, they must agree to go through a background check, the details of which the TSA doesn't reveal. PreCheck has provided expedited screening for 3.5 million passengers since beginning in October 2011. The program has separate screening lines at 29 airports, with six more expected by the end of the year. But even PreCheck passengers occasionally receive additional scrutiny by random selection, to keep a bit of uncertainty for any terrorist considering that path to the plane. The trick with boarding passes is that smartphone apps can read the encoded string of digits, which reveal a telltale 3 if the passenger qualifies for PreCheck or a 1 if the person will face routine screening. Soghoian of the ACLU suggests that if keeping laptops and small amounts of fluids in carry-on bags are a threat, TSA should keep random screenings confidential, rather than alerting PreCheck passengers early. He says that if those materials aren't a threat, then everyone should get expedited screening such as PreCheck. "Either bad people can go through PreCheck, and we're safe, in which case give it to everyone," says Soghoian, who illustrated concerns about vulnerabilities with boarding passes in 2006 by showing how to create fake ones. "Or if bad people going PreCheck is a bad thing, then they need to institute confidential random screening of PreCheck passengers." TSA says that even PreCheck passengers are subject to an array of security measures aimed at preventing anyone on a government watch list from faking a boarding pass. "We continue to explore and implement additional mitigation measures to prevent the manipulation of boarding passes and are working with the airlines to enhance existing security systems, programs and methods to prevent illegal tampering," TSA said in its statement. Sen. Charles Schumer, D-N.Y., called the PreCheck program "extremely valuable for making airport security more efficient," but also said it must not be compromised. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
11 "This has the potential to be a gaping flaw in the system that would be all too easy to exploit," Schumer says. "At the very least, if someone is flagged for a random screening, that information should be encrypted." 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
The AIR CARGO SECURITY POLICY NEWSLETTER The challenge of Third Party Auditing (III) December 11, 2012 This newsletter continues the discussion on third party auditing. Once again we ask if experiences from the safety area are relevant. We look firstly at additional garment factory fires, where we see the dangers of generic accreditations, and the pressure against compliance that can be brought to bear by vested interests. Two New York Times (NYT) articles are cited. In the first the owners of a factory in Pakistan where more than 300 workers burned to death had recently stated to an independent inspector who was working for a European apparel company that was thinking of using the factory, after he had found locked fire exits We are SA8000-certified. Whether you pass us or fail us, that s your issue. We don t care. A second and related NYT article reports that a Walmart director of ethical sourcing, along with an official from another major apparel retailer, noted that the proposed improvements in electrical and fire safety would involve as many as 4,500 factories and would be in most cases a very extensive and costly modification. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
2 We provide information on a long running FAA safety programme - Organization Designation Authorization (ODA) 1. The ODA is responsible for annual internal audits, and has to think about itself "as though we are the FAA. The FAA position is, you are our eyes and ears, so we expect you to do everything that we would do. FAA introduced ODA to increase the efficiency of government oversight. Under this system, FAA can provide "oversight without having to do everything personally. Issues, however, remain relating to proprietary data, transferability of authorizations, recourse, objective standards, and whistleblowing. While not directly comparable with third country validations, we believe that there are lessons from this programme that could be of value. The final item in this newsletter continues the dialogue relating to globalization and its actors. In a book entitled Rethinking World Politics it author, Professor Philip Cerny, states that Rethinking World Politics is an attempt to show that although globalization and its consequences may be messy and disordered at some levels, there is a whole universe of actors out there who potentially van play a role in shaping that order its just that we are still in the early stages of the process. He asks the pertinent question if all sorts of groups that are developing crucial transnational linkages both sectional and value groups, and with much in between forge a better world? 1 Organizational designees arecompanies (e.g., aircraft manufacturers) that FAA has approved to perform certain functions on its behalf, such as determining compliance with aircraft certification regulations. The organization is responsible for overseeing the employees who perform the delegated functions. Outsourcing the inspections From the NYT article : There was evidence that Ali Enterprises was flawed well before September s fire. Abdulrauf Shaikh, a longtime inspector, examined the factory three times, in 2010, 2011 and again this July, just two months before the fire. Each time he found a locked fire exit as in the fatal 1911 Triangle shirtwaist factory fire in New York minimum wage violations and other serious problems. Mr. Shaikh was there on behalf of a European apparel company that was thinking of using the factory. When Mr. Shaikh confronted the Bhaila brothers (0wners) over these problems, he recalled, They said: We are SA8000-certified. Whether you pass us or fail us, that s your issue. We don t care. Social Accountability International does not inspect the factories itself. It has a compliance affiliate that licenses firms to do the actual work. One such firm is RINA, an Italian corporation founded in 1861 to inspect ships. In Pakistan, the process was further subcontracted: RINA s local operations are run by RI&CA, which inspected Ali Enterprises last summer. That Pakistani firm has a controversial reputation largely because of its unusually high rate of approvals, doing inspections that led to 118 SA8000 certificates between 2007 and 2012. In contrast, a larger auditing firm, Bureau Veritas, awarded 46 certificates in Pakistan over a period twice as long. RI&CA s flurry of accreditations worried a team of English monitors led by Vic Thorpe and Stirling Smith, who often went to Pakistan to check on inspectors operations. It seems very fishy, Mr. Smith said. They ve certified so many factories compared to the other players, so you wonder. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
3 Mr. Thorpe said he conveyed his concerns to Social Accountability International. Its compliance arm did step up its oversight, but no further action was taken. Several monitors in Pakistan questioned why the local firm was able to do so many inspections for so many years with seemingly little oversight. But it was not entirely surprising. Industry experts say that in the battle for market share, profit-making inspection firms are often tempted to be less rigorous because that makes them more attractive to apparel manufacturers eager for certification. RINA s certification business in Pakistan was bolstered by its partner s embrace of a controversial subsidy program. Since 2007, the Commerce Ministry has offered companies up to 400,000 rupees, or $4,100, toward the cost of an SA8000 inspection as part of a drive to promote the clothing industry. But the program has a twist. The entire subsidy is payable only if the factory is awarded certification. This creates a conflict of interest that skews the process in favor of approval, critics say. Ms. Tepper Marlin said these subsidies concerned her group enough that in 2011 it wrote to RINA and the two other firms accredited to perform SA8000 inspections in Pakistan, advising them to stop accepting the subsidies that the factories pass on to them unless they could demonstrate their impartiality. Two firms stopped taking the government money, she said, but RINA s Pakistani partner continued. Despite these concerns and others, industry officials said RINA never sent employees to Karachi, instead conducting checkup meetings in the Middle East or by telephone. Did they even bother to visit the country? asked Zulfiqar Shah of the Pakistan Institute of Labor Education and Research. In a statement, RINA said it had conducted periodic internal audits and meetings with Adnan ul-hasan, RI&CA s owner. But the firm declined to specify where and when those meetings had taken place. Soul-Searching after disaster As the Pakistani police investigate one of the deadliest factory fires in history, the Western certifying bodies are engaged in intensive soulsearching. Social Accountability International and its compliance arm have begun an extensive review of its work with RINA. On Friday, they announced that RINA would no longer issue SA8000 certificates in Pakistan. RINA, in a statement, said it had suspended its relationship with its Pakistani affiliate, and was conducting spot checks on factories that had been certified in its name. The group, however, is resisting calls to rescind all its SA8000 certificates in Pakistan. RI&CA, meanwhile, has sought to distance itself from the fire. In a telephone interview, the Pakistani owner denied he even did apparel monitoring. We didn t do Ali Enterprises, Mr. Hasan said. I ve never even seen the factory. The police, RINA and lawyers for Ali Enterprises flatly contradicted that statement. Extensive failings by the Pakistani state played major roles in the disaster. There was little enforcement of safety laws; labor unions, which experts say could provide a voice on working conditions, have been strangled for decades; the local fire department did not reach the factory until at least 75 minutes after the blaze erupted. A government investigation into the blaze, hastily convened to quell public anger, has not yet released its findings. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
