Skip to main content
2016 OAS Guidelines

Subsection 6.1: General information on safety and security

6.1.1.

Pursuant to Article 28(1)(h) of the AE CAU, a competent person must be designated for matters relating to safety and security. In this context, safety and security refer only to those of the AEO criterion. It should be noted that they are not related to "workplace safety," as this falls outside the scope of the protection and safety criterion.

6.1.2. to)

Customs authorities expect you or a security company, if you use their services, to have conducted a documented risk and threat assessment. If such an assessment is not made available to the customs authority during the audit visit, it may be recommended that the request be automatically rejected.

The risk and threat assessment should cover all locations where you carry out customs-related activities. The assessment aims to identify risks and threats that may arise in the segment of the international supply chain in which you operate and analyze the measures planned to minimize them. The self-assessment should review all risks that affect the security of your role within the international supply chain, such as:

  • material threats to premises and goods,
  • threats from a tax point of view,
  • contractual clauses relating to its business partners in the supply chain.

This assessment should focus on the following:

  • goods with which you operate,
  • specific management of air cargo or mail, if affected (access, handling, storage, etc.),
  • premises and buildings for storage, manufacturing, etc.,
  • personnel-related aspects, such as permanent and temporary recruitment and subcontracting,
  • transportation of goods, loading and unloading,
  • computer system, accounting records and documentation,
  • security incidents recently recorded in any of the above-mentioned areas.

You will need to provide evidence of how frequently you review and update the document and establish in your procedures how incidents will be reported and the frequency of future reviews. Customs will also request evidence of how and when you communicate the procedures to your staff and visitors.

6.1.2. b)

If a security plan or risk and threat assessment is not submitted during the customs authority's visit, the audit visit may be terminated prematurely or the request may be denied.
A security plan review program must be established, providing for the recording of all modifications, signed and dated by the responsible party.

6.1.3

You must describe, at a minimum, the five main risks you have identified. Customs authorities expect you to have assessed these risks and to include them in your risk and threat assessment, indicating their likelihood, consequences, and the measures taken to address them. Some examples of risks are provided below:

  • smuggling of illegal goods,
  • product contamination,
  • alteration of the goods at the time of export,
  • unauthorized access, etc.

6.1.4

Briefly describe the process of establishing security measures, as well as their implementation, monitoring, and review. You need to specify who the responsible person is and what tasks they must perform. Within the organization, at the appropriate level, there must be a person responsible for all security measures and empowered to implement them when appropriate. If not, please indicate the different departments involved and describe the overall coordination and management.

If you use external security services, the responsible person must be responsible for contracting them and ensure that an appropriate service level agreement is in place that meets the AEO requirements set out in this section.

The responsible person must implement procedures for designing, reviewing, and updating all security measures and be able to explain them. In addition, she will normally be responsible for preparing the documents required in questions 6.1.2. a) and b).

Customs authorities expect the procedures to be sufficiently detailed to allow a potential replacement to assume responsibility and carry out the assigned task.

6.1.5

Although in many cases, security measures are likely to be specific to a particular establishment, governance procedures for establishing, implementing, monitoring, and controlling them can be harmonized so that they apply across all establishments. The lack of harmonization of measures can increase the number of visits by customs authorities.

6.1.6. a) and b)

You must have documented instructions that allow and encourage your staff members, and if possible, visitors, to report any security-related incidents, such as unauthorized access, theft, or the use of personnel whose backgrounds have not been vetted. These instructions will specify how such communication should be carried out, the persons to be contacted, and their location. The instructions should also detail how the investigation and reporting of such incidents should be carried out and identify the persons responsible for doing so.

If the answer is no, please indicate how you plan to implement these instructions and the timeline for this.

If the answer is yes, you must explain how safety instructions are communicated to staff and specify how you ensure they have been duly followed. You should also explain how safety instructions are communicated to visitors.

See also question 6.3.2.

"Safety" instructions should not be confused with any necessary health and safety instructions for staff and visitors.

6.1.7. a) and b)

This question relates to international supply chain security, not health and safety incidents.

For example:

  • warehouse losses,
  • tampering with seals,
  • damaged anti-tampering devices.

If incidents are detected, customs authorities expect you to review and modify security and safety measures to include any corrective measures implemented. In addition, it will be necessary to show how these changes have subsequently been communicated to staff and visitors.

If any changes are made as a result of the review of safety and security procedures, these must be recorded as revisions, indicating the date and the part(s) revised.

6.1.8, a), b) and c)

You should ensure that you have the original documentation, including the assessment report if available, as the customs authority may request it during the on-site visit. The customs authority will take the relevant certification into account when preparing and conducting the audit.

For example:

  • accredited agent (certificate and evaluation report),
  • known consignor (certificate and assessment report),
  • TAPA certification (certificate and assessment report),
  • ISO certification (certificate and quality manual).
  • ISPS

6.1.9

Your response should include, for example, specific information about the requirements you apply to hazardous chemicals, high-value goods, or goods subject to excise duties, and whether such application is regular or irregular.

For example:

  • if they require special packaging,
  • if specific storage requirements apply to them.

See also point 6.5.1 (logistical processes).

6.1.10, a) and b)

You must provide the name and address of the security company or companies, the number of years you have been contracting their services, and whether they also provide other types of services.

If the company has conducted a threat assessment, confirm that the identified risks have been incorporated into the risk and threat assessment provided for in question 6.1.2(a).

The documents must include the date(s) on which the assessment was carried out and any recommendations implemented. The document must be available to the auditor during the visit.

6.1.11

Please indicate any requirements imposed by your customers and your insurance company, as well as any goods that have special requirements, for example, regarding packaging or storage.

If the number of requirements and goods you need to list is too large, a summary will suffice.

These will be examined in more detail during the audit visit.