Security

The UPU recognizes that the safety and security of the postal sector as part of the global supply chain is critical to supporting worldwide commerce and communication. To facilitate the development and implementation of security standards and best practices among Posts, the UPU has established the Postal Security Group (PSG).

Postal Security Group 

Guided by the motto “Postal Security Makes Business Sense”, the Group, made up of security experts, is charged with the development of global and regional security strategies to assist the world’s Posts in their security missions.

Through training initiatives, consultation missions and prevention programmes, the PSG strives to protect the employees, customers and assets of Posts, and to safeguard mails from fraud, theft and misuse.

Mission statement 

To establish worldwide postal security, encourage and promote the creation of postal security services in all UPU member countries, and to establish contact and collaborate with international organizations.

PSG priorities 

• Prevention of injuries to people due to the carriage of dangerous goods in the mail
• Prevention of loss or theft of mail entrusted to Posts
• Prevention of revenue or asset losses by Posts
• Preservation of customer confidence in the Posts

Training initiatives 

Introduction 

The UPU recognizes the impact that individual leadership can have in the promotion of security programmes throughout the world, often delivered at the expense of a UPU member country’s time and resources. The Director General of the UPU International Bureau and the Chairman of the Postal Security Group (PSG) wish to formally acknowledge the efforts, experience base and exceptional initiative of the leaders in this sector who spearhead security initiatives for the postal community as a whole. 

The Chairman’s Award for Postal Security recognizes excellence in leadership in the field of securing the global postal supply chain. This award highlights the development of innovative efforts, systemic improve­ments, and the promotion of supply chain security. Any UPU member country may nominate one of its own employees for this award, or nominate a deserving employee of another member Post or UPU stakeholder.

Examples of endeavours that might lead to nomination could include: leadership in joint training ventures; successful implementation of crossover initiatives among partner UN agencies; providing security mentorship to the least developed countries; leadership in joint intervention programmes (e.g. dangerous goods, narcotics, revenue protection, etc.); leadership in a security position within a restricted union; or any other innovative cooperative effort that results in a demonstrable improvement in the security and/or safety of the global postal supply chain. 

The Chairman’s Award for Postal Security will be presented in recognition of this cooperative spirit during the final PSG meeting each year. 

Criteria for nomination      Application form     Judging panel ethics and guidelines

Postal Security Group

• Meeting of January 2019
• Meeting of June 2019
• Meeting of December 2019
• Meeting of June 2020
• Meeting of October 2020

ICAO-UPU Contact Committee 

• Meeting of February 2019
• Meeting of June 2020

Information Technology Security Experts Panel (ITSEP)

• Meeting of June 2020

• Have procedures and training for controlling the acceptance of mail items containing dangerous goods destined for air transport
• Obtain specific approval from their national civil aviation authority prior to accepting and transporting ECLB

List of authorized designated operators 

Since designated operators, national aviation authorities and airlines need to know which Posts have been approved to make ECLB shipments so that they can plan the handling of such shipments, the UPU provides a list of designated operators that have been authorized to ship ECLB, the dates from which they have been authorized to make these shipments, and other related information.

The list is shared with ICAO and the International Air Transport Association (IATA) so that national authorities and airlines are kept fully informed about Posts authorized to ship ECLB. Posts that have received such authorization are requested to communicate this fact to the International Bureau by filling in the relevant form and e-mailing it.

Reporting of dangerous goods incidents and accidents to civil aviation authorities and the UPU

Postal security prohibited items 

The safety of postal employees and customers is a critical element of managing the entire postal supply chain. That’s why a number of goods and items are prohibited from travelling through the mail.

UPU regulations 

UPU letter-post and parcel regulations clearly stipulate the type of items that cannot be sent by post internationally. Posts inform customers of these prohibited items, but the onus is on customers to certify that the packages and mail items they send through the mail do not contain items that could cause harm or danger to postal employees and customers.

The list of prohibited goods includes illicit drugs, counterfeit or pirated articles and explosive or flammable goods and live animals, among many other things.

Exceptional cases

Bombs in the Post

This document is provided by the Universal Postal Union to assist postal facility managers and supervisors in dealing with bomb threats, mail bombs and other situations that pose a risk to life or property. In particular, the document provides guidelines and recommendations for postal officials in the development and maintenance of contingency plans for their facilities which address bombs and bomb threats.

 There can be no compromises on security. Correct assessment of security risks and the implementation of preventative measures are the only way to protect postal service personnel and clients effectively. 

One of the objectives of the Postal Security Group (PSG) is to enhance the security of all operations within the postal sector. The PSG in collaboration with other UPU stakeholders has defined a minimum set of security requirements, which can be applied to all facets of the sector.

Developing measurable standards of security for the postal sector contributes to protecting postal employees and assets; protecting postal items in general; contributing to the security of the mode of transport used to carry mail items and protecting the overall supply chain.

