Template (Unscreened Airport Operators): Developing a TSP

Sensitive

[optional: insertcompanylogo]
TransportSecurityProgram(TSP) for
[InsertOrganisation’s legalname]
A Regulated Air Cargo Agent (RACA) regulated under the Aviation Transport Security Act 2004
Legal nameofRACA: /

[Insert Organisation’s legal name]

Trading or operatingas: / [Insert trading/operating names]
ACN/ARBN: / [InsertAustralian Company Number or Australian Registered Body Number as applicable]
ABN: / [Insert Australian Business Number if held]

Under regulation 2.06 of the Aviation Transport Security Regulations 2005 it is an offence to disclose any information about the content of an aviation industry participant’s TSP without the consent of the participant.

SCT05-06 (May 2016)Sensitive

TSP – [RACA trading name]Sensitive

Contents

Document Revision Record

Key References

Definitions [s9; r1.03 and others]

Glossary of acronyms and terms

1General Obligations

1.1Program scope and objectives [r2.48]

1.2Local security risk context statement [r2.49]

1.3Quality control [r2.53]

1.3.1Audits [r2.53(1)(a)-(b)]

1.3.2TSP reviews [r2.53(1)(c)-(d)]

1.4Information security [s16(2)(e); r2.51(4); r2.52(3)]

1.5Security of passwords, keys and access devices [r2.55(1)(f)]

2Operational Details

2.1Sites and facilities covered by this TSP [s16(2)(f); r2.54]

2.2Security management [s16(2)(a); r2.52(1); r2.58]

2.2.1Organisational structure and security management arrangements [r2.52(1)(a)]

2.2.2Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58]

2.2.3Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58]

2.2.4Contractors [r2.52(1)(b); r2.58]

2.3Consultation and communication [s16(2)(b),(g); r2.52(2)]

2.3.1Consultation to develop this TSP [s16(2)(g)]

2.3.2Communication and consultation within the organisation [r2.52(2)(a)]

2.3.3Communication and consultation with the operator of a security controlled airport at which the Organisation has a facility [r2.52(2)(b)]

2.3.4Communication and consultation with relevant third parties [r2.52(2)(d)]

2.4Implementation of security measures and procedures [r2.55(2)]

3Physical Security and Access Control Measures [r2.54(1)(d); r2.55]

3.1Physical security of sites and facilities [r2.54(1)(d); r2.55(1)(e)]

3.1.1Building security

3.1.2Perimeter security

3.1.3Signage

3.1.4CCTV coverage

3.1.5Alarms

3.2Access control measures for sites and facilities [r2.54(1)(d); r2.55(1)(e)]

3.2.1Access control

3.2.2Identification

3.3Access control measures for airside and security zones [r2.55(1)(b)-(d)]

3.4Maintenance of security equipment [r2.55(1)(g)]

3.5Physical security of cargo transport vehicles [r2.55(1)(h)]

4Cargo security and examination [r2.51; r2.55(1)(i)]

4.1Cargo security [r2.51(1); r2.51(2); r2.52(3)]

4.1.1Cargo Records [r2.52(3)]

The following measures and procedures are used for the keeping of accurate records of cargo in the Organisation’s possession or under the Organisation’s control:

4.1.2Deter and detect unauthorised explosives [r2.51(1)]

4.1.3Ensuring the security of cargo at all times [r2.51(2)]

4.2Cargo examination [s16(2)(c); r2.51(1A); r2.55(1)(i)]

4.2.1Methods, techniques and equipment for examination of cargo [s16(2)(c); r2.51(1A); r2.55(1)(i)]

5Regular Customers [r2.60]

5.1Maintaining a regular customer list [r2.60(a)]

5.2Regular customer undertaking [r2.60(b)]

5.3Receiving cargo from a regular customer [r2.60(c)]

6Cargo security responses [s16(2)(d); r2.51(3); r2.57]

6.1Measures and procedures for the handling and treatment of suspect cargo [r2.51(3)]

6.2Measures and procedures in the event of a heightened security alert [s16(2)(d); r2.57]

ANNEX A: Clearing Cargo

Introduction

Notes on treatment of cargo [s44B(2)]

Notes on dealing with cargo [s44B(3)]

Notes on regular customers

Receiving Cargo Tables

Supporting Tables:

Attachment A: Signed statement [s16(1) and r2.05]