4 The full NYT article can be accessed at: http://www.nytimes.com/2012/12/08/world/asia/pakist an-factory-fire-shows-flaws-inmonitoring.html?hp&_r=0&pagewanted=all The position of Walmart In a second NYT article the following is stated: In a related matter, two officials who attended a meeting held in Bangladesh in 2011 to discuss factory safety in the garment industry said on Wednesday that the Walmart official there played the lead role in blocking an effort to have global retailers pay more for apparel to help Bangladesh factories improve their electrical and fire safety. in most cases a very extensive and costly modification. It is not financially feasible for the brands to make such investments, the minutes said. Kevin Gardner, a Walmart spokesman, said the company official s remarks in Bangladesh were out of context. This second NYT article can be accessed at: http://www.nytimes.com/2012/12/06/world/asia/3- walmart-suppliers-made-goods-in-bangladeshifactory-where-112-died-in-fire.html Ineke Zeldenrust, international coordinator for the Clean Clothes Campaign, 2 an antisweatshop group based in Amsterdam, said Walmart was the company that most strongly advocated this position. The meeting was held in April 2011 in Dhaka, the country s capital, and brought together global retailers, Bangladeshi factory owners, government officials and nongovernment organizations after several apparel factory fires in Bangladesh had killed dozens of workers the previous winter. According to the minutes of the meeting, which were made available to The Times, Sridevi Kalavakolanu, a Walmart director of ethical sourcing, along with an official from another major apparel retailer, noted that the proposed improvements in electrical and fire safety would involve as many as 4,500 factories and would be 2 http://www.cleanclothes.org 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
5 FAA ODA Programme This information is taken from an article prepared by ODA Consultants. 3 In November 2005, FAA established a new Organization Designation Authorization (ODA) program. The system promised industry more autonomy and efficiency. Many big players, including Boeing, put thesleves themselves through the rigorous application process. "FAA raised the bar with ODA," claimed David Grossman, a 30-year agency veteran who now heads ODA Consultants, in Aurora, Colo. The ODA procedures manual, for example, is much more detailed and process-oriented regarding how approvals are done than it was under the previous delegation systems. The procedures manual, with its common set of requirements, along with rigorous audit processes, is designed to allow FAA to keep its finger on the pulse of the industry. ODA involves "systems oversight," a term which can mean either more or less scrutiny, depending on the circumstances. According to Grossman, FAA will be doing a higher level of oversight. "They re going to be doing less certification work," but "if they find issues, they will get into it deeper," he said. The aim is a data-driven system that enables FAA to spot trends, identify anomalies, and fix problems before they become safety issues. The FAA essentially will offload routine surveillance onto the ODAs and free itself to focus on challenges, risks and trouble spots. 3 www.odacinsultants.com Internal and external audits are a prominent feature. "If you put yourself in the FAA s shoes with more delegation, you have less visibility," said Vasant Gondhalekar, Cessna Aircraft s director of engineering and lead ODA administrator. Audits are the way the agency "makes sure that the applicant is not deviating from the norm." The ODA, which is responsible for the annual internal audits, then, has to think about itself "as though we are the FAA," he said. "The FAA position is, you are our eyes and ears, so we expect you to do everything that we would do." Cessna has received type certificate (TC) and production certificate (PC) ODAs for both Part 23 and Part 25 aircraft. While ODA will increase FAA s discretion and focus its resources, making ODAs more independent, "at the start here, they re going to keep a pretty close eye on things," May suggested. Systems oversight, to be sure, does not mean handing over the keys to industry. FAA retains the right of first refusal on designees projects. "Every activity they do [is preceded by] a letter of intent" to the company s OMT at the agency, Hempe said. The FAA examines the risk factors and indicates the areas, if any, it will be involved in..american has had similar experience. The agency "does not review our data on a daily basis," said Chuck Williams, manager of engineering support and lead ODA administrator for American s Maintenance and Engineering organization in Tulsa, Okla. If FAA has a question, they contact the airline. Otherwise, the ODA unit files quarterly reports, summarizing work done in the previous three months and describing the status of ongoing projects. "They have really gone to a higher level of oversight," he said. ARINC tells much the same story. Every project still requires the submission of a certification 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
6 plan and a program notification letter, May said. The administrator is responsible for audits, certification plans, training and coordination with the FAA and among ODA members. Still, the new system allows ARINC to better manage its schedules and respond to customer needs, said Rob Moore, director of business development. The agency "is starting to relinquish approval authority to companies that are qualified to make certain approvals and decisions at the company level." Straightforward, noncomplex mods, for example, receive more delegation than complex work involving areas of interest to FAA. The big benefit is schedule flexibility, Cessna s Gondhalekar agreed. "Before we had to bake in up to 30 days required for FAA review and approval, whereas now we can just do it." Procedures Manual The most time-consuming part of an ODA application is writing and approving the procedures manual. Many of the companies had to redo their manuals, Hempe said, to include things like the steps the FAA wanted to see in approving ODA unit members. Writing a single manual to cover multiple sites can incur the additional task of standardizing processes within the company. But the manual is key to oversight. First and foremost, systems oversight means that, through the procedures manual, "we are now going inside the halls of a company and helping to define the processes and expectations by which that company needs to work," including quality and technical procedures, Hempe said. The second part of the system is the "everyday interaction that we have with them," he said. The third piece is the FAA biennial audits. If issues arise, the onsite visits can become much more frequent. All three allow the agency to "go through the barrier" formed by the previous individual designee system and "be more involved with the company." FAA will manage the managers, so to speak, rather than manage all the individual designees. Instead of being "individual-centric," oversight is "systemscentric," as Hempe put it. Because the agency will have a better idea of the big picture, it "can pick and choose the most critical areas and pay attention to those." As the agency evaluates organizations, the manual provides a basis for comparison. FAA can "gather data and look [for trends]," Hempe said. "We can look at best practices, critical issues, identify critical risk, and adapt our policies." Because companies will be working to the same standard, FAA will be able to look across parts manufacturing approval (PMA), STC and MRA ODA holders, for example. ODA will allow FAA to "move to more of a safety system model," allowing "SMS [safety management system] functions of trending." ODA, in the long run will be a "huge benefit to safety," Hempe asserted. As FAA gets smarter about trends, it will be looking for hidden precursors and failure modes. These could be things like assumptions made during certifications, equipment trends, reliability issues and human factors issues. Spotting these trends could help to adjust policy, improve oversight and reduce risk. Other Advantages ODA holders cite other advantages, as well. American pointed out that its ODA organization can manage its own members. Under the DAS system for alterations, for example, if American needed to bring on a qualified designated engineering representative (DER) in a highly specialized area like 16-g seat testing, the company still had to go to FAA and get their permission and concurrence in order to bring 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
7 that person aboard, Williams said. The process could take several days. "Under ODA, we manage all of that," Williams said. The ODA organization sets up the interview panel, reviews the credentials, hires the ODA unit member and then informs FAA. Before ODA, American had six DERs on staff for major repairs, but they essentially worked for FAA: the agency evaluated their work and monitored their currency. Now the ODA does "100 percent audits for DER repairs," Williams said. The ODA unit has brought on an administrative person to help manage the audit activity, and may add other engineering and technical resources to oversee projects. "A lot of the project management and oversight that used to be at the FAA is now within the ODA unit," he said. Under the ODA, American can also issue experimental airworthiness certificates for temporary flight testing of new installations such as inflight entertainment systems. And it can replace a damaged standard airworthiness certificate document without hiring a consultant designated airworthiness representative (DAR). American s ODA unit currently includes five administrators one lead and two assistant administrators, as well as three MRA administrators plus 34 unit members. Twentyfour of the 34 are airline employees. The remaining 10 are contractors, typically in some very specialized area such as smoke evacuation testing. American has completed a number of projects under its ODA. For example, it removed the firstclass seats on an old MD80, which it then retired and donated to an aviation maintenance school in Puerto Rico. Under its MRA ODA, the airline was able to make this change and approve the data. The MRA ODA also covers repairs for damage or corrosion that go beyond the limits of the aircraft manufacturer s structural repair manual. "We have the authority to approve those repairs," Williams said. This means that the ODA holder is, in a sense, less tethered to the original equipment manufacturer (OEM), Williams agreed. Without the authority to approve repairs, the airline previously would have gone to either the OEM, FAA, or individual designees for approval. There is "absolutely a price to this [ODA status]," Gondhalekar said, referring to tasks such as internal auditing and the need to maintain a lot more information. Cessna s ODA unit includes about 150 members, most of whom are company employees, and five ODA administrators the lead, Gondhalekar, and administrators for Part 23, Part 25, standardization and procedures, and quality. ARINC s ODA unit includes 20 members, three of whom are full-time employees. Much of the work, such as the approval of technical data, the issuance and amendment of STCs and the approval of airworthiness certificates, is similar to that of a DAS, May said. Among the new features, however, is the ability to issue experimental certificates and ferry permits. A recent ARINC ODA project for the South Korean Civil Aviation Authority added a flight inspection system to a Cessna aircraft so the CAA can validate their landing aids. Other activity under the ODA includes satcom projects, a transponder upgrade and avionics modifications. The FAA also tried to make the ODA concept more flexible than previous designations and to "expand the scope" to repair stations, airlines, PMA rs, and small entities, Hempe said. PMA rs, for example, can set up an organizational structure permitting them to conduct 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
