ISO 17712 And How It Affects Buyers
Buyers of 17712-compliant seals cannot simply accept "Yes, we comply" as an answer from a supplier. You must be able to ensure that you bought a fully compliant product. For example, if you purchase seals that cannot be proven to be ISO 17712 compliant, then you risk shipment delays under C-TPAT procedures.
For information on how buyers can be sure that they are receiving genuinely compliant seals, see How can buyers be sure?
ISO 17712 establishes “uniform procedures for the classification, acceptance, and withdrawal of acceptance of mechanical freight container seals”. The standard defines the various types of security seals and describes the performance requirements for each product type as well as details of testing specifications.
International Standard ISO 17712 replaced ISO's Publicly Available Specification (ISO/PAS) 17712 in September 2010. The Standard refined test procedures and added a technical specification for bolt seals. More importantly, the Standard added new test requirements for tamper evidence that apply to all seals that claim ISO compliance, regardless of type. Tamper evidence test certificatation goes into effect 1 March 2012, after an 18 month transition period.
General requirements stipulate that mechanical security seals must be:
- Strong and durable against weather, chemical action and undetectable tampering.
- Easy to apply and seal.
- Permanently and uniquely marked and numbered.
- Marked with an easily identifiable manufacturer's logo.
The standard has three major features, each of which requires documentation of compliance by properly accredited test laboratories or business process auditors; the labs and auditors must have ISO 17712 as the scope of competence.
1. Testing of physical strength (as barriers to entry).
2. Auditing of manufacturer's security-related business practises
3. Testing of a seal's ability to indicate evidence of tampering.
Physical strength. ISO 17712 defines three classes of seal strength or barrier capacity: "I" Indicative, "S" Security and "H" High Security; cargo security programs such as C-TPAT call for "H" class seals. Suppliers must use independently third party test laboratories to validate a seal's classification. Labs must be accredited according to ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories.
Manufacturer's security related business practises. Immature or careless security-related practices can undercut the effectiveness of the highest quality security seals. ISO 17712's Annex A (normative) defines more than two dozen required practices, such as maintenance of quality assurance programs (ISO 9001), facility risk assessment, seven year data retention programs for all seals, and access control to production and storage areas.
To demonstrate conformance with Annex A, suppliers must be audited by an independent process certification provider (such as an ISO 9001 auditor) accredited to audit conformance with ISO 17712.
No supplier can sell any seal as "ISO 17712 compliant" unless that firm has the proper independent certification that the firm's security-related business practices conform to Annex A. ISO 17712 is explicit: only firms in conformance with Annex A may place an "H", "S" or "I" class indicator on a seal.
Testing is a seal's ability to indicate evidence of tampering. The primary reason to use a security seal is to provide evidence of attempts to tamper the seal. In ISO 17712's tamper test procedures, laboratory tamper attempts must leave detectable evidence of tampering in each of the three tests; three successes earn a "Pass" grade but an "undetectable" result on any test generates a "Fail" grade for the seal. All classes of seals - "I", "S" and "H" - must earn"Pass" grades to qualify as 17712 compliant.
Tamper evident testing in ISO 17712 is a compromise to accomodate two valid but conflicting goals: providing specific common test procedures and not providing a public "cookbook" of ways to defeat security seals. The compromise presents a challenge to conscientious testing laboratories.
Improving user's seal management and effectiveness
Although the scope and focus of ISO 17712 is on the characteristics and performance of seals, the Standard's Annex A has information that may help seal users take a fresh look to improve the quality of security seal programs in their supply chains. You might think of Annex A as containing guidelines for effective management and use of seals - as tools, for example, which could help enhance measures related to C-TPAT and AEO programs.
As the table shows, security seals have their own life cycle, from design through manufacture, distribution, use and retention of seal data. Buyers and users have important roles to play in stages 4, 5 and 6.
Stage 4 is about user knowledge and discipline. As soon as a shipment of seals arrives, buyers and users should, we suggest, think of them as accountable assets. If buyers control and secure new seals and track the use of seal IDs, they reduce the risk of compromised seals and compromised shipment security. Protect unused seals from intruders and from unauthorized access by employees. In addition, train users in shipping facilities to correctly install and document seals.
Stage 5 is about user knowledge and discipline in the field, while seals are attached to containers, etc. This includes supply chain seal verification programs and procedures to deal with compromised or suspect seals. An effective seal program will establish a "chain of custody" for the seal and its shipment.
Stage 6 involves both physical and information issues. If a seal has been tampered with or compromised, supply chain risk managers among others may want the seal or its parts for forensic or insurance reasons. Stage 6 also addresses the care, use and storage of seal data; these may provide useful chain of custody pattern information for security and business managers.
Stages in the Life of a Security Seal *
1. Design Process
4. User control from receipt to application
5. In-transit management
* Adapted from Table A.1, ISO 17712: 2010
You may purchase copies of ISO 17712: 2010 from ISO itself or from many national standards bodies, such as AFNOR (France), ANSI (US) or BSI (UK).