Attachment B: Local security risk context statement [r2.49]

General threats and generic security risk events of relevance to the Organisation

People, assets, infrastructure and operations that need to be protected

Attachment C: List of Sites and Facilities Covered by this TSP [r2.54(1)]

Attachment D: Organisational Structure and Security Management Arrangements [r2.52(1)(a)]

Attachment E: Consultation undertaken as part of the development of this TSP [s16(2)(g)]

Attachment F: Regular Customer Undertaking [r2.60(b)]

Accompanying Document 1: Details of Sites and Facilities Covered by this TSP [r2.54(2)]

Accompanying Document 2: Timetable for implementation of security measures and procedures [r2.55(2)(b)]

Accompanying Document 3: Measures and procedures in the event of a heightened security alert [r2.57]

Aviation security incident response [r2.57(2)(a)]

Reporting aviation security breaches [r2.57(2)(b)]

Evacuation and emergency management [r2.57(2)(c)]

Special security directions [r2.57(2)(d)]

Staff security awareness [r2.57(2)(e)]

Contingency Plans [r2.57(2)(f)]

Final checks prior to submission

SCT05-06 (May 2016) Sensitive Page 1

TSP – [RACA trading name]Sensitive

Document Revision Record

Updates, revisions and alterations to this TSP are recorded below in the TSP Revision Record. Authority to make updates and alterations to this record is restricted to the Security Contact Officer (SCO)and [Insert title of any other authorised person if relevant]who is/are authorised by the Organisation to effect such changes.

Note: ‘Nature of revision’ includes initial submission and any alteration (minor amendment) etcetera. If the type of revision is an alteration, you should note which part of the TSP the alteration affected.

TSP REVISION RECORD
Version number / Nature of revision / Revision date / Page(s) affected / Section(s) affected / Actioned by (name,title) / Action date
1.0 / Initial submission / dd/mm/yy / All / All / Name,title / Approved dd/mm/yy

SCT05-06 (May 2016)SensitivePage 1

TSP – [RACA trading name]Sensitive

Key References

All section (s) references in this TSP are to sections of the Aviation Transport Security Act 2004 (the Act) and all references to regulations (r) are to the Aviation Transport Security Regulations 2005 (the Regulations).

Definitions [s9; r1.03 and others]

Definitions are provided in the Act and the Regulations. Key definitions are found in s9 of the Act and r1.03 of the Regulations.The Act and Regulations are available at

Glossary of acronyms and terms

The following list includes definitive acronyms usedin this TSP.

Term / Meaning
AACA / Accredited Air Cargo Agent
Act, the / Aviation Transport Security Act 2004
Cargo / Goods (other than baggage or stores) that are transported by air, or are intended or are reasonably likely to be transported by air
ChOCS / Chain of Custody Statement
Cleared Cargo / Cargo that has received clearance and has been dealt with in accordance with the Regulations, including cargo that is received by a RACA with both a Security Declaration and ChOCS
Department, the / The Australian Government department responsible for the administration of the Act and the Regulations
Diplomatic Bag / An item that is a diplomatic bag for the purposes of the Diplomatic Privileges and Immunities Act 1967
Exempt Items / Items of cargo that can be cleared without examination because the Secretary has issued a notice under s44B(2)(b) of the Act
International Cargo / International cargo means cargo that is destined for a foreign country and that is not transhipped cargo
LSRCS / Local Security Risk Context Statement
Organisation, the / The RACA, named in this TSP, to whom this TSP applies
OTS / Office of Transport Security
RACA / Regulated Air Cargo Agent
Regulated Business / Regulated business means a RACA, AACA or an operator of a prescribed air service
Regulations, the / Aviation Transport Security Regulations 2005
SCO / Security Contact Officer
Secretary, the / The Secretary of the Department
SSD / Special Security Direction
TSP / Transport Security Program
Uncleared Cargo / Cargo that is not cleared cargo, including cargo that is received by a RACA without both a Security Declaration and ChOCS

SCT05-06 (May 2016)SensitivePage 1

TSP – [RACA trading name]Sensitive

1General Obligations

This TSPhas been made in accordance with the obligations of a RACA as set out in s12 of the Act and r2.03(a) of the Regulations. This TSP applies to the RACA identified and named on the cover of this document (the Organisation).