8 examinations, testing and inspections on behalf of the FAA, Hempe said. Instead of having every document approved sequentially, the PMA ODA holder can apply for approval at the end of the project. They can also work multiple projects and submit them together. Questions and issues The FAA s Organization Designation Authorization (ODA) program raises questions, as well. For one thing, the authority is not transferable, pointed out Sarah MacLeod, executive director of the Aeronautical Repair Station Association (ARSA). That means, if the company is sold, the ODA does not go with it. FAA officials agreed that ODAs are not transferable and have "no property right," but argued that the designation has "tremendous appeal for those that use it effectively to benefit their business and the FAA." Another point is that ODA is a privilege, not a certificate, so if FAA decides to withdraw it, the ODA holder would not have the same due process rights a certificate holder would have, such as a certificate action before the National Transportation Safety Board (NTSB). "If you want to be fully at the whim of the [FAA] administrator more than you are now go get an ODA," MacLeod said. FAA pointed out that although ODA holders aren t entitled to due process under the law, they "certainly are afforded fair and equitable treatment and are entitled to the FAA following established processes for managing and removing ODAs." MacLeod also raised the question of objective standards. "You really need to have an objective standard that you are required to meet," she said. But "once we get into this nebulous area of approvals, as opposed to certificates, we get further and further away from an objective standard." Protection of proprietary data is also a question, she said. For example, what happens to an ODA s data if FAA pulls the approval? Interestingly, American s experience so far under ODA has been that less, rather than more data, has been exchanged with FAA. Prior to ODA, all of the data relating to major repairs was sent to the agency, said Mark Boes, managing director of engineering and support. Under the ODA, by contrast, American maintains that data basically for as long as the airplane is in service. Now as before, however, data provided to FAA is protected by a standard legal statement regarding confidentiality. Under ODA, the FAA delegates more of the steps leading up to final approval, rather than overseeing every move along the way. But suppose a company with a certification almost within reach has a whistleblower issue. The entire process could become suspect and subject to FAA review, MacLeod warned. Bottom line, she said: ODA is "very attractive candy is always attractive, but you get rotten teeth." Article by Charlotte Adams An FAA Office of the Inspector General ( OIG) 2011 report on this programme entitled FAA need to strengthen its risk assessment and oversight approach for Organization Designation Authorization and risk based resource targeting. can be accessed at: http://www.oig.dot.gov/sites/dot/files/faa%20o DA%206-29-11.pdf 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
9 Rethinking World Politics A close up Your just browsing reader should actually start with the blurbs on the back cover. I was blown away by the positive response I got from senior colleagues who are among those I respect most in the profession! I feel they accurately identify what I was trying to do. Beyond that, I think I managed to summarize the argument as well as I could have done in the introduction, and then followed it up with a look at the key dynamics of the analysis in the conclusion. The introductory chapter is entitled Why Transnational Neopluralism? Readers who are interested in the sort of issues I emphasize in this interview will find the questions set out, I hope, systematically. The concluding chapter is entitled Globalization is What Actors Make of It. It emphasizes that the shift from a state centric world order to a neopluralist one may take different forms, and that actors in a range of different structural positions will be able to shape different aspects of that transition sort of the equivalent of what Bentley called the great moving process of pluralism (or, in this case, neopluralism). I am skeptical about the possibilities of prediction in the study of politics, and indeed of the social sciences in general, but I believe one can sketch out a range of possible trajectories and look at the conditions under which one pathway might predominate rather than another. There will always be what are often called multiple equilibria inherent in social change (and continuity). As has often been said, the only thing we can really predict is the past. Explanation thus requires process tracing rather than pseudo scientific models of the future. Therefore the closest we can get is what is sometimes called scenario analysis. I identify three of what I regard as key scenarios. The first is, to pinch David Stockman s famous term, the rosy scenario. In the rosy scenario, pluralism and democratization, often with a basis in a convergence across the world of legal rights, political cultures, and global governance, will lead to a better world. Positive views of the Arab Spring just this year well after the book was written tend to fall into this category, although the information technology, human rights, and new middle classes led revolt is still fragile. Also the concept of the emergence of a genuinely global civil society rooted in the growth and increasing legitimacy of transnational non governmental organizations (NGOs), transnational advocacy networks, and the like posits implicitly or explicitly that the spread of transnational value groups (to use Key s original distinction) will come to dominate the globalization process and point the way to a better world. I remain highly skeptical of the rosy scenario, but it is nevertheless a key dimension of the emergence of a new world politics. The second scenario is what for want of a better term I label sectoral hegemony. This view is often set out in more radical critiques of international politics and political economy. A range of authors such as Kees van der Pijl and Stephen Gill identify a transnational capitalist class or transnational elite or new 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
10 constitutionalism wherein what I would regard as neopluralism congeals into the systemic dominance of particular economic sectors (and the linkages among them), leading to a version of neo Marxist class domination. Such domination would be enabled by structural changes, as economic globalization gives business and finance new resources and new capacities to organize the world around their own interests. The Financial Times writer Gillian Tett, writing about the global financial crisis, talks about the banks and other financial market actors dancing around the regulators. This seems timely when we look at the way the Dodd Frank Act in the United States is working or not working and the fragmented way European governments are responding to current sovereign debt crises. Can states keep the global financial system stable and safe, or are we on our way to the next crisis? These and other questions about the power and influence of international finance are crucial to whether world politics is going to be characterized by increasing sectoral hegemony. The third scenario is what has been called neomedievalism, referred to above. This analysis goes back to the writings of the international relations theorist Hedley Bull in the 1970s and became fashionable in the mid 1990s. It sees not a coherent line of development like the rosy or sectoral hegemony scenarios, but rather a fragmentation of world politics, with nobody really being in charge except in particular regions or economic sectors, and even then not for very long and continually challenged. In the area of security, it can be summed up in the notion of warlordism, rooted in ethnic and cross border warfare and violence, along with the increasing role of insurgency warfare, improvised explosive devices, etc. In economics, it means a combination of oligopoly, rapid change, and destabilization. In social matters, it means that social ties across borders lead to more strife, not less. James Rosenau has referred to fragmegration, or the mutual interaction of global integration and socioeconomic as well as political fragmentation; this notion is also partly present in the concept of glocalization, or the interaction of global and local processes bypassing the superstructures of states and international organizations. Lastly Transnational neopluralism, I believe, captures the way these three possible scenarios or alternative equilibria interact in practice. Alain Minc, the French intellectual, in Le nouveau moyen age (1993), argues that the Middle Ages themselves were not a period of simple crisis, conflict, and breakdown, but one of durable disorder. This disorder was also creative, leading to the emergence of the very social forces that gave birth to the Renaissance and eventually to modern capitalism and even democracy. Rethinking World Politics is therefore an attempt to show that although globalization and its consequences may be messy and disordered at some levels, there is a whole universe of actors out there who potentially can play a role in shaping that order. It s just that we are still in the early stages of the process. Can the sorts of groups that are developing crucial transnational linkages both sectional and value groups, and with much in between forge a better world? In a talk last year to graduating students at Rutgers Newark, I told them that the future was in their hands. I hope this book can inspire as well as analyze, even if the pathways are still convoluted and not easy to discern. Professor Cerny s comments can be accessed at: http://rorotoko.com/interview/20111017_philip_cerny_ on_rethinking_world_politics_theory_transnational_ne o/?page=1 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
