The UPU recognizes that the safety and security of the postal sector as part of the global supply chain is critical to supporting worldwide commerce and communication. To facilitate the development and implementation of security standards and best practices among Posts, the UPU has established the Postal Security Group (PSG).
Postal Security Group
Guided by the motto “Postal Security Makes Business Sense”, the Group, made up of security experts, is charged with the development of global and regional security strategies to assist the world’s Posts in their security missions.
Through training initiatives, consultation missions and prevention programmes, the PSG strives to protect the employees, customers and assets of Posts, and to safeguard mails from fraud, theft and misuse.
To establish worldwide postal security, encourage and promote the creation of postal security services in all UPU member countries, and to establish contact and collaborate with international organizations.
- Prevention of injuries to people due to the carriage of dangerous goods in the mail
- Prevention of loss or theft of mail entrusted to Posts
- Prevention of revenue or asset losses by Posts
- Preservation of customer confidence in the Posts
PSG security programs and crime prevention training are the mainstay in the development of worldwide postal security units. Security courses are organized regionally with the assistance of the UPU. Training covers:
- Basic postal security and investigations
- Emergency Planning and Risk Assessment
- Airport security coordination and quality of service/security reviews
- Countering of drug trafficking and money laundering through the post
- Procedures for accepting and controlling the induction of dangerous goods
- International postal revenue protection
Chairman’s award for postal security
The UPU recognizes the impact that individual leadership can have in the promotion of security programmes throughout the world, often delivered at the expense of a UPU member country’s time and resources. The Director General of the UPU International Bureau and the Chairman of the Postal Security Group (PSG) wish to formally acknowledge the efforts, experience base and exceptional initiative of the leaders in this sector who spearhead security initiatives for the postal community as a whole.
The Chairman’s Award for Postal Security recognizes excellence in leadership in the field of securing the global postal supply chain. This award highlights the development of innovative efforts, systemic improvements, and the promotion of supply chain security. Any UPU member country may nominate one of its own employees for this award, or nominate a deserving employee of another member Post or UPU stakeholder.
Examples of endeavours that might lead to nomination could include: leadership in joint training ventures; successful implementation of crossover initiatives among partner UN agencies; providing security mentorship to the least developed countries; leadership in joint intervention programmes (e.g. dangerous goods, narcotics, revenue protection, etc.); leadership in a security position within a restricted union; or any other innovative cooperative effort that results in a demonstrable improvement in the security and/or safety of the global postal supply chain.
The Chairman’s Award for Postal Security will be presented in recognition of this cooperative spirit during the final PSG meeting each year.
Postal Security Group
- Meeting of January 2019
- Meeting of June 2019
- Meeting of December 2019
- Meeting of June 2020
- Meeting of October 2020
ICAO-UPU Contact Committee
Information Technology Security Experts Panel (ITSEP)
Transport by post of equipment containing lithium batteries (ECLB)
The International Civil Aviation Organization (ICAO) amended the 2013–2014 edition of the Technical Instructions for the Safe Transport of Dangerous Goods by Air to allow such transport from 1 January 2013.
A list of all member states and points of contact for dangerous goods is available via ICAO’s public website
Given the dangers that lithium batteries pose to air transport, designated operators wishing to transport ECLB need to fulfill 2 conditions:
- Have procedures and training for controlling the acceptance of mail items containing dangerous goods destined for air transport
- Obtain specific approval from their national civil aviation authority prior to accepting and transporting ECLB
List of authorized designated operators
Since designated operators, national aviation authorities and airlines need to know which Posts have been approved to make ECLB shipments so that they can plan the handling of such shipments, the UPU provides a list of designated operators that have been authorized to ship ECLB, the dates from which they have been authorized to make these shipments, and other related information.
The list is shared with ICAO and the International Air Transport Association (IATA) so that national authorities and airlines are kept fully informed about Posts authorized to ship ECLB. Posts that have received such authorization are requested to communicate this fact to the International Bureau by filling in the relevant form and e-mailing it.
Reporting of dangerous goods incidents and accidents to civil aviation authorities and the UPU
The training material has been developed in cooperation with ICAO, IATA and several civil aviation administrations (CAA).
The material provides a good base for dangerous goods training in Posts and conforms with the requirements of the Table 1-6 in the ICAO Technical Instructions and the training competencies.
