[F1ANNEX U.K. List of persons and entities visited and interviewed
Textual Amendments
Providing the name of the entity, the name and the position of the contact person and the date of the visit or interview.
| Name of entity | Name of contact person | Position of contact person | Date of visit or interview |
|---|---|---|---|
ATTACHMENT 6-C4 VALIDATION CHECKLIST FOR THIRD COUNTRY EU AVIATION SECURITY VALIDATED KNOWN CONSIGNOR U.K.
Third country entities have the option to become part of an ACC3's ( Air cargo or mail carrier operating into the Union from a third country airport ) secure supply chain by seeking designation as a third country EU aviation security validated known consignor (KC3). A KC3 is a cargo handling entity located in a third country that is validated and approved as such on the basis of an EU aviation security validation.
A (KC3) shall ensure that security controls have been applied to consignments bound for the Union (1) and the consignments have been protected from unauthorised interference from the time that those security controls were applied and until transferring to an ACC3 or a third country EU aviation security validated regulated agent (RA3).
The prerequisites for carrying air cargo or air mail into the Union (EU) or Iceland, Norway and Switzerland are required by Implementing Regulation (EU) 2015/1998.
The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU or EEA bound air cargo or air mail (2) by or under the responsibility of the entity seeking designation as a KC3. The checklist is to be used only in the cases specified in point (b) of point 6.8.5.1 of the Annex to Implementing Regulation (EU) 2015/1998. In cases specified in point (a) of point 6.8.5.1 of that Annex, the EU aviation security validator shall use the ACC3 checklist.
A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification. Integral parts of the validation report shall be at least the following:
the completed checklist signed by the EU aviation security validator and where applicable commented by the validated entity; and
the declaration of commitments (Attachment 6-H3 to Implementing Regulation (EU) 2015/1998) signed by the validated entity; and
an independence declaration (Attachment 11-A to Implementing Regulation (EU) 2015/1998) in respect of the entity validated signed by the EU aviation security validator.
Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report's integrity.
The KC3 shall be able to use the report in its business relations with any ACC3 and any RA3.
By default the validation report shall be in English.
For those parts that cannot be assessed against the requirements of Implementing Regulation (EU) 2015/1998, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted).
Completion notes: U.K.
(1) All applicable and relevant parts of the checklist must be completed, in accordance with the business model and operations of the entity being validated. Where no information is available, this must be explained. U.K.
(2) After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met. U.K.
PART 1 U.K. Organisation and responsibilities
| 1.1. Date(s) of validation | |
|---|---|
| Use exact date format, such as from 01.10.2012 to 02.10.2012 | |
| dd/mm/yyyy | |
| 1.2. Date of previous validation where applicable. | |
| dd/mm/yyyy | |
| Previous KC3 registration number, where available | |
| AEO certificate or C-TPAT status or other certifications, where available | |
| 1.3. Aviation security validator information | |
| Name | |
| Company/Organisation/Authority | |
| Unique alphanumeric identifier (UAI) | |
| Email address | |
| Telephone number — including international codes | |
| 1.4. Name of entity | |
| Name | |
| Company number (for example commercial register identification number, if applicable) | |
| Number/Unit/Building | |
| Street | |
| Town | |
| Postcode | |
| State (where relevant) | |
| Country | |
| P.O. Box address, if applicable | |
| 1.5. Main address of organisation (if different from site to be validated) | |
| Number/Unit/Building | |
| Street | |
| Town | |
| Postcode | |
| State (where relevant) | |
| Country | |
| P.O. Box address, if applicable | |
| 1.6. Nature of business — Types of cargo processed | |
| What is the nature of business(es) — type of cargo processed in the applicant's premises? | |
| 1.7. Is the applicant responsible for…? | |
| (a) production (b) packing (c) storage (d) despatch (e) other, please specify | |
| 1.8. Approximate number of employees on site | |
| Number | |
| 1.9. Name and title of person responsible for third country air cargo or air mail security | |
| Name | |
| Job title | |
| Email address | |
| Telephone number — including international codes | |
PART 2 U.K. Organisation and responsibilities of the third country EU aviation security validated known consignor
Objective: No air cargo or air mail shall be carried to the EU or EEA without being subject to security controls. Cargo and mail delivered by a KC3 to an ACC3 or RA3 may only be accepted as secure cargo or mail if such security controls are applied by the KC3. Details of such controls are provided by the following Parts of this checklist.
