Security Risk Management
1. Introduction:
This document set out the procedures for ITM to maintain a security risk management program under the guidelines of AACA program and the WCO – SAFE Framework of Standards
2. Purpose:
The purpose of this procedure is to assess and formally implement a process to determine the Security Risk Management within ITM. Risk management is the identification, assessment and prioritisation of risks with a coordinated application of resources to minimise, monitor, and control the probability and /or impact of events.
3. References:
Aviation Transport Security Regulations - ACA Security Program
WCO – SAFE Framework of Standards
Australian Border Force
4. Aim:
Aim of ITM’s Security Risk Management program is to:
- Establish the scope of any security risk assessment and identify the specific supply chain, people, information and / or assets to be safeguarded.
- Determine the threats to people, information and assets in Australia and abroad, and assess the likelihood and impact of a threat occurring.
- Assess the risk based on the adequacy of existing safeguards and vulnerabilities
- Implement any supplementary security measures that will reduce the risk to an acceptable level.
- Area of vulnerability within the international supply chain;
- Who would exploit ITM’s international supply chain and why;
- How ITM’s supply chain could be exploited and why;
- What would be the likelihood of this occurring;
- What would be the consequence;
- Appropriate measures to reduce risk to a tolerable level;
- Residual risks (such as doing business on the internet) and allocate responsibility for managing these risks.
- Security risk management is the business of each staff member including contractors
5. Procedure
5.1. A security risk management process to identify:
5.2. Identify appropriate level of Risk Management
- Risk management, including security risk management, is part of day-to-day business
- The process for managing security risk is logical and systematic, and should form part of the standard management process of ITM
- Changes in the threat environment are to be monitored and necessary adjustments made to maintain an acceptable level of risk and a balance between operational needs and security
5.3. Facility Security:
The Branch Manager in conjunction with all Branch Department Managers MUST ensure all cargo is secured and protected from any unauthorized access, interference or tampering
5.4. Physical Security and access control
To prevent an intruder from inserting an unauthorized item including explosives into cargo ITM has implemented physical security and access control measures and procedures to deter, detect and respond to unauthorized access to cargo and security sensitive information at all times.
Measures include – Subject to individual site conditions:
- Perimeter fencing and gates around facility and /or around areas where cargo is stored or handled
- Lockable doors and windows
- Use of electronic access control systems in cargo handling or storage areas
- CCT coverage of cargo handling or storage areas
- Use of appropriate signage to deter unauthorised access
- Use of alarm systems in cargo handling or storage areas
- Use of staff identification
- The use of visitor and contractor identification and escort procedures to cargo handling and storage areas
5.5. Information Security
To prevent unauthorized access to Security Sensitive information ITM has implemented ICT and Operational processes. The Department Manager in conjunction with the Branch Manager will determine who has access to security sensitive information and who has access to details about cargo.
Refer ICTSEC01
5.6. Personnel Security
All Department managers and Branch Managers will maintain a watching brief over all staff and subcontractors to mitigate the risks from ‘trusted insiders’, and identify key personnel within the organization who may need to undergo additional (other than Police check) background check.
Examples of personnel requiring background checks
- Employees who have access to Customs ICS
- Employees who have control over cargo ie release Cargo, have access to cargo
- Employees who have access to security sensitive information
Additional background check may include Aviation Security Identity Card (ASIC) and or Customs B300 form.
Refer HR10, HR18.
5.7. Cargo Security
ITM has a responsibility to ensure cargo under its possession is kept secure at all times. Department Managers and /or Branch Manager will identify individuals that need security awareness training, and ensure that the training is received and documented.
6. Supply Chain Security
6.1. Overseas Agents
ITM will select known Primary Overseas Agents to provide services for its Customers. Primary Agents are agents that can validate their supply chain, either via WCO SAFE Framework of Standards or another Government regulated program
6.2. Transport Operators
ITM will engage with Transport operators who have a proven record of service and who have effective security procedures and controls implemented to ensure that unauthorized materials or terrorist devices are not loaded into the container / trailer.
7. Documentation
ICTSEC01 ICT Information management and security policy