PAS 97:2021

To download a DRM free copy of PAS 97:2021, click here. 

What is this PAS about?

It helps organizations identify and implement postal security measures appropriate to their particular needs.

Who is this PAS for?

Those responsible for planning, delivering or procuring mail handling and screening services within organizations, as well as commercial providers of such services. Users will include:

• Businesses and organizations
• Infrastructure sites
• Government departments
• Regulators
• Mail and courier service providers
• Security services providers
• Main screening equipment manufacturers

Why should you use this PAS?

Organizations still rely on receiving and sending physical mail which streams into and around organizations and creates an opportunity for malicious attacks. These can be aimed at damaging people and/or property, causing disruption, or adversely affecting an organization’s reputation. It’s also possible for perfectly benign objects to appear suspicious, causing unnecessary disruption. Also incoming and outgoing mail streams might contain valuable items or sensitive information that warrants protection from loss or theft. Mail screening and security measures can be used to reduce the risk and impact of incidents.

This PAS therefore specifies requirements and gives recommendations for mail screening, set in the broader context of postal security. The PAS:

• Specifies measures to help businesses and other organizations identify and minimize the impact of items of mail that represent a threat, or could otherwise cause concern or disruption
• Deals with broader postal security measures aimed at ensuring all incoming, outgoing and internal mail streams are managed so as to minimize the risk of loss or theft of valuable or sensitive items or information
• Concentrates on letters and small parcels entering the organization from any external source, including public/commercial postal services, by hand or by courier delivery
• Doesn’t propose a single standard of postal security and screening. Instead, it sets out to help organizations assess their particular level(s) of risk, and select and implement commensurate security measures whether onsite or offsite, delivered in-house or outsourced. A series of screening levels (1 to 5) is defined in terms of progressively more complex screening measures; this is complemented by a series of physical protection classes (A to D) that describe incremental physical protective measures for mail rooms and personnel.

NOTE: The security of electronic mail and associated IT systems is outside the scope of this PAS.

What’s new since the last update?

The document has been brought up to date with current practice and technologies. Changes include:

a)       Updated case studies which include examples of recent mail security incidents, highlighting the importance of having robust mail screening processes in place

b)      Updated guidance on screening levels and methods

c)       Inclusion of a schematic that sets out flows of information and dependencies and will assist users in planning their mail screening capability