SCEC Endorsed Courier Service Security Incidents need to be reported
All security incidents should be reported to SCEC. This will assist in SCEC determining the effectiveness and efficiency of Overnight and Safe Hand courier services and to enable feedback to be provided to courier services to ensure the assessment criteria are being met.
Should a security incident arise, a company is subject to a security investigation by ASIO-T4. Should an incident report be submitted that shows evidence of the company operating in non-compliance with the criteria, SCEC can initiate a formal breach process. SCEC cannot act without submission of a security incident report.
A company must immediately contact the government agency when a security incident has occurred or is occurring. The company must report:
- All security incidents reported to SCEC within five days of the incident occurring.
- Provide a detailed report of the security incident to SCEC and the government agency fourteen days after the security incident is resolved.
Examples of reportable security incidents are:
- Non-delivery of consignments within the required timeframe;
- Evidence of tampering with, or damage to single use bags, pouches or packaging;
- Providing non-SCEC approved single use bags or pouches;
- Couriers not providing photographic identification upon collection;
- Courier not properly identifying the consignee or officer;
- Tracking records are inaccurate; or
- Any other issue relating to a breach of security;
- Delivery to unauthorised third-party;
- Theft, loss, or compromise of consignment; and
- Couriers handling consignments who have not met the personnel security checking requirements.
Please submit any security incidents using the SCEC Endorsed Courier Service Security Incident Report form.