11 Oxford University Press URL for this book Rethinking World Politics is a major intervention into a central debate in international relations: how has globalization transformed world politics? Most work on world politics still presumes the following: in domestic affairs, individual states function as essentially unified entities, and in international affairs, stable nation-states interact with each other. In this scholarship, the state lies at the center; it is what politics is all about. However, Philip Cerny contends that recent experience suggests another process at work: "transnational neopluralism." In the old version of pluralist theory, the state is less a cohesive and unified entity than a varyingly stable amalgam of competing and cross-cutting interest groups that surround and populate it. The OUP site can be accessed at: http://www.oup.com/us/catalog/general/subject/politic s/internationalstudies/?view=usa&ci=9780199733705 Cerny explains that contemporary world politics is subject to similar pressures from a wide variety of sub- and supra-national actors, many of which are organized transnationally rather than nationally. In recent years, the ability of transnational governance bodies, NGOs, and transnational firms to shape world politics has steadily grown. Importantly, the rapidly growing transnational linkages among groups and the emergence of increasingly influential, even powerful, cross-border interest and value groups is new. These processes are not replacing nation-states, but they are forging new transnational webs of power. States, he argues, are themselves increasingly trapped in these webs. After mapping out the dynamics behind contemporary world politics, Cerny closes by prognosticating where this might all lead. Sweeping in its scope, Rethinking World Politics is a landmark work of international relations theory that upends much of our received wisdom about how world politics works and offers us new ways to think about the forces shaping the contemporary world. 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
12 22 Melton Street, London NW1 2BW Tel: +44 20 8144 2591 newsletter@innovativecompliance.com
Friday, 22 November 2013 13:16:23 Greenwich Mean Time Subject: ACSP_Newsletter_Sep_03 - Fast and Flawed Overseas Inspections Date: Wednesday, 4 September 2013 09:55:33 Irish Summer Time From: Marcus Hallside <Marcus.Hallside@innovativecompliance.com> To: Kate McGee <mcgee_kate@yahoo.com> A report in today's issue of the New York Times entitled Fast and Flawed Inspections of Factories Abroad provides a thought provoking reminder of the challenges facing EU Member States in implementing EU aviation security validations. The findings of one independent report (discussed below) are especially worrisome. Bribery, intimidation of workers being interviewed, and unauthorised subcontracting are mentioned. Factory monitoring companies have established a booming business in the two decades since Gap, Nike, Walmart and others were tarnished by disclosures that their overseas factories employed underage workers and engaged in other abusive workplace practices. Each year, these monitoring companies assess more than 50,000 factories worldwide that employ millions of workers. Walmart alone commissioned more than 11,500 inspections last year. Spurred by heightened demand for monitoring, the share prices of three of the biggest publicly traded monitoring companies, SGS, Intertek and Bureau Veritas, have all increased about 50 percent from two years ago. The inspections carry enormous weight with factory owners, who stand to win or lose millions of dollars in orders depending on their ratings. With stakes so high, factory managers have been known to try to trick or cheat the auditors. Bribery offers are not unheard-of. Often notified beforehand about an inspector s visit, factory managers will unlock fire exit doors, unblock cluttered stairwells or tell underage child laborers not to show up at work that week. Unauthorized subcontracting, or farming work out, to an unapproved factory (as was the case for the Quaker Pet Group order in China), is very, very common, according to Gary Peck, founder and managing director of the S Group, a design and sourcing company based in Portland, Ore. Though almost all retailers prohibit the practice in their contracts, suppliers still do it to save money, speed production and meet high-volume orders. And even inspections conducted at authorized factories can be deeply flawed. When NTD Apparel, a contractor for Walmart that is based in Montreal, hired a firm to inspect the Tazreen factory in Bangladesh before 112 workers died in a fire in November, the monitors questionnaire asked whether the factory had the proper number of fire extinguishers and smoke detectors on each floor. But it did not call for checking whether the factory had fire escapes or enclosed, fireproof stairways, which safety experts say could have saved lives. If it s a check-the-box inspection, you better have the right boxes to look at, said Daniel Viederman, chief executive of Verité, a nonprofit monitoring group Audits can be very brief. A single inspector might visit a 1,000-employee factory for six to eight hours to review all types of manufacturing issues, like wages, child labor or toxic chemicals. Some auditors receive only five days of training, whereas the federal Occupational Safety and Health Administration requires three years of training and experience assisting inspectors before employees can lead an inspection of a sizable factory in the United States. In an example known as the Rosita case, after the workers went on their rampage, the Western companies that bought the factory s knitwear grew alarmed. So Rosita s owner, South Ocean, a conglomerate based in Hong Kong, commissioned a new inspection. That inspection, conducted by Verité, which is based in Massachusetts, was a scathing broadside. Verité s monitors found ongoing physical abuse and verbal and psychological harassment, with managers compelling workers who arrived late to stand for many hours without rest. Verité s three-day inspection found errors in calculating wages, chemical containers labeled only in English and unreasonably high production quotas for which workers were disciplined or fired for not meeting. The inspectors noted that workers often face harsh treatment, including jeering from managers if they requested sick leave or annual leave. The monitors also found that managers had fired employees for missing work because of a death in the family and that security guards had beaten workers involved in union and protest activities. Mr. Viederman of Verité said the earlier inspection, performed by a major monitoring firm, SGS, demonstrated the shortcomings of checklist audits. The SGS inspection involved a one-day visit, largely seeking yes-no answers, probably for a modest fee. He noted that SGS had interviewed employees only inside the factory, where workers were often unlikely to speak candidly, and not outside for instance, at bus stops or at home, where workers Page 1 of 2
might open up. Newsletter Team 22 Melton Street, London NW1 2BW +44 208 144 2591 Page 2 of 2
Friday, 22 November 2013 13:18:08 Greenwich Mean Time Subject: ACSP_Newsletter_Jun_02 - International Air Cargo Security - "Too many cooks may be spoiling the broth" Date: From: To: CC: Monday, 3 June 2013 12:10:40 Irish Summer Time Marcus Hallside <Marcus.Hallside@innovativecompliance.com> James Bradbury <James.BRADBURY@ec.europa.eu> Kirsty.WESTRA@ec.europa.eu <Kirsty.WESTRA@ec.europa.eu>, Mario.CARVAJAL@ec.europa.eu <Mario.CARVAJAL@ec.europa.eu> In response to what the US Global Air Cargo Advisory Group (GACAG) considers as "recent significant increases in the number of countries seeking to implement new security measures", the members of GACAG have published a press release (http://tiaca.org/images/tiaca/pdf/pressreleases/gacag- Don%27t%20rely%20solely%20on%20industry%20to%20interpret.pdf) and a position paper (http://gacag.org/images/gacag/positions/gacag%20position%20supply%20chain%20security.pdf). The Group is concerned that "a non- uniform approach to the implementation of requirements for new security measures could result in added bureaucracy, additional costs, and unintended nom- compliance in the aviation sector". A disagreement has broken out between the Transportation Ministry and the air cargo terminal operators in Israel over who will foot the bill for tighter security arrangements now required at Ben Gurion International airport. This is after a team from the US Transportation Security Administration (TSA) recently examined existing procedures in Israel (where security is considered to be high) and outlined a set of new procedures that will be required. The new TSA procedures entail a higher level of image scanning and more comprehensive inspections. The January 2013 issue of the TSA Air Cargo Newsletter states " A major milestone in global air cargo security has been achieved 100% screening of all cargo transported on passenger aircraft within and into the United States. Since the passage of the 9/11 Act in 2007, we have worked long and hard to ensure the mandate was attained without negatively impacting the flow of air commerce. This newsletter can be accessed at: http://www.tsa.gov/sites/default/files/assets/pdf/intermodal/newsletter_january_2013.pdf Recent testimony by Michael Mullen, the Executive Director of the Express Association of America before the US House of Representatives Committee on Homeland Security provided a stakeholders view on TSA's efforts to advance risk based security. It can be reviewed at: http://docs.house.gov/meetings/hm/hm07/20130411/100567/hhrg- 113- HM07- Wstate- MullenM- 20130411.pdf The UK Daily Telegraph reported that Deutsche Bahn will be deploying a fleet of miniature helicopter drones mounted with Thermal imaging cameras to combat graffiti- spraying gangs on the German railway network. The drones which fly at an altitude of 130 m, will be uses at "graffiti hot- spots" such as Berlin, Leipzig, Cologne and Hamburg. The drones cost 60.000 Euro each, and are part of the growing civilian market for unmanned ariel reconnaissance For Sale: Air Force One (not the current one and the auction ended on May 22nd - Winning bid is not known). In the thirty years this aircraft was assigned to the 89th Airlift Wing (Feb 1975- Sep 2005) it flew Presidential missions, Vice President, First Lady, Cabinet Secretaries (Secretary of State, Secretary of Defense, others), Chairman Joint Chiefs of Staff, U.S. Senators, U.S. Representatives, Four Star Generals, Admirals, Foreign Heads of State and other foreign dignitaries. The US General Services Administration (GSA) auction site for the aircraft can be viewed at: http://gsaauctions.gov/gsaauctions/aucdsclnk?sl=91qsci13056100 Newsletter Team Page 1 of 1
