Indicator |
Risk description |
Possible solutions |
References |
Self- assessment |
Inadequate security and safety awareness in all relevant departments of the company |
risk and threat self-assessment is carried out, regularly reviewed/updated and documented; identify precisely security and safety risks arising from activities of the company; assess the risks related to security and safety (% of probability or risk level: low/medium/high); make sure all the relevant risks are covered by preventive and or corrective measures. |
SAQ - 6.1.2 ISO 28001:2007, section A.4 ISPS Code Attachment 6-B ‘Checklist for known consignors’ airfreight-security criteria for Regulated Agent / Known Consignor |
Security management and internal organisation |
Inadequate coordination about security and safety within the applicant’s company. |
appointment of responsible person with sufficient authority to coordinate and implement appropriate security measures in all relevant departments of the company; implement security policy including formal procedures to manage/follow each logistical activity from a security and safety point view; - implement procedures to ensure security and safety of goods in cases of holidays or other types of absences of assigned staff; |
SAQ - 6.1.4 ISO 28001:2007, section A.3 ISO 9001:2015, section 5 ISPS Code |
Internal control procedures |
Inadequate control within the applicant’s company over security and safety issues |
implement internal control procedures on security & safety procedures/issues; procedures for recording and investigating security incidents, including reviewing the risk and threat assessment and taking remedial action where appropriate. |
SAQ - 6.1.7 ISO 28001:2007, section A.3, A.4 ISPS Code |
Internal control procedures |
Inadequate control within the applicant’s company over security and safety issues |
registration can be done in a file containing for example date, observed anomaly, name of the person who has detected the anomaly, countermeasure, signature of the responsible person; make the register of security and safety incidents available to employees of the company. |
ISO 28001:2007, section A.3, A.4 ISPS Code |
Security and safety requirements specific to goods |
Tampering of goods |
implement a goods tracking system; special packaging or storage requirements for hazardous goods. |
ISPS Code |