National Posts should meet with their respective CAA or national authority to establish an agreement on the necessary level of training.
As part of the “Keep Me Safe” campaign regarding dangerous goods and prohibited mail, developed in collaboration with IATA, ICAO and the WCO, a series of communication materials is available, including flyers, guidelines and posters. These communication materials are intended to help Posts raise awareness as to the rules on sending dangerous goods and prohibited items through the international postal supply chain.
Postal security prohibited items
The safety of postal employees and customers is a critical element of managing the entire postal supply chain. That’s why a number of goods and items are prohibited from travelling through the mail.
UPU letter-post and parcel regulations clearly stipulate the type of items that cannot be sent by post internationally. Posts inform customers of these prohibited items, but the onus is on customers to certify that the packages and mail items they send through the mail do not contain items that could cause harm or danger to postal employees and customers.
The list of prohibited goods includes illicit drugs, counterfeit or pirated articles and explosive or flammable goods and live animals, among many other things.
In some exceptional cases, Posts can transport live animals such as bees, leeches, silk worms and fruit flies between officially recognized institutions for purposes of control and biomedical research.
If customers are unsure about what can and cannot be sent through the mail, they should consult their local Post.
More information on prohibited items may be located in the Customs section.
Guidelines and contingency planning
This document is provided by the Universal Postal Union to assist postal facility managers and supervisors in dealing with bomb threats, mail bombs and other situations that pose a risk to life or property. In particular, the document provides guidelines and recommendations for postal officials in the development and maintenance of contingency plans for their facilities which address bombs and bomb threats.
There can be no compromises on security. Correct assessment of security risks and the implementation of preventative measures are the only way to protect postal service personnel and clients effectively.
The purpose of the DNL guidelines is to provide general guidance, principles and a risk assessment response protocol to define the role of designated operators within the Joint World Customs Organization (WCO) and International Civil Aviation Organization (ICAO) Guiding Principles for Pre-Loading Advance Cargo Information (PLACI) system in those member countries that choose to implement this regime. This document expands on the scope of high-risk mail, which is covered in detail in S59. The definition of high-risk cargo and mail, as per the ICAO Aviation Security Manual (Doc. 8973), includes items where specific intelligence indicates that the cargo or mail poses a threat to civil aviation.
Mail Safety Guidelines
The IATA-UPU Mail Safety Guidelines, serves to develop robust guidelines for safety to ensure the current regulations are correctly and accurately followed and enforced. The document covers four key concepts: Training, Safe and secure supply chain, National Aviation authorities implications, and Safe Operations airside and landside.
Postal security standards
One of the objectives of the Postal Security Group (PSG) is to enhance the security of all operations within the postal sector. The PSG in collaboration with other UPU stakeholders has defined a minimum set of security requirements, which can be applied to all facets of the sector.
Developing measurable standards of security for the postal sector contributes to protecting postal employees and assets; protecting postal items in general; contributing to the security of the mode of transport used to carry mail items and protecting the overall supply chain.
Physical and procedural security standards
The physical and procedural security standards developed under the auspices of the PSG are applicable to critical facilities in the postal network:
General security measures defining the minimum physical and process security requirements applicable to critical facilities within the postal network
Office of exchange and international airmail security defining minimum requirements for secure operations relating to the transport of international mail
In 2010, the conveyance of explosive materials through courier air transport gave rise to international support for the development of postal security standards consistent with the established guidelines of other cargo transportation agencies for the protection of commerce in the international supply chain.
The UPU security certification system was developed in line with the 2012 Doha Congress which set out the issue of postal security within the UPU Convention. The UPU Postal Operations Council (POC) subsequently granted status 2 to Standards S58 (General security measures) and S59 (Office of exchange and international airmail security) in February 2016. The security certification process was piloted regionally in 2015, on the basis of a standardized methodology and physical security risk assessment tool.
The UPU security certification is intended to provide a means to assist member countries in identifying opportunities to improve security, measure designated postal operators’ compliance with UPU security standards S58 and S59, and establish a process in furtherance of the UPU security strategy objectives to educate, raise awareness and increase the security of all postal sector operations. The process was enhanced and expanded during the POC C 1 PSG 2020.1 based on recommendations from an Expert Team created under the auspices of the POC C 1 PSG 2019.1. The certificaiton process is based on the following elements:
A self-assessment questionnaire
- Required Documentation review
- A thorough evaluation based on a review workbook
- An assigned review team’s (consisting of at least two members) field mission for all critical facilities that do not currently hold a security certification.