A signed statement, to the effect that the Organisation believes this TSP gives effect to its obligations set out in section 16(1) of the Act, is provided at Attachment A.

1.1Program scope and objectives [r2.48]

This TSP applies measures and procedures to all cargo that is in the possession of this RACA or under the control of this RACA and at each site or facility that is covered by this TSP. It sets out the measures and procedures to be used to examine, handle, store and transport cargo in a secure manner and make arrangements for the secure movement of cargo. This includes measures and procedures to:

a)prevent an act of unlawful interference with aviation;

b)safeguard against unlawful interference with aviation by ensuring the security of cargo handled (or for which arrangements are made) by all parties covered by this TSP; and

c)increase public confidence in aviation security arrangements.

1.2Local security risk context statement [r2.49]

A statement outlining the local security risk context for the Organisation is provided atAttachment B. The statement has been developed in the context of:

the location of the Organisation’s sites and facilities;
seasonal and operational factorsrelevant to the Organisation and its environment;
general threats and generic security risk events to people, assets, infrastructure and operations; and
an outline of the people, assets, infrastructure and operations that need to be protected.

1.3Quality control [r2.53]

The following quality control procedures are employed bythe Organisation:

1.3.1Audits [r2.53(1)(a)-(b)]

The Organisationwill conduct audits of security measures and procedures to ensure that measures and procedures described in this TSP, as required under the Act and Regulations, have been implemented.

Audits will be scheduled as follows:

[insert details of how audits are scheduled].

Audits will be conducted as follows:

Set out details of the procedures for conducting an audit at your organisation. For example:

Audits will be systematic and will assess the implementation of this TSP and all security measures detailed within it. All audits will include consideration of and, where required, consultation on the following:

results from any previous audits and TSP reviews;
measures set out in the TSP;
any results from drills and/or exercises conducted; and
anyrelevant aviation security incidents.

Particular consideration will also be given to whether the security measures and procedures are being applied as per the TSP and, if not, what corrective action will be taken.

Consideration may also be given to:

[please specify as appropriate for the Organisation – for example options for continuous improvement in regard to security measures and procedures].

Findings and recommendations will be presented to [full title of the vetting authority within your organisation, such as the CEO, or the Operations Manager] and to [full title of any security committee or other body which will view the reports]for consideration, and implemented as appropriate.

1.3.2TSP reviews [r2.53(1)(c)-(d)]

Areview of this TSP will be conducted if:

there is a change in the security threat level for air cargo or the Organisation;
an aviation security incident occurs;
there is a major change in the operational profile of the Organisation;
a change in ownership or organisational structure; or
directed by the Department to do so.

[please specify any additional circumstances as appropriate for your organisation – for example after each security audit].

Reviews will involve input from a variety of sources including consultation with all parties affected by this TSP.

Set out details of the procedures for reviewing your TSP, including a process for consultation. For example:

All reviews will assess the current security measures and procedures to consider if they are adequate to meet the requirements of the current local security risk context statement set out in Attachment B. They will include consideration of and, where required, consultation on the following:

results from any previous audits and reviews;
any change to Transport Security Advisories or the Aviation Security Risk Context Statement issued by the Department in relation to cargo;
any changes to the local risk context;
any changes in TSP coverage;
any results from drills and/or exercises conducted;
any relevant aviation security incidents; and
any changes in the regulatory requirements.

Particular consideration will also be given to whether the security measures and procedures set out in the TSP remain appropriate and proportionate in relation to the local risk context statement and operational requirements.

1.4Information security [s16(2)(e); r2.51(4); r2.52(3)]

The following security information requires protection against unauthorised access, amendment and disclosure:

this TSP;
any attachments or accompanying documents to this TSP;
security measures to be applied to cargo;
aircraft operator and flight information for cargo, prior to that cargo being received by the Organisation;
security compliance information (e.g. findings from audits conducted by the Department);
results, records and reports of any audit or review carried out in accordance with the TSP, the Act or Regulations;
[any other – please specify]

Access to this security information is restricted to persons who have a ‘need to know’, and requires authorisation from [specify position/role].

[Specify position/role] is responsible for:

the protection of the TSP;
determining who has access to the TSP;
the approval of electronic access to the TSP;
the distribution, return and destruction of all TSP copies;
the recording of the movement of all TSP copies;
determining who is authorised to amend the TSP; and
managing access, amendment and disclosure of other security information within the Organisation.

