BSI publishes standard to help organizations reduce the risk of postal security incidents

The last decade has seen several attempts to cause disruption and damage, within both the commercial and public sector, by infiltration of organizations’ mail systems. Examples of these have been the letter bomb campaign of 2007 and the series of hoax anthrax letters sent to high profile individuals between 2003 and 2007. PAS 97 Specification for mail screening and security will help to mitigate the risk and impact of attacks such as these.

Developed by the Centre for the Protection of National Infrastructure (CPNI) in collaboration with BSI British Standards, the standard is aimed primarily at those responsible for planning, delivering or procuring mail handling and screening services. It focuses on letters and small parcels entering the organization from any external source, including public or commercial postal services, by hand or by courier delivery services.

The specification, which can be used by organizations of any size, sector or complexity, sets out a comprehensive framework to help with protective security including:
• Assessment of risks associated with mail streams into and within an organization
• Identification of appropriate measures to take in screening mail
• Requirements for formal recording, implementation and regular review
The specification will help with decisions on investment in equipment and facilities. It also provides guidance for requirements relating to outsourcing and the occupation of shared premises.

Annexes in PAS 97 include guidance on possible indicators of suspicious items (e.g. an additional inner envelope that may be difficult to remove; an unusual postmark or no postmark) and suggested action upon discovery of suspicious items.

Mike Low, Director of BSI British Standards, says: “BSI has a strong record of publishing standards and other guidance in the security sector. The latest of these is PAS 97 which addresses a growing risk by offering organizations a robust framework within which they can develop their own protective security systems.”

Other organizations involved in the development of PAS 97 include:

• Arup Security Consultancy
• BP
• G4S Cheltenham
• Home Office
• Mail Source UK
• MFD Group
• Palace of Westminster
• Pfizer
• Pitney Bowes
• Royal Mail
• Sister Banks Group

Find out more and buy a copy of PAS 97 at the BSI Shop

*Source: United Kingdom Strategy for Countering International Terrorism: http://webarchive.nationalarchives.gov.uk/20100416125641/http://security.homeoffice.gov.uk/news-publications/publication-search/contest/contest-strategy/contest-strategy-2009

About the Centre for the Protection of National Infrastructure (CPNI)
CPNI provides integrated (combining information, personnel and physical) security advice to the businesses and organizations which make up the national infrastructure. Through the delivery of this advice, CPNI protects national security by helping to reduce the vulnerability of the national infrastructure to terrorism and other threats.

CPNI is an interdepartmental organization, with resources from a number of government departments and agencies. These include MI5, CESG (Communications Electronics Security Group) - the UK's National Technical Authority for Information Assurance - and other Government departments responsible for national infrastructure sectors.

For further information please visit www.cpni.gov.uk.