The certification procedure can only take place if the designated operator applying for certification submits a completed self-assessment via email@example.com.
The certification system is modelled in alignment with the UPU quality management certification system. The results of the compliance review will determine the certification level demonstrated by security measures successfully implemented within the DO. The primary certification levels are: gold (level A), silver (level B) and bronze (level C). The certification has a three-year period of validity.
Entry level or basic certification will be conferred once the assigned review team has evaluated the completed self-assessment and confirmed that all documents and provided evidence support the responses. Basic certification may be completed through virtual means and must be achieved before any additional certification is granted.
Level + (Plus): In cases where certification – Level A (Gold), Level B (Silver) or Level C (Bronze) – has been awarded to the OE of a DO that is exchanging electronic advance data (EAD) with all DOs requiring EAD, the certified DO may request evaluation for Level + (Plus).
Certification is a way of continually improving security, and can be communicated through the media to customers and the public, so as to raise awareness of the designated operators' efforts. When a designated operator receives certification, this shows that it meets or exceeds the mandatory minimum security standards set by the UPU.
A DO seeking to attain certification must appoint a national certification coordinator/focal point, responsible for responding o inquiries for additonal information and for assisting in arranging the compliance review.
The coordinator should familiarize themselves with the Certification process for UPU security standards S58 and S59 as well as the UPU Standards S58 and S59.
A certification procedure can only be launched upon submission of a completed self-assessment for each critical facility the DO seeks to achieve certification. All required documentation must also be current and complete and available for review.
The self-assessment aims to assess whether the organizational system put in place by the designated operator meets the minimum requirements for meeting the mandatory minimum security requirements.
The assigned DO focal point should request a review directly from the IB by sending an e-mal to the UPU security mailbox: firstname.lastname@example.org. This request should include a self-assessment report for the critical facility seeking certification, confirmation all associated documentation is available for review, and photographic evidence of critical security measures in place within the associated critical facility.
The list of required documentation provides all documents which are necessary for the fulfilment of the certification process.
Equivalently certified DOs: In some cases, the DO is obliged to comply with the security requirements of its national legislative or regulatory civil aviation authorities, or of external organizations such as ICAO, IATA and the WCO. The UPU recognizes that these third-party standards (e.g. ICAO’s Regulated Agent and the WCO’s Authorized Economic Operator) may be more rigorous than those set forth in S58 and S59, which are considered to be basic standards attainable by all DOs.
If a DO complies with these higher-level security standards and can show that they are equivalent to or exceed S58 and S59 standards, it may be possible for the DO to be accredited with an equivalency recognition of S58 and S59 certification, provided all security measures have been fully implemented. This would facilitate cooperation and harmonize efforts among stakeholders to develop and maintain a secure supply chain system.
In order for a DO to be recognized as Equivalently Certified, the appropriate focal point must complete and submit the equivalency assessment workbook, related required documentation as detailed above, as well as a written justification to the PSG regarding the adherence to security requirements of its national legislative or regulatory civil aviation authorities or of external organization such as ICAO and the WCO via email@example.com.
Certified critical facilities
Historic list of UPU-certified critical facilities and their associated designated operators since 2016 indicating the year of certification and the level achieved.
List of UPU-certified critical facilities and their associated designated operators with certificates that are currently valid indicating the year of certification, the level achieved, the start and end dates of validity.
Reporting of detained mail
The Transport Group is collecting data from designated operators on alarm incidents, in coordination with the Postal Security Group and the International Air Transport Association (IATA).
An "alarm incident" triggering an "alarm resolution procedure" can occur during the handling of dangerous goods or prohibited, inadmissible or wrongly admitted items. Alarm incidents may be discovered by air carriers, airport authorities, or designated operators.
19.02.2020Designated operators (as well as air carriers and airport authorities on the IATA side) are asked to complete the document and e-mail it to: upu.alarm(at)upu.int. Any designated operators with questions or requiring assistance can contact the International Bureau at the above email.
The SharePoint provides members with updates and information relative to security in the postal supply chain.