Back to top

Security Incidents

Security Incidents - an obligation to report!

Most security incidents are submitted based on the expectation of receiving a safehand courier service, but the government agency has ordered the incorrect service. Often, the commercial express service, has been ordered and delivered. If the price quoted is too cheap, you may have chosen the wrong service. Care must be taken to order the correct safehand courier service to ensure that security classified information is appropriately secured while in transit. 

In the rare occurence that a security incident occurs with a safehand movement, you must report the security incident. This reporting process is not driven to punish a courier company, but rather, to identify the key problem and prevent it from happening again. A courier company is expected to deliver a safehand consignment in accordance with the endorsement criteria requirements - failure to do so, may result in a breach, a suspension, or revocation of their endorsement. SCEC does not pursue a security incident further if the wrong service has been ordered.

You may also report, in writing, any positive or negative feedback with a SCEC endorsed courier company.

Security Incidents - what should you do?

A courier company must immediately contact the government agency when a security incident has occurred or is occurring. In most circumstances, the courier company will know the best course of action to take; however, should a government agency want to determine the next best course of action to secure their consignment, they may do so. Such a decision, such as delivery to alternative consignees, must be put in writing with the courier company as this may be used as evidence in an investigation.
 
If the consignment has been tampered with, the government agency should receive the consignment, photograph all sides of the consignment, and note as many key details as possible. The consignment should be isolated and secured for further assessment. The nominated officer or consignee must note on handover that the consignment was received showing evidence of tampering.
 
The government agency should report any security incidents to ASIO–T4 within five days of the incident. Government agencies are responsible for conducting their own security investigation into the security incident—ASIO–T4 will assess a company’s non-compliance with the endorsement criteria. ASIO–T4 may support, or require information from, the security investigation.
 
Companies must provide a detailed report of the security incident to the government agency 14 days after the security incident is resolved.
 
Examples of a minor security incident include:
  • delivery of consignments exceeding the required timeframe by less than two hours;
  • use of non-SCEC-approved single-use envelopes or pouches;
  • couriers not providing photographic identification upon collection;
  • couriers not properly identifying the consignee or officer;
  • inaccurate tracking records; or
  • any other issue relating to a breach of security.
 
Major security incidents include:
  • delivery of consignments exceeding the required timeframe by greater than two hours;
  • delivery to unauthorised third party;
  • theft, loss or compromise of consignment; and
  • the handling of consignments by couriers who have not met the personnel security checking requirements.
 
A security incident report form must be completed with as much detail as possible - name(s), date, time, location and consignment note numbers are essential pieces of information.

Please submit any security incidents using the SCEC Endorsed Courier Service Security Incident Report form.