ISO PAS 17712 and C-TPAT Compliance…
is it enough to secure your supply chain?
The International Standards Organization (ISO) permits its technical committees to draft and vote on Publicly Available Specifications (PAS) as, in effect, a kind of interim International Standard. A PAS is faster to approve than a formal standard, but it has a limited shelf-life.
The original ISO PAS 17712, published in 2003, was developed by a working group of users and seal manufacturers assembled by the ISO Technical Committee (TC) 104, Freight Containers. It focused on the physical parameters of three levels of seal strength: indicative, security and high security. Currently, the strength of a seal is measured with tests based solely on impact, shear, bend, and tensile strength. Regretfully, it did not consider what best practice “practitioners” believe to be the most significant test of a seal’s value; its ability to withstand attack for a significant amount of time and its ability to protect against manipulation and defeat. A seal which has been tampered without leaving evidence (defeated) is the number one problem with regard to security issues such as clandestine entry. Clandestine entry is what gives smugglers a significant edge in transporting narcotics and contraband without being noticed. Clandestine entry is also what allows theft to occur without notice.
The US Customs-Trade Partnership Against Terrorism (C-TPAT) and the World Customs Organization’s Framework of standards has endorsed the use of ISO compliant seals and the quality of seals used in international trade has increasingly improved. Noticeably, all stakeholders still have a long way to go to provide significant protection for seal users. Unfortunately, many seal users continue to budget for their seals as an after thought. Generally, little thought goes into the Return on Investment (ROI) of using a premium grade seal. Premium grade often refers to those seals which have been designed to provide a significant amount of protection time for the user under the most typical attack circumstances such as picking, ratcheting, freezing, and the changing out of parts. [Learn more]
As all stakeholders might expect, it is clear that security-related practices are just as important as the physical strength, the protective time a seal provides users while under attack, and the anti-manipulation and defeat features of any seal. Whether through immature management practices, poorly designed and ineffective seals, seal manufacturers and distributors could effectively compromise the security of a seal. Additionally, manufacturers by virtue of their overzealousness can provide users, government agencies, and insurers a false sense of security by not revealing all their products shortcomings. The “bad guys” operate from the vantage point of knowing how easy most seals can be manipulated. The education of seal users regarding seal vulnerabilities is not typically the first priority with most seal manufacturers.
A good first step was the introduction of a Normative Annex for security-related management practices. This annex requires certification of manufacturers after inspection by a qualified and independent testing authority of the manufacturers seals advertised as being compliant. The revision was approved and ISO published it as ISO PAS 17712; 2006.
The two most important features of the revision are: Seals must show a mark to indicate their grade, “H” for high security, “S” for security and “I” for indicative. Only manufacturers certified as compliant may use grade marks on seals. Although now ISO compliant seals can only come from ISO compliant sources, the time has come to focus on significantly more important issues. Implying with users that a new letter has provided them with more protection is clearly not enough. In some cases a mere addition of the letter “H” signifies a significant amount of protection where it may not be deserved. For instance, many seals which are now marked, “H” to signify high security, are easily manipulated and defeated; many in mere minutes. While the seal industry scurries to apply H, S, or I to the same seal you have always used, the ability of the “bad guys” to embrace clandestine entry as a business model continues, and poorly designed and inexpensive seals provide little protection for users, government agencies, or the country.
ISO/PAS 17712 and How it Affects Suppliers
ISO/PAS 17712 (Publicly Available Specification) establishes “uniform procedures for the classification, acceptance, and withdrawal of acceptance of mechanical freight container seals”. It defines the various types of security seals available and describes in detail the general performance requirements for each product type as well as details of testing specifications.
Seals are defined as either I (Indicative), S (Security) or H (High Security) and general basic requirements stipulate that seals must be:
- Strong and durable against weather, chemical action and * undetectable tampering.
- Easy to apply and seal.
- Be permanently and uniquely marked and numbered.
- The manufacturer's logo should be easily identifiable.
In order to define whether a seal should be classified as I, S or H and meet C-TPAT compliance, seals must be tested by an independent ISO/IEC 17025 certified testing authority. ISO defines the tests and suggested equipment for testing security seals, including a tensile (pull), shear (cutting), bend and impact test. Again, it is extremely important that users understand that these tests are but one reflection of a seals worth. To imply that because of these tests that their supply chain is more secure is incorrect and irresponsible. Users must always consider whether their seal of choice is one which is easily manipulated and defeated. Use of an “H” seal might be sufficient for some such as CBP, and the price might be attractive to your security budget but the same seals protection against manipulation and defeat (clandestine entry) should never be overstated.
* To determine if your seal choice is “durable” against tampering please review the following. [Learn More]
