The diagram on this page is provided with the permission of the authors at Applied Research Associates, Inc. A more detailed report on Risk Assessment containing this report can be found on the GSA Office of the Chief Architect’s web site at http:www.oca.gsa.gov. After logging in, click on Projects.
II. Mail Center Operating Procedures – Creating a Safe and Secure Environment
Most of the effort in developing a risk assessment, as described in the preceding section, should be accomplished by security professionals. By contrast, mail center operating procedures must, necessarily, be developed locally. Though higher levels in the federal agency will develop the policy these procedures will be based on work processes at the local level. Please remember that all decisions about mail center operating procedures, as well as every other aspect of mail center security, must be based on the risk assessment.
If possible, acquire an x-ray machine to scan mail. If mail volume is too low to justify acquiring an x-ray machine, consider partnering with another organization to x-ray. All mail, regardless of carrier, should be x-rayed – be sure to include couriers and small package carriers.
Once the mail has been x-rayed, inspect the mail for suspicious characteristics. If possible, do this in an area isolated from the rest of the mail center. See “Training and Rehearsal” below for information on inspecting incoming mail, and see “Physical Security in the Mail Center” for information on isolating the incoming mail processing area. Mark all packages with a stamp that says “x-ray” to acknowledge that it has been screened if at all possible.
Limit access for anyone who delivers mail to your center; deal with them at a counter.
Authorized receptacles for U.S. Mail clearly labeled.
Procedures established for handling unexplained or suspicious packages.
Make personal protection equipment available for all employees, including gloves and masks. See “Employee Safety” below for additional information.
Require employees to wear photo identification at all times.
Instruct employees to challenge any unknown person in the facility.
Deliveries for Senior Executives
Give extra care and attention to letters and packages addressed to any senior official whose names and/or positions give them higher public visibility. Meet with representatives from the senior management (Executive Secretariat, Administrator, etc.) to establish procedures for mail and packages addressed to senior officials. Mark all packages and envelopes addressed to senior officials after you have screened them; the best practice is to use a large stamp that says “Inspected by Mail Services.” No letters or packages should be accepted at the Executive Area unless clearly stamped “Inspected by Mail Services”. This includes both internal and external deliveries.
Handling Accountable Mail
Establish a closed-loop manifest system for all accountable letters and packages (e.g., certified mail, UPS, FedEx). Verify the delivery manifest sheet to ensure that you have received all packages listed. Accept complete shipments only.
A closed-loop system means that someone signs for each piece of accountable mail whenever possession changes. For example, the receiving clerk should require internal couriers to sign for all packages that they deliver.
Always require a signature for accountable mail at the final point of delivery. Don’t leave any accountable mail at an unoccupied desk or mailbox. Have someone else in the department sign for the piece, or leave a note with directions to pick up the piece at the mail center.
Retain copies of all accountable mail manifests.
If possible, install an electronic manifest system to speed up the process and increase accuracy. An electronic system also makes it easier to conduct research on past deliveries.
In most circumstances, agency and/or facility-level policy should prohibit handling incoming or outgoing personal mail in a federal mail center. The existing federal regulation on mail management, 41 CFR, 102-192.125(i), authorizes agencies to adopt this policy, but it also authorizes federal mail managers, at the facility level, to make exceptions where appropriate.
All employees should be notified that any mail sent to the office is considered “delivered” by the United States Postal Service once it is received in the mail center and therefore can be opened by the agency mail center.
Integrate accounting procedures for all forms of postage – meters, stamps and permits.
Establish procedures to control access of employees, known visitors and escorted visitors.
Require visitors to sign a log, and if possible, install access control equipment. Key control, card readers, or buzz entry are a few options.
Permit only authorized employees to accept mail.
Conduct regular checks of your postage meters to ensure employees are not using agency meters for personal mail. Maintain meter logs (Postal Service Form 3602-A or electronic logs) carefully, and lock meters when not in use. Where feasible, remove the meter from the equipment and store it in a locked cabinet during off-hours.
Carefully package shipments of valuable materials; send them via certified mail, and make sure their outside labeling does not identify the contents.
Implement inventory controls to ensure proper access and accountability for stamps, permit envelopes and labels, and perform regular audits of the inventory.
No personal mail should be sent using the meter or permit imprints. If the agency allows staff to drop personal mail at the Mail Center, separate it from official outgoing mail, and insist that staff provide their own stamps for personal mail.
Review bills from carriers (e.g., FedEx, UPS) regularly to guard against unauthorized use.
Check periodically to determine if the mail messengers are making unauthorized stops or leaving the mail unattended in unlocked delivery vehicles.
Obtain delivery time listing from express carriers and make sure that all appropriate refunds are collected.