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART B.3 Meeting with BSR Airport Managers in Belarus Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 1.0 - FINAL Date 20.06.2013 Co-Ordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Executive Summary... 3 2. EU aviation security validation... 3 3. BSR leadership in EU aviation security validation... 5 Third country civil aviation authority and airport education materials... 6 Third country validation preparations... 6 4. Plan of activities and actions to support a BSR airport Visit to validate the approach... 7 4.1 Internal Preparatory... 7 4.2 Pre Visit (Minsk as example)... 7 4.3 During Visit... 8 4.4 After Visit... 8 Table of Figures Figure 1 New ACC3 Regulation - Implementation Timeline... 4 List of Tables Table 1 - Challenges and approaches... 6 Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 2
Lead Partner Task Leader Project 1. Executive Summary This document has been prepared by Innovative Solutions (Technology Investments) Ltd at the request of for the Baltic Air Cargo Net To address the challenges that have been presented to the EU and international air cargo industry and to the authorities responsible for implementing Regulation No EU 1082/2012 1 (the New ACC3 Regulation), it will be necessary to prepare Baltic Sea Region airports and airport stakeholders as to the requirements of this regulation. The New ACC3 Regulation will require a high level of expertise and knowledge of the operational needs and constraints of all categories of air cargo stakeholders future EU aviation security validators; entities requiring to be EU aviation security validated; EU appropriate authorities; and, third country civil aviation authorities. 2. EU aviation security validation The New ACC3 Regulation specifies that EU aviation security validation is a standardised, documented, impartial and objective process for obtaining and evaluating evidence to determine the level of compliance of the validated entity with requirements set out in regulation (EC) No 300/2008 and its implementing acts. An EU aviation security validation may be performed by an appropriate authority or a validator approved as EU aviation security validator or a validator recognised as equivalent to it. The Validator shall assess security measures applied under the responsibility of the validated entity or parts thereof for which the entity seeks validation. At least the validation shall consist of an evaluation of security relevant documentation, including the validated entity's security programme or equivalent; and, a verification of the implementation of aviation security measures, which shall include an on-site verification of the validated entity's relevant operations, unless otherwise stated. Such EU aviation security validations shall be recognised by all Member States 1 Member States shall demonstrate to the Commission how they contribute to the implementation of point 11.6 (European Security Validation) in respect of point 6.8 of the Annex to Regulation (EU) No 185/2010 (protection of cargo and mail being carried into the Union from third countries) by 31 January 2013 at the latest. Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 3
Lead Partner Task Leader Project Figure 1 provides a timeline for the implementation of EU aviation security validations in third countries Figure 1 New ACC3 Regulation - Implementation Timeline Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 4
Lead Partner Task Leader Project 3. BSR leadership in EU aviation security validation Some form of higher-level coordination, at the level of one or more airports, would greatly assist in reducing the logistic and coordination efforts that will inevitably be associated with the launch of the EU aviation security validation scheme as envisaged by the new Regulation. Such an approach will in addition help to reduce the efforts and costs that will be incurred by the international regulated agent community in complying with the New ACC3 Regulation. It would be most beneficial if airport operators, where validations are required to be completed, will be proactive in establishing co-ordination efforts for their own airport and as such negotiate centrally with EU aviation security validators, and with the entities requiring validation at their airports. This will ensure a smooth, efficient and lower cost validation process. This is the view of both the EU air carriers and regulated agent communities. It is especially relevant for the regulated agent stakeholders, who are particularly uneasy with permitting ACC3s (who are still today considered by regulated agents as competitors) to assume responsibility for performing (possibly) multiple validations of their operations at third country airports. Regulated agent stakeholders understand that they need to move forward with obtaining EU aviation security validation, but they are not knowledgeable as to how to do so 2. Table 1 provides an initial list of challenges identified by and the definition of corresponding third country approaches that could be put in place by early adopter third countries. 2 One of the issues affecting regulated agents who wish to be pro-active in being validated will be from whom they can obtain information about the programme and details of approved EU aviation security validators, especially during the initial stage of the programme. To which appropriate authority should a regulated agent who wishes to be validated apply? There is no dispensation regarding the possibility of validation at a representative number of third country locations (as for ACC3s) the pressure on regulated agents could initially greater than that on ACC3s. Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 5
Lead Partner Task Leader Project Table 1 - Challenges and approaches Challenge/Opportunity Resources to be developed/acquired Baltic Air Cargo Approach 1. Provision of education services for BSR airport authorities 2. Preparation of third country ACC3s, regulated agents and known consignors for EU aviation security validation Procedures and materials for training third country authorities in a) the requirements of the New ACC3 regulation; and b) cargo screening to EU Standards Structured approach, methodology, and related administrative actions to support validation logistics, coordination and cooperation Third country airport authority ACC3 education materials Third country airport validation preparations It should be noted that there is a considerable overlap with respect to the information collection and dissemination aspects of each of the proposed approaches. Third country civil aviation authority and airport education materials Preparation of materials for introducing third country airport managers to a) the requirements of the New ACC3 regulation; and b) cargo screening to EU Standards. Provision of training sessions Third country validation preparations 1. Development of third country validation profile templates, to be completed by BSR airports to provide details of the cargo operations at the airport. 2. Development of validated entity maps at a BSR airport to identify all of the entities that require validation at the airport 3. Preparation of introductory materials to explain what is expected of the entities requiring to be validated. Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 6
Lead Partner Task Leader Project 4. Plan of activities and actions to support a BSR airport Visit to validate the approach In cooperation with the Baltic Air Cargo Net partners in Belarus, Airport Managers in Belarus was selected as the target for validation of the Baltic Air Cargo Net approach. The following activities will be undertaken prior to and during the visit. 4.1 Internal Preparatory Visit Planning (this document) Preparation of Visit Handout Materials 1. For Airport Cargo Management Overview of the programme & how it will impact airport cargo operations Template for airport validation mapping ( who are the stakeholders and what are the relationships between them) 2. For Stakeholders that will require to undergo validation Preparing for an EU aviation security validation 4.2 Pre Visit Agreement on date for visit Prepare Visit Agenda Coordinate with local airport authority (cargo operations) Coordinate with the local appropriate authority (Belarus) Coordinate with international entities (IATA, the Commission, etc. where appropriate) Identify industry stakeholders (air carriers, freight forwarders, cargo handling agent(s)) Send our visit invitations Set up visit logistics 1. Transport to Airport 2. Airport Hotel booking for staff 3. Local transport (Car Hire if appropriate) 4. Book venue for airport presentation 5. Set up meetings with key stakeholders prior to visit Prepare copies of visit handouts Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 7
Lead Partner Task Leader Project 4.3 During Visit Day Activities at airport Support actions 1 Travel to and arrival at location Transport arrangements ( if appropriate) 2 Meeting with Transportation authority, if appropriate ( either at airport or prior to airport meetings) Initial airport meetings with key stakeholders, visit to airport cargo handling facilities Completion of airport validation mapping and update to presentation based on local data (after discussions) 3 Main presentation to stakeholders (am) (meeting session of 90 minutes) Visit close review of findings with airport authorities and presentation of initial version of airport validation map (pm) 4 Wrap up and return to home base 4.4 After Visit The output of the visit will be the following project documents: Update materials presented in Belarus Complete BSR Validation manual Work Package 3.4 Air Cargo Security PART B.3 Meeting with BSR Airport Managers in Belarus Page: 8
