Audit, Compliance and Risk Blog

Workplace Violence: Is Your Mailroom Secure?

Posted by Jon Elliott on Wed, Jun 18, 2014

http://www.stpub.com/workplace-violence-prevention-a-practical-guide-to-security-on-the-job-onlineMany organizations have mailrooms that receive posted mail, and packages shipped using parcel and express services. In some of these organizations, mailrooms also serve as the entry point for deliveries of goods and products by other venders. If your organization has a mailroom, it offers entry into your workplace for potentially dangerous materials, including those sent without harmful intent but also without appropriate packaging, and those sent in order to harm individuals or the organization.

Governmental security, postal, and building management agencies have responded to these concerns with guidelines and model plans for mailroom security. In the US, these agencies include US Postal Service (USPS), the General Services Administration (GSA), and a federal “Interagency Security Committee” led by the Department of Homeland Security. In Canada, the Royal Canadian Mounted Police (RCMP) provides similar guidance.

What Does GSA’s Model Mail Center Security Plan Recommend?

GSA’s Mail Center Security Guide provides an outline for a comprehensive security plan for each mail center. GSA recommends the following elements:

  • Risk Assessment. GSA recommends that operators first identify the assets and operations at risk; conduct a threat assessment (GSA identifies possible risks from foreign or domestic terrorists, disgruntled employees, or from natural disasters); conduct a vulnerability assessment (which assets and operations are vulnerable to which threats); conduct an impact assessment; and then finish with a risk analysis, to be used to determine what protective measures are worthy of implementation. GSA recommends that these assessments be conducted by security professionals. Appendix C of the GSA Guide presents a Mail Center Security Checklist.

  • Mail Center Operating Procedures. GSA identifies procedures to incorporate security concerns into ongoing operations. These include the following:

    • Incoming Mail Procedures. This recommends standard procedures (including X-ray if possible) to be applied to all mail, and additional procedures for “unexplained or suspicious packages.” [RCMP and the US Occupational Safety and Health Administration (OSHA) provide detailed mail assessment and handling guidelines]

    • Procedures for “Accountable Mail” (e.g., certified mail, package delivery).

    • Procedures for Personal Mail. GSA recommends prohibiting receipt of such mail at work.

    • Loss Prevention and Cost Avoidance. This portion focuses on conventional efforts to screen employees, and on accounting for postage and other potentially valuable and potentially vulnerable assets in the mail center.

    • Physical Security. This portion provides tips for security assessments and followup. 

    • Daily Opening and Closing Procedures.

    • Building Security Committee, to provide a forum for discussion of security and emergency issues among tenants.

    • Offsite Processing of Incoming Mail if a risk assessment indicates this is warranted for some or all types of incoming mail.

    • Personal Protective Equipment (PPE) examples, to protect mail handlers from anthrax and other bioterrorism.

    • Psychological Effects discusses effects of critical events, and procedures to address them. 

    • Workplace Violence provides basic discussion of workplace violence issues.

  • Training, Testing, and Rehearsal. This portion discusses employee training in the routine, emergency, and post-emergency aspects of the plan. [separate GSA documents provides detailed training modules]

  • Managing Threats. This section provides additional, detailed discussion of suspicious letters and packages. [GSA, USPS, and others provide recommendations for biological and other hazards]

  • Communications Plan. This portion discusses systems to ensure effective communication (routine and during emergencies) among management, mail center personnel, and customers.

  • Occupant Emergency Plan (OEP). This portion focuses on conventional efforts to plan for and respond to emergencies.

  • Continuity of Operations Planning (COOP). This portion focuses on efforts to ensure continued mail-handling operations in the wake of an incident involving a mail center.

  • Review of the Security Plan. This portion encourages mail center managers to seek external (peer) review of plans once they are developed.

Self-Assessment Checklist

  • Does the organization have any mail center(s) or mailroom(s)?

  • Has the organization established procedures to screen incoming mail (and other items received by our mailroom)?

  • Are employees trained to recognize suspicious letters and packages, and how to manage them?

  • Are letters and packages opened in the mailroom (which risks broader contamination), or outside the mailroom by individual recipients?

  • Are procedures in place to deter theft or diversion of incoming mail?

  • Has the organization evaluated the physical security around its mailroom (perimeter security, access routes and controls, etc.)?

  • Has the organization considered the safety of other activities if an incident occurs in the mailroom (explosion or fire, release of biological material (consider ventilation, mail handling procedures))?

  • Is the mailroom covered by emergency/incident planning and procedures?

  • Is the mailroom covered by post-incident business continuity/resumption plans and procedures?

Where Can I Go For More Information?

Specialty Technical Publishers (STP) provides a variety of single-law and multi-law services, intended to facilitate clients’ understanding of and compliance with requirements. These include:

Like What You've Read? Subscribe to Our Blog Now
http://www.stpub.com/workplace-violence-prevention-a-practical-guide-to-security-on-the-job-onlineJon Elliott is President of Touchstone Environmental and has been a major contributor to STP’s product range for over 25 years. He was involved in developing 16 existing products,including The Complete Guide to Environmental Law and Securities Law.

Mr. Elliott has a diverse educational background. In addition to his Juris Doctor (University of California, Boalt Hall School of Law, 1981), he holds a Master of Public Policy (Goldman School of Public Policy [GSPP], UC Berkeley, 1980), and a Bachelor of Science in Mechanical Engineering (Princeton University, 1977).

Mr. Elliott is active in professional and community organizations. In addition, he is a past chairman of the Board of Directors of the GSPP Alumni Association, and past member of the Executive Committee of the State Bar of California's Environmental Law Section (including past chair of its Legislative Committee).

You may contact Mr. Elliott directly at: tei@ix.netcom.com.

photo credit: a440 via photopin cc