11 November 2015
BSI, the business standards company, has published a revised specification: PAS 97:2015, Mail screening and security – Specification, which was sponsored by the Centre for the Protection of National Infrastructure (CPNI). The latest revision replaces PAS 97:2012.
Mail streams that go into and around an organization can provide a vehicle for malicious attacks and become a catalyst for other security incidents. This can adversely affect the day-to-day business of the organization, as well as its reputation.
PAS 97:2015 aims to help organizations identify and implement appropriate postal security measures to meet their particular needs. It specifies requirements and recommendations for mail screening, set in the broader context of postal security. It concentrates on letters and small parcels entering the organization from any external source, including public/commercial postal services, by hand or by courier delivery.
Key elements include:
- Measures to assist businesses and other organizations in identifying and minimizing the impact of items of mail that represent a threat, or could otherwise cause concern or disruption
- Broader postal security measures aimed at ensuring all incoming, outgoing and internal mail streams are managed to minimize the risk of loss or theft of valuable or sensitive items or information
- A series of screening levels (1 to 5), increasing in complexity in line with measures required to protect against increased levels of threat/risk. These are complemented by a series of physical protection classes (A to D) describing incremental physical protective measures for mail rooms and personnel
PAS 97:2015 is aimed at those responsible for planning, delivering or procuring mail handling and screening services within organizations, as well as commercial providers of such services.
Anne Hayes, Head of Market Development for Governance & Risk at BSI said: “Strong security measures are synonymous with strong business practices which ultimately, build strong reputation and trust. This specification fundamentally helps organizations assess their particular level(s) of risk in relation to the handling of physical mail. Following which, the appropriate security measures can be selected and implemented whether onsite or offsite, delivered in-house or outsourced. Being aware of mail security risks and knowing how to act upon them, is one of the most effective solutions to preventing a potentially large problem.”
What has changed?
- Review and update of the case studies in the Introduction
- Minor updates to Table 1, Screening levels
- Minor updates to Table 2, Physical protection measures
- Minor modification to 8.4, Operating procedures and 8.5 Mail room/screening facility
- Modifications to Annex C, Mail facility layout and construction to minimize the effects of an explosive device or “white powder”, including text on structural requirements and changes to layout design figures
- Revision of Annex D, Additional information on X-ray machines for mail screening
- Review and update of Bibliography
PAS 97:2015 was developed using a collaborative consensus-based process with expertise from such organizations as: Atkins Ltd, Bank of England, CPNI, Credit Suisse, Department for Communities and Local Government, Department for Education, Metropolitan Police Service, Poste Route Ltd, Royal Mail, Sellafield Ltd, Sister Banks Group, Swiss Post Solutions Ltd and UK Parliament.