General Services Administration
Mail Communications Policy Office
Mail Center Security Guide
Third Edition – 2004
A Note For Smaller Federal Facilities. 4
What Should a Mail Center Security Plan Include? 4
Critical Elements of a Mail Center Security Plan 4
I. Risk Assessment 5
Components of a Risk Assessment with Definitions of Terms 5
Questions Addressed by Risk Assessment 5
Conducting a Risk Assessment 6
Step One: Asset and mission identification – What are you trying to protect? 6
Step Two: Threat Assessment – What bad things could happen? 7
Step Three: Vulnerability Assessment – What are your weaknesses? 8
Step Four: Impact Assessment – What would happen if your security measures failed? 8
Step Five: Risk Analysis – What does it all add up to? 9
Sample Questions to Ask as Part of Your Risk Assessment 9
Federal Security Risk Management Chart 10
II. Mail Center Operating Procedures – Creating a Safe and Secure Environment 11
Incoming Mail Procedures 11
Handling Accountable Mail 11
Personal Mail 12
Loss Prevention and Cost Avoidance 12
Physical Security in a Mail Center/Facility 13
Daily Opening and Closing Procedures 13
The checklist for opening the mail center should include: 14
The checklist for closing the mail center should include: 14
Building Security Committees 14
Offsite Processing Of Incoming Mail 14
Personal Protective Equipment 15
Psychological Effects 15
Workplace Violence 16
III. Training, Testing, and Rehearsal 17
The importance of testing the plan 17
X-Ray training 17
Contents of a complete training program 17
IV. Managing Threats 18
Suspicious letters and packages 18
Characteristics of suspicious packages or letters 18
Post examples. 18
Question every suspicious letter or package. 19
Mail Bombs 21
V. Communications Plan 23
Mail Center Personnel 23
Communications During an Emergency. 23
Relationships with partner organizations (First Responders, Public Health Authorities, FBI, FPS, Regional USPIS, Fire, Hazmat and Law Enforcement Officials) 24
VI. Occupant Emergency Plan (OEP) 25
Occupant Emergency Program 25
Occupant Emergency Organization 25
Designated Official 25
Occupant Emergency Plan (OEP) 25
Evacuation Plans 25
Whom to Contact in the Event of an Emergency 26
Building/Occupant Information 26
The Command Center (COMMAND CENTER) 26
VII. Continuity of Operations Planning (COOP) 27
What are the Key Elements of a COOP? 27
What are the Responsibilities of the Mail Manager in a COOP? 27
What are the Objectives of a COOP for a mail facility? 27
COOP background documents 27
Fly-away kits 28
VIII. Review of the Security Plan 29
Initial Review 29
Annual Review 29
Appendix A – Risk Analysis Worksheet 31
Appendix B – On Line Resources For Keeping Your Mail Center Safe 32
Appendix C – Mail Center Security Checklist 34
Throughout the seven years since the General Services Administration (GSA) established the Office of Governmentwide Policy (OGP), federal mail managers have requested training for themselves and their employees. The OGP Mail Policy Team has fulfilled these requests by offering quarterly Interagency Mail Policy Council meetings, the Annual Educational Forums, and a web site full of training resources and other information.
Mail center security was always a significant part of this training. It became much more important after the anthrax attacks of October 2001. The subject of mail center security has always been broader than biological threats – it also includes mail bombs and bomb threats, preventing theft in the mail center, emergency planning, and comprehensive security management.
We published the First Edition of this Mail Center Security Guide in December 2001 and the Second Edition in October 2002. We also published several documents on specific security topics. Most recently, in December 2003, we published the “National Guidelines for Assessing and Managing Biological Threats in Federal Mail Facilities.” This Third Edition of the Mail Center Security Guide incorporates new information that has become available, as this nation’s understanding of homeland security has evolved. Significant additions to this edition include a step-by-step process for performing a risk assessment, updated information on managing threats, and information about Occupant Emergency Plans and Continuity of Operations Plans. The risk assessment should be performed by a security professional, mail management input is critical to its success.
This Guide’s purpose is to assist federal mail center managers in keeping mail centers safe and secure. It provides an outline of the planning and preparation that is appropriate for a federal mail center. It encourages you to communicate with others in the planning process by making you more familiar with their process. In particular, this Guide offers:
The mail center security plan has many objectives, including these:
Protecting staff and all other employees and building occupants;
Avoiding unwarranted, costly and disrupting evacuations;
Providing a visible mail screening operation that demonstrates to all employees that management is committed to their safety;
Supporting employee morale and reducing stress by providing reassurance to all employees about the safety of mail;
Minimizing the likelihood of litigation, which could arise from suggestions that the mail center manager had not taken proper measures to keep employees safe while at work.
Throughout this Guide, “you” refers to the mail center manager, and “we” refers to GSA.
A strong plan for mail center security, supplemented with regular training, rehearsals, and reviews, helps instill a culture that emphasizes the importance of security. Involving all members of the team – executives, managers, employees, contractors, security managers, building management personnel, and union representatives -- during development and throughout is critical to the security plan’s success.
A Note For Smaller Federal Facilities.
Many federal agencies have satellite facilities where mail operations are performed in a small room, one corner of a room, or one corner of a desk. In these facilities, responsibility for processing mail is divided among professional and support staff. Security plans for small facilities are, of course, limited by both the size of the facility and the resources available to develop and implement plans. Small facilities will, therefore, adopt those recommendations from this Guide that are appropriate to them. Nonetheless, every federal facility should have a security plan that considers each of the elements listed in Figure 1. For the most part, security policy should be developed at a headquarters level, with procedures tailored to the smaller location developed and implemented onsite. Your threats and vulnerabilities will determine the measures to protect your facility.
What Should a Mail Center Security Plan Include?
A complete mail center security plan includes the elements listed in Figure 1, and every federal mail center manager should make sure that all of these are included. For most mail centers, each of these elements should be represented in a written document.
Training, Testing, and Rehearsal Plan
Occupant Emergency Plan (OEP)
Continuity of Operations Plan (COOP)
The mail center manager will not be required to prepare all of these plans. They should participate actively in the development and implementation of each of these elements, but other parts of the agency or outside security experts should have the lead on most of them. The mail center manager must ensure that they have addressed each of these elements by identifying and working with the appropriate others.