The KC3 shall have procedures in place to ensure that appropriate security controls are applied to all EU or EEA bound air cargo and air mail and that secure cargo or mail is protected until being transferred to an ACC3 or a RA3. Security controls reasonably ensure that no prohibited articles are concealed in the consignment.
Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998.
| 2.1. Has the entity established a security programme? | |
|---|---|
| YES or NO | |
| If NO, go directly to point 2.5 | |
| 2.2. Entity security programme information | |
| Date — use exact format dd/mm/yyyy | |
| Version | |
| Is the security programme submitted to or approved by the appropriate authority of the state in which the entity is located? If YES, please describe the process. | |
| 2.3. Does the security programme sufficiently cover the elements mentioned in parts 4 to 11 of the checklist? | |
| YES or NO | |
| If NO, describe why, detailing the reasons | |
| 2.4. Is the security programme conclusive, robust and complete? | |
| YES or NO | |
| If NO, specify the reasons | |
| 2.5. Has the entity established a process to ensure that EU or EEA bound air cargo or air mail is submitted to appropriate security controls before being transferred to an ACC3 or an RA3? | |
| YES or NO | |
| If YES, describe the process | |
| 2.6. Has the entity a management system (for example instruments, instructions) in place to ensure that the required security controls are implemented? | |
| YES or NO | |
| If YES, describe the management system and explain if it is approved, checked or provided by the appropriate authority or other entity. | |
| If NO, explain how the entity ensures that security controls are applied in the required manner. | |
| 2.7. Conclusions and general comments on the reliance, conclusiveness and robustness of the process. | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 3 U.K. Identifiable air cargo or air mail
Objective: To establish the point or place where cargo or mail becomes identifiable as air cargo or air mail.
| 3.1. By inspection of the production, packing, storage, selection, despatch and any other relevant areas, ascertain where and how a consignment of EU or EEA bound air cargo or air mail becomes identifiable as such. | |
|---|---|
| Describe | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
Please note that detailed information should be given on the protection of identifiable air cargo or air mail from unauthorised interference or tampering in Parts 6 to 9.
PART 4 U.K. Staff recruitment and training
Objective: In order to ensure that the required security controls are applied, the KC3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to identifiable air cargo shall possess all the competencies required to perform their duties and be appropriately trained.
In order to fulfil that objective, the KC3 shall have procedures in place to ensure that all staff (such as permanent, temporary, agency staff, drivers) with direct and unescorted access to air cargo or air mail to which security controls are being or have been applied:
have been subject to initial and recurrent pre-employment checks or background checks, which are at least in accordance with the requirements of the local authorities of the KC3 premises validated; and
have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the KC3 premises validated.
Note: U.K.
A background check means a check of a person's identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual's suitability to implement a security control or for unescorted access to a security restricted area (ICAO Annex 17 definition).
A pre-employment check shall establish the person's identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding 5 years (Union definition).
Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.
| 4.1. Is there a procedure ensuring that all staff with access to identifiable air cargo or air mail is subject to a pre-employment check that assesses background check and competence? | |
|---|---|
| YES or NO | |
| If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. | |
| 4.2. Does this procedure include? | |
| □ background check □ pre-employment check □ check of criminal records □ interviews □ other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. | |
| 4.3. Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence? | |
| YES or NO | |
| If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out. | |
| 4.4. Does this procedure include? | |
| □ background check □ pre-employment check □ check of criminal records □ interviews □ other (provide details) Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account. | |
| 4.5. Do staff with access to identifiable air cargo/air mail receive training before being given access to identifiable air cargo or air mail? | |
| YES or NO | |
| If YES, describe the elements and duration of the training | |
| 4.6. Do staff referred to in point 4.5 receive recurrent training? | |
| YES or NO | |
| If YES, specify the elements and the frequency of the recurrent training | |
| 4.7. Conclusion: do measures concerning staff recruitment and training ensure that all staff with access to identifiable EU or EEA bound air cargo or air mail have been properly recruited and trained to a standard sufficient to be aware of their security responsibilities? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 5 U.K. Physical security
Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.
The entity has to demonstrate how its site or its premises are protected and that relevant access control procedures are in place. It is essential that access to the area where identifiable air cargo or air mail is processed or stored, is controlled. All doors, windows and other points of access to secure EU or EEA bound air cargo or air mail need to be secured or subject to access control.
Physical security can be, but is not limited to:
physical obstacles such as fencing or barriers,
technology using alarms and/or CCTV systems,
human security such as staff dedicated to carry out surveillance activities.
Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.
| 5.1. Are all access points to identifiable air cargo/air mail subject to access control and is access limited to authorised persons? | |
|---|---|
| YES or NO | |
| If YES, how is access controlled? Explain and describe. Multiple answers may be possible. □ by security staff □ by other staff □ manual checking if persons are allowed to enter the area □ electronic access control systems □ other, specify | |
| If YES, how is it ensured that a person is authorised to enter the area? Explain and describe. Multiple answers may be possible.
| |
| 5.2. Are all access points to identifiable air cargo or air mail secured? This includes access points which are not permanent in use and points which are normally not used as access points, such as windows. | |
| YES or NO | |
| If YES, how are these points secured? Explain and describe. Multiple answers may be possible.
| |
| 5.3. Are there additional measures to enhance the security of the premises in general? | |
| YES or NO | |
| If YES, explain and describe what they are □ fencing or barriers □ CCTV system □ intruder detection system □ surveillance and patrols □ other, specify | |
| 5.4. Is the building of solid construction? | |
| YES or NO | |
| 5.5. Conclusion: Are the measures taken by the entity sufficient to prevent unauthorised access to those parts of the site and premises where identifiable EU or EEA bound air cargo or air mail is processed or stored? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 6 U.K. Production
Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the production process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.
The entity has to demonstrate that access to the production area is controlled and the production process is supervised. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of production, the entity has to show that measures are taken to protect air or cargo or air mail from unauthorised interference or tampering from this stage.
Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the production process.
| 6.1. Is access to the production area controlled and limited to authorised persons? | |
|---|---|
| YES or NO | |
| If YES, explain how the access is controlled and limited to authorised persons | |
| 6.2. Is the production process supervised? | |
| YES or NO | |
| If YES, explain how it is supervised | |
| 6.3. Are controls in place to prevent tampering at the stage of production? | |
| YES or NO | |
| If YES, describe | |
| 6.4. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during production? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 7 U.K. Packing
Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the packing process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.
The entity has to demonstrate that access to the packing area is controlled and the packing process is supervised. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of packing, the entity has to show that measures are taken to protect air cargo/air mail from unauthorised interference or tampering from this stage. All finished goods need to be checked prior to packing.
Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the packing process.
PART 8 U.K. Storage
Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during storage. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.
The entity has to demonstrate that access to the storage area is controlled. If the product becomes identifiable as EU or EEA bound air cargo or air mail while being stored, the entity has to show that measures are taken to protect air cargo or air mail from unauthorised interference or tampering as from this stage.
Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the storage process.
| 8.1. Is access to the storage area controlled and limited to authorised persons? | |
|---|---|
| YES or NO | |
| If YES, explain how the access is controlled and limited to authorised persons | |
| 8.2. Is the finished and packed air cargo or air mail stored securely and checked for tampering? | |
| YES or NO | |
| If YES, describe | |
| If NO, explain how the entity ensures that the finished and packed EU or EEA bound air cargo and air mail is protected against unauthorised interference and any tampering. | |
| 8.3. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during storage? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 9 U.K. Despatch
Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the despatch process. If such cargo or mail is not protected, it must not be forwarded to an ACC3 or RA3 as secure cargo or mail.
The entity has to demonstrate that access to the despatch area is controlled. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of despatch, the entity has to show that measures are taken to protect air cargo or air mail from unauthorised interference or tampering from this stage.
Answer these questions where the product can be identified as EU/EEA bound air cargo or air mail in the course of the despatch process.
| 9.1. Is access to the despatch area controlled and limited to authorised persons? | |
|---|---|
| YES or NO | |
| If YES, explain how the access is controlled and limited to authorised persons | |
| 9.2. Who has access to the despatch area? Multiple answers may be possible. | |
| □ employees of the entity □ drivers □ visitors □ contractors □ others, specify | |
| 9.3. Is the despatch process supervised? | |
| YES or NO | |
| If YES, explain how it is supervised | |
| 9.4. Are controls in place to prevent tampering in the despatch area? | |
| YES or NO | |
| If YES, describe | |
| 9.5. Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during the despatch process? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 10 U.K. Consignments from other sources
Objective: The KC3 shall have procedures in place to ensure that cargo or mail which it has not originated itself, shall not be forwarded to an ACC3 or an RA3 as secure cargo or mail.
A KC3 may pass consignments which it has not itself originated to a RA3 or an ACC3, provided that following conditions are met:
they are separated from consignments which it has originated; and
the origin is clearly indicated on the consignment or an accompanying documentation.
All such consignments must be screened by an RA3 or ACC3 before they are loaded onto an aircraft.
| 10.1. Does the entity accept consignments of cargo or mail intended for carriage by air from any other entity? | |
|---|---|
| YES or NO | |
| If YES, how are these consignments kept separate from the company's own cargo or mail and how are they identified to the regulated agent or haulier? | |
| Comments from the entity | |
| Comments from the EU aviation security validator. | |
PART 11 U.K. Documentation
Objective: The KC3 shall ensure that the documentation accompanying a consignment to which the KC3 has applied security controls (for example protection), contains at least:
the unique alphanumeric identifier received from the designating appropriate authority; and
the content of the consignment.
The documentation accompanying the consignment may either be in an electronic format or in writing.
Reference: point 6.8.3.4 of the Annex to Implementing Regulation (EU) 2015/1998
| 11.1. Does the entity ensure that appropriate accompanying documentation is established, containing the UAI received from the designating appropriate authority and a description of the consignment? | |
|---|---|
| YES or NO | |
| If NO, explain | |
| 11.2. Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation? | |
| YES or NO | |
| If NO, specify reason | |
| Comments from the entity | |
| Comments from EU aviation security validator | |
PART 12 U.K. Transportation
Objective: The KC3 shall have procedures in place in order to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during transportation. If such cargo or mail is not protected, it must not be accepted by an ACC3 or RA3 as secure cargo or mail.
During transportation, the KC3 is responsible for the protection of the secure consignments. This includes cases where the transportation is undertaken by another entity, such as a freight forwarder, on its behalf. This does not include cases whereby the consignments are transported under the responsibility of an ACC3 or RA3.
Answer these questions where the product can be identified as EU or EEA bound air cargo or air mail when transported.
| 12.1. How is the air cargo or air mail conveyed to the ACC3 or RA3? | |
|---|---|
| (a) Validated entity's own transport? | |
| YES or NO | |
| (b) ACC3's or RA3's transport? | |
| YES or NO | |
| (c) Contractor used by the validated entity? | |
| YES or NO | |
| 12.2. Is the air cargo or air mail tamper evidently packed? | |
| YES or NO | |
| If YES, how | |
| 12.3. Is the vehicle sealed or locked before transportation? | |
| YES or NO | |
| If YES, how | |
| 12.4. Where numbered seals are used, is access to the seals controlled and are the numbers recorded? | |
| YES or NO | |
| If YES, specify how | |
| 12.5. If applicable, does the respective haulier sign the haulier declaration? | |
| YES or NO | |
| 12.6. Has the person transporting the cargo been subject to specific security controls and awareness training before being authorised to transport secured air cargo or air mail, or both? | |
| YES or NO | |
| If YES, please describe what kind of security controls (for example, pre-employment check, background check) and what kind of training (for example, security awareness training, etc.) | |
| 12.7. Conclusion: Are the measures sufficient to protect air cargo or air mail from unauthorised interference during transportation? | |
| YES or NO | |
| If NO, specify reasons | |
| Comments from the entity | |
| Comments from the EU aviation security validator | |
PART 13 U.K. Compliance
Objective: After assessing the twelve previous parts of this checklist, the EU aviation security validator has to conclude whether its on-site verification confirms the implementation of the security controls in compliance with the objectives listed in this checklist for EU or EEA bound air cargo or air mail.
Two different scenarios are possible. The EU aviation security validator concludes that the entity:
has succeeded in complying with the objectives referred to in this checklist. A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification;
has failed in complying with the objectives referred to in this checklist. In that case, the entity is not authorised to deliver air cargo or mail for EU or EEA destination to an ACC3 or RA3 without it being screened by an authorised party. It shall receive a copy of the completed checklist stating the deficiencies.
The EU aviation security validator has to keep in mind that the assessment is based on an overall objective-based compliance methodology.
| 12.1. General conclusion: Indicate the scenario closest to the situation validated | |
|---|---|
| 1 or 2 | |
| Comments from EU aviation security validator | |
| Comments from the entity | |
Name of the validator:
Date:
Signature:]
[F1The Union Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom]
[F1EU or EEA bound air cargo or air mail or aircraft in this validation checklist is equivalent to the Union and Iceland, Norway and Switzerland bound air cargo or air mail or aircraft.]