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART B.4 EU Aviation Security Validation Overview for BSR Airport Managers Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 2.2 - FINAL Date 21.07.2013 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Executive Summary... 3 Work Package 3.4 Air Cargo Security PART B.4 Overview for BSR Airport Managers Page: 2
Lead Partner Task Leader Project 1. Executive Summary This document provides a power point presentation of issues that must be considered by BSR Airport Managers when addressing the new ACC3 Regulation. This presentation was initially developed prior to a visit with Airport Managers in Belarus. The presentation was updated with feedback from this visit. Work Package 3.4 Air Cargo Security PART B.4 Overview for BSR Airport Managers Page: 3
Lead Partner Task Leader Project Project name: Baltic.AirCargo.Net Improvement of the air cargo transport sector by service oriented ICT-methods and processing logistic network Project ID #050 Air Cargo Security Compliance Requirements PART B.5 EU Aviation Security Validation Guide for BSR Airports Work Package # Task # Task Leader Version / Release 3 - AIR CARGO MARKET - Analysis & Outlooks 3.4 - Air Cargo Security Regulations Compliance Requirements [ICE] 2.2 - FINAL Date 21.07.2013 Coordinator Marcus Hallside www.balticaircargo.net www.eu.baltic.net Part-financed by the European Union (European Regional Development Fund and European Neighbourhood and Partnership Instrument)
Lead Partner Task Leader Project Table of contents 1. Executive Summary... 3 2. Validation phases and tasks to Achieve EU aviation security validation at BSR airports... 5 2.1 Overview of airport validation phases... 5 2.2 Validation Preparation Phase... 7 2.3 Validation Launch Phase... 11 2.4 Validation On-site Phase... 14 2.5 Validation Close Phase... 15 Table of Figures Figure 1 - EU Validation Phases at BSR Airports (Overview)... 6 Figure 2 - BSR Airport and Stakeholder Managers... 7 Figure 3 Processing Responses to the BSR Airport Validation RFP Package... 11 List of Tables Table 1 - Validation Preparation Phase Tasks (Detail)... 8 Table 2 - Validation Launch Phase Tasks (Detail)... 12 Table 3 - Validation On-site Phase Tasks (Detail)... 14 Table 4 - Validation Close Phase Tasks (Detail)... 15 Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 2
Lead Partner Task Leader Project 1. Executive Summary This guide has been prepared by Baltic Air Cargo Net project to deliver a competitive advantage to BSR airports and their airport stakeholders (ACC3s, RA3s and KC3s, subject to the requirements of the ACC3 Regulation 1 ) that require to have been EU aviation security validated, prior to June 30, 2014. It provides a document that can be used by BSR Airport Managers to initiate, monitor and influence the performance of EU aviation security validations for all relevant stakeholders, requiring to be validated, and operating at BSR airports that are not members of the European Community 2 Currently the process of obtaining EU aviation security validation is in an early phase of implementation, and is not well understood by the non-eu States 3 that are subject to the ACC3 regulation. It is commonly understood that the onus is on the air carriers (ACC3s) to initiate the process, but taking such an approach could negatively impact the costs and operational disruption of these validations, and result in certain of the airport facilities being validated on a number of occasions. This is due to the fact, as explained else where in Baltic Air Cargo Net Task 3.4 4 entities that are validated as a component of the security plan of an ACC3 5, as opposed to being validated as independent entities, will require to be revalidated for each of the ACC3s for which they are providing cargo handling services. A proactive approach of the airport authorities will result in a number of benefits for the BSR airports. In addition to reducing the burden on the BSR airports concerted and their airport cargo handling clients, such an approach will ensure the BSR airports will not find themselves requiring validations in the final months leading up to the June 30, 2014 deadline, and no validators being available to perform validations, and/or their being disadvantageous price competition resulting from the lack of trained validators. 1 Commission Implementing Regulation (EU) No 1082/2012 9 November 2012 amending Regulation (EU) No 185/2010 in respect of EU aviation security validation 2 Founder BSR States of Albania, Armenia, Azerbaijan, Georgia, Moldavia, Russia, Turkey, Ukraine and Serbia and Observer States of Belarus and Tunisia 3 Non-EU States is the term that is being used to refer to the Third Countries mentioned in the EU Regulations. 4 PART B.1 - ACC3 Regulation Background & Impact in BSR 5 For example a Regulated Agent or a Handling Agent that is responsible for the security controls performed on cargo being loaded onto aircraft of a number of ACC3s operating out of one airport location Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 3
Lead Partner Task Leader Project It should be noted that, at the time of completing this guide, there were only 40 trained EU aviation security validators 6 available to validate an estimated 700 ACC3 s and at least a similar, if not considerably greater, number of RA3s in a period of 12 calendar months. In addition it must be noted that the three major airports in Russia, two in Moscow and one in St. Petersburg, each have in excess of 50 ACC3s that require to be validated and a similar if not greater number of RA3s, all by June 30, 2014. Furthermore, waiting for validations to be performed by individual ACC3s as and when they see fit to do so, will result in the airport management, local civil aviation authority staff, and airport cargo handling entity managers having their on-going operations interrupted each time a validation visit to the airport is being undertaken, a process that could potentially be repeated fro as many times as there are individual entities that require to be validated. This guide proposes a structure and process that will properly plan and monitor the performance of a minimal number of validation visits to the relevant BSR airport, it will permit these validations to be performed at the most economically advantageous terms for the airport entities being validated. In addition it will permit BSR airport managers to review, together with local authority regulators, and cargo operators, to review the security procedures and processes in place at the airport, taking into account the checklists that will be used during the validation process, and address any potential issues that could result in validations being unsuccessful, prior to the arrival of validators at the airport. The resolution of such issues could be undertaken between the airport management, the local regulator and the cargo operators, or, alternatively the airport management and the local regulator could seek clarification from DG- MOVE at the European Commission relating to matters that are not within the jurisdiction of an individual EU aviation security validator to resolve. 7 6 The list of European Commission approved EU aviation security validators can be accessed at https://webgate.ec.europa.eu/ksda/openaccess.htm 7 Certain of the requirements relating to the screening of air cargo to EU standards, where this is undertaken by the local state authorities ( police, customs, etc), may require non-eu State to European Commission resolution. Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 4
Lead Partner Task Leader Project 2. Validation phases and tasks to Achieve EU aviation security validation at BSR airports 2.1 Overview of airport validation phases There are a number of key phases involved in the EU aviation security validation process that must be addressed by each BSR airport and its air cargo stakeholders. This approach will ensure that the EU aviation security validation process can be efficiently and cost effectively completed with the minimum disruption to the on-going operations of the airport. The most significant elements of the validation cycle phases relate to the preparation for and launch of the validation process. The key phases involved in planning and execution EU aviation security validations are as follows: 1. Validation Preparation Phase The preparatory set of tasks to obtain relevant information relating to the airport and the stakeholders who are subject to validation prior to preparing a formal RFP proceedure that can be distributed to potential EU aviation security validators, with a view to obtaing price proposals for the required validations. 2. Validation Launch Phase The process of utilising the information garhered in the Validation Preparation phase to enter into negotiations with potential EU aviation security validators, selecting one or more validators, and completing the final detailed plan for the on-site validation phase. 3. Validation On-site Phase Providing the maximum support to the EU aviation seciurity validators and the airport validation participants during the on-site phase of the validation to ensure the effectiveness of the validation processs. 4. Validation Close Phase Working with the airport stakeholders to resolve any security issues identified during the validation process relating to non-compliance with EU requirements, and completion of all validations to the satisfaction of the participants in the validation. Figure 1 EU Validation Phases at BSR Airports, provides a high lever graphic image of the above tasks, which are explained in more detail hereinafter. Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 5