Physical and procedural security standards 

The physical and procedural security standards developed under the auspices of the PSG are applicable to critical facilities in the postal network:

Introduction/Background

In 2010, the conveyance of explosive materials through courier air transport gave rise to international support for the development of postal security standards consistent with the established guidelines of other cargo transportation agencies for the protection of commerce in the international supply chain.

Security certification

The UPU security certification system was developed in line with the 2012 Doha Congress which set out the issue of postal security within the UPU Convention. The UPU Postal Operations Council (POC) subsequently granted status 2 to Standards S58 (General security measures) and S59 (Office of exchange and international airmail security) in February 2016. The security certification process was piloted regionally in 2015, on the basis of a standardized methodology and physical security risk assessment tool. 

Methodology

The UPU security certification is intended to provide a means to assist member countries in identifying opportunities to improve security, measure designated postal operators’ compliance with UPU security standards S58 and S59, and establish a process in furtherance of the UPU security strategy objectives to educate, raise awareness and increase the security of all postal sector operations. The process was enhanced and expanded during the POC C 1 PSG 2020.1 based on recommendations from an Expert Team created under the auspices of the POC C 1 PSG 2019.1. The certificaiton process is based on the following elements:

A self-assessment questionnaire

• Required Documentation review
• A thorough evaluation based on a review workbook
• An assigned review team’s (consisting of at least two members) field mission for all critical facilities that do not currently hold a security certification. 

Certification procedure

The certification procedure can only take place if the designated operator applying for certification submits a completed self-assessment via security@upu.int. 

Certification levels

The certification system is modelled in alignment with the UPU quality management certification system. The results of the compliance review will determine the certification level demonstrated by security measures successfully implemented within the DO. The primary certification levels are: gold (level A), silver (level B) and bronze (level C). The certification has a three-year period of validity. 

Entry level or basic certification will be conferred once the assigned review team has evaluated the completed self-assessment and confirmed that all documents and provided evidence support the responses. Basic certification may be completed through virtual means and must be achieved before any additional certification is granted. 

Level + (Plus): In cases where certification – Level A (Gold), Level B (Silver) or Level C (Bronze) – has been awarded to the OE of a DO that is exchanging electronic advance data (EAD) with all DOs requiring EAD, the certified DO may request evaluation for Level + (Plus).

Benefits

Certification is a way of continually improving security, and can be communicated through the media to customers and the public, so as to raise awareness of the designated operators' efforts. When a designated operator receives certification, this shows that it meets or exceeds the mandatory minimum security standards set by the UPU.

English - French - Arabic - Russian - Spanish

Prerequisites

A DO seeking to attain certification must appoint a national certification coordinator/focal point, responsible for responding o inquiries for additonal information and for assisting in arranging the compliance review.

The coordinator should familiarize themselves with the Certification process for UPU security standards S58 and S59 as well as the UPU Standards S58 and S59. 

Certification self-assessment

A certification procedure can only be launched upon submission of a completed self-assessment for each critical facility the DO seeks to achieve certification. All required documentation must also be current and complete and available for review. 

The self-assessment aims to assess whether the organizational system put in place by the designated operator meets the minimum requirements for meeting the mandatory minimum security requirements.

The assigned DO focal point should request a review directly from the IB by sending an e-mal to the UPU security mailbox: security@upu.int. This request should include a self-assessment report for the critical facility seeking certification, confirmation all associated documentation is available for review, and photographic evidence of critical security measures in place within the associated critical facility.

English - French - Arabic - Russian - Spanish

Required Documentation

The list of required documentation provides all documents which are necessary for the fulfilment of the certification process. 

English - French - Arabic - Russian - Spanish

Equivalent Certification

Equivalently certified DOs: In some cases, the DO is obliged to comply with the security requirements of its national legislative or regulatory civil aviation authorities, or of external organizations such as ICAO, IATA and the WCO. The UPU recognizes that these third-party standards (e.g. ICAO’s Regulated Agent and the WCO’s Authorized Economic Operator) may be more rigorous than those set forth in S58 and S59, which are considered to be basic standards attainable by all DOs.

If a DO complies with these higher-level security standards and can show that they are equivalent to or exceed S58 and S59 standards, it may be possible for the DO to be accredited with an equivalency recognition of S58 and S59 certification, provided all security measures have been fully implemented. This would facilitate cooperation and harmonize efforts among stakeholders to develop and maintain a secure supply chain system. 

In order for a DO to be recognized as Equivalently Certified, the appropriate focal point must complete and submit the equivalency assessment workbook, related required documentation as detailed above, as well as a written justification to the PSG regarding the adherence to security requirements of its national legislative or regulatory civil aviation authorities or of external organization such as ICAO and the WCO via security@upu.int.

Certified critical facilities

Historic list of UPU-certified critical facilities and their associated designated operators since 2016 indicating the year of certification and the level achieved.

English - French - Arabic - Russian - Spanish

List of UPU-certified critical facilities and their associated designated operators with certificates that are currently valid indicating the year of certification, the level achieved, the start and end dates of validity.

English - French - Arabic - Russian - Spanish

The SharePoint provides members with updates and information relative to security in the postal supply chain.