Guest columnThe government's new mail room // by Keith James

Published 28 May 2009

How CRF regulations overhaul mail security — and the keys to timely compliance

The recent rise in white powder hoaxes and mail security breaches is taking its toll — and for the government, enough is enough: Come 25 August, how federal agencies safeguard employees, mail rooms, and overall facilities face drastic changes.

All federal mailrooms, regardless of size, staffing, or operational capacity — whether in an office building in Washington, D.C., or a Coast Guard vessel patrolling the Atlantic — must implement and maintain a comprehensive security policy meeting several federal standards. Most agencies fall far from compliance today, and face just weeks to overhaul existing processes. This means a lot of scrambling — and implementation of security protocols and technology — to get checklists up to speed.

Created in response to provisions outlined in Homeland Security Presidential Directive HSPD-7 Federal, the requirement amends the Public Contracts and Property Management title of the Code of Federal Regulations (CFR) to reflect the heightened state of awareness necessary to safeguard federal postal and shipping facilities.

The regulation, located under Title 41 §102-192 sections 70-80, outlines the specific policies that need to be met, as well as the various elements associated with developing, implementing and sustaining a security plan that meets compliance.

The key takeaways

  • Each agency must establish and maintain a mailroom-specific security policy, and develop a facility-centric security plan commensurate with the size and responsibilities of each facility
  • All federal mail programs must identify, prioritize and coordinate the protection of each mail processing facility against both internal and external security threats

A Multi-tiered approach to compliance

Meeting these complex regulations, and developing a comprehensive safety plan, cannot happen overnight. Several steps need to be taken:

Conducting facility-based assessments. This is the first step toward compliance. These evaluations weigh the overall level of risk of a specific location — and determine the most effective way to implement the requirements needed to protect facility staff and visitors. Each assessment must equally focus on identifying the widest range of threats, and consist of continuous internal evaluations and annual external reviews.

Developing and implementing security related operating procedures and mail screening protocols. Designed to protect personnel, these procedures safeguard facilities and provide direction for managing a variety of threat scenarios including biological, chemical, radiation, explosive, and natural and man-made disasters. These also need to account for today’s most disruptive threat scenarios — mail hoaxes — which continue to consume growing costs, resources, and time from first responders and law enforcement.

Rigorous employee training: Agencies should develop minimum training requirements which,