Lead Partner Task Leader Project EU Aviation Security Validation Support Validation Preparation Review of latest version of Stakeholder approved security procedures as implemented at the airport, that should include, details of third party security service providers numbers and locations of facilities to be visited, copies of the training and quality control programmes in operation locally, and of any local authority approvals thereto, local staff recruitment procedures Stakeholder 1 Review of operations Stakeholder and 2 integration Review of with operations Stakeholder overall and n integration Review of airport validation with operations overall and workload airport integration validation with overall workload airport validation workload Validation Launch Validation On-site Validation Close Review of local air cargo regulations, including information on the entity providing security controls (screening) at the airport, and details of the regulated air cargo agent regime, if one exists in the BSR State Stakeholder 1 Agreement on corrective Stakeholder actions n and method Agreement of on verification corrective actions and method of verification If required Airport corrective actions and authorisation of verification if required Figure 1 - EU Validation Phases at BSR Airports (Overview) The remainder of this section of the guide goes into some detail on each of the tasks that has to be performed within each key element of preparing for an execution of the EU aviation security validation process at each BRS airport in terms of: Major validation component (task) name o The key area of activity Validation sub-task name & Identifier o Location o The name and identifier of the detailed sub-task, in this phase Location where the operation /management of the task will occur Third level sub-task identifier o The identifier of this third level sub-task Key activities and outputs o The key actions associated with each sub-task and the outputs which will be prepared and created as the result of performing this task Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 6
Lead Partner Task Leader Project BSR stakeholders involved o The airport and other stakeholders/managers who will be involved in performing each sub-task Figure 2 BSR Airport and Stakeholder Managers provides an overview of the key BSR airport officials who will be involved in the EU aviation security validation implementation process BSR Airport Management BSR State Civil Aviation Author. Regulatory Personnel BSR Airport Screening Facility If Government Operates BSR Airport Manager & Deputy BSR Airport Validation Activity Manager BSR Airport Coordinator for EU Validations BSR Airport Procurement Representatives from Airport purchasing & legal divisions Security Consultants If required L3V Legal Counsel Shared Airport Cargo Facilities Transport, Warehousing, screening, other Airport Validation team (on site) Airport officials who will assist during the on-site validation activities Airport Validation Programme Administration Secretarial Support Accommodation, etc BSR Airport Security Team Airport Security Manager Airport Security Team Members Entity 1 to be EU aviation - security validated Entity 2 to be EU aviation security validated Local Entity entity n Manager to be EU aviation security validated Local entity Local Administration entity Manager Local entity cargo Local handling entity supervisors Administration Other Local relevant entity cargo personnel Local handling entity supervisors Manager Other relevant Local entity personnel Administration Local entity cargo handling supervisors Other relevant personnel Figure 2 - BSR Airport and Stakeholder Managers 2.2 Validation Preparation Phase The preparatory tasks to obtain relevant information relating to the airport and the stakeholders who are subject to validation prior to preparing a formal RFP proceedure that can be distributed to potential EU aviation security validators, with a view to obtaing price proposals for the required validations. This is the key element of preparing each BSR airport for the EU aviation security validation process ; and, the level of investment made by the airport in this activity will determine the success of the total validation effort, and the level of bensfits that will accrue to entities participating in validations, and to the airport as a whole. Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 7
Lead Partner Task Leader Project This phase will provide sufficient data to BSR airport management to determine if sufficient entities at the airport will agree to participate in the validation, nand based on the results thereof will permit the second phase Validation Launch to be executed. Table 1 - Validation Preparation Phase Tasks (Detail) EU Aviation Security Validation Task Location Third level ID no Key Activities and Outputs Stakeholders Involved 1. Validation Preparation Phase 1.1 Set up Airport 1.1.1 Set up introductory meeting with airport BSR Airport validation activity Administrative Offices stakeholders and advise of planning for EU aviation security validation at Airport Management 1.1.2 Establish the position of BSR Airport Coordinator for EU Validations with appropriate administrative support 1.1.3 Initial meeting with airport stakeholders to explain EU programme in detail and to generate interest among airport stakeholders who require to be validated BSR Airport Coordinator for EU Validations and Programme Administration 1.1.4 Further discussions with airport stakeholders and obtain letters of intent (commitments) As above Prepare detailed review of target airport 1.1.5 location cargo operations and environment, and creation of very early and initial draft of BSR Airport Validation RFP Package with information on entities to be validated, on the airport cargo environment, and on the air cargo regulatory environment in BSR State, including: As above Airport Cargo handling and operations layout and maps; Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 8
Lead Partner Task Leader Project List of facilities to be validated and interrelationships; Details of each entity to be validated, its operations at the airport, dates and times that cargo handling operations are performed; Validator profiles (language skills, country knowledge, etc.) for BSR airport validation location 1.2 Obtain copies of validation participants security Airport Administrative Offices Obtain latest version of participating entities air cargo security programmes as implemented at local Station(s), that should include, details of third party security service providers included in the BSR Airport Coordinator for EU Validations and Team programmes for review participating entities security programme, numbers and locations of facilities to be visited, copies of the training and quality control programmes in operation locally, and of any local CAA approvals thereto, local staff recruitment procedures, and information as to the handling of high-risk cargo at the local Station. Utilise this information to update draft of a BSR Airport Validation RFP Package 1.3 Calendar Airport Determination of any participating entity Airport Constraints Administrative Offices and/or BSR State calendar constraints (holidays, religious festivals, etc) and information as to work hours at the facilities to be validated. Obtain information on peak work hours at the non-eu State airport to support Mission planning administration 1.4 Contact with Local CAA Meet with BSR State air cargo BSR Airport local Civil Aviation Authority offices regulators, provide copy of the information prepared for draft BSR Airport Validation RFP Package and discuss issues relating to the regulated air cargo agent regime, if one exists in the BSR State and discuss the activities and monitoring of any government entities providing security controls at the BSR airport. Coordinator for EU Validations and airport validations team & local regulators Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 9
Lead Partner Task Leader Project 1.5 Update to and completion of BSR Airport Validation RFP Package Airport Administrative Offices Completion of BSR Airport Validation RFP Package with all additional qualification information (airport and regulator) required for package submission to potential validators. Indicate where facilities relate to individual validation participants or are shared facilities. Addition of pricing and BSR Airport Coordinator for EU Validations and airport validations team workload metrics, and payment terms 8. Define code of conduct to be expected from Validators. Review any public tendering issues in the BSR State. Add any required RFP terms to the Package and potential boiler-plate texts that may be required in any future contractual agreements with successful validator bidders. Add dates when validations should be performed. Agree on a list of validators to whom the package will be distributes. Add time period for responses, and any other relevant RFP terms 1.6 Resolve Airport Address and resolve any competition BSR Airport potential conflicts interest of Administrative Offices related issues that may have emerged between validation participants at the BSR airport (issues related to potential disclosure of confidential business process data Coordinator for EU Validations and airport validations team 1.7 Confirm Airport Formal notification of planned validation BSR Airport validation participants & launch validation action Administrative Offices activity to all airport validation participants and receipt of signed commitments of participation to permit launch of the proposed airport validation action Coordinator for EU Validations and airport validations team 8 The exact metrics and pricing model for Validations is still evolving as EU aviation security validators start to offer commercial services. A rough metric that can be applied is a team of 2 validators working on-site for 2 2.5 days per validation. Overall costs of validations are projected to be in the range of 10,000 12,000 per entity validated, with the addition of travel costs Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 10
Lead Partner Task Leader Project 2.3 Validation Launch Phase The process of utilising the information garhered in the Validation Preparation phase to enter into negotiations with potential EU aviation security validators, selecting one or more validators, and completing the final detailed plan for the onsite validation phase. The success of this phase, with one or more validation contracts with trained EU aviation security validators, will be enhanced by the quality of the preparation efforts during the previous phase. Prior to reviewing the individual sub-tasks in this phase it is appropriate to review Figure 3 Processing Responses to the BSR Airport Validation RFP Package. Prepare BSR Validation RFP Package Submit Package to Selected Validators yes no Positive Responses from Validators < > Increase scope of Validation Package to widen attractiveness Reduce scope of Validation Package to widen attractiveness Review all Submissions and enter into negotiations with potential candidates Select winning bid(s), notify Validators and sign Validation agreements Figure 3 Processing Responses to the BSR Airport Validation RFP Package The key elements of this plase will be performed in parallel : Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 11
Lead Partner Task Leader Project processing of RFP responses which will require a flexible approach in the event of insufficient validators responding to the RFP and or the terms being offered being unacceptable to the BSR airport management ; and, utilising the detailed airport validation plan and EU regulatory requirements (validation checklists) to perform a validation dry-run to ensure that the BSR airport is ready for the On-site validation phase Table 2 - Validation Launch Phase Tasks (Detail) 2. Validation Launch Phase 2.1 Distribute Airport Distribute BSR Airport Validation RFP BSR Airport BSR Administrative Package to selected potential validators Coordinator for EU Airport Offices Validations and Validation airport validations RFP team Package 2.2 Receive Airport Commence review of and create BSR Airport and review Administrative comparison tables for RFP package Coordinator for EU RFP Offices responses, take into account validation Validations and responses dates and pricing airport validations team 2.3 Convert Airport Conversion of high level validation BSR Airport High Level Administrative requirements included in the RFP Coordinator for EU Airport Offices package into a detailed Mission Plan, Validations and validation taking into account the services being airport validations Plan into offered in the RFP responses. team detailed Plan 2.4 Determine Airport Should terms offered by validators not BSR Airport if RFP Administrative meet airport requirements address this Coordinator for EU responses Offices by increasing/reducing the scope of the Validations and are RFP requirements (no of validators airport validations sufficient required, time frame, fee details, other team terms) and re-submit RFP 2.5 Obtain final Airport Complete all response evaluation data BSR Airport proposals Administrative and select one or more validators. Coordinator for EU and select Offices Advise validators of decision and enter Validations and validator(s) into final contract negotiations with airport validations validators team Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 12
Lead Partner Task Leader Project 2.6 Perform dry run of validation checklists and iscuss and resolve any potential issues of non compliance both at airport level and at regulatory level Local offices Airport facilities CAA and Using detailed validation plan and ACC3 Regulation validation checklists for ACC3s and RA3s at airport, perform dry run with local regulators of the validation of one or more entities. Document all findings and determine if issues are related to specific entity that participates in the dry-run, are systematic across the BSR airport, and /or require intervention at the level of the local regulatory authority 9 Put in place measures to resolve any such issues BSR Airport Coordinator for EU Validations and airport validations team & local regulatory authorities 2.7 Update airport validation plan with tasks related to individual selected validators & on-site support tasks Airport Administrative Offices Completion of any travel arrangements, being supported by BSR airport 10, provide additional information on local health, safety and insurance requirements, assist selected validators in obtaining authorisations /visas 11 delivery to selected validators of data required for local facility access and for local ground transportation, all part of the detailed validation plan Add details of involvement of all involved airport and local civil aviation authority personnel, which details of tasks that will be performed each day, including travel, meetings, refreshments, etc. BSR Airport Coordinator for EU Validations and airport validations team 9 in this instance it would be appropriate for the local regulatory authority to seek guidance from DG-Move at the European Commission 10 In certain instances it may be possible for the BSR airport to reduce the overall costs of validator travel and hotel expenses by arranging for this directly 11 provision of letters of appointment to validators to support their visa reauirements Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 13
Lead Partner Task Leader Project 2.4 Validation On-site Phase Providing the maximum support to the EU aviation seciurity validators and the airport validation participants during the on-site phase of the validation to ensure the effectiveness of the validation processs. This is the phase of the validation when validators will be working On-site, and it will require a high level of coordination between all of the airport stakeholders, and the visiting validators Table 3 - Validation On-site Phase Tasks (Detail) 3. Validation On-site On- Airport Offices site 3.1 Arrival & setup Assembly of validators and all airport validation participants, and airport support staff for on-site acclimatisation session, and final presentation and review of validation plan. Review of all validation visit logistics check access documents if issued before hand; obtain and distribute access documents if only issued on arrival BSR Airport Coordinator for EU Validations and Team and validators 12 3.2 Validator Team Entry Briefing On- Airport Offices site Entry briefing and presentation by participating validators, introduction of validation teams and team leaders, of validation objectives and methods to validation participants, airport support staff and local regulatory authority BSR Airport Coordinator for EU Validations and Team and validators and representatives of entities to be validated 3.3 Validation Sessions On-site Performance of EU aviation security validation, utilising EU Validation Checklist and including review of documents and procedures, supported by daily on-site validator team meetings and de-briefings. Teams of validators working together with the entities being validated 3.4 Daily on-site team On-site Daily reviews of validation progress against airport validation plan, and BSR Airport Coordinator for EU 12 Entities to be validated will not participate in these sessions Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 14
Lead Partner Task Leader Project meetings initial exchange of observations and findings Validations Team and and validators 12 3.5 End of validation on-site debrief On-site Review of all validation findings by full on-site validation team to meeting with airport management and local regulator and initial agreement as to BSR Airport Coordinator for EU Validations and Team, validators presentation of findings and required corrective actions, to airport validation participants. Plan for local validation results presentation meetings and local regulator 12 3.6 Presenting and review On-Site Presentation by each validation team of its findings and corrective actions, BSR Airport Coordinator for EU of findings to individual validation participants at airport where appropriate, to management of each validation participant. Validations and Team, validators and management of entities being validated 2.5 Validation Close Phase Working with the airport stakeholders to resolve any security issues identified during the validation process relating to non-compliance with EU requirements, and completion of all validations to the satisfaction of the participants in the validation, including re-validations (On-site or remote, by way of documentary/digital evidance) where required. Table 4 - Validation Close Phase Tasks (Detail) 4 Validation Close 4.1 De-brief and Airport Discussion with each individual entity BSR Airport corrective actions discussion Administrative Offices that has been validated of any issues requiring attention of local regulator. Agreement on actions to be proposed at: Coordinator for EU Validations, Airport management and local regulator Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 15
Lead Partner Task Leader Project Airport wide level Individual entity level 4.2 Corrective actions I Airport Administrative Offices Preparation of detailed lists of proposed corrective actions and development of airport plan to address airport wide actions, development of cost estimates BSR Airport Coordinator for EU Validations and Airport and timeframe. administration 4.3 Corrective Actions II Airport Administrative Offices and/or Validated Preparation of detailed lists of proposed corrective actions with each validated entity and addition of these tasks to airport plan to address airport wide BSR Airport Coordinator for EU Validations, validated entities entities offices actions Local regulatory authority to be in contact with Commission (DG-Move to resolve any specific issues that may require assistance from the Commission and Airport administration 4.4 Presentation Airport Presentation of elements of corrective BSR Airport of elements of corrective action plans to relevant validators Administrative Offices action plans to relevant validators and agreement that implementation of these actions will result in positive validations Coordinator for EU Validations, and validators 4.5 Re-validation Completion of all corrective actions. BSR Airport process and costs Negotiation on travel only costs of revalidation visit, if required (one visit for all validation Customers with corrective actions of one-off visits for individual Customers Coordinator for EU Validations, and validators 4.6 Re-visit Customer Airport Administrative Agree re-visit procedures and costs with Customer and obtain Customer re- BSR Airport Coordinator for EU authorisations Offices validation Work order Validations validators and 4.7 Planning of required revisits Airport Administrative Offices Planning of travel etc. for one or more Mission File re-visits. Where possible, re-validations will be performed BSR Airport Coordinator for EU Validations, one remotely, avoiding need to travel. member of the Validation team, Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 16
Lead Partner Task Leader Project and administration Airport 4.8 Re-validation Travel/ On-site Perform mission re-validation according Re-Visit Mission action to agreed plan (if corrections cannot be ascertained without travel) Team Member 4.9 Visit closure Airport Issue of validation award certificate to Validators and certification Administrative Offices Customer, and record successful validation in EU ACC3 / RA3 / KC3 Database. Work Package 3.4 Air Cargo Security PART B.5 EU Aviation Security Validation Guide for BSR Airports Page: 17