Security information will be protected against unauthorised access, amendment and disclosure through the following measures and procedures:

Insert your measures and procedures. For example:

Security information will be identified and classified appropriately.
Records of authorised disclosure of security information will be retained.
Physical copies of security information are securely stored in [type of container/location] at [insert location]. Only [specify] is authorised to remove them from the container, and a register of all requests and approvals in maintained.
Electronic copies are stored on a computer system that is restricted to authorised personnel only.

1.5Security of passwords, keys and access devices [r2.55(1)(f)]

Set out how and where passwords, security codes or access devices are used as a security measure in your organisation.

The management and control of all passwords, access codes, access devices and keys [specify] is the responsibility of [specify].

Records of all security passwords, access codes, keys and access devices issued is kept by the [specify]. These records are secured [specify the receptacle, location, and the method to secure the record].

Security passwords / access codes are changed:

Insert your measures and procedures. For example:

every three to twelve months OR[specify timeframe];
when any staff with security access leave; and / or
when a security incident involving unauthorised access to security areas and security zones has been determined by the SCO to have compromised access control security.

Audits of keys and access devices are conducted [specify how often and by whom]to ensure that:

Insert your measures and procedures. For example:

nominated staff have their correct passwords and access devices;
staff with access to security information or zones and areas still require it;
any loss of keys or access device has been reported, recorded and investigated; and
keys and access devices that are held in storage have been issued and returned correctly.

2Operational Details

2.1Sites and facilities covered by this TSP [s16(2)(f); r2.54]

A list of all sites that operate on behalf of the Organisationand all facilities that are covered by this TSP, including other aviation industry participants operating under this TSP,are set out in Attachment C.

Further details forsites and facilitiescovered by this TSPare set out in Accompanying Document 1.

Note: under the Regulations, the TSP must only cover an aviation industry participant that is an agent or subsidiary of the Organisation, or has a contract with the Organisation to provide a service for the movement or handling of cargo or the making of arrangements for the movement or handling of cargo.

2.2Security management [s16(2)(a); r2.52(1); r2.58]

2.2.1Organisational structure and security management arrangements [r2.52(1)(a)]

The Organisation’s structure, and the arrangements for managing security at each of our facilities, areset out inAttachment D.

2.2.2Security contact officer (SCO) [r2.01; r2.02; r2.52(1)(b); r2.58]

The SCO is responsible for facilitating the development, implementation, review and maintenance of this TSP. The SCO is also responsible for the maintenance of the administration of security measures and procedures contained in this TSP.

Specific responsibilities include:

liaising with other aviation industry participants in relation to aviation security matters;
liaising with the Department to ensure compliance with all aviation security regulatory requirements, change in the Department’s threat assessment, and any Special Security Directives or Compliance Control Directions;

Set out any additional responsibilities for the SCO in your organisation. For example:

ensuring employees, contractors or other persons with aviation security related roles have sufficient knowledge, skills and training to perform their duties;
ensuring staff are briefed on all security-related matters in relation to the Organisation’sfacilities;
ensuring the appropriate protection of all security information against unauthorised access, amendment and disclosure; ensuring the integrity of all preventive security measures and arranging maintenance as required;
overseeing the serviceability of all security equipment;
Maintaining the Regular Customer List;
reporting and monitoring aviation security incidents, including threats and breaches; and
attending relevant aviation security meetings.

The knowledge, skills and other requirements to fulfil the security-related aspects of this position are:

Specify as relevant to your organisation, including details of training / qualifications that satisfy the requirements.

Note: under the Regulations, the RACA must appoint a SCO and the RACA must provide security awareness training for the relevant staff to enable them to properly perform the security related aspects of their positions.

2.2.3Other staff with security-related roles [r2.52(1)(b); r2.52(1)(c); r2.58]

The roles and responsibilities of security officers and other persons assigned particular security duties and responsibilitiesare as follows:

Insert as relevant to your organisation. For example:

Senior Security Officers/Security Officers

Senior Security Officers / Security Officers are supervised by and report to [specify].

Their duties and responsibilities require them to:

Manage day to day security issues;
brief staff on security-related matters such as changes in the security environment when directed by [specify].
[Report / investigate / compile] all security breaches, threats or aviation incident reports for [specify].

They also assist the Operations Manager / Security Manager / SCO in: