RESTRICTED Crown Copyright Reserved JSP 440 D Def Sy/6/3 The Defence Manual of Security Volumes 1, 2 and 3 Issue 2 MINISTRY OF DEFENCE October 2001 By Command of the Defence Council THIS CD IS THE PROPERTY OF HER BRITANNIC MAJESTY'S GOVERNMENT, and is issued for the information of such persons only as need to know its contents in the course of their official duties. Any person finding this CD should hand it to a British forces unit or to a police station for its safe return to the MINISTRY OF DEFENCE, DDef Sy, St Giles Court, 1-13 St Giles High Street, LONDON WC2H 8LD, with particulars of how it was found. THE UNAUTHORIZED RETENTION OR DESTRUCTION OF THE CD MAY BE AN OFFENCE UNDER THE OFFICIAL SECRETS ACTS 1911-89. (When released to persons outside Government service, this CD is issued on a personal basis. The recipient to whom it is entrusted in confidence, within the provisions of the Official Secret Acts 1911-89, is personally responsible for its safe custody and for seeing that its contents are disclosed only to authorized persons.) i RESTRICTED RESTRICTED Crown Copyright Reserved This page intentionally left blank. ii RESTRICTED RESTRICTED JSP 440 THE DEFENCE MANUAL OF SECURITY: ISSUE 2 1. This manual comprises the following parts of JSP 440, the Defence Manual of Security: a. Issue 2 of Volume 1. The principles of protective security, the responsibilities of those concerned with applying them, and physical security policy. b. Issue 2 AL 11 of Volume 2. Personnel security policy including the vetting system, line manager responsibility and travel security. c. Issue 2 of Volume 3. Guidance and policy on the security of Communications and Information Systems (CIS). 2. The three volumes have been updated to reflect the organisational changes of the Security Structures Review (see Volume 1 Chapter 2 for further details), and in the case of Volume 2 the collocation of the Defence Vetting Agency at York. Issue 2 also incorporates a number of amendments to JSP 440 that have been issued to security staffs in the form of policy letters or separate security instructions. 3. These three volumes can be viewed on the MODWeb (http:/www.chots.mod.uk/admin_instructions/security/security.htm) and on connected MOD and single Service intranets. They are available on CD ROM for establishments that are not able to access the MODWeb and connected intranets. A limited number of hard copies of Issue 2 are being published, as requested by the Royal Navy and Army. Those using the hard copy version are warned that there will inevitably be a delay between the electronic publication of Issue 2, and publication in hard copy. This also applies to future amendments to Issue 2. 4. The publication of Issue 2 of JSP 440 represents the first step towards production of security policy guidance that will fully reflect the principles of delegated security risk management set out in the Security Structures Review. The rewrite of JSP 440 will be designated `Issue 3 JSP 440'. Issue 3 JSP 440 is not expected to be published (in electronic form) until 2003. In the meantime, interim guidance will be issued in the form of DSO Guidance Notes and Issue 2 will also be amended approximately at six-monthly intervals. The first four DSO Guidance Notes are included on the Issue 2 CD ROM; they are also published separately on MODWeb and are being placed in the Army Electronic Library. 5. Establishments and units should address any requests for further advice or interpretation in the first instance to their TLB Principal Security Adviser (see Volume 1 Chapter 2 for details). Should they wish to seek advice from Directorate of Defence Security staff, the following are the desk ­ level points of contact: 1 The original Issue 2 of Volume 2 was published during 2000 before the Security Structures Review was completed. RESTRICTED RESTRICTED Volume 1 Protective Security PhysSy(Gd/ROE) Tel: 020 721 80289 CHOtS: DDefSyPhys(Gd/ROE) Volume 2 Personnel Security Pers Sy 2 Tel: 020 721 83764 CHOtS: DDefSyPers Sy 2 Volume 3 IT Security Hd InfoSy(Pol) Tel: 020 721 83746 CHOtS: DDefSyHd InfoSy(Pol) 6. Suggestions for amendments to and comments on the Defence Manual of Security should be sent through TLB and Trading Fund Principal Security Advisers to the Directorate of Defence Security. 7. Requests for additional copies of the CD ROM should be sent to: DSDC(L)6a2 Defence Storage and Distribution Centre Mwrwg Road Llangennech Llanelli South Wales SA14 8YP John Cochrane J C COCHRANE Director Defence Security 26 October 2001 RESTRICTED RESTRICTED Personnel Security VOLUME 1 Issue 2 PROTECTIVE SECURITY MINISTRY OF DEFENCE October 2001 RESTRICTED RESTRICTED Personnel Security This page intentionally left blank. RESTRICTED RESTRICTED Contents VOLUME 1 ­ PROTECTIVE SECURITY CONTENTS Chapter 1. 2. 3 4 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. Principles of Security Security Responsibilities Risk Management Control and Carriage of Protected Documents Physical Security Security of Arms, Ammunition and Explosives Counter Terrorist Measures Spare Spare Spare Disclosure of Protected Information Contracts Security Security Education, Training and Awareness Security on Operations- Security Elements of Force Protection Spare National Caveats JSP 440 Volume 1 Issue 2 i RESTRICTED RESTRICTED Defence Manual of Security 17. 18. STRAP Security Guidelines (SANITIZED) Security Instructions For The Use of Unarmed Commercial Guard Glossary of Terms List of Abbreviations Index JSP 440 Volume 1 Issue 2 ii RESTRICTED RESTRICTED Principles of Security CHAPTER 1 PRINCIPLES OF SECURITY Chapter 01 Principles of Security 0101 0103 0105 0106 0107 0108 0109 0110 0111 0112 0113 0114 1A-1 1B-1 1C-1 1D-1 1E-1 Para Page The Definition of Protective Security The Security System Special Markings The Threat Espionage Sabotage Subversion Terrorism Non Traditional Threats Posed by Other Individuals or Organizations Components of Security Risk Precepts of Security Annex A Annex B Annex C Annex D Annex E Security Standards Descriptors Definitions of Levels of Espionage Threat Definitions of Levels of Terrorist Threat Defence in Depth JSP 440 Volume 1 Issue 2 1-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 1-2 RESTRICTED RESTRICTED Principles of Security CHAPTER 1 PRINCIPLES OF SECURITY The Definition of Protective Security 0101. Protective security is the protection of assets from compromise. Compromise can be a breach of: a. Confidentiality. The restriction of information and other valuable assets to authorized individuals (e.g. protection from espionage, eavesdropping, leaks and computer hacking). b. Integrity. The maintenance of information systems of all kinds and physical assets in their complete and usable form (e.g. protection from unauthorized alteration to a computer programme). c. Availability. The permitting of continuous or timely access to information systems or physical assets by authorized users (e.g. protection from sabotage, malicious damage, theft, fire and flood). 0102. In assessing integrity and availability, consideration must be given to both the direct and indirect consequences of compromise. For example, the theft of a personal computer may be of limited direct consequence as such equipment can be relatively cheaply replaced. The loss of the information contained on the computer may have significant indirect consequences, particularly if no arrangements have been made for backup storage of the information it contains. The Security System 0103. Assets are defined as "anything of value, either tangible or intangible that is owned or used by an organization or business". They can be documents and information; material such as buildings, equipment, valuables or cash; operating systems or personnel. Material assets can have different degrees of value, these are defined within the following protective markings: a. TOP SECRET. The compromise of TOP SECRET information or material would be likely to threaten directly the internal stability of the UK or friendly countries; to lead directly to widespread loss of life; to cause exceptionally grave damage to the effectiveness or security of UK or allied forces or to the continuing effectiveness of extremely valuable security or intelligence operations; to cause exceptionally grave damage to relations with friendly governments; to cause severe long-term damage to the UK economy. JSP 440 Volume 1 Issue 2 1-1 RESTRICTED RESTRICTED Defence Manual of Security b. SECRET. The compromise of SECRET information or material would be likely: to raise international tension; to damage seriously relations with friendly governments; to threaten life directly, or seriously prejudice public order, or individual security or liberty; to cause serious damage to the operational effectiveness or security of UK or allied forces or the continuing effectiveness of highly valuable security or intelligence operations; to cause substantial material damage to national finances or economic and commercial interests. c. CONFIDENTIAL. The compromise of CONFIDENTIAL information or material would be likely to materially damage diplomatic relations (i.e. cause formal protest or other sanction); to prejudice individual security or liberty; to cause damage to the operational effectiveness or security of UK or allied forces or the effectiveness of valuable security or intelligence operations; to work substantially against national finances or economic and commercial interests; substantially to undermine the financial viability of major organizations; to impede the investigation or facilitate the commission of serious crime; to impede seriously the development or operation of major government policies; to shut down or otherwise substantially disrupt significant national operations. d. RESTRICTED. The compromise of RESTRICTED information or material would be likely to affect diplomatic relations adversely; to cause substantial distress to individuals; to make it more difficult to maintain the operational effectiveness or security of UK or allied forces; to cause financial loss or loss of earning potential to, or facilitate improper gain or advantage for, individuals or companies; to prejudice the investigation or facilitate the commission of crime; to breach proper undertakings to maintain the confidence of information provided by third parties; to impede the effective development or operation of government policies; to breach statutory restrictions on disclosure of information; to disadvantage government in commercial or policy negotiations with others; to undermine the proper management of the public sector and its operations. 0104. When an asset merits a protective marking the appropriate levels of protection shown at Annex A are to be provided. The protective marking given to a document must be determined solely on the information it contains. It is therefore very important that the protective marking selected is correct. Special Markings 0105. Only those with a need to know, or need to hold, should have access to protectively marked information. When it is necessary to provide additional protection by reinforcing the "need to know" principle, special markings that restrict JSP 440 Volume 1 Issue 2 1-2 RESTRICTED RESTRICTED Principles of Security access should be used, normally in conjunction with a protective marking. Special markings consist of: a. National Caveats. National caveats exist for the additional protection of certain types of protectively marked UK material, e.g. UK EYES ONLY and CANUKUS EYES ONLY. Definitions of these and other caveats, and advice on their use, are given in Chapter 16. b. Descriptors. Descriptors help to implement the "need to know" principle by indicating the nature of the asset's sensitivity and the need to limit access accordingly. A list of MOD descriptors is at Annex B. c. Additional Markings. Additional markings may be required to ensure the special handling of some material to indicate particular aspects of ownership, issue or release, e.g. CODEWORD material. Further details are in Chapter 4. d. International Defence Organization (IDO) Markings. IDOs e.g. the North Atlantic Treaty Organization (NATO) and the Western European Union (WEU) and their member nations, use similar protective markings to the UK prefixed NATO or WEU as appropriate. Further details are in Chapter 4. The Threat 0106. The following paragraphs detail the five threats to security. Espionage 0107. Espionage is defined as "Attempts to acquire information covertly or illegally in order to assist a foreign power". Foreign intelligence services are continuously collecting information for intelligence purposes. They: a. Work mainly through agents who are either introduced into a country or recruited locally. Such agents in their search for targets may be expected to seek out those with human weaknesses who can be exploited particularly through corruption or blackmail. b. Mount technical operations such as eavesdropping, including telephone interception, interception of radio communications (SIGINT) and surveillance. No establishment is immune from attack. No one with access or potential access to protected assets is too unimportant to be cultivated either as a useful contact or JSP 440 Volume 1 Issue 2 1-3 RESTRICTED RESTRICTED Defence Manual of Security possible agent. Definitions of levels of espionage threat, including from SIGINT and extremists, are at Annex C. Sabotage 0108. Sabotage is defined as "An act falling short of a military operation, or an omission, intended to cause physical damage in order to assist a hostile foreign power or to further a subversive political aim". The following should be noted: a. Although sabotage on a major scale is likely only in the period immediately before or after the outbreak of war, it can be used as a means of advancing political causes. b. In peacetime agents of foreign intelligence services may select targets for future attack by trained, experienced saboteurs. c. Saboteurs may be capable of using highly sophisticated methods and their aim will be to disrupt essential communications, damage vital military installations, impede industrial production and lower national morale. d. In acts of terrorism, sabotage may be used for widely differing purposes ranging from attacking unimportant targets with the object of attracting publicity to the terrorists' cause, to damaging important installations as part of a major terrorist campaign. Subversion 0109. Subversion is defined as "Action designed to weaken the military, economic or political strength of a nation by undermining the morale, loyalty or reliability of its citizens". The threat from subversion stems not only from foreign intelligence services but also from members of organizations such as those based on anarchism, religious fanaticism, and extreme left and right wing ideologies. Organizations with these ideologies may try to acquire protectively marked information, not necessarily to give to a potential enemy, but to use it in a way that would bring the government in general into disrepute. Terrorism 0110. Terrorism is defined as "The unlawful use or threatened use of force or violence against individuals or property in an attempt to coerce or intimidate governments or societies to achieve political, religious or ideological objectives". It represents a world-wide threat and is characterized by sudden and violent attacks. Terrorist methods include murder, kidnapping, hostage-taking, hijacking of air, sea, road and rail transport, and attacks on people, buildings, aircraft and vehicles by JSP 440 Volume 1 Issue 2 1-4 RESTRICTED RESTRICTED Principles of Security small arms, mortars, bombs and mines. Definitions of terrorist threat levels are at Annex D. See also Chapter 7. Non Traditional Threats Posed by Other Individuals or Organizations 0111. Government assets are under threat from a variety of sources beyond those traditionally regarded as hostile or otherwise of significance in terms of national security. The responsibility for providing advice to counter non-traditional threats will not always lie with the security staff and may often be provided by the appropriate Service, MOD or civil police agency. The main threats of this type are posed by investigative journalists, pressure groups, investigation agencies, criminal elements, disaffected staff, dishonest staff and computer hackers. The types of threat from these sources can be categorized in six broad groups: a. Confidentiality. Compromise of politically sensitive information. This threat is presented by: (1) Pressure groups and investigative journalists attempting to obtain sensitive information. (2) Unauthorized disclosure of official information (leaks). b. Exploitation of Sensitive Information. Debt collection agencies and investigation agencies are known to attempt to obtain personal information held in confidence by government. Investigative journalists have exploited personal tax information; they also target commercial and financial information as do criminal elements seeking financial advantage. c. Theft, Burglary and Fraud. There is a growing threat of theft, particularly of IT equipment. Arms, ammunition and explosives are always at particular risk. Theft may occur through burglary or the actions of dishonest staff. Establishments responsible for the collection or disbursement of public funds are prone to fraud and there is an increasing threat of fraud through the manipulation of IT systems. d. Corruption, Destruction, or Unauthorized Access to, Computer Data. The integrity of data held on computer systems is under threat mainly from disaffected staff. Existing levels of programming expertise, the ready availability of malicious software, e.g. viruses, and the ease with which they can be deliberately or accidentally introduced, combine to create a substantial threat. It is apparent that some staff misguidedly interfere with or compromise systems. There is also a level of threat of damage resulting from JSP 440 Volume 1 Issue 2 1-5 RESTRICTED RESTRICTED Defence Manual of Security the actions of hackers - either those with legitimate access to systems or those without such access. e. Pressure Groups. Pressure groups for such causes as animal rights, nuclear disarmament and the environment will sometimes carry out demonstrations against MOD policy and activities. Although often confined to peaceful demonstrations, extremist elements can cause violent attacks on individuals and property, which can pose a threat as significant as terrorism. f. Criminal Damage. Employees, dependants, visitors or intruders can carry out criminal damage. g. Natural Disaster. Natural disasters are risks to the integrity or availability of facilities, buildings or equipment etc caused by such incidents as fire, flooding, subsidence, or lightning strike. Components of Security 0112. There are two different and interdependent parts of security: a. Security Intelligence. The collection of information and production of intelligence concerning the security threat. Plans to counter the activities of foreign intelligence services or subversive organizations and individuals must be based on accurate and timely intelligence concerning the identity, capabilities and intentions of the hostile elements. This intelligence is known as 'security intelligence'. It is derived from studying attempts to break through security controls, combined with knowledge gained from penetrating hostile organizations. One means of obtaining security intelligence is the investigation of breaches of security. Although security intelligence is a matter which is principally the concern of security staffs and security units, all personnel in the MOD, whether Service or civilian, contribute to it by the prompt reporting of suspicious activity. b. Protective Security - consists of: (1) Laws, Orders and Instructions. These measures range from the Official Secrets Acts to Establishment Security Standing Orders. (2) Physical Measures. Physical measures are the physical obstacles, which protect specific security interests. These range from perimeter defences such as fences and lighting to security containers. JSP 440 Volume 1 Issue 2 1-6 RESTRICTED RESTRICTED Principles of Security (3) Personnel Security Measures. The aim of personnel security measures is to ensure that only reliable and trustworthy persons have access to protected information. (4) Security Education and Training. The aim of security education is to ensure that all who work for the MOD, irrespective of access, understand both the threat and their general responsibilities for countering it. The aim of security training is to ensure that individuals who have specific security responsibilities as part of their normal employment are properly trained in their security duties. Security education and training is the responsibility of commanders and HOE at all levels. (5) Security Procedures. Security procedures include document handling, control of access, checks and audits. Risk 0113. Risk can be defined as "a future uncertain event" and is measured in terms of likelihood and impact. No amount of security measures can ever totally eliminate risk. The vulnerability of assets to threats must be reduced so that the likelihood of compromise or loss is reduced to an acceptable level. Over protection leads to a waste of resources and under protection leads to an unwarranted risk. Security measures selected must be balanced and cost effective in their application. Further details are in Chapter 3. The Precepts of Security 0114. The main precepts of security are: a. Command Responsibility. Whilst every individual who works for the MOD has a personal responsibility to promote and maintain security at all times, HOE are responsible for security within their establishments and commanders/heads of department have overall responsibility for security within their formations or departments. b. Need to Know. Knowledge of protected matters must be limited strictly to those who are security cleared to the appropriate level and who need such knowledge in order to carry out their official duties. c. Need to Hold. Protectively marked documents and material must only be retained by individuals who need them for the efficient discharge of their duties. JSP 440 Volume 1 Issue 2 1-7 RESTRICTED RESTRICTED Defence Manual of Security d. Defence in Depth. Effective protective security results from a carefully planned system of defensive security measures designed to protect information, material, personnel, activities and installations. These controls must form an interdependent and interlocking series of defences arranged in depth outward from the target. (A diagram is at Annex E). e. Make Sense. effective. Security measures must be practicable and cost JSP 440 Volume 1 Issue 2 1-8 RESTRICTED RESTRICTED Principles of Security ANNEX A TO CHAPTER 1 SECURITY STANDARDS Assets in each level of the protective marking system are required to be protected to a specific level of protection. The protective markings therefore provide a means of establishing the value of, and hence the level of protection to be afforded to, particular assets. These levels of protection are detailed below. TOP SECRET: Information and other assets should be held, processed, transmitted or transported and destroyed under conditions which ensure that only those who can be trusted with them and have been authorized gain access to them, that actual or attempted compromises will be detected, and those responsible will be identified. SECRET: Information and other assets should be held, processed, transmitted or transported and destroyed under conditions which make it highly unlikely that anyone without authorized access will, by chance or design, gain access to them, that compromise will go undetected or that those responsible will remain unidentified. CONFIDENTIAL: Information and other assets should be held, processed, transmitted or transported and destroyed under conditions which inhibit casual or wilful access by unauthorized people and which are likely to assist in the identification of compromises. RESTRICTED: Information and other assets should be held, processed, transmitted or transported and destroyed with discretion in order to avoid access by unauthorized people. JSP 440 Volume 1 Issue 2 1A-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 1A-2 RESTRICTED RESTRICTED Principles of Security ANNEX B TO CHAPTER 1 DESCRIPTORS 1. Descriptors may be helpful in implementing the "need to know" principle by indicating the nature of the asset's sensitivity and thereby helping to ensure that access is limited accordingly. Aside from PERSONAL, which by definition requires that the information is only made available in the first instance to the addressee, the descriptors will normally be used in conjunction with a protective marking. Used alone, descriptors may indicate who should see the material but do not of themselves impose any particular handling or level of protection. A list of MOD descriptors is below: a. APPOINTMENTS. Concerning actual or potential appointments that have not been announced. b. BUDGET. Concerning proposed or actual measures for the budget before they are announced. c. COMMERCIAL. Subject matter of actual or potential commercial value, the disclosure of which would prejudice a commercial interest. The rules for the use of this marking are given in Chapter 12. d. CONTRACTS. Matters concerning tenders under consideration and the terms of tenders accepted. e. CONTROL (or DS). Exercise papers for use only by control or directing staff. f. EXAMINATION. Subject matter relating to setting, marking or future examination papers. (For MOD use only). g. EXERCISES. Concerning orders and instructions pertaining to military exercise at home and abroad. h. HONOURS. Matters concerning military or civilian honours and awards. i. INTELLIGENCE. assessments. Concerning intelligence source material and JSP 440 Volume 1 Issue 2 1B-1 RESTRICTED RESTRICTED Defence Manual of Security j. INVESTIGATION. Concerning investigations into disciplinary or criminal matters. k. LOCSEN. Concerning locally sensitive information. l. MANAGEMENT. Management policy and planning matters, the premature disclosure of which would not be in the interest of the Ministry of Defence or the Services. m. MEDICAL. reports and records. Medical matters concerning individuals including n. OPERATIONS. Concerning orders and instructions pertaining to military operations at home and abroad. o. PERSONAL. Material only to be seen by the person to whom it is addressed. p. POLICE. Police matters concerning police operations and activities. q. POLICY. Concerning proposals for new or changed policy before publication. r. STAFF. Matters concerning the administration (e.g. confidential reports), discipline, security status and service of named or identifiable personnel. s. VETTING. Concerning matters pertaining to the security clearance of personnel. t. VISITS. Concerning details of visits by, for example, royalty, ministers or very senior staff. 2. Should additions to this list be sought, they should be addressed to D Def Sy through the security reporting chain. JSP 440 Volume 1 Issue 2 1B-2 RESTRICTED RESTRICTED Principles of Security ANNEX C TO CHAPTER 1 DEFINITIONS OF LEVELS OF ESPIONAGE THREAT The definitions and threat levels below are used by the Security Service when considering the threat from espionage, including SIGINT and Extremist threats. Grade Definition Intelligence shows that attacks against this target or the UK's interests in this location are a top priority for an individual, group or country that has a formidable degree of capability and effectiveness. Intelligence shows that attacks against this target or the UK's interests in this location are an important priority for an individual, group or country, which is capable and effective. Intelligence indicates that attacks against this target or the UK's interests in this location are high priority for an individual, group or country that has limited capability or effectiveness. SIGNIFICANT or Intelligence indicates that attacks against this target or the UK's interests in this location are a medium priority for an individual, group or country, which is capable and effective. Intelligence indicates that attacks against this target or the UK's interests in this location are a medium priority for an individual, group or country, which has a limited degree of capability and effectiveness. Intelligence indicates that attacks against this target or the UK's interests in this location are an unimportant priority for an individual, group or country, which has little capability. Intelligence indicates that attacks against this target or the UK's interests in this location are unlikely to be considered by an individual, group or country; or Intelligence indicates that an individual, group or country lacks both capability and effectiveness. VERY HIGH HIGH MODERATE LOW NEGLIGIBLE JSP 440 Volume 1 Issue 2 1C-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 1C-2 RESTRICTED RESTRICTED Principles of Security ANNEX D TO CHAPTER 1 DEFINITIONS FOR LEVELS OF TERRORIST THREAT 1. The definitions and terms for use in terrorist threat assessments have been agreed by ACPO for use by the civil police and national agencies. 2. These standard definitions are to be used by all those concerned in assessing the terrorist threat and implementing counter-measures in the MOD. Level 1 2 Term IMMINENT HIGH Definition Specific intelligence shows that a target is at a very high level of threat and that an attack is imminent. Specific intelligence, recent events or a target's particular circumstances indicate that it is likely to be a high priority and the target is at a high level of threat. Recent general intelligence on terrorist activity, the overall security and political climate of the target's general circumstances indicate that it is likely to be a priority target and is at a significant level of threat. A target's circumstances indicate that there is potential for it to be singled out for attack and it is at a moderate level of threat. There is nothing to indicate that a target would be singled out for an attack and there is a low level of threat. A target is unlikely to be attacked. negligible level of threat. There is a 3 SIGNIFICANT 4 MODERATE 5 6 LOW NEGLIGIBLE JSP 440 Volume 1 Issue 2 1D-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 1D-2 RESTRICTED RESTRICTED Principles of Security ANNEX E TO CHAPTER 1 DEFENCE IN DEPTH Official Secrets Acts 1911 - 1989 Perimeter Fences Patrols Guard Dogs Passes Security Areas Containers Keep Areas Need to Hold Protective Marking Locks Guards Information and Material Need to Know Strong Rooms Alarms Vetting Gate Control Protective Lighting Military Lands Act 1892 - 1903 Secure Rooms JSP 440 Volume 1 Issue 2 1E-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 1E-2 RESTRICTED RESTRICTED Security Responsibilities CHAPTER 2 SECURITY RESPONSIBILITIES Chapter 02 General Impact of Security Structures Review Responsibilities of Government Security Departments and Agencies Responsibilities in the Ministry of Defence Responsibilities of TLB Holders and Chief Executives of Trading Funds Responsibilities of Principal Security Advisers Categorisation of Establishments Security Surveys, Inspections and Audits Responsibilities of Command and other Security Staffs Responsibilities of the Head of Establishment (HOE) Responsibilities of the Establishment Security Officer Lodger Units Responsibilities of Security Units Other Security Appointments Reporting of Incidents Security Incidents ­ Mandatory Reporting to Ministers Security Investigations Disciplinary and Criminal Considerations Post Incident Analysis Action on Loss or Compromise and Levels of Authorization to Write Off Leaks of Official Information Waivers and Exemptions Security Responsibilities 0201 0203 0207 0212 0220 0221 0222 0224 0228 0229 0232 0233 0234 0235 0236 0237 0242 0245 0248 0249 0255 0261 Para Page JSP 440 Volume 1 Issue 2 2-1 RESTRICTED RESTRICTED Defence Manual of Security Other Security Related Responsibilities Amendments to JSP 440 Defence Manual of Security Annex A Annex B Annex C Annex D Annex E Annex F 0264 0270 2A-1 2B-1 2C-1 2D-1 2E-1 2F-1 Categorisation of Establishments and Security Inspections Guide to the Contents of Establishment Security Standing Orders Security Orders, Regulations and Instructions for Security Officers Security Incidents ­ Mandatory Reporting To Ministers Security Incidents ­ Mandatory Reporting To Ministers ­ Initial Report Signal Format Format of IMMEDIATE Signal Report of Suspected Loss or Compromise of Protectively Marked Material JSP 440 Volume 1 Issue 2 2-2 RESTRICTED RESTRICTED Security Responsibilities CHAPTER 2 SECURITY RESPONSIBILITIES General 0201. The Strategic Defence Review (SDR) of 1998 led to significant changes in the way the business of the MOD is conducted. As a result, in September 1999, 2nd PUS commissioned a review to examine the organisation of security in the department. The Security Structures Review (SSR) considered all aspects of security except policing, guarding and vetting. The results of the review were endorsed by the Defence Management Board on 25 January 2001 as DMB(00)12. DCI GEN 148/01 reported the outcome. 0202. This chapter describes the organisation, management and delivery of security in the MOD following the SSR. It sets out the delegations to Top Level Budget (TLB) Holders and Chief Executives of MOD Trading Funds (TFCEs), and the revised responsibilities of organisations and staff involved in determining security policy, those implementing policy, and those providing security support, advice and assistance. Impact of Security Structures Review 0203. A guiding principle of the SSR was that security is a core business issue and should be firmly embedded in management systems and processes of the Department with ownership of risk unambiguous, and aligned with budgetary authority and accountability. The management of security risk is to complement and mirror the application of corporate governance principles. 0204. Every individual who works for the MOD has a responsibility to promote and maintain security at all times. Directors, heads of divisions, chief executives of defence agencies/GOCOs and commanding officers/heads of establishments are specifically responsible for security within their directorates, headquarters, formations/stations, agencies/GOCOs or units/establishments and are responsible for accepting the risks arising from the risk management process. 0205. TLB Holders remain responsible for implementation of security measures in those Vote funded Defence Agencies for which they, or their senior staff, are Owners. Trading Funds will for security assurance purposes be treated in the same way as TLB Holders, and be held accountable to the Departmental Security Officer (DSO). 0206. Separate guidance is issued on revised responsibilities for dealing with the security of nuclear weapons and nuclear materiel. JSP 440 Volume 1 Issue 2 2-3 RESTRICTED RESTRICTED Defence Manual of Security Responsibilities of Government Security Departments and Agencies Cabinet Office 0207. The Prime Minister is ultimately responsible for national security advised by the Cabinet Secretary. The Official Committee on Security (SO) is chaired by the Cabinet Secretary and attended by Permanent Under Secretaries. SO is responsible for formulating policy on all aspects of security co-ordinated across government in consultation with departments carried out through sub-committees and working groups. The Cabinet Office provides the secretariat and draws the threads together, setting government protective security policy and standards which are promulgated in the Manual of Protective Security (MPS), after consultation with departments and after taking advice from the Security Service and the Communications Electronics Security Group (CESG). Security Service 0208. The Security Service is the UK authority for all aspects of security. It is the principal security adviser to government and is responsible for providing advice to departments and agencies and other organisations on the nature and levels of threats to security from espionage, terrorism and sabotage, and from the activities of those who seek to overthrow or undermine Parliamentary democracy by political, industrial or violent means. In order to counter such threats the Security Service provides advice and assistance on physical, personnel, document, IT and technical security measures and training for departmental staff. Communications-Electronics Security Group (CESG) 0209. The CESG of the Government Communications Headquarters is the National Authority responsible for all technical issues relating to the security of IT, communications, radar and other such systems, and radiation security. It is responsible for general and specific assessments of the threat of technical attacks on protectively marked information, including that held in IT systems. It is also the National Cryptographic Authority and the authority on the technical threat from SIGINT, hacking and malicious viruses etc. In meeting these responsibilities CESG publishes a wide variety of technical guidance, designs and approves encryption equipment, and produces keying material. CESG helps to formulate policy in this field and contributes to the overall threat assessments produced by the Security Service. Security Strategy Unit Technical Group (TG) 0210. Technical Group (TG), which operates within the Foreign and Commonwealth Office (FCO), is the National Authority for counter eavesdropping (CE). It is responsible for advising the Security Service on the technical aspects of CE and carrying out related work for the FCO and, in the UK, on behalf of the Security Service. JSP 440 Volume 1 Issue 2 2-4 RESTRICTED RESTRICTED Security Responsibilities Security Services Group (SSG) 0211. The SSG provides support to the MOD under a supply and services agreement. The SSG advisory service is free to MOD customers at the point of delivery while other SSG services are charged for on repayment terms. The service may be in response to specific requests from security staff for project management, installation, commissioning and/or maintenance of security equipment and control systems based on set standards. Applications for project support are to be made through PSyAs and Command security staff. They, in turn, may instigate SSG support through D Def Sy for the project. Establishments are not to make direct contact, in the first instance, with SSG. Responsibilities in the Ministry of Defence 0212. Overall responsibility for security in the MOD rests ultimately with the Defence Council and PUS is a member of the Official Committee on Security (SO). The Director General Security and Safety (DGS&S), is the DSO, responsible for overseeing the implementation and dissemination of protective security policy, the issue of guidance and for incident reporting. The DSO also contributes to the formulation of national security policy and is a member of SO sub committees dealing with information security (SO(IS)), and protective security (ICPS). As part of the process of security assurance required under corporate governance, DGS&S is required to submit an annual report as a Certificate of Assurance to the Defence Audit Committee (DAC). Role and Responsibilities of the Directorate of Defence Security 0213. A single headquarters policy and standards-setting division, the Directorate of Defence Security (D Def Sy), formed on 1 April 2001 reporting to the DSO. This new division has been created from the former Directorate of Security Policy (DSy(Pol)) and policy elements dealing primarily with industrial security matters and scientific and technical security advice from the former DHQSy division. The Directorate's responsibilities include the newly- created Joint Security Co-ordination Centre (JSyCC) to co-ordinate alerts and warnings of information security incidents, including electronic attacks. The JSyCC will provide a 24-hour/7 day week watch keeping capability. Its role is described at paragraph 0216. D Def Sy is responsible to the DSO for the formulation and promulgation of security policy for the protection of all MOD information, assets and personnel, including international security arrangements for the sharing of MOD information with other governments and with the Defence industry. 0214. D Def Sy has the following principal responsibilities: JSP 440 Volume 1 Issue 2 2-5 RESTRICTED RESTRICTED Defence Manual of Security a. Contributing to the formulation of government protective security policy and representing the MOD in interdepartmental and international discussions on protective security policy. b. Formulating and promulgating defence security policy, setting MOD security objectives and providing guidance on their implementation and resource implications. c. Primary responsibility for nuclear security matters (but on key issues will act only in concert with the Director of Nuclear Policy). d. Co-ordinating and providing advice to ministers, PUS and CDS on the political and presentational and legal aspects of protective security policy and security intelligence operations. e. Liaison with the Cabinet Office, Security Service, OGDs and the Civil Police on security policy issues. f. Developing security policy and providing security advice to companies holding MOD protectively marked assets or information. g. Advising DCDS(C) on defensive measures to counter the terrorist and extremist threats to MOD personnel and assets in Great Britain and, in consultation with the Counter Extremist Advisory Group (CEAG), setting the counter-extremist alert state for MOD establishments throughout Great Britain. h. Timely dissemination of security threat information relating to terrorist threats in Great Britain and overseas. i. Timely dissemination through the JSyCC of electronic threat information relating to the Department's information systems, covering both IT incidents and electronic attack. j. Oversight of the reporting and investigation of security incidents and leaks of official information by TLB Holders/TFCEs, with particular emphasis on the possible need to revise current security policy, and other remedial action. k. Serving as departmental focus for the application of UK policy for sensitive document handling and dissemination, and representing MOD on the STRAP management board. l. Enabling Risk Owners to establish the correct balance of risk to Information Systems by advising on security policy and the residual risk. JSP 440 Volume 1 Issue 2 2-6 RESTRICTED RESTRICTED Security Responsibilities m. Advice to MOD and to UK Defence Manufacturers on all technical security matters relating to the overseas release of military information; clearance of UK protectively marked equipment and information at UK and overseas defence exhibitions; and for review of Patent Applications and inventions notified by the general public. n. Support the DSO in identifying the MOD's security education and training needs and in contributing to the formulation of the policy to meet those needs. (Note: This reflects a responsibility placed on the DSO in the Manual of Protective Security. Exercise of this responsibility will have to take account of the Defence Training Review). o. Preparation of the annual DSO's report to the DAC, including tasking and collation of TLB Holder/TFCE reports and staffing of follow-up action required. 0215. D Def Sy is accountable through DGS&S to: a. DCDS(C) and thence to VCDS for the policy on the protection of MOD personnel and assets against terrorists and other extremists including the counter extremist Alert State. b. The Personnel Director and thence to 2nd PUS for all other aspects of protective security policy. Role and Responsibilities of the Joint Security Co-ordination Centre (JSyCC) 0216. The JSyCC acts as a focal point for information security intelligence. It maintains a central source of vulnerability and threat information, and promulgates summaries, alerts and rectification directives as necessary. The specific responsibilities of the JSyCC include: a. Collating progress reports against Threat Change Notices (TCN) and Vulnerability Rectification Directives (VRD). b. Receiving and collating incident detection information, liaison with the Unified Incident Reporting and Alert Scheme (UNIRAS) and the Federation of Incident Response and Security Teams (FIRST) for all IT related incidents, and determining the nature of response required. c. Arranging for, and supervising, any necessary external response where inappropriate to be carried out at unit level. d. Carrying out any necessary post-incident analysis. JSP 440 Volume 1 Issue 2 2-7 RESTRICTED RESTRICTED Defence Manual of Security e. Supervision of the overall information verification program including provision of generic software toolkits. f. Maintaining a central register of the Minimum Essential Defence Information Infrastructure (MEDII) element of the Critical National Infrastructure (CNI). g. Direct control of the verification activities associated with MEDII. h. Provision of MOD contribution to the National Infrastructure Security Co-ordination Centre's (NISCC) virtual organisation, and related aspects of the CNI protection programme. i. Provision of awareness and training relating to CIS threats, vulnerabilities, and incident handling. j. Liaison with similar organisations in UK Government, industry, allies, hardware manufacturers, software providers and the police. Defence Security Standards Organisation 0217. The Defence Security Standards Organisation (DSSO) was established under the DSO on 1 April 2001 to provide an independent security audit capability and a central source of advice on security implementation issues. The work of the DSSO will in future be integrated into that of the DAC to meet the requirements of corporate governance. The DSSO will include a centralised accreditation function for networked IT systems that cross TLB/TF boundaries. The responsibilities of the DSSO fall into two main areas: a. Accreditation. Provision of a centralised IT security accreditation service, acting as a single source for advice and expertise on MOD's increasingly networked IT systems. DSSO accreditors will advise business managers of the risks to their IT systems and how best to mitigate and reduce them. The decision to accept the residual risk will lie with the business manager in consultation with other stakeholders. If stakeholder interests conflict, resolution will be determined by either DG Info, ACDS (Ops) or CJO in accordance with established crisis response processes. b. Security Audit. Provision of an independent security audit capability to enable the DSO to certify that security policy is being implemented adequately and cost-effectively across the whole of MOD and its Trading Funds. DSSO auditors will focus on assessing the effectiveness of the integrated risk management process of the TLB Holder/TFCE. The precise methodology will be developed in partnership with TLB Holders/TFCEs in a series of pilot audits. Key areas to be addressed include: JSP 440 Volume 1 Issue 2 2-8 RESTRICTED RESTRICTED Security Responsibilities (1) (2) (3) (4) (5) Linkage of security risk to corporate objectives. Common terminology. Assessment by likelihood and impact. Dynamic review and reporting. Effective reaction. The formal audit process will draw upon the DSO's Annual Report to the DAC to determine the key themes to be examined. STRAP Administration 0218. There are plans for STRAP administration responsibilities currently carried out by STRAP Security Officers (STRAPSOs) to be re-brigaded under the DSSO. Pending implementation of this change the pre-SSR arrangements are to continue. Personnel Security Responsibilities 0219. Post SSR, arrangements for the exercise of personnel security responsibilities, including management of risk cases, have still to be finalised. In the meantime the following arrangements will apply: a. D Def Sy is responsible for Civilians in the Central TLB, DPA and Trading Funds and their non List X contractors, for List X industry (but TLBs are responsible for List X contractors employed at their sites), and for categories such as SCS and MDP managed centrally. b. The single Services are responsible for their Service personnel wherever they are employed, for Civilians employed in Service TLBs (except for categories managed centrally), and for contractors employed at their Service sites. c. The DLO and PJHQ are responsible for Civilians employed in their TLBs (except for categories managed centrally), and for contractors employed at DLO and PJHQ sites. Responsibilities of TLB Holders/Trading Fund Chief Executives 0220. Responsibility for the implementation and risk management of security policy and standards has now been formally delegated to TLB Holders by means of a single letter of delegation from PUS. Each TLB Holder is required to nominate a Security Risk Manager to advise the TLB on the balance between business needs and security requirements, taking account of affordability, and act as a TLB point of contact with JSP 440 Volume 1 Issue 2 2-9 RESTRICTED RESTRICTED Defence Manual of Security the DSO. They will form the membership of a new DSO advisory group, the DSO's Risk Managers Forum (DRMF). TLB Holders and TFCEs will be responsible for maintaining an audit trail of their risk management decisions, and for making a formal annual report to the DSO on the state of security in their TLB/TF. An extract from PUS's letter of delegation to TLB Holders is shown below: I look to you to ensure that Departmental security policy and standards set out in JSP 440 are implemented across your TLB. Your Principal Security Adviser (to be appointed by you) will support you and should be consulted whenever you are unclear about specific delegations or need more general advice. Should you or your Principal Security Adviser be unsure about the interpretation and exercise of the delegations or need specialist advice, you should consult the Departmental Security Officer. Specific Authority Authority for the implementation of Departmental security policy and standards (set out in JSP440 and other policy guidance) in your TLB. Authority to take necessary timely action on receipt of terrorist and other security threat alerts, and when necessary, the co-ordination of BIKINI Alert State and other countermeasures for all units/establishments in your TLB area. Authority to exempt units/establishments in your TLB area from compliance with armed guarding and other prescribed security measures, within the limits for variation set out in JSP 440 and other MOD policy guidance. Authority for accrediting IT systems that are delegated to you by the Departmental Security Officer (DSO). Authority to undertake a programme of assurance activities to verify internal security control processes. This will be subject to audit by the Defence Security Standards Organisation (DSSO). Responsibilities You should ensure that your decisions on security adhere to Departmental risk management guidelines. You should, in consultation with the DSO, appoint a Principal Security Adviser (PSyA) who will be your source of authoritative day-to-day advice. The PSyA should meet minimum core competencies and have received the appropriate training. The PSyA may be appointed from your TLB, or be provided from another, under agreed arrangements. He or she should consult the DSO for specialist advice when needed, including on any cross-TLB issues. You should nominate a `risk manager' to advise you on the balance between your business needs and the security requirements, taking account of affordability, and to act as the point of contact for the TLB with the DSO. You should invest in the necessary training and education to ensure that all staff in your TLB are adequately trained and have the right level of security awareness. You must agree an audit programme for your TLB with the DSO. You must submit an annual report to the DSO on the state of security in your TLB. JSP 440 Volume 1 Issue 2 2-10 RESTRICTED RESTRICTED Security Responsibilities Responsibilities of Principal Security Advisers 0221. The former Sector Security Authorities were abolished on 1 April 2001. In their place, TLB Holders and TFCEs are to appoint their own Principal Security Adviser (PSyA). The services of another TLB may be chosen to provide the relevant security advice but the responsibility and accountability for the application and maintenance of security in their area is vested in the TLB Holder/TFCE. The role of PSyAs is to provide corporate security advice to the Management Board of the TLB Holder/TFCE and oversight and direction of security across the TLB/TF. The following are specific PSyA responsibilities: a. Advice to the TLB Holder/TFCE and the Management Board on all security issues that have a corporate bearing on TLB/TF business. This includes advice on: (1) (2) (3) Interpretation of Departmental security policy. Evaluation of the security risk applicable to the TLB/TF. Implementation measures. b. Strategic oversight of security activity across the TLB/TF, ensuring compliance with policy as implemented within the context of risk-based security management. c. Representing the TLB/TF corporate interests in all security activity within the department, consulting with business units and agencies as appropriate. d. Providing the TLB/TF focal point for the DSO and D Def Sy. e. Liaison with other PSyAs and co-ordinating the sharing of security support activities. f. Liaison with the police and other security agencies in government and industry as necessary. g. Ensuring procedures for reporting and investigating security incidents are followed, where necessary conducting investigations. h. Ensuring security surveys and periodic inspections are carried out in all subordinated establishments. i. Undertaking a range of tasks associated with those IT systems that are specific to the TLB/TF, including accreditation, of those IT systems for JSP 440 Volume 1 Issue 2 2-11 RESTRICTED RESTRICTED Defence Manual of Security which the TLB/TF has been delegated responsibility, ensuring compliance with security requirements, and reporting IT security incidents. j. Development and implementation of revised structures as necessary to meet the full range of TLB Holder's/TFCE's responsibilities that flow from the Security Structures Review. k. Provision of security guidance to subordinate headquarters, units and establishments across the TLB/TF as necessary. l. Development of a security culture within the TLB/TF that is costefficient and makes use of best practice within the context of risk management as applied to business needs. Categorization of Establishments 0222. In order to determine priorities for the allotment of security effort, each establishment should be allocated a security category. Categorisation of MOD establishments will maintain a consistent baseline across the Defence spectrum and assist with the risk management process that will inform resource allocation decisions. It is, therefore, important that TLB Holders/TFCEs are able to give their establishments a security profile, assessed against common definitions. Details on the categorization of establishments are at Annex A. 0223. The categories into which establishments are placed must be reviewed at regular intervals and on the following occasions: a. On formation, reorganisation or amalgamation of an establishment. b. When significant changes occur in the role or organisation of an establishment or in the type of equipment held. c. When there is a major change in accommodation and guarding arrangements. Security Surveys, Inspections and Audits 0224. The following definitions apply: a. Survey. A detailed, pre-planned security examination carried out by a specialist team to examine, report and make recommendations on the protective security requirements of an establishment. JSP 440 Volume 1 Issue 2 2-12 RESTRICTED RESTRICTED Security Responsibilities b. Inspection. A periodic, on-site review of compliance with security orders, regulations and instructions, conducted by a security team tasked by the TLB Holder/TFCE that owns the risk at the establishment concerned. c. Audit. An independent review by the DSSO of the systems and structures in place to support the TLB Holders'/TFCEs' security risk management processes. 0225. TLBs/TFs are required to carry out a security survey when an establishment is first formed, is reorganised and changes its role, or on completion of major works services. The comprehensive survey report will be the baseline against which future protective security of the establishment will be measured. Additional security surveys may be conducted in response to special requirements as required by TLBs/TFs. 0226. A new regime has been introduced to reflect the delegated responsibilities for security risk management and a more flexible approach managing all aspects of the changing threat. Threats to Defence establishments vary widely, as do their vulnerabilities. Although every establishment should be subject to periodic formal security inspection, the programme should reflect these differences. In determining the frequency of inspections for establishments within their area, TLBs/TFs will need to consider various factors. These will include: the criticality of the establishment's output in meeting MP objectives, the risk profile, the outcome of previous inspections and audits, turnover of key personnel and any mandated requirements. Security inspection reports will provide a major input into the DSO annual report to the DAC. TLB Holders/TFCEs may elect to supplement formal inspections by advisory visits and by the completion of security questionnaires. Further detail on inspections and guidelines for periodicity are at Annex A. Special Security Surveys 0227. In addition to the initial security surveys referred to above, certain establishments will require surveys of a specialist nature, for example counter sabotage surveys, air transport security surveys, aircraft physical security surveys and counter terrorist surveys. PSyAs and Command security staff are to arrange the frequency and implementation of these surveys to meet their needs. Responsibilities of Command and other Security Staffs 0228. Command security staff officers and responsibilities include security are responsible for: a. other staff officers whose Advice to their Commanders/Directors on all security matters. JSP 440 Volume 1 Issue 2 2-13 RESTRICTED RESTRICTED Defence Manual of Security b. The processing of security intelligence and the production of up-todate assessments of the threat to security. This includes the dissemination of threat assessments. c. The preparation and issue of security standing orders and instructions. d. The provision of assistance and advice, and the issue of instructions, to subordinate staffs and establishments on all aspects of security. This includes the planning, co-ordination and application of protective security measures throughout the formation including those for exercises and operations. e. Advising on the granting to establishments of waivers and exemptions from the baseline measures and mandatory standards of JSP 440 having first obtained authority from D Def Sy when this is necessary. f. Contributing to the Operational Security (OPSEC) staffing process for exercises and operations with particular reference to the formulation of the threat and recommendations for protective security measures. g. Tasking, and direction where appropriate, of security units. h. Ensuring the maintenance of a close liaison with the Civil Police and the co-ordination of security contingency plans when necessary. i. Action to ensure security incidents are investigated and that the procedures laid down for reporting and investigating breaches of security are followed. Security staff is responsible for ensuring that counter-compromise action is taken and for making recommendations on the security aspects of breaches to the Commander. Records and statistics concerning breaches should be kept to enable the state of security in the formation to be assessed and the adequacy of the existing security measures to be reviewed. j. Actioning Parliamentary Questions and Parliamentary Enquiries on matters relating to the implementation of security as directed by Min AF and copying the reply to Min AF and D Def Sy. k. Advice to the Commander, staff and establishments on security education and training, including its organisation and conduct. l. m. The provision of security support to sponsored organisations. Advice to the relevant staff on: JSP 440 Volume 1 Issue 2 2-14 RESTRICTED RESTRICTED Security Responsibilities (1) The security aspects of new projects and maintenance works services in the early planning stages. (2) Priorities for the issue and replacement of security furniture and equipment. (3) Requirements for works services arising from the recommendations of protective security survey and inspection reports. n. Regular review of the Developed Vetting Master List (DVML) of posts, where held. o. Contributing to the TLB/TF annual report to D Def Sy. p. Ensuring that security surveys and periodic inspections are carried out on all subordinate establishments. q. Ensuring close liaison is maintained at all levels with appropriate security units. Responsibilities of the Head of Establishment (HOE) 0229. HOE are responsible for all aspects of the security of the establishments under their command and control and for personally accepting the risks arising from the risk management process. 0230. The responsibilities of the HOE include bringing to the attention of all personnel specific aspects of protective security as detailed below: a. General. Personnel are to be reminded of: (1) (2) Their responsibilities under the Official Secrets Acts. The threat and their responsibilities in countering it. (3) The provisions of security standing orders. (Subjects that should be considered for inclusion in security standing orders are listed at Annex B). (4) The need for vigilance at all times. (5) The need to report all suspicious occurrences and anything which may lead to a breach of security without delay. JSP 440 Volume 1 Issue 2 2-15 RESTRICTED RESTRICTED Defence Manual of Security (6) The requirement to report all contacts with persons from countries to which special security regulations apply, and contacts with persons from other foreign countries which give rise to suspicion. (7) The need to report, well beforehand, proposed visits to or from countries to which special security regulations apply or travel in their controlled air, rail or shipping lines. (8) The requirement to ensure security approval exists for official visitors attending briefings, discussions or making use of establishment or site facilities and also contractors. b. On appointment to a post giving access to protected information. The aim is to ensure that all individuals whose duties include handling protected information: (1) Understand their security responsibilities. (2) Know the establishment system of custody and handling of protected information, documents and material necessary to carry out their duties. (3) Understand the principles of 'need to know' and 'need to hold'. (4) Are aware of the action to be taken on the loss or compromise of protected documents or equipment. (5) When a proposal to job share a security post is received the HOE should weigh the consequences of such sharing against the possibility of a loss of accountability or any weakening of responsibility for the control of either Physical, Documentary, IT or Personnel security. In the first instance the HOE should contact his own PSyA or Command security staff for advice. c. On specific occasions. The aim is to ensure that all Service and civilian staff are made aware of their responsibilities for security on the following occasions: (1) (2) Before taking part in operations. Before taking part in exercises. JSP 440 Volume 1 Issue 2 2-16 RESTRICTED RESTRICTED Security Responsibilities (3) Prior to travel, either on duty or leave, to or through countries to which special security regulations apply. This includes members of the reserve and officers of the cadet forces. (4) When on duty at open days, exhibitions, demonstrations, or trials of protected equipment in any official capacity, for example as guards, drivers, or exhibitors. (5) When attending courses which include foreign students. (6) At conferences, seminars and meetings to which foreign representatives are invited. Responsibilities of the Establishment Security Officer 0231. The HOE is to appoint an establishment security officer (ESyO) who is directly responsible to his HOE for the implementation of security policy. It is mandatory that the ESyO is correctly trained in his responsibilities and, unless already trained as a security officer, attends a security officers' course either prior to, or immediately after, assuming his appointment. 0232. The responsibilities of the ESyO include: a. Threat assessment and planning. Assessment of the threat to the security of the unit and the planning and implementation of counter measures. b. Security standing orders (SSOs). The production and promulgation of SSOs. A guide to the headings is at Annex B. c. Security education and training. The education of all personnel on the threat and their responsibilities for countering it and the training of individuals having specific security duties and responsibilities. d. Vetting register. The supervision of the establishment vetting register where applicable. The register is to include a list of posts in the establishment that require SC or DV security clearance, the name of the post holder, his/her clearance level, the expiry date and any limitation to the clearance. e. Security orders, regulations and instructions. Acquainting themselves with relevant current security policy, orders, regulations and instructions and advising the HOE on their implementation. References for security officers are listed at Annex C. JSP 440 Volume 1 Issue 2 2-17 RESTRICTED RESTRICTED Defence Manual of Security f. Protective security. The maintenance of protective security through systematic reviews, checks and inspections to ensure that: (1) The recommendations of security surveys and inspections have been implemented or that the security staff have been informed of the reason for non-compliance. (2) SSOs are comprehensive, understood and observed. (3) Security equipment such as PIDS, IDS and access control systems are functioning correctly. g. Initial investigations. breaches of security. Carrying out initial investigations into h. Reporting. Keeping the HOE informed on all matters affecting the security of the establishment. i. Security liaison. Liaison with the security staff, the local security unit and the local Civil Police. j. IT security. Where so appointed, ensuring the measures for IT security promulgated in Volume 3 of JSP 440 are fully instigated. k. Supervision. Ensuring that the holders of any subordinate security appointments are adequately briefed for their duties. Lodger Units 0233. Lodger Units will normally conform, in the first instance, to their own Security Regulations, but they are also responsible to those of the host establishment, whose HOE has a duty of care to ensure that security within the establishment does not fall below the standards set out in JSP 440 and his own single service or HQ Security Instructions. Where conformity is not possible deviations are to be noted in a written agreement between the host establishment and the lodger unit, endorsed by the PSyA of the host establishment TLB/TF and the chain of command of the lodger unit. In principle, security responsibilities must lie where they can best be exercised. If however the lodger unit has its own secure perimeter a different security regime may apply within that perimeter, if this is considered to be in the best interest of security. In the normal course, lodger units will, whenever possible, be subjected to security inspections and audits at the same time as the host establishment and these may, if appropriate, be conducted by the host unit security authority, even if the lodger unit is required to submit its own annual report or be subject to inspection. JSP 440 Volume 1 Issue 2 2-18 RESTRICTED RESTRICTED Security Responsibilities Copies of all inspection/audit reports will be forwarded to the chain of command of the lodger unit. Responsibilities of Security Units 0234. Security units (see Glossary) operate under the direction, as appropriate, of PSyAs and Command security staff. Security units undertake the following tasks: a. The provision of advice to the security staff and establishments, where appropriate, on factors affecting the threat assessment and on protective security measures. b. The acquisition of security intelligence. c. The collation of all security information to support and assist security intelligence operations. d. e. The provision of security advice and assistance to establishments. The investigation of security incidents, which may include: (1) Activities of foreign intelligence services involving espionage, sabotage, subversion, or terrorism. Such investigations are carried out in conjunction with the appropriate civilian agencies. (2) The loss or compromise of protectively marked material, in particular, documents and leaks of official information. (3) The loss or compromise of protectively marked or protected material, including records of combination lock settings and security keys. (4) The loss of arms, ammunition or explosives. (5) Certain aspects of criminal activity affecting security. Such investigations are conducted jointly, where appropriate, with the Service Police or MDP, in conjunction with the appropriate civilian authorities. f. Protective security surveys, and security inspections of establishments as directed by PSyA and Command security staff. g. The formulation of protective security plans for particularly sensitive establishments. JSP 440 Volume 1 Issue 2 2-19 RESTRICTED RESTRICTED Defence Manual of Security h. The maintenance of records and statistics. i. The provision of technical advice on security planning and where appropriate specialist resources for public occasions such as open days or Royal/VVIP visits. j. The provision of technical advice to the security staff in planning the protection of personnel. k. The vetting of locally engaged civilians overseas for access to official information. l. Where appropriate, the screening of persons for access to military areas and establishments. m. The provision of assistance to commanders, staffs and establishments in security education and training. n. o. Liaison with other Service agencies. Liaison with allied and civilian security agencies. Other Security Appointments 0235. According to the role, size, sensitivity and dispersion of an establishment, or grouping of establishments, other security appointments may be necessary. Where other appointments are made, co-ordination of security effort within an establishment remains the responsibility of the ESyO. Examples of other security appointments include: a. Branch Security Officer (BSO)/Unit Security Officer (USO). Where it is justified by size, dispersion or the existence of a specialized installation, BSOs/USOs should be appointed. In the case of a specialized installation, an officer with a knowledge of the specialist equipment should be nominated. b. Control Officer. Establishments which hold documents protectively marked TOP SECRET, and documents which require special handling such as those marked ATOMIC or ATOMAL, are to appoint a control officer who is to be personally responsible for the safe custody of and accounting for all such documents. Details are given in Chapter 4. c. IT Security Officer (ITSO). Establishments are responsible for appointing IT security officers as required by JSP 440 Volume 3. JSP 440 Volume 1 Issue 2 2-20 RESTRICTED RESTRICTED Security Responsibilities d. Project Security Officer. Personnel appointed to plan and oversee the implementation of the security measures required in the realization of major projects involving protectively marked information. e. Station Security Officer/Garrison Security Officer. Personnel appointed to co-ordinate the implementation of security measures across a number of establishments in a station or garrison area. Reporting of Incidents 0236. It is important that all Defence related suspected, attempted, or actual security incidents and weaknesses are reported to the appropriate PSyA and Command security staff. PSyAs and Command security staffs are to stipulate their requirements for upward reporting of incidents (losses, compromises, breaches, weaknesses and attacks) on their establishments. The following incidents are always to be reported to D Def Sy via the chain of command: a. Any terrorist act or incident likely to have had terrorist involvement (e.g. suspected recce of an MOD establishment). b. Incursions into MOD sites which involve a significant threat to the security of that unit or establishment. c. Significant losses or theft of arms or explosives and/or significant quantities of ammunition. d. All cases of suspected sabotage and other cases of malicious damage to assets where the damage would equate to that requiring the protective marking CONFIDENTIAL or above. e. Any loss or theft of documents or material, where espionage is thought to have been involved or where there is likely to be media, public or parliamentary interest, or embarrassment caused. f. Leaks of official information to the media. g. All instances of hacking into MOD CIS systems, and of significant damage due to destruction or corruption of information on MOD CIS systems, as a result of computer viruses to be reported to the JSyCC (see also JSP 440 Volume 3 Chapter 10). h. All personnel security cases involving appeals against denial or withdrawal of security clearances and any other personnel security cases likely to attract parliamentary and/or media attention or otherwise cause embarrassment to the MOD. Where appropriate, incidents should also be JSP 440 Volume 1 Issue 2 2-21 RESTRICTED RESTRICTED Defence Manual of Security reported to security units and the Service Police, MDP or Civil Police in accordance with single-Service instructions. Security Incidents - Mandatory Reporting to Ministers 0237. Guidelines on the reporting of security incidents that might attract public, Parliamentary or media attention and require involvement of Ministers are at Annex D. The instruction identifies which types of incident are to be reported to Ministers in an accurate and timely way, the methods to be used and contact telephone numbers. Particular attention is drawn to the requirement to include D Def Sy as an information addressee at all stages of the reporting process. The initial report signal format is at Annex E. D Def Sy is required to maintain data on all security incidents reported in order to provide a record of remedial action, particularly in relation to any need to amend security policy. 0238. Losses. For the purposes of reporting and investigation, losses are categorized as follows: a. Category 1. All TOP SECRET, COSMIC/ATOMAL ATOMIC and comparted information including Codeword material. Also COMSEC material (which means all documents, aids, devices or equipment, including CRYPTO material, associated with the securing or authentication of telecommunications). b. Category 2. SECRET (including NATO and other IDO) material. CONFIDENTIAL (including NATO and other IDO) c. Category 3. material. 0239. Aggregation. It is recognised that the aggregation of multiple losses of information at the Category 2 level could warrant that information being raised to the Category 1 level overall. PSyA and Command security staff should try and ascertain whether or not the losses in question fall into this category and, if they consider this to be the case, to inform D Def Sy. 0240. STRAP. The loss and/or compromise of STRAP material should be reported and investigated in accordance with the security regulations laid down in the STRAP Manual (JSP 440 Volume 5). 0241. Reporting. During working hours, incidents should normally be reported to the PSyA and Command security staff. For significant issues that occur outside core working hours, the MOD maintains an Information Security Duty Officer (ISyDO), which is a role fulfilled by members of D Def Sy or JSyCC staff. Some TLBs/TFs maintain a 24 hour Duty Officer who will be responsible for upward reporting to the JSP 440 Volume 1 Issue 2 2-22 RESTRICTED RESTRICTED Security Responsibilities JSyCC/ISyDO. Further details on incident reporting are contained in Chapter 11 of Volume 3. Security Investigations 0242. PSyA and Command security staff are responsible for the overall coordination of security investigations within their areas following submission of an immediate report, either by signal or e-mail, within 24 hours of the loss or compromise of the protectively marked material being confirmed or suspected (see Annex F) by the establishment concerned. Early initial reports to PSyA and Command security staffs allow a rapid judgement to be made as to the severity of the incident and minimise any delay likely to accrue in returning to normal working whilst any required security response takes place. It will also provide an opportunity to provide specialist advice and guidance to the establishment at which the incident occurred. After the immediate report has been sent, the following procedure should be followed: a. Initial report. An initial report should be submitted, in writing (either as a letter, signal or e-mail) to the appropriate PSyA and Command security staff, within 48 hours of the immediate report. b. Progress reports. Progress reports should be submitted, in writing to PSyA and Command security staff, within seven days of the immediate report, giving an update on the progress of the investigation. If the investigation is not complete when the first progress report is due, PSyA and Command security staff should be consulted on the frequency of future progress reports. c. Final report. The final report should be forwarded, in writing to PSyA and Command security staff, once the investigation is completed. It should be comprehensive and include recommendations for action to be taken. Notes: 1. Where a major security investigation is required, at least one member of any investigation team used must be aware of the requirements of the Police and Criminal Evidence Act (PACE). 2. In the case of the MDP, Service Police, members of the Intelligence Corps, RN Area Security Teams or regional RAF Provost and Security Services (P&SS), such knowledge can be assumed. In all other cases, staff acting as security investigators must be formally registered with JSyCC on behalf of the Departmental Security Officer (DSO). JSP 440 Volume 1 Issue 2 2-23 RESTRICTED RESTRICTED Defence Manual of Security 3. Minor breaches' investigations can be performed on behalf of the Head of Establishment by local security staffs. 4. All serious breaches are to be reported to D Def Sy. 0243. Care must be taken to assign an appropriate protective marking to all reports, and to use appropriate communications channels. Disciplinary and Criminal Considerations 0244 In addition some incidents may also involve disciplinary and criminal considerations. 0245. Malicious damage and theft. Deliberate damage to, and theft of, MOD assets are clear indications of a criminal act having occurred, and other than in cases where a serious breach of National Security has also occurred, the pursuit of such incidents will normally be through the MDP or Service Police as appropriate. 0246. Immediate incident report. Unless the criminal activity is detected whilst in progress, when MDP or Service Police as applicable should be contacted directly, in all other cases an Immediate Incident Report should be raised to the PSyA or Command security staff who will ensure that the appropriate Police authority is contacted. 0247. Physical infiltration. The physical infiltration of a MOD site by unauthorised persons should be dealt with by either local security staffs, through the MDP or Service Police as appropriate, as laid down in this volume and reported. Any collateral incidents (e.g. theft) should, however, be assessed against the guidance in this Chapter. Post Incident Analysis 0248. PSyAs and Command security staff are responsible for ensuring that copies of all final reports, about lost or compromised material, are sent to their originators or owners at the close of the investigation. They are also responsible for ensuring that any counter-compromise action is completed as necessary. The HOE is responsible for ensuring that an Aftercare Incident Report (AIR) is raised to the DVA for all instances where MOD or contractor personnel have been involved in either misuse of MOD resources and/or criminal activity. JSP 440 Volume 1 Issue 2 2-24 RESTRICTED RESTRICTED Security Responsibilities Action on Loss or Compromise and Levels of Authorization to Write Off Action to be Taken in the Event of Loss or Compromise 0249. When protectively marked material is presumed lost or believed compromised, it is important that the circumstances should be reported to the appropriate PSyA and Command security staff. Loss in Transit 0250. When material has been lost in transit between establishments, it is the responsibility of the dispatching establishment to take all the necessary action and, where appropriate, to inform the originator or owner of the material. Loss outside MOD Establishments 0251. Whenever protectively marked material is lost outside MOD establishments, the following urgent action is to be taken by the loser: a. Take all reasonable steps to effect recovery, e.g. by reporting the loss to the local security unit, the Civil Police, transport authority and lost property office as appropriate. b. Notify, by the quickest means, the ESyO of the dispatching, originating or parent establishment who will then follow the reporting procedure. Loss in Emergency Conditions 0252. When protectively marked material is lost under emergency conditions e.g. fire, flood, aircraft crash, disaster at sea, armed attack etc every reasonable effort is to be made to recover or account for any residue or debris. Authorization Levels to Write Off Losses 0253. Authority to write off lost material is as follows: a. Category 1. (1) All TOP SECRET ­ PSyA and Command security staff (at one star level). (2) All ATOMIC and Codeword - to be referred to the appropriate agency for approval. (3) COMSEC - An action copy of all CRYPTO losses should also be sent to the appropriate MOD HQ and Single Service Communications Authorities. JSP 440 Volume 1 Issue 2 2-25 RESTRICTED RESTRICTED Defence Manual of Security b. c. Category 2. Designated PSyA and Command security staff officers. Category 3. HOEs/COs/Directors. d. NATO and other IDO material of all categories are to be referred to the NATO Office of Security (NOS) for NATO material or the appropriate Security Office of the IDO concerned and copied to MOD DIS Sy (IDR). Note: Authority to write off losses, as stated above, is only given from a security standpoint. It in no way gives authorization to write off the sums of money that may be associated with losses. This is covered in JSP 414. 0254. Should PSyA and Command security staff consider any loss or compromise of such significance as to warrant attention by Ministers then D Def Sy should be informed immediately. Leaks of Official Information 0255. Leaks usually take the form of reports in the public media which appear to involve the unauthorised disclosure of official information (whether protectively marked or not) that causes political harm or embarrassment to either the UK Government or the Department concerned. Such disclosure may have been made either orally, whether deliberately or carelessly, or following the unauthorised sight or passage of a document. Information that is formally reported as lost to a security authority, and subsequently appears in the public media, should not be treated as a leak but judged to be a compromise of lost information and treated as a loss. 0256. First news of a leak may come direct from a journalist attempting either to verify the information obtained or wishing the Department or agency to know what access to official information has been gained. In the rare cases where this occurs prior to publication, it may be possible to seek an injunction to prevent publication. 0257. Leaks of official information are to be reported to the appropriate PSyA or Command security staff in the first instance. Where the leak is judged to be serious, the PSyA or Command security staff are to bring it to the attention of D Def Sy as soon as practicable, and within 24 hours if possible. The consequences of leaks of official information are considered serious when they undermine government policy or cause embarrassment to the government. Examples are: a. The premature leaking of information on Defence Estimates or other financial details. b. The leaking of MOD correspondence on issues that are controversial at the time. JSP 440 Volume 1 Issue 2 2-26 RESTRICTED RESTRICTED Security Responsibilities c. The leaking of details of overseas defence equipment negotiations prior to formal agreements being signed. 0258. The following factors need to be taken into account by the relevant PSyA or Command security staff in preparing to report the incident as a leak to D Def Sy: a. The medium/media and journalists (if known) concerned. b. The intrinsic importance of information leaked. (If there is any doubt as to whether or not the information is important, D Def Sy should be consulted for advice). c. d. e. How widely the information was circulated and in what form. Can a specific document be identified for the contents of the leak. The identity, if immediately apparent, of the source of the leak. f. Whether or not the Official Secrets Acts are believed to have been breached, if immediately apparent. 0259. In general there is likely to be advantage in pursuing a leak investigation in those cases where: a. b. c. A specific document can be identified from the contents of the leak; The authorised circulation of the leaked document was small; or It has been possible to take the decision to investigate promptly. 0260. D Def Sy, in conjunction with the relevant TLB/TF, will seek advice from the DSO as to whether the details of the case warrant an investigation by the PSyA, Security Unit, Service Police or MDP. This option must be considered before such an investigation is initiated since an investigation that may result in criminal proceedings must be conducted in accordance with the Police Codes of Practice. D Def Sy will take all necessary upward reporting action within the Department where a serious leak has been identified or is strongly suspected. Waivers and Exemptions 0261. The procedures relating to waivers and exemptions for IT and nuclear assets are described respectively in JSP 440 Volume 3 Chapter 1 and Volume 4 Chapter 1. For all other waivers and exemptions to JSP 440 Volume 1 the rules are detailed below. JSP 440 Volume 1 Issue 2 2-27 RESTRICTED RESTRICTED Defence Manual of Security 0262. The Baseline Measures for protecting the confidentiality of protectively marked information and material, and the physical security standards for the protection of arms, ammunition and explosives are mandatory. No material in this category is to be held if the mandatory standards are not met, unless a deviation in the form of a waiver or exemption has been issued by the appropriate authority. Waivers and exemptions can be granted by TLB Holders/TFCEs and CinCs on their own authority. Exemptions need to be referred to D Def Sy if they involve the assets of other government departments being placed at risk and therefore require Cabinet Office agreement. A list of waivers and exemptions is to be included in the TLB Holder/TFCE annual report to D Def Sy. 0263. Definitions of waivers and exemptions (other than for nuclear and IT assets) are: a. Waiver. A waiver is a risk management tool that allows rules to be waived, in extraordinary circumstances, for periods of up to one year, when it is judged that a temporary deviation will not result in any vulnerability being exploited. Accordingly, a waiver gives approval for the temporary deviation from the mandatory standards in circumstances where: (1) Essentially the same level of security is afforded and compensatory measures are not required; or, (2) A vulnerability has been created and acceptable compensatory measures have been applied; or, (3) A vulnerability exists and, despite the application of all feasible counter measures, remains extant. b. Renewal. If renewal of a waiver is approved, details are to be notified by the PSyA or Command security staff to D Def Sy. c. Exemption. An exemption is similar to a waiver but applies where there is a need for long-term dispensation. The likelihood of a vulnerability being exploited will increase with duration, frequency and predictability. Accordingly, an exemption will only give approval for the long-term deviation from the mandatory standards in circumstances where: (1) Essentially the same level of security is afforded and compensatory measures are not required; or, (2) All feasible compensatory measures have been taken and nothing more can be done. d. Review. Exemptions are to be reviewed every 5 years. JSP 440 Volume 1 Issue 2 2-28 RESTRICTED RESTRICTED Security Responsibilities Other Security Related Responsibilities 0264. It is necessary security staffs to be aware of the general state of security and the effectiveness of protective measures in their areas of responsibility. Within the chain of command this is achieved by such means as the receipt of security survey/inspection reports, the reporting of breaches of security and a close working relationship between the security staff, security units and ESyOs. It is equally important for the DSO to be able to monitor the overall state of security and the effectiveness of protective measures within the MOD as a whole. Relations with the Intelligence Staff 0265. Where appropriate, but particularly in Service HQs, the security staff should maintain close liaison with the intelligence staff. In overseas commands both security and operational intelligence assessments should normally be combined to give commanders a complete and balanced intelligence picture. Liaison 0266. In addition to normal staff liaison and inter-Service consultation (through local security and intelligence committees, where they exist), contacts are to be maintained at staff level with other national and international HQs and with appropriate local security organisations and civil authorities. In parallel with this, security staffs are to ensure that contacts between security units and the Civil Police are established and maintained. Contact with the Security Service and Metropolitan Police Special Branch (MPSB) is only to be carried out through D Def Sy unless authority has been previously been granted for direct contact. Financial Economy 0267. Recommendations for works services frequently involve high costs in materials and labour charges but, while the need for economy is recognized, this must not inhibit security units from making recommendations necessary to achieve proper security protection. It is the task of PSyA and Command security staffs to examine recommendations for security works services ensuring that only those that are justified on security grounds are given their support. Where high costs are involved, security staffs may require security units to suggest alternatives, with their advantages and disadvantages, to help determine the most cost-effective measures. Protection against the Threat 0268. It is the responsibility of PSyAs and Command security staff to make an assessment of the local threat from espionage, sabotage, subversion and terrorism to establishments in their areas of responsibility. They should give advice on the protection of establishments to include further precautions to be taken if the threat increases. Responsibility for ordering protective measures against terrorist attack is usually vested in the operations/security staff. The security staff is responsible for JSP 440 Volume 1 Issue 2 2-29 RESTRICTED RESTRICTED Defence Manual of Security providing assessments of the threat from terrorism, and for the planning and coordination of protective security measures to counter the threat. In Great Britain assessments are disseminated by D Def Sy. Overseas and in Northern Ireland, assessments are made and disseminated by commands except that in the case of HM ships visiting foreign ports the threat assessment at the time of the visit will be promulgated by signal by DI RA (Coord). (Chapter 7 gives details of counter terrorist measures). Key Points (KPs) 0269. The Director of Military Operations, through MO2, is responsible for the direction and staffing of KP policy. Single-Services are responsible for nominating their own KPs and passing details to the Joint Planning Staff (JPS (UK)). JPS (UK) collates these and forwards them, through the MOD KP Committee, to the Cabinet Office KP Committee for endorsement. Once endorsed, KPs are included in JPS (UK) KP Lists. Advice on the security measures at KPs is the responsibility of MOD, PSyAs and Command security staff. Specialist security units are responsible for conducting KP surveys. Responsibility for deciding on the criteria for selection of KPs abroad rests with CINCs, advice on their protection being given by the Command security staff and the local security unit (see Glossary). There will be a need for co-ordination of KPs protection plans in overseas theatres to take account of the requirements of all Service and civilian KPs. The principles governing sabotage planning and the protection of KPs are currently under review. Amendments to JSP 440 Defence Manual of Security 0270. If PSyAs, Command security staff, HOEs, ESyOs or security units feel that the policy or any of the instructions or guidance contained within this manual are inappropriate or incomplete and require deletion or amendment they are to inform D Def Sy, through their chain of command. D Def Sy will consider the matter and if appropriate, review the policy and take any necessary amendment action. JSP 440 Volume 1 Issue 2 2-30 RESTRICTED RESTRICTED Security Responsibilities ANNEX A TO CHAPTER 2 CATEGORISATION OF ESTABLISHMENTS AND SECURITY INSPECTIONS Introduction 1. The adoption of a combined matrix for categorization of establishments takes account of the full threat spectrum and Risk Impact Level. It facilitates a comprehensive approach to security inspections to include, where relevant, personnel, physical and procedural security measures within the GSE/LSE Inspection (GLI) of CIS installations within sites contained in Chapter 12 to JSP 440 Volume 3 Issue 2. This combined matrix is shown in outline below: Asset Category A1 A2 B1 B2 C1 C2 Risk Impact Level High Medium High Medium Medium Low Low Very Low Guarding Category P1 P2 P3 2. Categories A1-C2 relate to all aspects of the threat to the security of information and materiel (assets) and are based on the new definitions below. The combined matrix to be used in determining the risk profile of an establishment is produced by bringing together separate assessments on all aspects of the threats to information and material (assets), and on the threat to life posed by terrorism. The former involves selection of a category in the range A1-C2; the latter a category in the range P1-P3. In each case, the categories selected are consistent with the Level 2 matrix of Risk Impact Levels referred to in the Risk Management Guidance at Annex C to DSO Guidance Note No 2. JSP 440 Volume 2 Issue 2 2A-1 RESTRICTED RESTRICTED Defence Manual of Security Categorization Definitions 3. The definitions to be used in determining the categorisation of an establishment in relation to the threats to information and material (assets) are as follows: Category A1. (Risk Impact High). Establishments with a nuclear role and holding nuclear weapons or Special Nuclear Material (SNM). For example: See JSP 440 Volume 4. Category A2. (Risk Impact Medium High). Establishments holding assets or carrying out an exceptionally sensitive or critical role, the loss, disruption or compromise of which would cause exceptionally grave damage to the operational effectiveness or key business output of the TLB/TF or MOD. For example: Establishments, including branches of HQs, with an exceptionally sensitive or critical role; or whose main outputs depend upon processing information on a CL1 CIS system; or carrying out TOP SECRET research and development activity of major importance to UK defence capability. Category B1. (Risk Impact Medium). Establishments holding assets or carrying out a very sensitive or critical role the loss, disruption or compromise of which would cause serious damage to the operational effectiveness or key business output of the TLB/TF or MOD. For example: Establishments, including branches of HQs, with a very sensitive or critical role whose key outputs depend upon processing information on a CL2 CIS system; or carrying out SECRET research and development activity. Category B2. (Risk Impact Medium Low). Establishments holding assets or carrying out a role the loss, disruption or compromise of which would cause damage to the operational effectiveness or key business output of the TLB/TF or MOD. For example: Establishments, including branches of HQs, with a sensitive or critical role; or with a deployable operational role in a readiness cycle or having an essential force generation function; or whose key outputs depend upon processing information on a CL3 CIS system. JSP 440 Volume 2 Issue 2 2A-2 RESTRICTED RESTRICTED Security Responsibilities Category C1. (Risk Impact Low). Establishments holding assets or carrying out a role the loss, disruption or compromise of which would cause difficulty in maintaining the operational effectiveness or a key business output of the TLB/TF or MOD. For example: Establishments, including branches of HQs and units not included in Category A or B holding protectively marked information or equipment mainly at CONFIDENTIAL level or below with CL4 CIS systems that are not critical to key TLB/TF business or operational outputs. Category C2. (Risk Impact Very Low). Establishments holding assets or carrying out a role the loss, disruption or compromise of which would cause negligible damage and would not significantly degrade the operational effectiveness or a key business output of the TLB/TF or MOD. For example: Establishments, including branches of HQs and units not in Category A or B that do not hold protectively marked information or equipment above RESTRICTED level or full bore weapons. 4. Categories P1-P3 relate to the threat to life posed by terrorism and retain agreed pre-SSR definitions used to determine guarding criteria. These definitions are contained in Section VIII to Chapter 5. 5. The process of categorisation of establishments is to involve an assessment of both the establishment's asset and guarding risk impact level, producing a combined value, e.g. B2/P1. Individual establishments and lodger units within a large site should be assessed according to their individual assets and vulnerabilities. For example, the perimeter and Service living accommodation on a large site may be designated P1 for threat to life reasons and include a sensitive unit that requires a Category A2 rating. This does not mean that each and every establishment within the site need be accorded the same Category A2 rating, regardless of the activities conducted within its own discrete area. Where there is a specific area within an establishment that requires a higher category, e.g. an operations or communications centre, it may be categorised separately from the remainder of the establishment which may then be placed in a lower category for inspection purposes. Inspection Periodicity 6. Threats to Defence establishments vary widely, as do their vulnerabilities. Although every establishment should be subject to periodic formal security inspection, the programme should reflect these differences. In determining the frequency of inspections for establishments within their area, TLB Holders/TFCEs will need to consider various factors. These will include: the criticality of the establishment's output JSP 440 Volume 2 Issue 2 2A-3 RESTRICTED RESTRICTED Defence Manual of Security in meeting MP objectives, the risk profile, the outcome of previous inspections and audits, turnover of key personnel and any mandated requirements. Security inspection reports will provide a major input into the DSO's annual Certificate of Assurance. TLB Holders/TFCEs may elect to supplement formal inspections by advisory visits and by the completion of security questionnaires. The guidelines for inspection periodicity are shown below: Asset Category A1 A2 B1 B2 C1 C2 Risk Impact Level High Medium High Medium Medium Low Low Very Low Inspection Periodicity (years) 1 2 3 4 5 6 Guarding Category P1 P2 P3 Inspection Periodicity (years) 3 3 3 3 3 3 4 4 4 4 4 4 6 6 6 6 6 6 7. It will be for TLB Holders/TFCEs to determine the detailed form of the inspections conducted, adjusting the emphasis of the inspection to take account of the importance of the establishment's outputs to the TLB/TF, its risk profile and security history. Whenever practicable, however, a security inspection should in principle be holistic in approach, taking due account of all relevant aspects of physical, personnel and information security, including the procedural measures taken to protect assets and CIS systems on the site concerned. 8. TLB Holders/TFCEs may opt to arrange inspections at more frequent intervals than given in the above matrix, in accordance with their risk management and resource decisions. If they elect to inspect establishments in a given category at intervals greater than the periodicity indicated in the matrix, TLB Holders/TFCEs will be required to provide an audit trail and rationale for the decision as part of the process of their reporting of security assurance and subsequent audit. 9. For many establishments, the guidance periodicity for asset and guarding categories will differ. It will be for TLB Holders/TFCEs to schedule the inspections programme so that both asset and guarding elements are inspected satisfactorily. As a guide, when asset and guarding category periodicities differ, the asset category periodicity should be taken as the driver for the conduct of comprehensive inspections, and the guarding category periodicity for supplementary inspections of relevant CT measures. For example TLB Holders/TFCEs might choose to schedule these additional JSP 440 Volume 2 Issue 2 2A-4 RESTRICTED RESTRICTED Security Responsibilities CT inspections around the mid point between comprehensive inspections. following examples illustrate the options that are open to TLB Holders/TFCEs: The a. An establishment is categorised B1/P2, giving periodicity for inspections of 3 and 4 years. The TLB Holder/TFCE might choose to merge the two categories and carry out a combined inspection between the 3 and 4 year points. Alternatively, the TLB Holder/TFCE might choose to conduct all aspects of security inspection at the 3 year point, and carry out a supplementary CT-orientated inspection at the 4 year point. b. An establishment is categorised C2/P2, giving periodicity for inspections of 6 and 4 years. The TLB Holder/TFCE might choose to adhere to the guideline periodicity, or to advance the CT inspection to the 3 year midpoint between holistic inspections. JSP 440 Volume 2 Issue 2 2A-5 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 2 Issue 2 2A-6 RESTRICTED RESTRICTED Security Responsibilities ANNEX B TO CHAPTER 2 GUIDE TO THE CONTENTS OF SECURITY STANDING ORDERS The headings given below are a guide to the items to be considered for inclusion, as appropriate, in security standing orders (SSOs). The list is not exhaustive as there are normally local matters to be included, nor is it intended to be a guide as to layout which should be arranged to enable parts to be issued as notices or for particular appointments. Unit Security Organisation 1. Details of establishment security officers (showing name, establishment appointment and telephone numbers). Include details of any other officers with security responsibilities such as IT security officers and those responsible for overseeing the security aspects of contracts and contractors. 2. Include a general statement of their specific security responsibilities for: a. Control of arms, ammunition and explosives (including privately owned weapons such as shotguns). b. c. Safeguarding vehicles and equipment. Safeguarding protectively marked documents and material. Control of Access 3. Control of access by: a. b. c. Gate controls. Passes and permits. Patrols and guards. 4. Handling of visitors, cleaners, contractors, public utility employees, and tradesmen. 5. 6. Handling of trespassers. Security area controls. JSP 440 Volume 1 Issue 2 2B-1 RESTRICTED RESTRICTED Defence Manual of Security 7. 8. 9. 10. Key control. Temporary vacation of offices. Locking up and inspection of offices. Operation of alarms. Security of Information 11. Orders for and method of promulgation of: a. b. c. d. Establishment postal address. `Need to know' principle. Security warnings. Use of copying and electronic equipment. e. Reporting of contacts with nationals of countries to which special security regulations apply and the intention to travel in these and certain other countries. f. g. h. j. k. l. m. n. Reporting suspicious incidents. Reporting of losses of identity cards, passes and permits. Reporting of rumours. Pen/tape friendships. Amateur radio activities including Citizen Band radio. Use of privately owned cameras in restricted areas. Communications with press and broadcasting organizations. Release of information. Security of Communications 12. 13. Telephone security. Radio security (procedures, use of codes). JSP 440 Volume 1 Issue 2 2B-2 RESTRICTED RESTRICTED Security Responsibilities Security of Documents 14. Instructions for: a. b. 15. Protected document registers (nominated and supervising officers). TOP SECRET control (if required). Control of distribution, messenger service, and dispatch. 16. Removal of documents from offices, carriage of documents by hand at home and abroad with particular attention to the crossing of international frontiers by casual couriers with protectively marked documents. 17. 18. Review, destruction, weeding and downgrading of documents. Checks and musters of documents and files. 19. Reporting of and searching for missing documents, and action on loss or compromise of protectively marked documents. 20. 21. Action to be taken on finding protectively marked documents. Orders to be specially published to cover: a. Control of security containers, keys and combination lock settings. b. Minimum standards for the protection of protectively marked documents. c. d. e. f. Operation of duplicators and copying machines. Control of typing. Destruction of protectively marked documents and waste. Emergency destruction of documents. g. Ranks and appointments authorized to produce protectively mark documents. Security of Weapons, Equipment and Material 22. Protection and inspection of weapons, protectively marked equipment and material. 23. Security of armouries. Control and issue of arms, ammunition and explosives, and orders for storage and movement. JSP 440 Volume 1 Issue 2 2B-3 RESTRICTED RESTRICTED Defence Manual of Security 24. Reporting loss, compromise or finds of protectively marked equipment, arms, ammunition and explosives. Security of Information Technology Systems 25. 26. 27. 28. 29. Security operating procedures. Physical security. Technical security. Document security. Personnel security. Security of Personnel 30. Maintenance of establishment vetting register. Security Education and Training 31. Education of all ranks and civilian staff. 32. Training of clerical staff, protectively marked equipment storemen, and arms storemen in their security procedures. Security on Exercises or Operations 33. Planning, organization, and briefing. (See also Chapter 14). 34. Restrictions on, and control of, protectively marked material taken on exercises or operations. 35. Security of information and documents, particularly: a. b. c. d. e. f. During loading and unloading of office vehicles. Guarding of documents. Control of access. Careless talk. Reporting of suspicious incidents. Searching of vacated areas. JSP 440 Volume 1 Issue 2 2B-4 RESTRICTED RESTRICTED Security Responsibilities g. h. 36. Telephone security. Radio security (procedures, use of codes). Security of arms, ammunition and explosives. Contracts Security 37. Security regulations for contractors. (See also Chapter 12). JSP 440 Volume 1 Issue 2 2B-5 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 2B-6 RESTRICTED RESTRICTED Security Responsibilities ANNEX C TO CHAPTER 2 SECURITY ORDERS, REGULATIONS AND INSTRUCTIONS FOR SECURITY OFFICERS 1. Security officers at all levels must acquaint themselves with current security directives. They must also be aware of the sources of reference and guidance on security matters contained in the publications detailed in this Annex. It is not expected that all of the publications will be held, but security officers should be aware of the existence of the documents. 2. Documents applicable to all security officers. a. Queen's Regulations for the Royal Navy, Army or Royal Air force (as applicable). b. Manual of Naval Law (BR 11) - Manual of Army Law or Manual of Air Force Law (as applicable). c. JSP 440 - The Defence Manual of Security (DMS) Volumes 1 - 5. d. Royal Navy, Army or Royal Air Force supplements (as applicable) to JSP 440. e. f. Human Rights Act. JSP 406 ­ Guidance to the Data Protection Act. g. Defence Council Instructions and other administrative instructions (to include CONFIDENTIAL issues). h. i. Technical Grading Committee lists. Command and establishment security standing orders. j. JSP 205 - Directory of Subscribers to Secure Voice Systems. (To be superseded by DCSA Publication 16 - BRAHMS/BRERE/STUII/STUIII secure speech systems. k. m. Tempest regulations. Table X - Release of UK Classified Military Information. JSP 440 Volume 1 Issue 2 2C-1 RESTRICTED RESTRICTED Defence Manual of Security n. IDO regulations: (1) C-M(55)15 (Final) - Security within the North Atlantic Treaty Organisation, Volumes I and II. (2) C-M(64)39 - Draft agreement for co-operation regarding ATOMIC information. (3) C-M(68)41 (5th Revise) - Administrative arrangements to implement the agreement between the parties to the North Atlantic Treaty on co-operation regarding ATOMAL information. (4) C-M(71)27 (Revised) (including AC/35-WP/75) - Special Procedure for the Handling of US-SlOP Information. (5) ACP 122 - Handling of ATOMAL Information within Classified Communication Centres, NATO supplement 2. (6) CENTO/C/13D5 - Parts I to IV. (7) AC/35-D/1006 (Revised) - Guidance on the Conduct of Inspections by NATO Component Security Authorities (8) ACO 130 (Revised 1999) - Rules for the Handling and Release of Information Marked ATOMIC. o. 3. Other documents that may be specified in JSP 440. Documents for Royal Navy security officers only. a. b. c. c. d. e. f. BR 8988. Ships Standing Orders. BRN 01/17 - Manual of Naval Signals Intelligence. FLAGOs. Fleet Engineering Orders. CB 03329 - Security of Classified Material. Fleet Temporary Memoranda. 4. Documents for Army security officers only. a. BWO 01/1 - Instructions for the handling of CRYPTO. JSP 440 Volume 1 Issue 2 2C-2 RESTRICTED RESTRICTED Security Responsibilities b. c. d. 5. AGAIs (60974). Div/District/Bde Standing Orders. Unit Documentation Manuals. Documents for RAF security officers only. a. b. c. d. e. f. g. AP 3087; Manual of Security Education. AP 3392; Manual of Personnel Administration. PAM(Air) 58; A Guide to the News Media. PAM(Air) 150; Introduction to Security. CD 1167. CD 1155; Communications Doctrine. RAF GAls. h. BAM/01/2; Instructions for the handling of COMSEC material in the RAF. JSP 440 Volume 1 Issue 2 2C-3 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 2C-4 RESTRICTED RESTRICTED Security Responsibilities ANNEX D TO CHAPTER 2 SECURITY INCIDENTS - MANDATORY REPORTING TO MINISTERS Scope 1. There is a requirement to staff reports on security incidents to Ministers in an accurate and timely way to ensure that security incidents which might attract public, Parliamentary or media attention are brought to their notice. This instruction identifies which types of incident are to be reported and the methods to be used. Advice can be sought at any stage from the appropriate TLB/Chain of Command, who should be informed immediately that an incident has occurred. Types of Security Incident 2. Security incidents falling into any or all of the following categories are to be reported to Ministers: a. Incursions onto MOD sites which involve a significant1 threat to the security of the unit or establishment. (e.g. if a significant asset is compromised, even if temporarily). b. Incursions onto MOD sites where there has been a significant failure of security measures. c. Incursions which are likely to attract media, public or parliamentary attention. d. Any incident where espionage, terrorism or sabotage is thought to have been involved (except in NI, where procedures laid down in CDS's Directive to GOC NI will be followed (i.e. incidents are reported in a dual system, firstly to MO2 by HQNI G3 (Ops) and then relayed up the Chain of Command as necessary and additionally by either HQNI, Sec(HSF)3 or D Policy to Ministers, verbally in the first instance with a follow-up written report if required by Ministers' Private Offices, with D Def Sy as an information addressee. e. All losses or theft of arms/explosives or significant quantities of ammunition. 1 It is not possible to define "Significant" more specifically. It is a matter of judgement but advice may be sought from the appropriate TLB PSyA/Chain of Command Security Staff or D Def Sy. JSP 440 Volume 1 Issue 2 2D-1 RESTRICTED RESTRICTED Defence Manual of Security f. Any loss or theft of information where there is likely to be media, public or parliamentary interest, or embarrassment to the Department. g. All leaks of official information. h. All instances of intrusion into or malicious electronic attack on MOD IT Systems from external sources. j. All instances of intrusion into or malicious electronic attack on MOD IT Systems from external sources. k. All instances where significant damage results from the destruction or corruption of information on MOD IT Systems, as a result of malicious software e.g. viruses, worms or trojan programmes. l. Personnel security cases where there is likely to be media, public or parliamentary interest, or embarrassment to the Department. (In many incidents the personnel security aspect will not become apparent until an investigation is under way and it is likely therefore that the incident will initially fall within one of the criteria described above). Responsibilities 3. Responsibility for staffing reports to Ministers rests with the TLB/Chain of Command which should take the lead consulting, as necessary, the Security Staff and Civil Secretariats which must also be involved, and D Def Sy. (The exception to this is HQ LAND where the Command Secretary will lead). However, the following exceptions to this staffing arrangement apply: a. Northern Ireland. Civil Secretary HQNI or Sec HSF 3 (consulting MO2 as necessary). b. Nuclear Security. The TLB/Chain of Command responsible is to make the report except for the specific areas of nuclear security below: (1) Nuclear Weapon/Material Movements (including incidents at staging posts - D Nuc Pol/AD NAR. (2) (3) Nuclear Assets at Sea (i.e. out of port) - NS(Sec). AWE ­ DPA NW IPT. It should, however, be noted that separate reporting instructions are set out in JSP 440 Volume 4 covering Terrorist threats to nuclear assets, under Codeword BINGHAM and where such incidents have a safety dimension additional reporting under Codewords TOPSTAR, PRIMROSE or LIABLE remains unchanged. JSP 440 Volume 2 Issue 2 2D-2 RESTRICTED RESTRICTED Security Responsibilities c. Security at USAF Bases in GB. DAS 3b(Sec). d. MOD Police Operations and Organisation. The MDP is not a Security Authority, but when security incidents involving MDP personnel take place, the reporting TLB/Chain of Command is to liase with MDP Secretariat to ensure that the MDP involvement is fully covered. Early liaison with the MDP Secretariat will ensure that only one Ministerial submission is prepared. MDP Sec is equally responsible for liaison with the appropriate TLB/Chain of Command before making a Ministerial submission. e. Security Involving Defence Contractors (List X). D Def Sy. f. Personnel Vetting Cases. CE/DVA. DVA will consult PSyAs and Security Staffs and Secretariats who may lead if the decision on a case was taken outside the DVA. 4. Any cases of doubt regarding responsibility should be referred to D Def Sy in the first instance. Procedures 5. In order to alert the security system that an incident has occurred and to provide subsequent monitoring of it, there are four steps outlined below which are to be followed. D Def Sy is to be an information addressee on all reports/submissions and is able to provide advice at any stage of an incident or during the reporting process. Step 1: Initial Report 6. An initial report, usually by telephone, is to be made to MOD as soon as is practicable after a security incident. This will allow early notification of Ministers and appraisal of the degree of importance of the incident to take place. TLBs/Chain of Command should decide who should make this report; however reports should not be delayed. This is particularly important in the case of a major incident (e.g. a terrorist attack or large incursion to an establishment). Contact details are: General Incidents (terrorism, extremism, espionage etc) Working hours: D Def Sy Phys (Non Tech/Threats), MB 84815/020 7218 4815. Out of hours: CDSDO, MB 88850/020 7218 8850. Documentary Losses JSP 440 Volume 1 Issue 2 2D-3 RESTRICTED RESTRICTED Defence Manual of Security Working hours: D Def Sy InfoSy (Pol)1, MB 83994/020 7218 3994. Out of hours: CDSDO, MB 88850/020 7218 8850. IT Incidents Working Hours: D Def Sy InfoSy (Tech), MB 84505 or 87811/020 721 84505 or 87811. Out of hours: Duty IT Sy Officer Via MDP 01371 85 4444. Nuclear Weapons/Material Movements During Moves: D Nuc Pol/NAR Ops, MB 86763/020 7218 6763. During Overnight Stops at Staging Posts: CDSDO, MB 88850/020 7218 8850. 7. The initial report is to be followed as soon as possible by a written report, normally by signal, in the format at Annex H. The relevant TLB/Chain of Command is to decide whether this is sent by the unit/establishment concerned or by the TLB HQ. Step 2: Ministerial Submission 8. Ministerial submissions should normally be made within 24hrs and are to expand on the information given in the initial written report. They should be made direct to PS/Minister(AF) and copied to: APS/SofS PS/PUS DGS&S D Def Sy PS/Minister(DP) PS/2nd PUS MA/DCDS(C) D Nuc Pol ACNS and NS(Sec) JSP 440 Volume 2 Issue 2 2D-4 } } } } Where the Defence Procurement Agency is involved. Where civilian staff are involved. Where operational matters are concerned. Where nuclear involved. } facilities/materials/weapons are All incidents. RESTRICTED RESTRICTED Security Responsibilities ACGS via ASD 1 }Where single Service matters are concerned. ACAS and DAS 3b Sec } MA/CDL CCMDP D News Where DLO matters are concerned. Where MDP officers are involved or based. All incidents (sensitive details may be excluded). Step 3: Progress Reports 9. Progress reports may be required, depending on the seriousness of the incident and directions given by Ministers following the initial report. D Def Sy will agree with the TLB/Chain of Command concerned whether these are needed, at what frequency they should be submitted and their distribution. This process will ensure that lessons from any incident are identified as early as possible and used to amend or develop policy and/or procedures. It will also ensure that Ministers are kept fully informed. Step 4: Final Report 10. A final report may be submitted once the incident is closed and following discussion between D Def Sy and the TLB/Chain of Command concerned. This may take the form of a submission to Ministers, depending on the outcome of the investigation. It should include any specific recommendations for alterations to security policy or procedures arising from the investigation of the incident. JSP 440 Volume 1 Issue 2 2D-5 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 2 Issue 2 2D-6 RESTRICTED RESTRICTED Security Responsibilities ANNEX E TO CHAPTER 2 SECURITY INCIDENTS - MANDATORY REPORTS TO MINISTERS - INITIAL REPORT SIGNAL FORMAT (Text in italics is for completion by originator) From: Unit/ establishment or TLB/Chain of Command HQ To: Info: MODUK Chain of command(including PSyA and Security Staff) Others as required SIC: YAL/Y2G IMMEDIATE Precedence: Protective Marking: RESTRICTED (as a minimum) SECURITY INCIDENT ­ INITIAL REPORT 1. 2. 3. 4. Date, time and place of incident. Brief details of incident. Persons/property involved (if known). Organisation(s) conducting the investigation. 5. Presentational aspects, including known media interest and suggested lines to take. 6 7. 8. Any immediately apparent conflict with extant security policy. Expected date/time of submission to Ministers. TLB/Chain of Command POC. JSP 440 Volume 1 Issue 2 2E-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 2 Issue 2 2E-2 RESTRICTED RESTRICTED Security Responsibilities ANNEX F TO CHAPTER 2 FORMAT OF IMMEDIATE SIGNAL REPORT OF SUSPECTED LOSS OR COMPROMISE OF PROTECTIVELY MARKED MATERIAL The report is to state: a. b. What has been lost. Its protective marking (including caveats and descriptors). c. Its originator or sponsor, date of origin, reference number, title or subject and copy number. d. An assessment of whether compromise is certain, probable, possible or unlikely. PSyAs or Command security staff will inform the sponsor in order to obtain an assessment of the effect of compromise. e. Although the major cause of losses is carelessness, the reporting officer may nonetheless, by virtue of his inquiries, have formed an opinion that espionage or subversion is or may be involved. When this is the case, or where no further action is intended, a brief summary of circumstances surrounding the loss is to be given, together, where appropriate, with the full names and service or staff numbers of those involved. Where names are given the signal is to be protectively marked at the appropriate level and is to include the descriptor STAFF. f. Corrective measures to prevent a recurrence (if appropriate at this stage). g. Whether or not further action is intended. JSP 440 Volume 1 Issue 2 2F-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 2F-2 RESTRICTED RESTRICTED Risk Management CHAPTER 3 RISK MANAGEMENT Chapter 03 General The Theory of Risk Management Risk Management Practice Annex A Annex B Annex C Risk management Para Page 0301 0302 0303 3A-1 3B-1 3C-1 Record for Steps 1, 2 and 3 of Risk Management Process. Record for Steps 1, 2 and 3 of Risk Management Process ­ Example. Universal Baseline Measures. JSP 440 Volume 1 Issue 2 3-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 3-2 RESTRICTED RESTRICTED Risk Management CHAPTER 3 RISK MANAGEMENT General 0301. Risk management provides the method for conducting the protective security process. It is the means to ensure that the security measures adopted to counter the threats posed to assets reduce the likelihood of compromise to an acceptable level but are not greater than are warranted by the asset's value. It is a common sense methodology to enable the selection of appropriate and cost effective security measures. The main elements are: a. Deciding what assets need to be protected and how valuable those assets are. b. Deciding what threats are posed to the assets and how vulnerable they are to them. c. Reviewing and adapting existing security measures to ensure that they: (1) Meet mandatory security requirements known as baseline measures. (2) Provide an acceptable level of risk that compromise will not take place. d. Examining overall security procedures on a regular basis to make sure that they provide a sensible and economic interrelationship. e. The process is to be documented at establishment level and the records retained so that any future changes to asset values, vulnerabilities and threats can be accommodated. JSP 440 Volume 1 Issue 2 3-3 RESTRICTED RESTRICTED Defence Manual of Security The Theory of Risk Management 0302. The theory of risk management is shown below: Stepdd List Assets Step 7 Total Security Review Step 2 Determine Asset Values Step 1 Step 5/6 Review existing security methods against risk and implement necessary changes Step 3 Identify Threats Step 4 Identify Vulnerabilities Risk Management Practice 0303. The following is an explanation of the steps given in the above diagram: a. Step 1. List All Valuable Assets. The risk management methodology can be applied to any asset to which the HOE attaches value. These could be information, physical assets and even peoples' expertise. It is mandatory for these assets to be listed in the manner shown at Annex A: (1) Information. JSP 440 Volume 1 Issue 2 3-4 RESTRICTED RESTRICTED Risk Management (a) Protectively marked documents. (Document, as defined in the Glossary, includes maps, view foils, IT storage media, etc). (b) Equipment confidentiality. that merits protective marking for (c) IT systems giving access to protectively marked information. In addition to requirements for protecting the information, as such, these will also require protection as physical assets. They are subject to approved system security policies (SSPs) and security operating procedures (SyOPs). Further detail is in Volume3. Information Technology. (2) Physical Assets (a) (b) (c) (d) (e) (f) Arms. Ammunition. Explosives. Dangerous drugs. Toxic substances. Public funds. (g) Any physical asset the compromise of which would cause serious damage to the operational effectiveness of the establishment e.g. aircraft, ships, AFVs or an essential IT system or command and control centre. (3) People (a) Service personnel and MOD employees working in the establishment. (b) Dependants living within the establishment. (c) Visitors to the establishment (e.g. students attending courses or contractors working on a project). b. Step 2. Determine Asset Values. Using the protective marking definitions at paragraph 0103 of Chapter 1 decide the protective marking JSP 440 Volume 1 Issue 2 3-5 RESTRICTED RESTRICTED Defence Manual of Security category for each asset taking into account compromise of confidentiality, integrity and availability. Consider both the direct and indirect consequences of compromise. Where there are a number of assets of the same type and protective marking, take into account their aggregated value, e.g. Would the information contained in a large number of CONFIDENTIAL documents, held in a single file, require the protective marking of SECRET if that information was condensed into a single document? Physical assets which require to be listed (e.g. arms, ammunition and protected equipment) are unlikely to carry protective markings but must be treated, for security purposes, as though they were protectively marked. c. Step 3. List both Types and Levels of Threat. Against each asset group (such as information) list the type(s) of threat (e.g. espionage or theft) and the threat level as defined in Annex D to Chapter 1 or in the case of terrorism Annex E to Chapter 1. An example of a completed record that might be made by an establishment for Steps 1 to 3 of the Risk Management Process is at Annex B. d. Step 4. Identify the Vulnerability of Assets. Consider any vulnerabilities of the asset itself e.g. that it radiates sensitive information and is therefore vulnerable to intercept. Also consider vulnerabilities in the existing security arrangements. Usually this will be carried out with the assistance of professional security personnel. Aspects to be considered include: (1) Perimeter security e.g. access control and effectiveness of security fences. (2) Internal security e.g. intruder detector systems (IDS), security furniture, procedures such as the disposal of protectively marked waste and arrangements for the movement and storage of arms, ammunition and explosives. (3) Personnel security e.g. escorting of visitors and vetting and supervision of relevant staff. (4) Communications and technical security e.g. security of photocopiers and computer systems. e. Step 5. Review existing Security Counter-measures for Confidentiality and implement necessary changes to achieve Baseline Measures. JSP 440 Volume 1 Issue 2 3-6 RESTRICTED RESTRICTED Risk Management (1) Stage 1. For all assets where confidentiality is a concern it is necessary to apply any measure required to achieve the security standards set out at Annex A to Chapter 1. In order to achieve a common and acceptable standard of protection throughout the Government Service at each level of the protective marking system, certain baseline measures are mandatory. The following baseline measures are to be applied when confidentiality is at stake: (a) Universal Baseline Measures. These are the general preventative measures that form a normal part of good management practice e.g. implementing relevant health and safety legislation. A list of universal baseline measures is at Annex C. (b) Control and Carriage Baseline Measures. The mandatory standards for the control and carriage of protectively marked assets are given throughout Chapter 4 and at Annex C to Chapter 4. As these baseline measures are set for a "Low" threat, it may be necessary to add additional measures if the threat is higher than "Low". (c) Physical Security Baseline Measures. The mandatory standards for the physical protection of assets are arrived at by following the matrix of options and menu of measures at Annexes A and B to Section 1 of Chapter 5. (d) Counter-eavesdropping Baseline Measures. The mandatory standards for protection against eavesdropping are covered in Chapter 27 of Volume 3. (2) Stage 2. Having noted the relevant baseline measures and standards of security, review existing security counter-measures and decide if they are excessive, adequate or inadequate in relation to the threat. If excessive, consider whether funding or resources can be saved by reducing them sensibly while still maintaining the desired level of security. If wholly adequate, do no more. If inadequate, then the assets are at an unacceptable degree of risk. A decision is required on what to do to reduce the risk to an acceptable level. This may be achieved by either introducing suitable counter-measures to bring the level of security up to the baselines or by reducing the risk in some other way such as transferring the most valuable assets to a site with a higher degree of security. JSP 440 Volume 1 Issue 2 3-7 RESTRICTED RESTRICTED Defence Manual of Security f. Step 6. Review existing security counter measures for integrity and availability and implement necessary changes to achieve mandatory standards. (1) Stage 1. For all assets where integrity or availability are a concern, it is necessary to consider how to achieve the standards of security set out at Annex A to Chapter 1 as they can be related to the value of the asset. In order to achieve a common and acceptable level of protection the following standards are mandatory: (a) Universal Baseline Measures. The universal baseline measures at Annex C are to be applied. (b) Arms, Ammunition and Explosives. The mandatory requirements for the protection of arms, ammunition and explosives given in Chapter 5 are to be applied. (c) Nuclear Assets. The mandatory requirements for the protection of nuclear assets given in the Defence Manual of Security Volume 4 are to be applied. (d) Dangerous Drugs, Toxic Substances and Public Funds. Those mandatory security requirements for the protection dangerous drugs, toxic substances and public funds that form part of current, MOD or single-Service instructions are to be applied. (2) Stage 2. Having noted the relevant baseline and mandatory levels and standards of security, review existing security countermeasures in the manner described at para 0303e(2) above and take action accordingly. In some cases the measures designed to protect confidentiality may provide or contribute to protection for integrity and availability. However, usually integrity and availability can best be safeguarded by making suitable contingency plans e.g. by making regular backup copies of information vulnerable to loss of availability. Where an asset has a clear monetary value, cost benefit analysis techniques will help to decide how much it is worth spending to protect it. g. Step 7. Total Security Review. Conduct a general review of counter-measures against threats and vulnerabilities to ensure that the overall result meets mandatory standards, is cost effective and that the HOE is prepared to accept any remaining residual risk. Also ensure that the key facts JSP 440 Volume 1 Issue 2 3-8 RESTRICTED RESTRICTED Risk Management and decisions in the risk management analysis have been recorded to enable audit in the future. 0304. Follow Up Action. Risk management is an ongoing process. The ingredients: asset values, threats, vulnerabilities, risks counter-measures and the degree of risk that is acceptable do not remain static. The risk may vary over time requiring changes in protective security. Any risk management process must therefore be sensitive to changes and should be reviewed by the ESyO whenever a significant change takes place and annually. JSP 440 Volume 1 Issue 2 3-9 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 3-10 RESTRICTED JSP 440 Volume 1 Issue 2 Record for Steps 1, 2 and 3 of Risk Management Process Asset group/type Asset (Note 1) C Value (Note 2) I A Quantity (Note 3) Listing (Note 4) Location (Note 5) C Aggregate Value (Note 6) I A Threat type/level (Note 7) ANNEX A TO CHAPTER 3 Information Documents Equipment IT Systems RESTRICTED Risk Management RESTRICTED Physical Arms Ammunition Explosives Dangerous drugs Toxic substances Public funds Operational effectiveness 3A-1 People MOD employees Dependants Visitors RESTRICTED Defence Manual of Security Notes on completion of record for steps 1, 2 and 3 1. Note 1 - Asset. List assets in general terms under the appropriate asset type heading, for example the "Arms" asset type might show just 2 entries "small arms" and "support weapons". In the case of documents it is only necessary to show "TOP SECRET", "SECRET", "CONFIDENTIAL", "RESTRICTED" if documents with any of those protective markings are held. For IT systems state only the project name and PC for personal computers. 2. Note 2 - Value. Show the protective marking for each asset under the appropriate headings of Confidentiality (C) Integrity (I) Availability (A). In the case of documents or other material, it is probable that only the 'C' column would be completed, where as for equipment or IT systems the 'I' and 'A' might have a protective marking value. For example although an IT system might only store information protectively marked up to RESTRICTED, the damage that might arise following the corruption or non availability of vital data might warrant a higher protective marking under 'I' and 'A'. Unless physical assets have an aspect of confidentiality such as a weapon that is CONFIDENTIAL, their value should be recorded under 'A'. All arms, ammunition, and explosives are to be allocated the protective marking SECRET, unless such as in the case of nuclear weapons their value might be TOP SECRET. 3. Note 3 ­ Quantity. State only the approximate quantity e.g. for CONFIDENTIAL DOCUMENTS ­ `200-250' or an IT system ­ '12 Terminals'. 4. Note 4 ­ Listing. State the register in which the assets are recorded if a record is held. In the case of SECRET or TOP SECRET protectively marked documents, equipment and material show `MOD Form 102' and relevant volumes. As CONFIDENTIAL and RESTRICTED are not recorded state `Not Recorded' for any such holdings. Likewise for Physical Assets, give the record if one is kept such as `Arms Register'. 5. Notes ­ Location. Give a very general statement of where the asset is normally held or worked upon e.g. for Arms ­ `Armoury' or RESTRICTED documents ­ `all buildings'. 6. Note 6 ­ Aggregate Value. If the compromise of the full collection of assets of a particular type would cause greater damage than the compromise of a single asset, state the aggregate value under the headings Confidentiality (C), Integrity (I) and Availability (A). For example, the compromise of the total holdings of SECRET documents might cause damage in confidentiality to the value of TOP SECRET. If the aggregation of items would not increase their compromise damage from that shown in the value column, enter the same protective markings as that of the Value column. 7. Note 7 ­ Threat Type/Level. Insert threat type e.g. Theft and level e.g. MODERATE. Guidance for threat levels can be found in Annexes C, D and E to Chapter 1. JSP 440 Volume 1 Issue 2 3A-2 RESTRICTED RESTRICTED Risk Management ANNEX B TO CHAPTER 3 RECORD FOR STEPS 1, 2 AND 3 OF RISK MANAGEMENT PROCESS EXAMPLE Asset group/type Asset (Note 1) Value (Note 2) C Information Documents TOP SECRET SECRET S T S 2 12 MOD F102 Vol 1-4 40-60 C RESTRICTED R Not listed Equipment IT Systems Ptarmigan CASH UNICOM PCs C S R R C R R C C R R 5 Terminals 21 Terminals Physical Arms Small arms S 650-700 Arms Register Armoury S Theft/Low -"-"HQ+bldg 5 & 7 R R R 5 Sets 1 Terminal MOD F102 IT REGISTER Building 3 HQ building HQ building C S C R R C C R 500-600 Not listed Most buildings R MOD F102 Vol 1 Strong room (Strong room (2IC office (Int cell HQ building S Data Corruption/ Med T S S Espionage/Low Leaks/Med I A Quantity (Note 3) Listing (Note 4) Location (Note 5) Aggregate value (Note 6) C I A Threat type/level (Note 7) CONFIDENTIAL Theft/Med Support wpns S 25-30 Arms Register Trg S Ammunition Small bore S 250-270K Ammo Register Ammo Store S All natures S 6-7000 Ammo Store S Explosives PE S 10-12 lbs Ammo Register Explosives Store S Dangerous drugs Toxic substances Drugs None Funds - C R small £3-4K Explosives Register MO Register HQ Building Med Centre C R JSP 440 Volume 1 Issue 2 3B-1 RESTRICTED RESTRICTED Defence Manual of Security Asset group/type Asset (Note 1) Value (Note 2) C I A Quantity (Note 3) Listing (Note 4) Location (Note 5) Aggregate value (Note 6) C I A Threat type/level (Note 7) Public funds AFVs B Vehicles Operational effectiveness MT MT People MOD employees Individuals working in establishment 850-875 UNICOM C R C R 101 71 AB 562 sub-unit offices S Vehicle Park Vehicle Park C S C 2xMesses Accn blocks A&B Jnr Ranks Club Offices N/A Terrorism/Low N/A 250-275 Dependants Individuals living in establishment 30-50 Visitors Individuals visiting establishment Guardroom register UNICOM N/A JSP 440 Volume 1 Issue 2 3B-2 RESTRICTED RESTRICTED Risk Management ANNEX C TO CHAPTER 3 UNIVERSAL BASELINE MEASURES 1. MOD organizations must comply with all relevant legislation including: a. b. c. All health and safety legislation. All fire acts. All relevant building acts. d. Any legislation concerned specifically with the safeguarding of information and assets. 2. MOD organizations are to comply with current counter terrorist guidelines, appropriate to the terrorist threat. 3. MOD organizations handling protectively marked information must adhere to interdepartmentally agreed technical standards where relevant, such as in computer and communications security. 4. MOD organizations are to take all reasonable steps to ensure that security considerations are taken into account in the design of information systems. 5. MOD organizations are to respect all international obligations to protect assets to a required level. 6. MOD organizations are to take reasonable steps to ensure that new buildings are designed to reach reasonable standards of security and that the same standards of security are achieved when existing buildings are adapted. (The appropriate British standards provide useful guidance). 7. MOD organizations are to ensure that all valuable assets are kept in environmentally suitable conditions. 8. MOD organizations are to ensure that all staff receive adequate education in the application and relevance of protective security measures and in their own protective security responsibilities in order to raise their level of awareness of the importance of security issues. 9. MOD organizations releasing protected assets outside Government service must ensure that the assets concerned are at no greater risk than if they were being JSP 440 Volume 1 Issue 2 3C-1 RESTRICTED RESTRICTED Defence Manual of Security held by a Government department or agency. The conditions necessary to satisfy this requirement must form part of a contract or be included in a legally binding confidentiality agreement. 10. MOD organizations are to ensure that those handling protected assets are made aware of the level of protection required. Usually this will be by marking the asset but sometimes this may not be possible. Where protected assets are released outside Government service, holders must also be given guidance about how to achieve the required level of protection. 11. MOD organizations are to consider the need for a contingency plan in the event of an emergency. 12. MOD organizations are to ensure that people are accommodated and work in conditions which protect them from any likely threat. JSP 440 Volume 1 Issue 2 3C-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents CHAPTER 4 CONTROL AND CARRIAGE OF PROTECTED DOCUMENTS Chapter 04 Para Control and carriage of protected documents Section I. Control of documents General Preparation of protectively marked documents Copy numbering of reproduced documents Security warning notice Authorization for typing and/or reproduction of protectively marked documents Registration and filing Recording location, movement and disposal of protected documents Maintenance of files/folders and other covers containing protectively marked documents Production/reproduction of TOP SECRET and SECRET documents Security of user-held copiers JSP 440 Volume 1 Issue 2 4-1 04001 04003 04007 04008 Page 04009 04011 04013 04022 04023 04029 RESTRICTED RESTRICTED Defence Manual of Security Safe custody of material used in the production or reproduction of protected documents Destruction Disposal of unwanted documents Downgrading of information Methods of destruction Kraft paper sacks for burning/pulping protected waste Spot checks Musters Section II. Transmission of protected documents Baseline measure General Files Packaging Methods of transmission Approved methods of transmission Restrictions on display of national caveats on envelopes Use of window, transit and self-sealing envelopes Sealing - general High security tape JSP 440 Volume 1 Issue 2 4-2 04056 04057 04059 04060 04061 04062 04063 04064 04065 04066 04033 04034 04035 04040 04041 04042 04044 04055 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Keepsafe security envelopes Approved security seals and ties Receipting Opening and examination of envelopes, packages, bags, etc Boxes, pouches, etc Despatch of protected documents to private addresses in Great Britain Despatch of other mail to private addresses in Great Britain Addressing of mail to private addresses (including civilian firms) in Northern Ireland and the Republic of Ireland Transmission of mail to addresses overseas via diplomatic bag Transmission of mail to British Forces Post Office (BFPO) addresses Transmission of mail to foreign governments and foreign-based defence contractors Despatch of protectively marked documents to UK defence contractors Transmission of mail to private addresses overseas Transmission of mail to HM Ships JSP 440 Volume 1 Issue 2 4-3 04070 04077 04078 04083 04087 04093 04095 04096 04097 04101 04102 04105 04106 04107 RESTRICTED RESTRICTED Defence Manual of Security Transmission of cabinet and ministerial committee documents Section III. Removal of protected material from official premises Introduction Removal for return or delivery within the same working day Removal for retention outside official premises for one or more nights Authorization - review of MODF924 Carriage of official documents by officials travelling within GB or Northern Ireland Carriage of official documents by officials travelling overseas Carriage of protectively marked documents to non-NATO countries by casual couriers possessing diplomatic immunity conferred by the FCO Carriage of protectively marked documents to NATO countries by casual couriers not possessing diplomatic immunity Precautions against hijacking 04108 04109 04111 04112 04114 04115 04123 04129 04134 04146 JSP 440 Volume 1 Issue 2 4-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Carriage of protectively marked material overseas by Service personnel as Casual Couriers during emergency operations Countries with special security risks Return to the UK Removal of protectively marked documents between official premises during office relocation Homeworking Section IV. Special markings Special Markings Annex A. Appendix 1 Appendix 2 Annex B. Appendix 1 Annex C. Appendix 1. Appendix 2. Appendix 3. Example MOD F 672 Example of MOD F 171 Example of MOD F 924 Office security check sheet Specimen spot check report Transmission of protected documents. 04149 04152 04155 04156 04158 04161 4A-1 4A1-1 4A2-1 4B-1 4B1-1 4C-1 4C1-1 4C2-1 4C3-1 Transmission of TOP SECRET documents Transmission of SECRET documents Transmission of CONFIDENTIAL documents JSP 440 Volume 1 Issue 2 4-5 RESTRICTED RESTRICTED Defence Manual of Security Appendix 4. Appendix 5. Appendix 6. Appendix 7. Transmission of RESTRICTED documents Sealing of envelopes with high security tape Specimen despatch note Transmission of documents bearing descriptors and restrictive markings Methods of transmission within and from UK - summary Specimen form of application to take documents marked CONFIDENTIAL or above overseas MOD casual courier certificate Instructions to officers on the personal carriage of protectively marked documents overseas Instructions to officers on the personal carriage of protectively marked documents overseas - certificate Guidelines to couriers in regard to hijacking Descriptors Codewords and nicknames International defence organisations (IDO) and international organisations Security instructions for homeworkers Casual couriers ­ prohibited items 4C4-1 4C5-1 4C6-1 4C7-1 4D-1 Annex D. Annex E. 4E-1 4F-1 Annex F. Annex G. 4G-1 Annex H. 4H-1 4I-1 4J-1 4K-1 4L-1 4M-1 4N-1 Annex I. Annex J. Annex K. Annex L. Annex M. Annex N JSP 440 Volume 1 Issue 2 4-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents CHAPTER 4 CONTROL AND CARRIAGE OF PROTECTED DOCUMENTS SECTION I CONTROL OF DOCUMENTS General 04001. Universal baseline measures. measures: The following are universal baseline a. Protectively marked documents must be produced, handled and reproduced only by persons with authorized access to the information they contain. Care must be taken to apply the "need to know" principle in the preparation, processing and distribution of protectively marked material. It is particularly important that copies are to be limited to those persons with a "need to know". b. The protective marking on any asset must be conspicuous so that its value is readily apparent. c. The protective marking is given to an asset by the originator and it may not be changed without the originator's authority. This applies equally to UK assets and those originating from foreign governments or organisations. d. Assets sent overseas to UK posts, foreign governments, or other organisations are to be protected in accordance with the originator's marking and, additionally, care must be taken where appropriate to protect it from disclosure under any freedom of information (FOI) legislation by the use of national caveats and other special handling instructions. e. Assets received from overseas posts, foreign governments or other organisations must also be protected in accordance with the originator's marking. f. No "originator's copy" of a protectively marked document in any media may be destroyed unless it has been determined by the Desk Officer that it has no historical or research value (JSP 441 - The Defence Records Management Manual refers). JSP 440 Volume 1 Issue 2 4-7 RESTRICTED RESTRICTED Defence Manual of Security Note: Physical protective measures for documents, including those in transit and at temporary locations, are referred to in this Chapter but are given in more detail in Chapter 5. 04002. Responsibilities of heads of establishment(HOE). for: HOE are responsible a. Ensuring effective supervision when protected documents are being handled. b. The correct creation, reproduction (by whatever means and in whatever form), receipt, despatch or disposal of such documents and their control. c. Ensuring that, where called for by these regulations, such documentation is correctly recorded in protected document registers (PDR)(MOD F 102, or equivalent). Preparation of protectively marked documents 04003. General. The protection to be afforded to a document is to be indicated by a series of markings which conveys how that document is to be handled. The agreed order of markings is: PROTECTIVE MARKING/DESCRIPTOR/STRAP VALUE/CODEWORD/NATIONAL CAVEAT. Such markings are to be centred and placed at the top and bottom of each page. They should be in larger or bolder print or stamped. Overstamping is not required. The following regulations apply to all protectively marked documents. Additional requirements generated by special rules, eg Caveats, will be dealt with in the appropriate sections of this manual. The creation and distribution of TOP SECRET and SECRET information on IT systems may differ from the procedures for paper based documents and is covered in detail in JSP 440 Vol 3. 04004. Baseline measure. The following are baseline measures: a. Each SECRET and TOP SECRET document is to bear the title of the originating office, a reference number and date of origin. Any protectively marked documents issued in a series are to be serially numbered. b. All TOP SECRET, TOP SECRET (CODEWORD or CAVEAT) documents and SECRET publications are to be copy numbered. Where appropriate, copy numbering is to be done at once. c. Each page of a SECRET or TOP SECRET document is to be numbered. Each SECRET or TOP SECRET appendix or annex is to be page numbered in a separate series. (Although not a Baseline measure it is best practice to show the total number of protectively marked pages at the front of a document). JSP 440 Volume 1 Issue 2 4-8 RESTRICTED RESTRICTED Control and Carriage of Protected Documents d. It is best practise that any protectively marked document that is likely to be amended is to include an amendment record sheet in the format shown in Fig 1. AL No and Authority Date Fig 1 Amendment Sheet e. Originators of multi-page documents, whose overall protective marking is SECRET and above, should, where possible, show the protective marking for each individual paragraph. The protective marking should be shown at the end of each paragraph using the first letter of the appropriate marking eg (R), (C), (S) or (TS). Caveats, descriptors etc that are also applicable to individual paragraphs are to written in full eg (C-UK EYES ONLY), (S-STAFF) etc. 04005. Responsibilities. Those originating or authorizing the production of protectively marked documents, or authorizing subsequent reproduction or printing, are responsible for ensuring the maintenance of proper security during those processes. Where originators consider document protection justifies tighter control, the words "No copy to be taken without reference to and agreement by [the originator]" should be included below the protective marking and descriptor/caveat/codeword. HOEs/ COs/Directors shall delegate authorization for the production or reproduction of protectively marked documents to those persons within their organisation whom they deem to be sufficiently experienced and reliable to ensure that adequate control of security procedures is maintained. 04006. Originators of protectively marked documents which are issued against standard distribution lists must ensure: a. b. c. All addressees have a continuing need to know. All addressees have been correctly identified. The above should be achieved by periodic review - at least once a year. Date Insertion of By Whom Independent Amended Checker d. TOP SECRET documents are never to be issued on a standard distribution list. Copy numbering of reproduced documents 04007. Reproduced copies of all TOP SECRET documents, and SECRET documents bearing copy numbers, are to be marked: "Reproduction copy No.... of ....". JSP 440 Volume 1 Issue 2 4-9 RESTRICTED RESTRICTED Defence Manual of Security Establishments authorizing reproduction are responsible for adding numbers to individual copies provided by a reprographics pool or using in-house facilities: they are also responsible for ensuring that original documents and copies taken are accounted for in accordance with the relevant regulations (see separate instructions for IDO material). Security warning notice 04008. A security warning notice is to be placed on all manuals, works of reference or sets of instructions, etc (but not on correspondence) marked RESTRICTED and above and reading as follows: "THIS DOCUMENT IS THE PROPERTY OF HER BRITANNIC MAJESTY'S GOVERNMENT, and is issued for the information of such persons only as need to know its contents in the course of their official duties. Any person finding this document should hand it to a British forces unit or to a police station for its safe return to the MINISTRY OF DEFENCE, (DDefSy), ST GILES COURT, 1-13 ST GILES HIGH STREET, LONDON WC2H 8LD with particulars of how and where found. THE UNAUTHORIZED RETENTION OR DESTRUCTION OF THE DOCUMENT MAY BE AN OFFENCE UNDER THE OFFICIAL SECRETS ACTS OF 1911-89. (When released to persons outside Government service, this document is issued on a personal basis and the recipient to whom it is entrusted in confidence, within the provisions of the Official Secrets Acts 1911-89, is personally responsible for its safe custody and for seeing that its contents are disclosed only to authorized persons)." Authorization for reproduction of protectively marked documents 04009. Documents marked SECRET or above which are to be typed or reproduced require a full audit trail, this can be achieved by the use as appropriate of MOD F 72, MOD F 24 or MOD F 102. The authority for reproduction must be signed by officers with the appropriate delegated authority. Originator's approval must be obtained before reproduction of TOP SECRET or copy-numbered SECRET publications. Copies produced are to be numbered in accordance with the relevant regulations. 04010. If MOD F 72 is being used, Part A of the completed form will be returned with the completed work for retention with its duplicate for at least five years. Parts B and C (as appropriate) will be retained for six months by the typing and/or reproduction pool with the record of work done. Registration and filing 04011. Baseline measure. All TOP SECRET and SECRET documents and files need to be registered and placed as soon as possible in serially numbered files or containers. The movement of SECRET and TOP SECRET material whether JSP 440 Volume 1 Issue 2 4-10 RESTRICTED RESTRICTED Control and Carriage of Protected Documents internal, incoming or outgoing to a department or agency, must be recorded. 04012. Documents protectively marked SECRET or above must: a. Be traceable at all times. b. Be handled by as few people as possible and access to them restricted to personnel having a need to know. c. Have the number of copies produced, in whatever medium: (1) Recorded (see para 04013). (2) Kept to the absolute minimum. (3) Be segregated from unclassified material where this is practical. Recording location, movement and disposal of protected documents 04013. Recording protected documents. A record is to be kept of the creation, reproduction, receipt, despatch, movements or disposal of all documents marked SECRET or above: a. Records are to be kept in protected document registers (PDR) (MOD F 102 or equivalent) maintained in establishments. b. Where convenient, PDRs can be kept in private offices and in any branch or section separate from the parent organisation. In this event, PDRs are to be registered with the parent Registry custodian so that the necessary independent checks of protectively marked material required in paras 04044 -04054 are comprehensively carried out. c. All incoming documents with receipts attached must be page checked before receipt is acknowledged. d. Dispensation for not recording documents. In very exceptional cases, where large quantities of protected documents are held or worked upon and where managers could achieve significant savings by establishing secure zones within which the recording of protected documents could be abandoned, a request for dispensation for not recording documents may be submitted to the appropriate Principal Security Adviser for consideration. The request for dispensation should include a full description of physical and procedural compensating measures, either in place or proposed, which would ensure the continued security of the documents to the appropriate standard. JSP 440 Volume 1 Issue 2 4-11 RESTRICTED RESTRICTED Defence Manual of Security 04014. PDRs (MOD F 102) are to show by date of registration: a. The appointment of the originator/sender, the date of origin, reference, copy number (if any), title (or subject) and protective marking of the document. b. If the item is retained within the area served by the registration point, "final disposal" details must give the reference of the file, folder, filing box or library together with the enclosure/folio number. c. Particulars of receipts (MOD F 24, etc) and, if appropriate, details of destruction, are also to be shown. d. The temporary location of a loose document marked SECRET or above circulated within an organisation (under cover of a document location slip [MOD F 1 or equivalent]) prior to filing must be shown in the PDR with the appointment or name of the officer currently holding it. e. PDR entries must be completed at the earliest possible opportunity by recording the final disposal of documents. 04015. Regular, efficient inspections of PDRs constitute a principle safeguard of document security. They identify inaccuracies, omissions or outstanding items in good time for them to be rectified: a. PDRs are to be inspected by a nominated supervising officer at least once a month to ensure that they are being maintained correctly. (1) The front page of the PDR provides space for the supervising officer to be identified and record the inspections. (2) In establishments where details of protected documents are recorded/retained on computer systems, similar checks are required to ensure completeness of the entries through the production of monthly printouts. Supervising officers should record their inspection separately. b. PDRs are also to be subject to periodic spot checks under local arrangements. PDRs are not considered "closed" until final disposal details are included for all entries and, where appropriate, receipts obtained for documents. In Service establishments, PDRs are not considered to be "closed" until all entries have been "red-lined" indicating the destruction or downgrading of the document or its transfer to another register. Closed PDRs must be retained by the registry for at least five years. 04016. Filing protected documents. All protectively marked papers are to be placed on files with the minimum of delay. JSP 440 Volume 1 Issue 2 4-12 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. Protectively marked documents which require to be circulated (eg as float copies) should be enclosed in suitably marked colour-coded folders appropriate to the contents. b. Such documents should not be retained by officers until they have been correctly and permanently filed. c. Files containing protectively marked documents not currently in action should be returned to, and held in, the appropriate registry. d. Should any enclosure/folio be removed temporarily from a file, a note is to be placed on the file identifying the document by its reference, date, originator and subject and giving details of its temporary location. e. Enclosure/folio numbers and particulars of all TOP SECRET and SECRET documents (together with details of any protectively marked attachment, annex etc) are to be recorded on an enclosure/folio sheet placed inside the front of the file cover. MOD F 672 has been designed for this purpose. An example is at Annex A. 04017. All documents marked SECRET or above which cannot be placed on a file because of size or the nature of the material (eg books, computer tapes, films and transparencies) are to be: a. Traceable through PDR entries or RN CB Form R. b. Either placed inside numbered, or otherwise identifiable, folders, filing boxes or library bearing the appropriate protective marking or, if this is impracticable, should themselves be marked with an identifier which corresponds to the entry in the final disposal column of the PDR. c. Housed in a security container of appropriate standard. 04018. Spare copies. Spare copies of protectively marked documents, including float and book copies, require as much protection as the originals and should be kept to a minimum. The requirement for the spare copies is to be reviewed not less frequently than once a quarter with a view to destruction. Spare copies are not to be made of TOP SECRET documents. 04019. Amendments to protected documents are to be incorporated into the document by authorised personnel as soon as possible after receipt. It is of vital importance that extreme care is taken when amending protected documents of looseleaf format. It is best practise that the following checks are carried out: a. On receipt of an amendment, it is to be checked for completeness before it is incorporated in the document it relates to; JSP 440 Volume 1 Issue 2 4-13 RESTRICTED RESTRICTED Defence Manual of Security b. After incorporation of the amendment, the person who has made the amendment should: (1) Check the document against the list of effective pages (LEP). (2) Check that, if any pages have been extracted, they tally with the instructions accompanying the amendment. (3) Before any extracted pages are destroyed, hand over the documents to an authorised person for checking. (4) The extracted pages may then be destroyed as required, either in accordance with the amendment instructions, or, as detailed at paras 04034 - 04043. 04020. Personal retention of documents. The personal retention of documents marked SECRET and above at official premises by individuals on a semi-permanent or personal basis is to be discouraged but, where it is unavoidable: a. A list of documents is to be made, kept up to date, and a copy lodged with the registry. The holding official will sign the list held by the registry to the effect that he/she assumes responsibility for the documents. b. The documents will be subject to spot checks and regularly reviewed, first for the need to retain them and secondly, for disposal or destruction as appropriate. c. TOP SECRET documents are to be mustered as required by para 04048 and before the individual relinquishes his/her appointment. 04021. Documents associated with information technology (IT). Information on the marking, recording and storage of documents associated with IT is set out in DMS Vol 3. Maintenance of files/folders and other covers containing protectively marked documents 04022. Security colour codes. Files, folders and other covers are to be marked to show the protective marking of the contents and should be of the appropriate colour as follows: a. b. c. d. TOP SECRET SECRET CONFIDENTIAL UNCLASSIFIED/RESTRICTED 4-14 RED PINK GREEN BUFF JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Production/reproduction of TOP SECRET and SECRET documents 04023. Baseline measure. All originals of TOP SECRET documents must be numbered. If a recipient needs to make copies, his/her original document should be annotated with the number of copies made. 04024. Authorization. Requests for production/reproduction are to be authorized in accordance with para 04005 above. Where work to be done entails the production of printing blocks, eg for diagrams or illustrations, originators must state, at the ordering stage, the protective marking of the diagram, etc, in isolation. Appropriate security measures should then be taken by those responsible for initiating block manufacture. 04025. Typing sections/reprographic pools. The following basic principles are to be observed in typing sections/reprographic pools etc: a. The receipt and despatch of TOP SECRET and SECRET work is to be recorded. Where work to be done involves a series of processes, progress from stage to stage is also to be recorded. Records are to be checked frequently, causes of delay being investigated to confirm that documents have not been vulnerable to compromise. b. Supervisors must ensure that all spoiled or rejected copies are destroyed immediately. When not in use, contact material for typewriters, photocopiers, etc (including inked ribbons, paper, negatives, etc), byproducts and pieces of equipment retaining images of documents processed, must be locked away in a container that provides protection commensurate with the protective marking of the information contained therein. c. Protected waste is to be collected together for removal at least once a day; where this is impossible, collected waste should be locked away by the supervisor in a security container appropriate to its highest protective marking. 04026. Shorthand writers. When requests are made for the services of a shorthand writer, the security grading of the work is to be stated so that appropriate security safeguards may be applied. The following principles are to be observed: a. Controllers of typists are to issue instructions to typing sections regarding the control of shorthand notebooks used to take down information marked SECRET and above in shorthand. b. Such information is to be recorded in shorthand notebooks that clearly show the protective marking of the information contained therein and with serially numbered pages. JSP 440 Volume 1 Issue 2 4-15 RESTRICTED RESTRICTED Defence Manual of Security c. The protection afforded shorthand notebooks must be commensurate with that required for the appropriate level of protective marking. 04027. Audio typing. Audio tapes received by typing sections for the production of protected work should be safeguarded at all times according to the highest protective marking ever recorded on the tape. 04028. Security instructions. Detailed security instructions reflecting the above paras are to be issued to staff by supervisors of typing sections and reprographics installations, etc. Security of user-held copiers 04029. General. The following paras outline requirements for the control of office machines commonly identified as "photocopiers". Similar safeguards should be applied to other facilities capable of reproducing copies of documents in any form, including viewfoil producing equipment, facsimile terminals, microform equipment, "flipchart" copiers (as used for presentations), computer based image capture devices, etc. (See Chapter 5 Section XV for the detailed physical security measures to be applied to photocopiers.) 04030. Conditions for the installation and use of copying facilities. Where centralised facilities are not available, or are unsuitable, eg for work on specially sensitive or abnormal material, local copying facilities may be provided within Establishments. The following conditions are to be observed: a. Establishment security officers should always be consulted when considering the introduction of user-held copiers. Such facilities require control to prevent abuse; eg unofficial work or the unauthorized copying of protectively marked documents, and should be supervised at all times. The following requirements should be met: (1) Photocopiers should only be sited in a supervised environment (ie in an occupied room) or in a separate room to which access is controlled (eg via a simplex lock or swipe card mechanism). (2) Use of a branch/unit photocopier should be restricted to the members of that branch/unit unless formal arrangements and authorities are organised to provide reassurance that the security controls are not being abused. (3) Only the copying of documents marked SECRET and above need be recorded in a PDR, supported, if required, by the completion of MOD F 72 or other authorization. (4) Must be locked at the end of each working day/power supply disconnected and secured. JSP 440 Volume 1 Issue 2 4-16 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 04031. Where copiers are under the control of supervisors or their deputies, the following procedure must be followed: a. All staff intending to take copies by operating the machine must ensure that the appropriate authority (MOD F 72 or equivalent) has been raised before SECRET and above documents are copied. b. Supervisors or their deputies are to carry out spot checks of documents being copied, paying particular attention to protective markings. Any misuse should be investigated immediately. All irregularities should be reported to the Establishment security staff should it appear that protected documents may have been copied without authorization. 04032. Where user-held copiers, and copiers in centralised facilities which are available to other staff, are controlled by automated devices, separate security instructions will need to be promulgated. Advice should be sought from security staff or security units. Safe custody of material used in the production or reproduction of protected documents 04033. The following document security requirements should be observed: a. Cylinders, discs, tapes and wires, shorthand notebooks, braille tapes, stencils and carbon papers, etc, used to record protected material are to be safeguarded as protected documents. Carbon paper and stencils, etc, which are not likely to be re-used are to be treated as protected waste. b. Printer and other inked ribbons and correction tapes (eg acetate, paper, thermal transfer and carbon ribbons) which have been used for protected work must be kept in an appropriate security container when not in use and eventually disposed of as protected waste. All typewriter ribbons, etc, should be removed from equipment before it is allowed to leave official premises for repair. Destruction 04034. Baseline measure. Documents which are no longer in use and for which there is no longer any adminstrative need, or which are considered unsuitable for consideration for permanent preservation ­ guidance on the criteria and where to forward relevant material is given in JSP 441 ­ may be destroyed. Destruction to be undertaken by the originator, successor, or a person duly authorised within the holding department. A record of SECRET and TOP SECRET documents should be made which includes the date of destruction and authorisation. JSP 440 Volume 1 Issue 2 4-17 RESTRICTED RESTRICTED Defence Manual of Security Disposal of unwanted documents 04035. General. Establishments receiving copies of protectively marked documents in which they have no direct interest should arrange for their disposal in accordance with the following paragraphs. The originator should also be informed so that distribution of further documents can be curtailed. 04036. Documents which holders MUST NOT destroy. Unwanted documents in the following categories must be sent to the authority shown. Type of document UK ATOMIC documents, ATOMIC PRINCIPAL and CONIFER US ATOMIC documents Action including Return to the ATOMIC Control ATOMIC Officer/ATOMIC Liaison Officer in accordance with ACO 130 Return to the ATOMIC Control Officer (London) or UKAEA as appropriate in accordance with ACO 130 TOP SECRET IDO accountable documents Return to the International and all protectively marked ATOMAL Documents Registry (DIS Sy IDR) documents (1) Cabinet or other ministerial committee Return to the Secretary of State's papers, minutes of meetings or conclusions Private Office (Documents held on (whether protected or unclassified). charge from the Cabinet Office). (2) Extracts from minutes of Cabinet or Cabinet ministerial committees. Return to the Secretary of State's Note: (1) and (2) above do not apply to Private Office. Cabinet Office official committee documents. These may be destroyed by holders when no longer required. Accountable documents from Government departments and documents subject to special control other Return to the publications division or other other distributing agency 04037. Documents which holders may destroy. Unwanted documents other than those in categories included above may be destroyed and disposed of as protected waste in accordance with paras 04038 - 04043 below. 04038. Records of destruction. The destruction of documents marked SECRET or above must be recorded in accordance with the following guidelines: JSP 440 Volume 1 Issue 2 4-18 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. The final column of the PDR should be endorsed with the names and signatures of those certifying destruction of individual documents together with the date. b. Alternatively records may be made using MOD Forms 426 (destruction certificate). c. Destruction certificates should be kept for 5 years from the date of completion. d. Destruction of NATO accountable documents, ie those bearing COSMIC and/or ATOMAL markings, should be undertaken only by the International Documents Registry (DIS Sy IDR), who will retain COSMIC destruction certificates for 10 years from the date of completion. ATOMAL destruction certificates are to be retained indefinitely. e. The destruction of MOD Registered Files is to be certified on MOD Form 262F. 04039. Certification. The destruction of SECRET and TOP SECRET documents is to be witnessed and certified by two suitably vetted persons, one of whom must be an officer not lower in rank than Warrant Officer (or a Senior NCO nominated by the Commanding Officer), Administrative Officer or equivalent. The destruction/certification of documents marked CONFIDENTIAL, where recorded in a MOD F 102, may be undertaken by one authorised member of the Armed Forces or Civil Service. Downgrading of information 04040. The regular review of holdings of protectively marked documents in any media is desirable in terms of security, cost and convenience. Any review should consider whether the current grading needs to be retained or whether it is possible to downgrade or destroy the material. Only the originator, or successor, may authorize downgrading but exceptionally, where the originator, or successor, cannot be traced, copy documents may be downgraded by the holders after consultation with other addressees. MOD F 171 may be used to request and authorize downgrading. An example is at Appendix 1 to Annex A. Methods of destruction 04041. General. Protected waste is to be destroyed by machine shredding, pulverising, pulping or burning. Methods which enable protected material to be reduced to unclassified waste before leaving the building/site are preferred. All paper waste is to be destroyed by tearing into a minimum of four pieces and placing in an appropriate Kraft paper sack. Before destruction, magnetic media which has been used to store protected data should be wiped using a security-approved bulk eraser or, where possible, overwritten using an approved erasure programme. If media contains JSP 440 Volume 1 Issue 2 4-19 RESTRICTED RESTRICTED Defence Manual of Security information protectively marked CONFIDENTIAL or lower it may be disposed of or re-used as though it had never been graded provided an approved erasure package is used. Media which contained material marked SECRET or TOP SECRET may only by re-used if it will continue to attract the same or higher protective marking. If not, it must be destroyed or stored in accordance with approved measures. Detailed instructions are provided in Chapter 5, Section XVI. Kraft paper sacks for burning/pulping protected waste 04042. In MOD HQ buildings/sites, office keepers are responsible for overseeing the collection, control and safekeeping of sacks or protected waste until destroyed under MOD control or collected for destruction by HMSO. At DPA establishments, messenger services normally undertake these functions. Service Establishments have their own arrangements. Special kraft paper sacks are available from respective staffs for the disposal of protected waste. They are identified by HMSO code numbers as follows: a. b. Code 971-003 Multiwall printed in red for burning. Code 971-004 Multiwall printed in black for pulping. Sacks to be burnt under MOD arrangements are to be securely tied; sacks to be burnt or pulped under HMSO arrangements are to be sealed using a security approved tag or seal such as those issued by the Defence Courier Service. 04043. Messengers, etc, collecting sacks of unshredded waste protectively marked SECRET or above are to keep a permanent notebook record of the following details: a. b. c. d. e. f. g. h. Date of collection. Establishment providing waste. Number of sacks collected. Signature of officer handing over waste. Signature of officer receiving waste. Number of sacks sent for destruction. Date sent for destruction. Supervisors signature. Office keepers, etc, must inspect collection notebooks at intervals to ensure correctness of entries and make spot checks of bags to ensure that quantities in store tally with quantities recorded in the notebooks. Pending destruction, protected waste in sealed sacks is to be kept in secure storage or security containers appropriate to its protective marking. JSP 440 Volume 1 Issue 2 4-20 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Spot checks 04044. Baseline measure. Spot checks are intended to ensure that the document control system is adequate and functions correctly and that the rules are being observed by the staff. 04045. Checks. Checks of recorded protectively marked material are an essential part of the system for the physical protection of such material. The detailed requirement for checking is to be included in Establishment Security Standing Orders which must lay down: a. b. c. d. The material to be checked. The frequency with which the material is to be checked. The appointment of the person responsible for checking. The form of report to be submitted by the checking officer. e. The action to be taken in the event of losses or discrepancies being discovered. f. Any special requirements for documents subject to special handling procedures. 04046. Daily checks. There is to be an effective procedure for ensuring that protectively marked material is adequately protected out of working hours. The use of office check sheets (specimen at Annex B) should be considered, and a clear desk policy is recommended. 04047. Protectively marked material left on display. Where there is a requirement to do so, COs/HOEs may authorise the open display of UK RESTRICTED information, for example on notice boards, after taking account of the local security environment and the potential risk and consequences of disclosure to those who potentially have access (eg cleaners/guards). In certain MOD(HQ) buildings, because there will generally be a higher proportion of RESTRICTED information carrying special policy and other sensitivities, material of this level should not normally be left on open display. The guidance of local security organisations should be sought as necessary. Material graded UK CONFIDENTIAL and above may only be left on display in secure rooms of the appropriate standard to which only suitably cleared personnel have access. 04048. Checks by security and inspection teams. During all establishment protective security surveys and inspections, security personnel are to make a physical check of all aspects of the security of protectively marked documents. Irregularities in document procedures will be reflected in the resultant report. JSP 440 Volume 1 Issue 2 4-21 RESTRICTED RESTRICTED Defence Manual of Security 04049. Minimum standards for checks and musters. Checks and musters of documents marked SECRET and above are to be carried out to the following minimum standards: a. TOP SECRET (1) All incoming documents at TOP SECRET protective marking should be page by page mustered on first receipt and before returning the MOD Form 24. (2) On Handover of HOE (or equivalent in Headquarters) and TOP SECRET Control Officers (TSCOs). All TOP SECRET documents are to be mustered and checked against MOD Form 102, or F 6809 where used, the folio sheets of files (MOD F 672) and also checked page by page for presence and completeness; this is to include documents such as bulky publications not held on files. On handover of HOE (or equivalent) this should be done by an officer other than the TSCO or his deputy. (3) Annually. Musters and checks as at (1) above are to be carried out by a person other than the TSCO, Deputy TSCO or person having custody of the documents (unless a muster has been carried out within the last year on handover as at (1) above). (4) Monthly. Spot checks are to be carried out at unannounced random intervals of approximately one month, preferably when work starts or is about to stop, of a number of documents, eg six, selected from both current and open MOD Forms 102 or F 6809; a check that downgrading/weeding action has been carried out is to be included. A specimen Spot Check Report is at Appendix 1 to Annex B. (5) Daily. All TOP SECRET documents in use are to be recalled daily for centralized storage unless retained in accordance with para 04017. (6) During security surveys and inspections. Security survey and inspection teams are to inspect at least 20 documents and 10 files, or the establishment's total holdings, if less than these quantities. Although the majority of the documents and files inspected should be from those originated and received since the date of the last survey or inspection, a small proportion should be selected from before that date. The inspection is to include a check of all TOP SECRET documents which are stored separately (ie not within files). b. SECRET JSP 440 Volume 1 Issue 2 4-22 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (1) It is best practise that all incoming documents at SECRET protective marking should be page by page mustered on first receipt and before returning the MOD Form 24. (2) Annually. It is best practice, but not mandatory for all SECRET files to be mustered and checked against file lists; this is to include all SECRET documents not held in files. (3) Monthly. Spot checks as at sub-para a (4). Inspections of (4) During security surveys and inspections. SECRET documents and files as at sub-para a (6). Note: Additionally, the following TOP SECRET and SECRET documents are also subject to spot checks: a. Documents including any attachments circulated as loose papers to individual officers (ie without being placed on a file or folder), and which are still on their charge. b. c. Documents which are being typed or reproduced. Shorthand notebooks. d. Film, transparencies, slides, viewfoils, etc (checks including physical examination and comparison of content with listed holdings to guard against substitution). c. CONFIDENTIAL. It is best practice, but not mandatory, for CONFIDENTIAL files, bearing caveats for which access is controlled by induction or indoctrination and therefore require the contents to be accounted for in a MOD Form 102, to be mustered annually against the master file list. Such material, together with items not held in files, eg Books, Equipment and Magnetic Media, are to be subject to Spot Checks. 04050. Records of checks and musters. a. Records of checks and musters are to be kept by establishments for 2 years. These records are to show: (1) (2) The type of check or muster, with dates, carried out. The files and documents seen and by whom. (3) Details of any irregularities found and action taken to rectify them. JSP 440 Volume 1 Issue 2 4-23 RESTRICTED RESTRICTED Defence Manual of Security b. Completion by Army units of the checks and musters at paras 04044 04049 is to be confirmed as part of the annual report on a unit (see AGAl paras 2091 to 2100). 04051. Microform. In order that the spot checking officer can verify that a jacketed fiche master copy is complete, a diazo copy, which cannot be tampered with, should be made for comparison purposes and should be replaced with a fresh copy whenever the master is amended. The silver halide master and the diazo copy must he stored separately. In addition, the following points affecting the integrity of microfilm should be noted: a. Aperture cards. As well as checking the microform against the register, it is desirable to check periodically that the correct image is in the card. b. Roll film. Check the container details against the register and periodically put the film on a reader to ensure that it is the correct film, that frame numbers are in sequence and the diazo film is free from splices. c. Jackets. Check periodically the contents of the film in the Jacket against the diazo duplicate to detect possible substitution of the film strip in the jacket. d. Microfiche. Check periodically that all fiche in sets are present and that no improper substitution has been made. 04052. The officer conducting a spot check is to report to the head of establishment or the nominated security officer. The report must contain the details as shown at Appendix 1 to Annex B. 04053. HOE should ensure that all irregularities noted in reports are resolved. Significant irregularities or any which cannot be resolved locally are to be reported to the appropriate Principal Security Adviser's staff who will notify DDefSy where appropriate. 04054. Reports are to be retained personally by the head of establishment or the nominated security officer and, to ensure that spot checks are completely random, are not to be made available to spot checking officers or to other members of the staff. The reports are to be made available to security inspectors during security surveys/inspections, investigations or advisory visits. Musters 04055. TOP SECRET files are to be mustered annually. Musters ensure that TOP SECRET files are not lost between the registry and areas served, a fact which would not be disclosed by the system of spot checks outlined above. Special rules exist for mustering ATOMIC and certain other documents on limited distribution. These are in no way invalidated by the procedures outlined above. Certain documents originated by JSP 440 Volume 1 Issue 2 4-24 RESTRICTED RESTRICTED Control and Carriage of Protected Documents other Government departments and used within the Ministry of Defence may also be subject to mustering and accounting procedures. Accountable IDO documents will be mustered once every twelve months under arrangements made by DIS Sy (IDR). JSP 440 Volume 1 Issue 2 4-25 RESTRICTED RESTRICTED Defence Manual of Security SECTION II TRANSMISSION OF PROTECTED DOCUMENTS Baseline measures 04056. Protective markings of SECRET, CONFIDENTIAL and RESTRICTED assets should not appear on the outer cover, packaging or container sent outside an establishment. The protection given to assets sent to or received from other countries must take into account any international agreements on the carriage of protectively marked assets. For TOP SECRET see Appendix 1 to Annex C. General 04057. Protectively marked documents are to be prepared for transmission in accordance with the instructions contained in Annex C and its Appendices; a. The instructions contained in this Chapter relate to protectively marked documents which do not bear supplementary restrictive markings (other than the simple prefixes "UK" denoting documents of UK origin and "NATO" or "WEU" identifying International Defence Organisation [IDO] documents). b. Procedures governing the transmission of documents bearing markings such as "ATOMIC" and "ATOMAL", etc, and documents subject to special handling arrangements, are issued separately to those with 'need to know'. c. Persons receiving documents bearing markings which are unfamiliar to them should consult their establishment security officer (ESyO). Note: Care must be taken when addressing letters, etc, and their envelopes/packaging, to ensure that details entered are clear, complete and correct; similarly include an address to which replies can be sent. Detailed instructions for preparing envelopes/packages containing protected material will be found at Annex C to this Chapter. Certain material must be addressed to the recipient by name. Mail for organisations listed in the MOD Directory should be addressed to branches, etc, identified by abbreviated titles. 04058. Officers receiving protected or sensitive documents which are not of their concern, are responsible for the items' onward despatch to the proper addressee or return to the originator. Appropriate safeguards, as laid down in this Chapter, must be applied. Where the consignor appears to be in breach of security regulations, the establishment security officer should be informed who will take reporting action as necessary. JSP 440 Volume 1 Issue 2 4-26 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Files 04059. When files bearing different protective markings are transmitted together, the file bearing the highest marking is to be placed topmost inside the envelope or wrapping. Files are to be securely fastened together and prepared for transmission in accordance with instructions appropriate for the highest protective marking. Packaging 04060. To reduce risk of loss or compromise during transmission, particular care is to be taken when packing protectively marked documents or material. For detailed advice on the correct way to package bulky/awkwardly shaped items, staff should contact their local mail room or consult JSP 367. However, the following points are to be considered: a. Selection of the correct envelopes/packaging commensurate with the weight and size of items for despatch is vital. b. Corners of stiff-covered documents can easily tear through envelopes or other wrappings. To prevent compromise due to torn packaging, staff should consider the use of "Jiffy" envelopes and "bubble wrap". c. Extra strength can be provided by applying cellulose or adhesive tape or by double wrapping (even though the latter may not be called for on security grounds*). d. Extra care must be taken when packing documents, etc, as parcels (even when sent by "Letter Post") will be subject to rough handling during sorting and transmission. e. If necessary, extra-strong envelopes are available to special order through CS(PS). Linen sacks may also be used for bulky consignments. *Where applicable (see Annex C), double cover must be provided irrespective of the type of packing or method of transmission. Methods of transmission 04061. Certain documents, identified by their protective marking and/or destination (see Annex C) must never be sent by Post Office services; a. It is mandatory for TOP SECRET and cryptographic material to be transmitted by hand to hand with the provision of auditable receipts at each transfer. JSP 440 Volume 1 Issue 2 4-27 RESTRICTED RESTRICTED Defence Manual of Security b. External services (other than the Post Office) may only be used for transmission of material marked CONFIDENTIAL or SECRET where approved by DDefSy. Approved methods of transmission 04062. A number of mail services operate within/between MOD establishments and the Services. The British Forces Post Office carries mail between establishments/buildings in London and the Home Counties. (Details of locations served are published in JSP 367; see also Annex C, para 3). Other services operate between neighbouring establishments/sites under local arrangements. Annex D provides summary details of transmission. Restrictions on display of national caveats on envelopes 04063. National caveats must not be visible on any envelope in transit. Detailed instructions regarding the protection and transmission of such material are issued separately on a 'need to know' basis. The occasions when standard protective markings should be shown on envelopes are identified in Annex C and must be followed. Use of window, transit and self sealing envelopes 04064. Window, transit and self-sealing envelopes must not be used for the transmission of documents marked RESTRICTED or above. Sealing - general 04065. All envelopes, packages and sacks, etc, containing TOP SECRET material, and similar consignments of SECRET material for delivery abroad or in Northern Ireland, are to be sealed to guard against surreptitious tampering. The following paragraphs describe alternative methods to be employed. High security tape 04066. Red high security tape is no longer supplied by the Stationery Office. However existing stocks should continue to be used to exhaustion. It should be applied to envelopes containing material marked TOP SECRET, and to inner envelopes containing SECRET material intended for despatch to addresses abroad or in Northern Ireland. (Annex C, Appendix 1 and Section IV of Appendix 2 refers). Application of the tape is detailed in Appendix 5 to Annex C. 04067. High security tape is not suitable for use other than on envelopes; conventional wafer seals are to be applied to parcels and packages and metal seals to mail sacks, etc (see para 04077). 04068. Storage, maintenance and disposal of high security tape. The following should be observed: JSP 440 Volume 1 Issue 2 4-28 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. The tape should remain sealed in the polyethylene wrapping in which it is supplied until required for use. b. To avoid deterioration, high security tape should be stored away from direct sunlight and sources of heat, in a frost free environment without extremes of humidity or temperature (ie 30-60% relative humidity and 15-25 degrees centigrade) and should not be exposed to adverse conditions for extended periods. c. High security tape has a shelf-life of twelve months when stored under recommended conditions. Rolls of tape will be serially numbered during manufacture to facilitate sequential use and allow identification should this be necessary. d. Rolls, lengths and waste portions of high security tape, including any remaining on used envelopes, should be protected to RESTRICTED standards and kept under lock and key. Waste tape and used envelopes bearing high security tape should be treated as protected waste and disposed of in accordance with the relevant security regulations. 04068. Evidence of tampering. While use of high security tape on envelopes will deter surreptitious attack, staff should be alert to the possibility of tampering. Those receiving envelopes to which tape has been applied should look for the following: a. b. c. Colour run of tape. Damage to serrated edge of tape. Blurring of the tape underprinting. d. Evidence of underprinting remaining as green or blue image on envelope surface indicating the tape may have been repositioned. e. Evidence of slitting along flap or seam (indicated when flexing the envelope along its flap/seams shows the colour of the envelope through the tape). Where tampering is suspected, establishment security officers should be alerted. When opening the envelope, care must be taken to ensure that evidence is not disturbed. Reports of possible tampering should be forwarded through establishment security officers to security units together with the envelope. JSP 440 Volume 1 Issue 2 4-29 RESTRICTED RESTRICTED Defence Manual of Security 04069. Alternatives to high security tape. Until a suitable, economically acceptable alternative to the high security tape can be found, staff should select from the tape and seals detailed below which are suitable for sealing envelopes, packages, parcels and boxes and have been approved by SEAP. Your Principal Security Adviser's staff may be able to provide further advice, if required. Product Applied Holographics tamper-evident surface seals MARKITWISE surface seals (especially types: GR/2, MRP/2, S & Micro LA) GOSHERON tamperevident tape (polyester & polystyrene) GOSHERON surface seals (types: D201-A, D210-V, C222 & V223) Notes: 1. The level of security offered by these alternatives is less than was available from the red high security tape. Security Class Low/Medium Company Applied Holographics (Tel: 0191 4175434) Markitwise International (Tel: 01886 812427) Medium/High Medium John Gosheron & Co Ltd (Tel: 0181 847 3901) Low John Gosheron & Co Ltd (Tel: 0181 847 3901) 2. The Keepsafe envelope is still available and offers the security and a high level of integrity for the transmission of SECRET and TOP SECRET material. Keepsafe security envelopes 04070. Keepsafe security envelopes are approved for the transmission of TOP SECRET, SECRET and material requiring controlled distribution abroad, and of TOP SECRET material transmitted within the UK and Northern Ireland. 04071. The approved Keepsafe security envelopes are available in a range of sizes, are opaque and made from super strength plastic film. They incorporate a specialised closure system offering maximum evidence of tampering and other security features as follows: a. Each envelope is printed with a unique identification number located on the envelope, and on the closure and label flaps. JSP 440 Volume 1 Issue 2 4-30 RESTRICTED RESTRICTED Control and Carriage of Protected Documents b. The label flap has been added to enable addressees to affix labels to it when required because, for security reasons, labels must not be fixed to the main body of the envelope. c. The secure portion of the envelope is surrounded by a printed "chain", designed to provide evidence of tampering. 04072. Consignees should bear in mind that when sending material in Keepsafe security envelopes for onward transmission via a forwarding agent (eg the Defence Courier Service (DCS)) protective or other markings may be masked by overwrapping. Arrangements should therefore be made with such organisations to ensure that the material receives appropriate handling through all stages of its journey. 04073. Addressing and sealing. The following procedure should be followed when addressing and sealing Keepsafe security envelopes: a. When the receipt for the material to be transmitted is prepared, the unique serial number of the Keepsafe envelope should be included on the receipt. b. The main body of the Keepsafe envelope is marked and addressed in the same way as an envelope to be sealed with high security tape (Note: use ball point pen - do not use labels or stamps). c. Adhesive address labels must only be affixed to the special flap provided for such labels/stickers or stamps. When using such items, the envelope number on the flap must not be obscured. d. e. The material to be transmitted is placed in the Keepsafe envelope. The Keepsafe envelope is then sealed as follows: (1) On a flat surface remove the printer release tape from the special adhesive strip. (2) Allow the closure flap to fall naturally over the envelope mouth, and then press down on the adhesive strip so that the number of the envelope remains legible. The envelope is correctly sealed only when the printed release tape has been removed. Envelopes must not be patched until they have been correctly sealed. Special attention should be paid to sealing when the item to be transmitted is not flat; sharp edges or points should be masked. JSP 440 Volume 1 Issue 2 4-31 RESTRICTED RESTRICTED Defence Manual of Security f. Where it is required that the Keepsafe envelope should be covered, it must be placed inside another opaque cover, addressed and sealed as appropriate (the cover need not be another Keepsafe envelope). 04074. Evidence of tampering. While the Keepsafe envelope will deter surreptitious attack, staff should be alert to the possibility of tampering. The following procedure for establishing whether an envelope has been tampered with may seem extensive, but evidence of tampering can be spotted at a glance when the process becomes familiar: a. Ensure the envelope's high security closure has been sealed. b. Examine the envelope's surfaces, which should be white, unbruised and with no visible cuts. c. Examine the four sections of "chain" printing surrounding the secure portion of the envelope; they should be straight, continuous and with complete chain printing on the front of the envelope. d. Ensure the number on the keepsafe envelope corresponds with that on the closure and label flap. e. Examine the specialised closure system: (1) There should be no blurring, distortion or disruption of any of the black lettering, numbers or sharp patterns. (2) The envelope is designed to have a narrow black strip at either end of the closure strip. (3) The red colour should be continuous; no change in colour should be present; look especially for black, white or yellow staining. (4) The closure must not have any added reinforcing (eg cellulose tape). Where tampering is suspected, establishment security officers are to be alerted. Advice on the enquiries required by the establishment security officer may be obtained from security staffs. 04075. Storage. Keepsafe envelopes: a. Should be stored in cool, dark conditions, and in their original packaging until used. b. They should not be stored in excess heat or cold. JSP 440 Volume 1 Issue 2 4-32 RESTRICTED RESTRICTED Control and Carriage of Protected Documents c. It is important that they are not exposed to sources of ultraviolet radiation, such as strong sunlight or positioned close to fluorescent lamps. d. Under these conditions, the envelopes should have a shelf-life of at least 12 months. e. The envelopes should be kept in lockable containers to prevent unauthorized access. f. Once used, those Keepsafe envelopes bearing markings which themselves are protected (eg CODEWORDS) should be treated as protected waste and disposed of in accordance with the relevant security regulations. 04076. Procurement. Keepsafe security envelopes are available from two sources: a. HMSO, Bristol through normal channels. Contact point is as follows: HMSO, Bristol Distribution Park, Hawkley Drive, Woodlands Lane, Bradley Stoke, Bristol BS12 0BF. Customer enquiries: 01454 621 200. They are supplied as follows: HMSO Product Code 027-4000 027-4001 027-4002 027-4003 Dimensions Quantity per box 250 250 500 250 460x377mm + label flap(A3 Wide) 330x462mm + label flap(A3 Long) 280x385mm + label flap(A4) 195x285mm + label flap(A5) b. Trigon Cambridge Ltd. Contact point is as follows: Customer Service Department, Trigon Cambridge Ltd, Saxon Way, Melbourn, Royston, Herts SG8 6DN. Telephone 01763 261 900. They are supplied as follows: STOCK Code Dimensions HRDC A3W HRDC A3L HRDC A4E HRDC A5E 460x377mm + label flap(A3) 330x462mm + label flap(A3) 280x835mm + label flap(A4) 195x285mm + label flap(A5) Approved security seals and ties 04077. Where the item to be sealed is not contained in an envelope, security approved seals are to be used. Parcels and packages should have wafer seals applied along all seams at intervals not greater than 100mm. If the item is bulky it should be inserted in an appropriate sized mailbag (these can be supplied by the local mail room) and tied with an approved tie and sealed. JSP 440 Volume 1 Issue 2 4-33 RESTRICTED RESTRICTED Defence Manual of Security a. Wafer seals are to bear a recognisable signature in ink, the signature being part on the seal and part on the wrapping; all seams and seals should be fully covered with strips of transparent cellulose tape. b. Bags and seals. Mail bags or sacks used for the transmission of bulky protectively marked items should be robust and not have any holes or patches on them. They should be tightly tied and sealed using approved security seals such as those provided by the DCS or supplied in the Catalogue of Security Equipment. Where an address label, ie self-addressed label or MOD Form 488, is used with wafer seals, the label should be stuck down first before applying any seals. Receipting 04078. Receipts are to be obtained confirming delivery of the following: a. TOP SECRET documents and material. b. SECRET documents transmitted outside a building/site (see Appendix 2 to Annex C). c. Other documents where transmission is subject to special handling instructions issued on a 'need to know' basis or where the originator requires confirmation of delivery. In addition to receipts completed by the addressee, MOD Forms 32 (providing a record of hand-to-hand transmission with date/time of despatch/receipt) are to be used when envelopes, packages, boxes, etc, containing TOP SECRET material are carried between establishments. 04079. Receipts rendered in accordance with para 04078 above may be standard MOD Forms 24 or specially prepared proformae, eg produced as a tear-off strip on a distribution sheet. In either case, the receipt should identify the following: a. The consignor's address - to which the receipt is to be returned. b. Details of the document transmitted - typically reference number and date plus copy number (if any); the document title should not be shown. c. Details confirming receipt of the subject document - the signature, name (in block letters) and official address (branch stamp, etc) of the individual opening the envelope or package. 04080. Receipts are to be completed and returned to the consignor immediately following delivery of the subject envelope, etc. They should normally be completed by registry staff immediately prior to making PDR entries. Where envelopes, etc, are addressed "Exclusive to..." and delivered to individual officers, those officers should JSP 440 Volume 1 Issue 2 4-34 RESTRICTED RESTRICTED Control and Carriage of Protected Documents complete any receipt enclosed before arranging for PDR entries to be made. See also sub para 04013(c). 04081. HOE are responsible for ensuring that receipts against items despatched from their areas are returned promptly - within the time normally taken for transmission over the route concerned (eg 10 working days for transmission within the United Kingdom). Failure to respond quickly can result in detection of loss and compromise of sensitive material being seriously delayed. Consignors who identify addressees who persistently fail to return receipts promptly should report the matter to the establishment security officer. 04082. Completed receipts, other than those relating to accountable documents (see Definitions) for which separate instructions apply, are to be retained for two years. Opening and examination of envelopes, packages, bags, etc 04083. A local record is to be maintained of officers authorized by HOE to open TOP SECRET envelopes, etc. 04084. If the person opening an envelope or package containing material marked SECRET or above suspects that it has been tampered with, the head of establishment, via his security representative, should be informed. The latter should consult the respective security staffs as necessary. The documents concerned and related envelopes, etc, should be set aside and handled by the minimum number of other persons in case forensic examination is required. 04085. Before envelopes, mailbags and other containers used in the transmission of protectively marked or sensitive material are discarded, they should be carefully checked to ensure that they are empty. 04086. No unopened mail is to be left out on display in empty offices or registries. All unopened mail is to be locked away in an approved combination lock security container. Boxes, pouches, etc 04087. A locked box or pouch is acceptable as outer cover to an envelope or package containing a protectively marked document which would otherwise be transmitted 'double enveloped' (see Annex C). They should normally be used for transmission between a central controlling organisation, eg a registry, and another permanent address, keys being held by both. 04088. Boxes, etc should be addressed to a key-holder, by appointment or name and appointment. Where delivery of a box, etc, containing protectively marked material to a minister, etc, is not practicable using normal methods of transmission (eg MOD van service, car or courier), the appropriate Principal Security Adviser's staff should be consulted. JSP 440 Volume 1 Issue 2 4-35 RESTRICTED RESTRICTED Defence Manual of Security 04089. Where boxes, etc, are used to transmit a number of documents to a distribution point, eg a mail room, consignors must place documents in envelopes addressed to individual recipients so that 'need to know' is maintained after the box, etc, has been opened. 04090. Empty containers are to be returned to the controlling organisation without delay. Boxes, etc must not be used by recipients to send protectively marked documents, etc, to addressees other than the controlling organisation. Controlling organisations are to record the movement of their boxes, etc, and investigate where any are not returned within six working days. 04091. The security of a suite of boxes, etc, may be compromised by loss of a key or when an unauthorized person has the opportunity to examine the lock. When not in use, they are to be kept locked and stored under lock and key. When delayed in transit, boxes, etc, are to be stored in a security container. 04092. When not in use, keys to boxes, etc, should be kept in a locked security container. Boxes, etc, and their keys are to be mustered twice a year by the controlling organiser. Key holders are personally responsible for the safety of keys in their charge. Before handing-over official responsibilities, including handover to cover temporary absence, keys are to be formally mustered and transferred to another officer. Any changes in holders of boxes, keys, etc, are to be reported to the controlling organisation immediately. Despatch of protectively marked documents to private addresses in Great Britain 04093. Documents marked CONFIDENTIAL or above are not normally to be sent to private addresses. When this is unavoidable, or where officials or consultants are authorized to work at home, the following rules are to be observed: a. TOP SECRET documents are not to be sent without specific approval by PUS. Where approved, documents must be conveyed by hand of an authorized courier. b. TOP SECRET, SECRET or CONFIDENTIAL documents are not to be sent to addresses where: (1) A foreign domestic servant is known to be employed; or (2) Where there is no container of appropriate standard in which to keep them. c. The consignor is to contact the addressee and obtain confirmation that: (1) The provisions in sub-para 'b' are satisfied; and JSP 440 Volume 1 Issue 2 4-36 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (2) The addressee will be on hand to receive the documents. d. Subject to the conditions at sub-paras 'a' to 'c' above, protectively marked documents should be despatched in accordance with the procedures at Annex C. If the addressee is likely to be away from the address to which protectively marked documents are about to be sent, they must not be despatched. Note : Where TOP SECRET or other documents are to be sent by courier, the addressee must be warned that he/she must receive them in person, producing identification to the courier's satisfaction before the documents can be handed over. 04094. If the intended recipient has no security container of appropriate standard in which to store documents, they are to be despatched to the security officer of the nearest MOD/Navy/Army/Air Force establishment. The consignor is to: a. Instruct the establishment to hold the documents in a sealed envelope for the intended recipient to see (but not to remove from the establishment or retain); and b. To inform the intended recipient where the documents may be seen. The intended recipient is also to be informed that, after examination, the documents must be replaced and resealed in an envelope for return to the consignor via the holding HQ/Unit or, if needed for future reference, for retention by the latter. Despatch of other mail to private addresses in Great Britain 04095. Where RESTRICTED or UNCLASSIFIED correspondence has to be sent to a private address, care must be taken to ensure that no wording or marking can connect the addressee with the department. In the case of correspondence to be sent to exService personnel, the use of their former Service ranks and decorations is to be avoided unless they specifically instruct otherwise. Addressing of mail to private addresses (including civilian firms) in Northern Ireland and the Republic of Ireland 04096. The personal security of Service personnel, civilians and their families and exService personnel resident in Northern Ireland and the Republic of Ireland can be compromised by incorrect transmission of official mail to private addresses (including civilian firms). Material marked CONFIDENTIAL or above must never be sent to a private address in Northern Ireland or the Republic of Ireland. The following rules must be observed when transmitting (including redirecting) RESTRICTED or UNCLASSIFIED mail: JSP 440 Volume 1 Issue 2 4-37 RESTRICTED RESTRICTED Defence Manual of Security a. RESTRICTED and UNCLASSIFIED mail is normally to be addressed via a Service establishment identified by BFPO number (except for mail to the British Embassy in Dublin ­ see sub-para 04096b below.). b. Where, in exceptional circumstances, correspondence has to be sent to a private address (as is the case for all such mail to the British Embassy in Dublin) the following rules must be observed: (1) Use a plain envelope or wrapping without pre-printed official markings such as "On Her Majesty's Service" or MOD Form numbers. (2) Address carefully and correctly, including the post code, ensuring no reference to rank, decorations or appointment is shown on the envelope. (3) Do not stamp the envelope with any official stamp or add any detail which could associate the item with the Ministry of Defence. (4) Postage stamps must be used in all cases, do not use franking machines or PPI impressions, labels or stickers. (5) No return address is to be shown on the envelope that indicates that the sender is associated with the MOD or Services. PO Box 701 is not to be used as a return address. (6) Parcels to the Republic of Ireland must have a customs pack affixed - Post Office Form PFU 5 (not a Service type customs form). Transmission of mail to addresses overseas via diplomatic bag 04097. All TOP SECRET, SECRET and CONFIDENTIAL mail for despatch to addresses outside the United Kingdom must be sent by diplomatic bag or an approved courier service. Despatch procedures, described in Annex C, should be read in conjunction with the following guidance. 04098. RESTRICTED and UNCLASSIFIED mail (other than unclassified publicity and information material) addressed to British Embassies or consulates in countries presenting a special security risk (see para 6 of Annex C) must be sent by diplomatic bag. RESTRICTED and UNCLASSIFIED mail for other overseas addresses may be sent through normal postal services, including (for BFPO numbered addresses) the British Forces Postal Service. 04099. The envelopes/wrappings of all mail to be sent by diplomatic bag (including UNCLASSIFIED which must be so marked) are to be marked "Certified Official" and endorsed by a service officer or civilian of at least executive officer grade or equivalent. However COs/HOEs may in exceptional circumstances nominate suitable SNCOs or AOs to complete the task. In addition: JSP 440 Volume 1 Issue 2 4-38 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. The protective marking (or UNCLASSIFIED) should be stamped boldly in red above and below the address. b. The despatching organisation and the reference and date of origin of the document enclosed should also be shown. c. Envelopes/packages prepared in this way are then to be sent in a second envelope to HQ DCS, BFPO 747 or LCT, BFPO 1000 in accordance with Annex C. 04100. Private mail for Service personnel and Defence Attaches serving in diplomatic posts in countries of special security interest (see para 6 of Annex C) should be sent c/o Private Letter Section, F&CO, via HQ DCS, BFPO 747. Transmission of mail to British Forces Post Office (BFPO) addresses 04101. Mail for diplomatic and Service posts, including HM Ships and international organisations should include a BFPO number in the address, where one is in use. Details of BFPO addresses are published in JSP 367. Transmission of mail to foreign governments and foreign-based defence contractors 04102. Documents marked SECRET, CONFIDENTIAL and RESTRICTED for despatch to foreign governments or foreign-based defence contractors must be prepared in accordance with procedures detailed at Annex C. 04103. The 'despatching authority' must ensure that the originator has approved release of their UK marked information to the recipient country. Where there is any doubt, the appropriate Principal Security Adviser should also be consulted. Where the intended recipient is a foreign-based defence contractor, the despatching authority must also consult InfoSy(Industry)1 to ensure that the recipient company is authorized to safeguard and store protectively marked material at the appropriate level. 04104. Mail received from UK defence contractors for onward transmission overseas is only to be released in accordance with the rules contained in Chapter 11. Despatch of protectively marked documents to UK defence contractors 04105. Documents marked CONFIDENTIAL or above which are to be sent to List X companies must be addressed via the site security officer - identified by name only; the words "security officer" must not be shown on the envelope or wrappings. Mail for companies which have only received provisional clearance should be addressed to the recognised contact who must ensure that the material is properly recorded and safeguarded. JSP 440 Volume 1 Issue 2 4-39 RESTRICTED RESTRICTED Defence Manual of Security Note: Names of security officers in List X companies may be obtained from InfoSy(Industry) 2/3. Transmission of mail to private addresses overseas 04106. No protectively marked mail is to be despatched to any private address overseas without prior reference to security staffs. Transmission of mail to HM Ships 04107. TOP SECRET, SECRET and CONFIDENTIAL mail for HM Ships, RFAs or other authorities afloat in home waters or abroad must be prepared for transmission in accordance with the procedures at Annex C. In addition: a. Outer envelopes/wrappings should be marked "HMS..., c/o BFPO 999" to ensure correct handling within UK and prevent protectively marked mail passing through foreign postal channels in the event of sudden departure or diversion of the ship. b. RESTRICTED mail should also be despatched in accordance with Annex C. Envelopes/wrappings should, however, be addressed to "HMS..., BFPO..." (insert number of ship as issued in JSP 367). Transmission of cabinet and ministerial committee documents 04108. Procedures governing the transmission of cabinet and ministerial committee documents are laid down in "Getting it Done" The Ministry of Defence Office Guide (MOD Manual 2). JSP 440 Volume 1 Issue 2 4-40 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION III REMOVAL OF PROTECTED MATERIAL FROM OFFICIAL PREMISES Introduction 04109. The removal of protectively marked material from official premises exposes it, and often the carrier, to additional security risks. Protectively marked documents are not to be taken away from official premises unless this is absolutely unavoidable and essential for the conduct of official business. Every effort should be made to reduce the risks associated with hand carriage by sending material through official channels (including use of the DCS), and restricting documents carried both to the minimum quantity and the lowest protective marking. Removal is subject to conditions laid down in the following paragraphs. References to "protectively marked documents" relate to documents marked CONFIDENTIAL or above. 04110. Documents marked SECRET or above are only to be taken outside official premises by individuals holding written authority to do so (MOD F 924 or locally produced alternative). A specimen is at Appendix 2 to Annex A. a. TOP SECRET and ATOMIC documents. Written authority to remove documents marked TOP SECRET or ATOMIC can only be given by HOE or Capt RN, Col, Gp Capt, Grade 7 or equivalent status or, where appropriate delegated authority has been given, by independent unit commanders. Authority should only be given in exceptional circumstances. (See ACO 130, Chapter 4, for correct procedures regarding ATOMIC documents). b. SECRET documents. Written permission is to be obtained from the HOE. Authority to sign MOD forms 924 may be delegated to senior members of staff (not normally below the rank of Lt Cdr, Maj, Sqn Ldr, HEO or equivalent) at the discretion of the head of establishment. HOE are to satisfy themselves that the security risks involved in removing protected documents from official premises are justified in the public interest. Before departure, officers authorized to remove protected documents are to be briefed on their safe custody during transit and, if appropriate, overnight. Documents remain the responsibility of the named individual until returned to the holding establishment or handed-over to another authorized person (or official representative, eg contractor). (Note: Briefcases, etc, are not approved security containers and cannot protect contents against surreptitious examination by unauthorized persons (even if given only limited access). Briefcases and other containers used to transport protectively JSP 440 Volume 1 Issue 2 4-41 RESTRICTED RESTRICTED Defence Manual of Security marked/sensitive material must remain under the carrier's personal custody at all times until their contents can be secured in accordance with minimum security standards.) Removal for return or delivery within the same working day 04111. Protected documents may be removed from official premises where they are required for reference, etc, at a meeting subject to the following: a. removal. Files/folders should be checked for completeness before b. Documents should be carried in a locked container (either a sturdy dual combination lock commercial type briefcase or officially approved box, bag, case or pouch). c. Documents removed by persons acting as couriers for delivery to third parties should be prepared and packaged as detailed in Section II. d. The signed (top copy) of MOD Form 924 (or alternative) is to be carried by the officer authorized to remove documents and presented on demand to any person empowered to search briefcases, etc, - eg a security guard. The duplicate form is to be retained by an officer appointed by the head of establishment in accordance with local security instructions. e. On return to the office, all documents removed are to be checked against the duplicate MOD Form 924 by another officer. Files/folders should be examined to ensure that they are complete. The duplicate form should then be endorsed by the checking officer to confirm safe-return of each item listed. Discrepancies are to be investigated immediately as potential breaches of security. Removal for retention outside official premises for one or more nights 04112. Protectively marked documents should only be retained outside official premises if they cannot be returned to the holding office, or alternative official premises. 04113. Permission, as a "standing authority" or for a single occasion, may be granted subject to the following conditions: a. Standing authority (for overnight working at home). Where a regular and long-term need can be established for an officer to take protectively marked documents home, the officer must be provided with a security container suitable for their storage, the container being installed under arrangements made through the appropriate Principal Security Adviser (for homeworking rules see Annex M). JSP 440 Volume 1 Issue 2 4-42 RESTRICTED RESTRICTED Control and Carriage of Protected Documents b. Single occasions (for retaining documents overnight at home or in an hotel,etc). An officer authorized to remove documents is responsible for ensuring that they are safeguarded, remaining in his care at all times (see para 04115 below). Authorization - review of MOD forms 924 04114. HOEs are to establish procedures for periodic review of MOD Forms 924 to ensure that authorizations are not being given without proper consideration. Duplicate copies of the forms should be retained for 2 years and made available for inspection by the appropriate Principal Security Adviser's staff. Carriage of official documents by officials travelling within Great Britain or Northern Ireland 04115. When authority has been given for documents marked CONFIDENTIAL and above to be taken out of official premises for intended use elsewhere in Great Britain or Northern Ireland, they are to be carried in a locked container (see para 04111) and remain in the care of the authorized officer at all times until they are housed under officially approved arrangements. Each container is to bear a label securely attached to the outside (with a similar label affixed inside) giving instructions to a finder. Only one side of the label should normally be visible, the reverse being obscured by a protective cover. The visible side of the label is to read: "IF FOUND PLEASE SEE INSTRUCTIONS ON THE REVERSE SIDE OF THIS LABEL". The reverse side is to read: "ANYONE FINDING THIS CONTAINER IS ASKED TO TELEPHONE .................... OR HAND IT IN AT THE NEAREST POLICE STATION OR RAILWAY OR OTHER TRANSPORT AUTHORITY WITH A REQUEST THAT THEY SHOULD TAKE THAT ACTION." (The telephone number to be given is that of the security control room for your building/establishment. If in doubt, consult your Principal Security Adviser for advice.) While carrying protectively marked documents, briefcase, etc, keys should be kept secure on the person, separate from the container. Note: Authorised officers must not carry the prohibited items listed at Annex N para 2 in their briefcase with protectively marked documents. 04116. Officials travelling to Northern Ireland should carry documents in a sturdy dual combination locked commercial type briefcase, not one bearing the Royal Cypher. JSP 440 Volume 1 Issue 2 4-43 RESTRICTED RESTRICTED Defence Manual of Security 04117. Any briefcase may be used when carrying material marked RESTRICTED provided it is locked (but see para 04116 regarding advice on travel to Northern Ireland). 04118. Protectively marked documents are not to be consulted or worked on anywhere where their contents might be overlooked or otherwise noted. Documents protectively marked CONFIDENTIAL and above are not to be left unattended in any place, such as an hotel, restaurant, taxi, public service vehicle or railway carriage. They are not to be entrusted to the custody of a member of the public (eg by being placed in an hotel safe), or left locked in an unattended motor vehicle. However, documents protectively marked up to RESTRICTED may be left unattended in a locked hotel room or in a locked boot of a motor vehicle provided they are contained within a sturdy dual combination locked commercial type briefcase. 04119. Wherever possible (and particularly where long journeys and overnight stops are likely): a. Protectively marked documents are to be sent ahead by secure means and addressed for the official to collect on arrival. b. Arrangements are to be made by the convenor of the conference or meeting, etc, to safeguard protectively marked documents belonging to visitors who have to stay overnight away from their own office. 04120. Where these arrangements are not practical, the following conditions apply: a. Retention at home (ie normal place of residence). Documents marked CONFIDENTIAL or above must not be left in an unoccupied house or flat, etc; they must not be left in the care of other residents. RESTRICTED documents are not to be left unattended unless locked inside a container to which only the officer has access. b. Retention in an hotel room, etc. Documents marked CONFIDENTIAL or above must not be left unattended nor entrusted to the care of persons other than Government officials or representatives. RESTRICTED documents contained within a sturdy dual combination locked commercial type briefcase may be left unattended in your locked hotel room. 04121. Travel involving private/official vehicles. must not be left in an unsupervised vehicle. Protectively marked material 04122. Travel by civil aircraft within UK. When travelling by civil aircraft within UK (including Northern Ireland), staff may be required (as a precaution against possible terrorist action) to assist airport security staff, by disclosing the contents of their hand luggage, including briefcases. To prevent compromise of material protectively marked SECRET or above, the following procedures are to be followed: a. Prior to departure. 4-44 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (1) Complete MOD form 924. (2) Place the document(s) to be removed from official premises in an unused envelope and stick down the flap. (3) Courier's name and destination is written on the front of the envelope, adding the branch stamp and reference number of the document(s) enclosed at the bottom left hand corner. (4) Lock the package and top copy of the MOD form 924 in a sturdy dual combination lock and labelled commercial type briefcase; the package should normally remain inside the briefcase until it reaches its destination. (5) Airport security may require sealed packages to be electronically scanned before loading as hand luggage. If there is any risk of the contents being damaged by scanning, couriers should seek advice from the appropriate Principal Security Adviser prior to departure. b. If challenged by airport security staff. (1) If asked by airport security staff to open the briefcase, the MOD officer should explain, discreetly, that it contains official documents carried in pursuit of HMG business; to avoid public recognition as a MOD official and to avoid the material carried being compromised, the courier may ask for any search to be conducted in private. The briefcase may be opened and the MOD Form 924 offered as confirmation. (2) The sealed package should not be opened except in the presence of senior security staff and then only sufficient to display the nature of the contents, eg papers; uncleared persons must not be allowed to read or otherwise study sensitive material. (3) Airport security staff should be asked to assist the officer, as necessary, in resealing any package opened at their insistence. c. Return journeys. Similar arrangements are to be made where material has to be returned by hand. Officers carrying protectively marked material should inform the appropriate Principal Security Adviser's staff, through their local security officer, of any difficulties encountered when following the procedures outlined above. Note: The advice contained in this paragraph applies also to ferry journeys between Great Britain mainland and Northern Ireland, where similar checks may be made at departure points. JSP 440 Volume 1 Issue 2 4-45 RESTRICTED RESTRICTED Defence Manual of Security Carriage of official documents by officials travelling overseas 04123. Normally, documents marked CONFIDENTIAL or above required by an official after arrival overseas should be dispatched in advance, allowing adequate time for their arrival. The DCS is responsible for the movement of all MOD material marked CONFIDENTIAL and above overseas. This service must be used except in very exceptional cases which require clearance from the appropriate Principal Security Adviser. Exceptional circumstances DO NOT extend to TOP SECRET material. Under no circumstances may IDO accountable documents, eg those bearing COSMIC and/or ATOMAL markings be personally carried overseas. Where it is not practical to make use of the service offered by DCS, the appropriate Principal Security Adviser must be contacted, allowing 7 days notice. After confirmation by DCS that the task cannot be met by an official defence courier, the application will be endorsed and forwarded to the Foreign and Commonwealth Office for issue of a single journey casual courier passport. 04124. Except where specifically stated, paragraphs 04126-04148 do not apply to RESTRICTED documents. 04125. When travelling overseas: a. Officers should try to remain inconspicuous. b. Documents should be carried in a sturdy dual combination locked commercial type briefcase. Prohibited items listed in para 1 of Annex N must not be carried. Note: When RESTRICTED material is carried abroad, a briefcase meeting the specifications as described above must be used. 04126. Memoranda or minutes of the Cabinet and its committees or of Ministry of Defence committees (including committees of the Chiefs of Staff), whatever their protective marking, may not normally be taken or sent out of the country. If it is essential for such papers to leave the country, permission should be sought as follows: a. For Cabinet and Cabinet committees. Through Secretary of State for Defence (Private Office) for documents handled by them (ie cabinet and Ministerial committee documents and the documents of official committees where Ministry of Defence representation is at Defence Council level), and direct from the private secretary to the secretary of the Cabinet for all other official committee documents. b. For Ministry of Defence committees. Through the secretary of the committee concerned. In no circumstances may Cabinet conclusions be taken or sent out of the country. 04127. Except when ministers or senior officials are travelling with a group of colleagues in British controlled transport to or from meetings in territories of countries JSP 440 Volume 1 Issue 2 4-46 RESTRICTED RESTRICTED Control and Carriage of Protected Documents presenting a special security risk (see Annex C), in no circumstances will permission be given for the personal carriage of protectively marked documents (including RESTRICTED) across the borders of, within, or over, such countries. 04128. In all cases where documents marked CONFIDENTIAL or above are taken overseas, a list of the documents must be left with the dispatching establishment, a copy being held with the documents in the container carried by the courier. The establishment originating the consignment should also give notice, to the office to which the material is addressed, of the courier's travel arrangements, so that undue delay in delivery can be notified to the originating establishment for immediate investigation. Carriage of protectively marked documents to non-NATO countries by casual couriers possessing diplomatic immunity conferred by the Foreign and Commonwealth Office 04129. Where documents are required at destinations in Non-NATO countries, every possible effort should be made to send them in advance through normal channels. Because of the additional risks entailed when carrying protectively marked documents to/from such countries by hand, Defence Courier or Queens Messenger Services should be employed where transmission in advance is not practical. Only where these services cannot meet delivery will personal carriage by staff be entertained. 04130. Written authority from the appropriate Principal Security Adviser on behalf of the PUS, is required in respect of all applications for authority to carry protectively marked material as a casual courier possessing diplomatic immunity. Authority will only be granted to officers or senior non-commissioned officers of the Services or established officials not below Administrative Officer grade, who are UK based and citizens of the United Kingdom or Commonwealth and have been vetted at the appropriate level. 04131. Applications for the personal carriage of protectively marked documents overseas, signed by the head of establishment, should be submitted IN DUPLICATE in the form shown at Annex E to this chapter to reach the appropriate Principal Security Adviser at least 7 working days before the start of the journey abroad. Applications will be referred as a matter of routine to the DCS and only forwarded to the Foreign and Commonwealth Office for their action where the former confirms that neither they nor the Queen's Messenger Service can assist. 04132. Subject to authority granted by the appropriate Principal Security Adviser, the officer who is to act as casual courier will be required to report, with the documents to be carried, to the Communications Department of the Foreign and Commonwealth Office. The courier will be briefed for the journey and provided with a special courier's passport and "diplomatic way-bill" valid for one journey only; the documents will be sealed in a diplomatic bag. The officer must be in possession of a valid British passport and visas necessary for the journey. These documents, and the properly constituted diplomatic bag, provide the courier with inviolability and immunity from JSP 440 Volume 1 Issue 2 4-47 RESTRICTED RESTRICTED Defence Manual of Security any form of arrest or detention in the country of his destination abroad and in any other countries he may pass through en route in accordance with international agreement. The diplomatic bag may not be opened, examined (eg by airport scanner) or detained by foreign authorities en route; in case of difficulty the local British representative must be contacted. However, the privilege of diplomatic immunity must not be abused by also carrying prohibited items in the diplomatic bag with protectively marked documents. A list of prohibited items is given at para 1 of Annex N. 04133. Where it is essential for ministers or senior officials (normally members of the Defence Council) travelling abroad to have access to official papers during the journey, the appropriate Principal Security Adviser should be asked to make arrangements with the Foreign and Commonwealth Office for the documents to be carried in a locked and labelled pouch or briefcase instead of in a sealed bag. (Whatever the destination, such exceptions require personal authorization by the PUS.) The requirement should be indicated when submitting a request to the appropriate Principal Security Adviser in accordance with para 04130. Note: The reading of protectively marked papers during journeys, whether in the United Kingdom or abroad, is essentially insecure; not only may documents be overlooked and/or mislaid but once they are out of the pouch or bag, a foreign customs officer may attempt to inspect and possibly seize them. Carriage of protectively marked documents to NATO countries by casual couriers not possessing diplomatic immunity 04134. Where documents are needed in NATO countries at very short notice, the appropriate Principal Security Adviser may exceptionally, at their discretion and subject to the restrictions at paras 04125-04128 above, waive the need for diplomatic immunity and authorize the carriage of UK or IDO (non-accountable) documents marked CONFIDENTIAL or SECRET. Applications seeking authorization of casual couriers within these constraints, signed by the head of establishment should be sent (in the form shown at Annex E to this chapter) to the appropriate Principal Security Adviser at least 7 working days before the start of the journey abroad. Sector security authorities, at 1 star level or above, may delegate to nominated HOEs/COs authority to waive the need for diplomatic immunity, and to authorize carriage of such documents by staff subject to the restrictions at paras 04125-04128. 04135. Provided the journey does not involve travel through, to or over countries presenting a special security risk, officers may carry UK and IDO RESTRICTED documents without formal documentation as a casual courier. The documents must, however, be carried in a sturdy dual combination locked commercial type briefcase. 04136. Before authorizing carriage of documents to NATO countries with waiver of diplomatic immunity, the authorizing officer should: a. Establish that it is essential for the document(s) to be taken out of the United Kingdom for use at a meeting in a NATO country. JSP 440 Volume 1 Issue 2 4-48 RESTRICTED RESTRICTED Control and Carriage of Protected Documents b. Seek confirmation from the Foreign and Commonwealth Diplomatic Bag Service and the DCS that the documents cannot be consigned through their channels to reach the destination in time. c. Ensure that the officer nominated is cleared for access to the information carried. Authority to carry documents must be provided in writing (see para 04139) and be issued only by, or on behalf of, the appropriate Principal Security Adviser (see para 04134). 04137. The officer may be authorized to travel to or through the following countries, and to no others: Belgium Canada Denmark France Germany Greece Iceland Italy Luxembourg Netherlands Norway Portugal Spain Turkey United States 04138. To reduce security hazards the preferred method of travel is by United Kingdom Service or civil aircraft. However aircraft of one of the countries listed in para 04137 may be used. SECRET documents are not to be carried on foreign airlines unless authority to do so has been granted by the appropriate Principal Security Adviser. The Authorizing Officer should always select practicable means of travel with due regard to the current threat of hijacking of aircraft (see paras 04146 ­ 04148 and Annex I). 04139. Authorization under these rules must be in the form of Annex F, prepared in duplicate, and signed by an officer to whom powers have been delegated by the appropriate Principal Security Adviser (normally not below the rank of Assistant Secretary or 1 star equivalent). The duplicate copy of each authorization should be retained by the establishment security officer and made available for inspection by security staff. Officers intending to carry documents must be issued with a set of instructions, as detailed in Annex G, and must certify in writing, as in Annex H, that they have read and understood them before departure. 04140. Authorization for carriage under the rules set out in this section is limited solely to the transmission of UK, non-accountable NATO CONFIDENTIAL and SECRET documents and UN documents (See Annex L). Documents bearing additional markings should not be carried without reference to the appropriate Principal Security Adviser or to the delegated officer. Provided the journey does not involve travel through, to or over any non-NATO countries, UK and NATO RESTRICTED JSP 440 Volume 1 Issue 2 4-49 RESTRICTED RESTRICTED Defence Manual of Security documents may be carried without authority. Such documents must, however, be carried in a sturdy dual combination locked commercial type briefcase. The personal carriage of documents protectively marked UK or NATO CONFIDENTIAL or SECRET to non-NATO countries and the carriage of UK TOP SECRET material overseas to NATO and non-NATO countries, must be in accordance with para 0412904133. Guidance on the international transmission of accountable material, eg, that bearing marking, ATOMAL, COSMIC and WEU, is contained in Section IV of this Chapter. These rules generally prohibit personal hand carriage, recommending official transmission via the controlling authority concerned. Further details will be found in the appropriate instructions or by contacting the relevant controlling office. Two copies of the list of documents to be carried must be prepared one to be retained in the establishment and the other packed with the documents. 04141. Documents must be carried under cover. The cover, securely sealed in accordance with the rules contained in Section II, must be addressed to the officer himself care of his destination. The cover must bear the reference number of the Certificate of Authorization (Annex F), the departmental stamp and the signature of the officer who signed the Authorization Certificate. The package must be carried in a sturdy dual combination locked commercial type briefcase or similar container of a type meeting the approval of the relevant security regulations. 04142. Authority under these rules will be given only in respect of documents required at a meeting, subject to the conditions addressed in paragraph 04138. Agreements on security with other countries generally provide that protected information may only be exchanged on a Government-to-Government basis or between international organisations concerned. Protectively marked documents should, therefore, not be handed directly to representatives of overseas firms but where necessary, released to a Government Department of the country concerned, or to the local British Embassy or High Commission, for onward transmission. Receipts should be obtained where necessary. 04143. On conclusion of a visit and whenever practicable, documents should be returned to the United Kingdom by diplomatic bag through the local British Embassy, High Commission or Consular Office. If personal hand carriage is necessary on the return journey, the carrier must be provided, before the outward journey, with the necessary documents, - ie, spare envelope(s) bearing the same reference number, stamp and signature as used on the outward journey and materials for resealing the package(s). The return journey must also be noted in the original authorization. Note: Where an officer (who is not a casual courier) attends a meeting overseas and has reason to believe he/she may be required to bring back protectively marked documents to the United Kingdom, the officer should arrange with the British Embassy, High Commission or Consular Office for his/her documentation as a casual courier. Facilities for sealing the documents should be sought, and a sturdy dual combination lock commercial type briefcase or other suitable official container used to transport the documents to the UK. 04144. On return the casual courier should personally verify with the officer holding the duplicate lists of material removed that all documents have been returned or receipts JSP 440 Volume 1 Issue 2 4-50 RESTRICTED RESTRICTED Control and Carriage of Protected Documents obtained. The casual courier should also send his Authorization Certificate to his security officer. Any incidents of possible security significance that occurred during the journey should be reported to the security officer. 04145. Under no circumstances should a NATO Travel Order be used as authority to carry protectively marked documents overseas. Precautions against hijacking 04146. Where HOE have been given the authority to authorize members of their staffs to act as casual couriers of documents to, or through the countries listed in para 04140, due regard must be given to the threat of hijacking of aircraft. This requires the exercise of judgement on each occasion, weighing the necessity for personal carriage of each document against the risks entailed. 04147. Any difficulties arising out of the implementation of para 04146 should be referred to the appropriate Principal Security Adviser. 04148. Because of precautions taken by airline authorities, both at home and overseas, to minimise the hijacking of aircraft on international flights the additional instructions in Annex I should, until further notice, be issued to officers acting as casual couriers. Carriage of protectively marked material overseas by Service personnel acting as Casual Couriers during emergency operations 04149. It is recognised that there are times when protectively marked material is required urgently in an operational non-NATO theatre and the Services needs cannot be met by the use of the DCS or the QMS of the FCO. An example of this is the nonotice deployment of aircraft/ships/support personnel in an out of area operation to non-NATO countries. 04150. Only in such exceptional circumstances may Sector security staff authorise, at their discretion, an officer to carry material protectively marked up to SECRET without diplomatic immunity. Where descriptors, codewords or caveats are included in the marking then the approval of the appropriate Principal Security Adviser (at the appropriate level) should be sought. Such Casual Couriers travelling under this facility may be subject to Customs and security checks. 04151. Casual Couriers must not carry NATO documents to the following countries without the permission of the appropriate NATO authority: Australia Japan Switzerland JSP 440 Volume 1 Issue 2 4-51 Austria Sweden New Zealand RESTRICTED RESTRICTED Defence Manual of Security Countries with special security risks 04152. Casual couriers should not be used to carry protectively marked material to the following countries unless authorised by the Director/Head of the appropriate Principal Security Adviser and then only if all efforts to secure diplomatic immunity for the proposed courier has failed. Afghanistan Cuba Lebanon Russia Ukraine Belarus Iran Libya Sudan Vietnam China (inc Hong Kong SAR, Tibet and Macao) Iraq North Korea Syria Yugoslavia (Serbia and Montenegro) Note: Travel by the airlines of the above countries should be avoided where possible but may be allowed after due consideration of the risks which may attract to the courier as well as the material he/she is carrying. 04153. PSyA staff should check with the FCO for the latest travel advice on all countries before authorisation is given. The Casual Courier should also be briefed on the dangers of hijacking and given a copy of the guidance at Annex I. 04154. PSyA staff must ensure that the Casual Courier is: a. Cleared for access to the material carried; b. Issued with instructions (Annex G) which he/she should certify as having read and understood; c. Carrying a written authorisation in the form of Annex F; and d. Provided with a list of documents to be carried. A second copy should be retained by the ESyO/USO/BSO. Return to the UK 04155. On return the Casual Courier should personally verify with the officer holding the duplicate list of material removed that all documents have been returned or receipts obtained. Removal of protectively marked documents between official premises during office relocation 04156. Normally branches will be relocated under arrangements whereby a contractor and its staff who are cleared to handle up to and including SECRET will be involved. Such relocations will in all likelihood also involve the movement of office furniture, ordinary and security containers and computer equipment. Documents up to and including SECRET should be moved in accordance with the details shown below; the JSP 440 Volume 1 Issue 2 4-52 RESTRICTED RESTRICTED Control and Carriage of Protected Documents movement of TOP SECRET and other documents where only bags and small boxes are involved is covered at para 04157. a. RESTRICTED, CONFIDENTIAL and SECRET documents should be packed in crates (to be supplied by contractors with lids which have holes in capable of being fastened by the use of plastic ratchet ties). Plastic ratchet ties, which can be removed only by cutting, with a tag showing a serial number, should be used. A list of the contents of each crate is to be maintained, detailing RESTRICTED, CONFIDENTIAL and SECRET material. The serial numbers on each tie should be noted before and after shipment, to ensure that tampering has not taken place. In the event of evidence of tampering and possible compromise having taken place, the appropriate Principal Security Adviser should be notified in accordance with sub para l below. b. A list containing details of consignment (as required by sub-para 04156a above) should be sent either in advance to the final destination, or given in a sealed envelope to the driver or crew of the commercial vehicle with instructions to hand it over to the staff at the delivery point. c. Driver and crew should be given no indication of the protective marking or subject of the items. d. Stick-on labels giving details of contents and protective markings must not be used. e. During loading and unloading, staff must ensure that crates containing protectively marked documents are not left unsupervised. f. Where possible, the transmission of documents is to be completed in one move and vehicles must be manned at all times. When an overnight stop is involved, vehicles must be parked on guarded premises subject to prior MOD approval. g. Driver and crew should be advised if any crates include fragile items ie computers, etc. (The appropriate Sector IT security staff should be consulted regarding relocation of computers). h. Vehicles must have secure cargo areas where the only form of entry is through lockable doors. Rear doors (ie main access to secure cargo area) of vehicles are to be locked with an approved security padlock or with a good quality padlock. Advice on locks and padlocks can be obtained from the appropriate Sector security staff. Arrangements should be made to ensure that one key is held by the relevant MOD officials at both the sending and receiving points of the journey, unless the load is escorted by MOD staff, who are insured to travel in the commercial vehicle. JSP 440 Volume 1 Issue 2 4-53 RESTRICTED RESTRICTED Defence Manual of Security i. The driver is to be given a contact number to alert a relevant area in MOD capable of organising remedial action in the event of a breakdown. j. Separate instructions should be given to the driver on action to be taken in the event of a traffic accident, or emergency. The instruction should identify circumstances in which the vehicle may be unloaded and action to be taken to record the transfer of crates, etc. k. The guard Forces at both the pickup and delivery points should be informed of the crew and vehicle details and time of departure and arrival. l. Contents to be checked by staff on arrival, or as soon as possible and to advise the appropriate Principal Security Adviser if a compromise has taken place. Further detailed advice on the above can be obtained from the appropriate Principal Security Adviser at an early stage. 04157. Branches that have quantities of TOP SECRET, ATOMIC or other documents requiring special handling must send them separately through the DCS or by MOD Mail Service (MMS). DCS/MMS will also move bags or boxes containing documents marked up to SECRET provided the weight of each bag or box does not exceed 15Kg. Documents will be moved on existing routes although special tasks can be undertaken with prior consultation. Homeworking 04158. Homeworking is defined as the use of a person's home as their normal place of work and requiring access to/retention of official information. It is often described as working from home. It should not be confused with working at home, which is the term used to describe something which is strictly on a temporary basis eg during transport disruptions or for overnight working (see para 04113). 04159. Homeworking entails special security risks and will only be allowed following consideration, on a case by case basis by line management, the appropriate personnel management authority and Sector security staff. 04160. The specific security rules which apply to homeworking are shown at Annex M. JSP 440 Volume 1 Issue 2 4-54 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION IV SPECIAL MARKINGS 04161. Only those with a need to know, or need to hold, should have access to protectively marked information. When it is necessary to provide additional protection by reinforcing the "need to know" principle, special markings that restrict access should be used, normally in conjunction with a protective marking. Special markings consist of: a. National caveats. National caveats exist for the additional protection of certain types of protectively marked UK material, eg UK EYES ONLY, CANUKUS EYES ONLY. Definitions of these and other recognized caveats, and advice on their use, are given in Chapter 16. b. Descriptors. Descriptors help to implement the "need to know" principle by indicating the nature of the asset's sensitivity and the need to limit access accordingly. A list of MOD descriptors is at Annex J. c. Additional markings. Additional markings may be required to ensure the special handling of some material to indicate particular aspects of ownership, issue or release, eg Compartmented or Codeword material. Further information concerning Compartments, Codewords and nicknames are at Annex K. d. International defence organisation (IDO) markings. IDOs, eg the North Atlantic Treaty Organisation (NATO) and the Western European Union (WEU) and their member nations, use similar protective markings, known as classifications, to the UK and prefixed NATO or WEU as appropriate. Further details are at Annex L. JSP 440 Volume 1 Issue 2 4-55 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4-56 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX A TO CHAPTER 4 EXAMPLE OF MOD F 672 MOD Form 672 Record of Protectively Marked Documents (TOP SECRET and SECRET) contained in:File Number This card should be kept on the LEFT hand side of the file as the top enclosure. Encl. No. Document Reference No. Date of Document Copy No. Protective Marking Date of Downgrading Note: The reverse of the form is also ruled in columns as above. JSP 440 Volume 1 Issue 2 4A-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 4A-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 1 TO ANNEX A TO CHAPTER 4 EXAMPLE OF MOD F 171 MOD FORM 171 Part 1 - Request for Downgrading of Protectively Marked Documents To: From: It is requested that authority be given for the downgrading of the documents listed overleaf. If downgrading is agreed, please state new protective marking in column (e); otherwise insert "No change". Date........................... Signature.................................... JSP 440 Volume 1 Issue 2 4A-1 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Part 2 - Authority to Downgrade Protectively Marked Documents To: From: Please note that the documents listed below should now be graded as shown in column (e) (a) (b) (c) (d) (e) Reference No. Description (i.e. File, letter, report etc.) Date Present protective marking Revised protective marking Date..................... Signature....................................... Grade............................. JSP 440 Volume 1 Issue 2 4A1-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 2 TO ANNEX A TO CHAPTER 4 Serial No: Original MOD Form 924 Authority for and notification of the removal of documents marked CONFIDENTIAL and above from official premises to destinations in the United Kingdom Before completing this form, read the relevant paragraphs of DMS Vol 1, and the notes on the cover of this pad. Part A: Authorising officer Officer's name: Rank/grade: Branch: Part B: Destination, date(s) and reason for removal of documents The documents listed at Part C are to be removed to on for the purpose of Part C: Documents removed Reference of document/file Last encl/minute numbers (files only) (b) (a) (c) Protective marking Part D: Authority to remove documents Authority is given to remove the documents listed at Part C from official premises for the reason stated at Part B. The officer named in Part A is aware that the documents removed must be carried in accordance with current security regulations and remain in his/her custody at all times unless placed in secure storage under officially approved arrangements. Signature Name (Block letters) Date Head of Establishment Part E: Certificate of return of documents JSP 440 Volume 1 Issue 2 4A2-1 RESTRICTED RESTRICTED Defence Manual of Security Serial No: Duplicate MOD Form 924 Authority for and notification of the removal of documents marked CONFIDENTIAL and above from official premises to destinations in the United Kingdom Before completing this form, read the relevant paragraphs of DMS Vol 1, and the notes on the cover of this pad. Part A: Authorising officer Officer's name: Rank/grade: Branch: Part B: Destination, date(s) and reason for removal of documents The documents listed at Part C are to be removed to on for the purpose of Part C: Documents removed Reference of document/file (a) Last encl/minute numbers (files only) (b) Protective marking (c) Part D: Authority to remove documents Authority is given to remove the documents listed at Part C from official premises for the reason stated at Part B. The officer named in Part A is aware that the documents removed must be carried in accordance with current security regulations and remain in his/her custody at all times unless placed in secure storage under officially approved arrangements. Signature Date Name (Block letters) Head of Establishment Part E: Certificate of return of documents (Duplicate only) I certify that all documents listed at Part C were returned to the office on Signature Name (block letters) Branch date JSP 440 Volume 1 Issue 2 4A2-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX B TO CHAPTER 4 OFFICE SECURITY CHECK SHEET Room...................... Month...................... The undersigned certifies that: 1. All security containers are securely locked and security keys mustered. 2. No protectively marked papers, waste, security keys, computer media or other protected material has been left accessible to unauthorised persons. 3. All photocopiers, computers and facsimile machines have been switched off, hard disks removed (if applicable) and power supplies secured. Date Time Signature Date Time Signature Completed forms should be returned to the establishment security officer. JSP 440 Volume 1 Issue 2 4B-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4B-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 1 TO ANNEX B TO CHAPTER 4 SPOT CHECK REPORT Establishment......................... 1. Date and Time ............................. checking started I selected the following documents at random from the protected document register (PDR)(MOD F 102), file index etc, for checking in accordance with DMS Vol 1 Chapter 4. Loose documents (as distinct from files/folders - see para 2 below) together with any annexes and appendices were checked for completeness. PDR serial No (i) a. b. c. d. e. f. Doc ref Doc date Protective marking (iv) Location of doc (if held, quote file no) (v) Remarks # Serial (ii) (iii) (vi) 2. Of the files/folders listed above, I checked the TOP SECRET and SECRET contents of the following, page by page and against the entries on the minute or inventory sheets. a. ________________________________________________________________ b. ________________________________________________________________ c. ________________________________________________________________ 3. In the course of my check I found: * No irregularity/difficulty. * Irregularities/difficulties which are the subject of the report overleaf. Date and time check completed.......................................Signed............................................. Rank/Grade..................................................................Name in Capitals.............................. JSP 440 Volume 1 Issue 2 4B1-1 RESTRICTED RESTRICTED Defence Manual of Security Notes: 1. 2. A spot check should cover all PDRs. If a document or receipt is produced insert "Seen", if not, insert "Not Seen" and report action taken overleaf. 3. * Delete as appropriate. 4. No other record of this check should be made either on the documents themselves or in any supporting register or index/inventory. JSP 440 Volume 1 Issue 2 4B1-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX C TO CHAPTER 4 TRANSMISSION OF PROTECTED DOCUMENTS General 1. These instructions provide guidance for the transmission of all types of protected and unclassified documents except: a. ATOMIC, COSMIC, ATOMAL, FOCAL, CRYPTOGRAPHIC and STRAP material; b. Cabinet/Ministerial committee documents; c. Documents subject to special handling arrangements notified separately to those with a need to know. Note: Envelopes, packages, etc, reaching the mail room which do not comply with instructions in this Annex will be returned to the originator. If necessary, mail will be opened to identify the originator. 2. The instructions are broken down by security protection, and destination as follows: Protective Destination Marking TOP SECRET Appendix 1 SECRET Appendix 2 Section I Appendix 2 Section II Appendix 2 Section III Appendix 2 Section IV Appendix 2 Section IV CONFIDENTIAL Appendix 3 Section I Appendix 3 Section II Appendix 3 Section III Appendix 3 Section IV Appendix 3 Section IV RESTRICTED/ UNCLASSIFIED Appendix 4 Section I Appendix 4 Section II Appendix 4 Section III Appendix 4 Section IV Appendix 4 Section IV Within the same location or to another listed location inc OGDs To Embassies and High Commissions in Central London To other postal addresses in the UK excluding Northern Ireland To diplomatic posts abroad To other addresses overseas and to Northern Ireland Appendix 1 Appendix 1 Appendix 1 Appendix 1 JSP 440 Volume 1 Issue 2 4C-1 RESTRICTED RESTRICTED Defence Manual of Security Note: For transmission purposes CRYPTOSECURITY documents and cypher logs are always to be treated as TOP SECRET and sent under cover of MOD Form 488 (see Appendix 1). Use of Defence Mail Service 3. The Defence Postal and Courier Service (DPCS) operates a dedicated mail service to a number of Service and civilian organisations throughout the country. The majority of these locations are organised in a manner that allows simplified procedures to be followed when despatching protected documents to them. Details of the locations served by the Defence Mail Service, indicating those between which transmission of SECRET and CONFIDENTIAL is permissible using a single envelope (without protective marking), is published periodically in JSP 367 to which despatching organisations should refer. Advice on the latest list can be obtained from the DPCS. Use of the Diplomatic Bag for Transmission of Material to Diplomatic Posts Overseas 4. Rules for preparation of mail for despatch via diplomatic bag are described in paras 04097 - 04101. In all cases, mail must be addressed as detailed in Appendices to this Annex. 5. All mail originating from DIS branches (with a protective marking of CONFIDENTIAL and above) addressed to diplomatic posts abroad MUST be despatched by diplomatic bag. 6. All official mail, (other than unclassified publicity and information material) for diplomatic posts in the following countries is also to be sent by diplomatic bag: Afghanistan Albania Belarus Bulgaria Cambodia Cuba Iran Iraq Laos Libya Mongolia North Korea Romania Russia (The Federation) South Africa Syria Ukraine Vietnam Envelopes containing TOP SECRET or SECRET material addressed to these locations are to be transmitted in Keepsafe envelopes or sealed, if still available, with high security tape; similarly addressed parcels and packages must be wafer-sealed (see para 04077). JSP 440 Volume 1 Issue 2 4C-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Unreliable Postal Services 7. Detailed information on current rules for transmission of RESTRICTED or Unclassified mail via diplomatic bag, eg to countries with unreliable postal services, is provided by DCS in JSP 367. JSP 440 Volume 1 Issue 2 4C-3 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4C-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 1 TO ANNEX C TO CHAPTER 4 TRANSMISSION OF TOP SECRET DOCUMENTS FROM ANY MOD OR SERVICE LOCATION IN THE UK TO ANY ADDRESSEE WARNING 1. TOP SECRET documents must never be transmitted through Post Office or other non-official channels. They must travel hand-to-hand, receipted. 2. TOP SECRET documents must never be over-covered so that their protective marking is obscured. 3. For transmission purposes, CRYPTOSECURITY material and cypher logs are always to be treated as TOP SECRET. 4. Where IDO material is to be transmitted, the marking "COSMIC" or "FOCAL" (as appropriate) is to be inserted on MOD Form 488 to appear in front of the marking TOP SECRET. 5. Approval must be obtained from InfoSy(Industry)1 or Command HQs before TOP SECRET documents are transmitted to a foreign or Commonwealth-based defence contractor. 6. TOP SECRET documents are only to be sent to private addresses in exceptional circumstances and with specific permission from PUS. They are not to be sent to addresses where foreign servants are employed or where there is no suitable container in which to keep them (see paras 04093 - 04094). 7. Envelopes or packages, etc, in transit must never be left unattended. 8. Use of Keepsafe security envelopes is permitted. Preparation for Normal Despatch 1. Select one unused envelope of suitable size and apply a legible stamp identifying the despatching organisation, eg. a branch stamp. JSP 440 Volume 1 Issue 2 4C1-1 RESTRICTED RESTRICTED Defence Manual of Security 2. Prepare MOD Form 488 (special TOP SECRET label), addressing it personally to an officer by name or appointment and correct address. Include the reference and date of origin of the document to be enclosed. 3. For addresses within approved locations served by the Defence mail service (see para 3 of Annex C), the address must include the building and room number (for locations outside London, the name of the town/city should also be included). The post code must not be included. 4. For diplomatic posts abroad, Service and international organisations served by BFPO numbers, include the words: "c/o LCT, BFPO 1000". 5. For all addressees overseas, add the words "Certified Official", this being endorsed by an authorising officer. 6. For ships in UK or overseas ports or waters, include the words: "HMS ...., c/o BFPO 999." 7. If the document bears a National caveat, eg "UK EYES ONLY", this must not appear on the label; the label must be addressed "Exclusive to" the addressee by name and appointment. 8. Prepare receipt (MOD Form 24) and insert, with the document, into the envelope and proceed as follows: a. Unused envelope: affix MOD Form 488 already prepared to the envelope and seal in accordance with Appendix 5; or b. Keepsafe security envelope: affix MOD Form 488 already prepared to the envelope flap and seal in accordance with para 04073. Note: Parcels, packages, etc, must be sealed using wafer seals (see para 04077). Normal Despatch 9. Sealed envelopes are to be conveyed by hand to the central registry, where they will be recorded and inserted in an outer cover for further transmission. The carrier is to give and take timed receipts (MOD Form 32) bearing the despatcher's room number and stamp. JSP 440 Volume 1 Issue 2 4C1-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Despatch using Locked Pouches, etc 10. Locked pouches, etc, are to be sent direct by hand of carrier as described at para 2 above. Documents transmitted in a locked pouch or box need not be enveloped unless recipient is to forward them to a third party; a receipt (MOD Form 24 or equivalent - see para 04078) is to be attached to each loose TOP SECRET document to be placed in the pouch; the pouch is to be addressed to the intended recipient personally by name and/or appointment. (Key-holders are responsible for onward transmission (taking appropriate safeguards) of any documents received which are not of their concern). JSP 440 Volume 1 Issue 2 4C1-3 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4C1-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 2 TO ANNEX C TO CHAPTER 4 TRANSMISSION OF SECRET DOCUMENTS SECTION I TRANSMISSION WITHIN MOD OR SERVICE BUILDINGS/SITES OR BETWEEN APPROVED LOCATIONS (INCLUDING OTHER GOVERNMENT DEPARTMENTS) SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) WARNING 1. Envelopes or packages in transit must never be left unattended. 2. Mail to other Government departments in Central London not served by the Defence mail service (see para 3 of Annex C) should be despatched in accordance with Section III. Preparation for Normal Despatch 1. If the document is to be sent outside the building/site, prepare and affix a receipt (MOD Form 24) (see para 04078). 2. Select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp). 3. Address the envelope/package by name and/or appointment/branch plus room number and building/establishment. For locations outside central London, the address should include the appropriate town, eg. Royal Military Academy, Woolwich. The postcode must not be included. 4. If the document bears a National caveat, eg. "UK EYES ONLY", the envelope is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope, etc. 5. The security marking of contents must not be shown on the envelope/package; descriptor markings, eg. "STAFF" may be shown. 6. Insert the document (and receipt if appropriate) and stick down the flap (or pack the document sticking down all seams). JSP 440 Volume 1 Issue 2 4C1-1 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 7. Mark envelope "Defence mail service only". Normal Despatch 8. Sealed envelopes or packages should be placed in the "out" tray for collection by transit services. Despatch using Locked Pouches, etc 9. Documents transmitted in a locked pouch or box, destined for an addressee outside the building/site, need not be enveloped unless the recipient is to forward them to a third party. A receipt (MOD Form 24 or equivalent (see para 04078) is to be attached to each loose SECRET document or set of documents to be placed in the pouch. The pouch is to be addressed to the intended recipient personally by name and/or appointment. (Key-holders are responsible for onward transmission (taking appropriate safeguards) of any documents received which are not of their concern). Pouches, etc should be conveyed by hand or despatched through normal transit services. JSP 440 Volume 1 Issue 2 4C2-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION II TRANSMISSION TO EMBASSIES AND HIGH COMMISSIONS IN CENTRAL LONDON SERVED BY THE DEFENCE MAIL SERVICE FROM APPROVED LOCATIONS ALSO SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) WARNING 1. Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 10. Prepare and affix a receipt (MOD Form 24) to the document. 11. Inner envelope/wrapping. Select one unused envelope (or unused wrapping) of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 12. Address the envelope/package by name and/or appointment/branch plus room number and name of Embassy/High Commission. If the document bears a National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 13. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "WEU" or "NATO" if the contents are so marked. 14. Insert the document (and receipt) and stick down the flap (or pack the document sticking down all seams). 15. Outer envelope/wrapping. Select a second unused envelope (or unused wrappings) and apply the address as at para 12 above. "PO Box 701, London WC2H 8BG" should be used as a return address; a branch stamp should not be used. 16. Insert the first envelope/package and stick down the flap (or pack sticking down all seams). 17. Mark envelope "Defence mail service only". JSP 440 Volume 1 Issue 2 4C2-3 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Normal Despatch 18. Sealed envelopes or packages should be placed in the "out" tray for collection by transit services. Despatch using Locked Pouches, etc 19. Documents transmitted in a locked pouch or box need not be enveloped unless the recipient is to forward them to a third party; a receipt (MOD Form 24 or equivalent - see para 04078) is to be attached to each loose SECRET document or set of documents to be placed in the pouch. The pouch is to be addressed to the intended recipient personally by name and/or appointment. (Key-holders are responsible for onward despatch (taking appropriate safeguards) of any documents received which are not of their concern.) Pouches, etc should be conveyed by hand or through normal transit services. JSP 440 Volume 1 Issue 2 4C2-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION III TRANSMISSION TO ADDRESSES IN THE UK OTHER THAN THOSE COVERED IN SECTION I & SECTION II OF APPENDIX 2 AND EXCLUDING NORTHERN IRELAND (SEE SECTION IV) FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING 1. Envelopes and packages containing SECRET material must be prepared for despatch by one of the following approved mail services: a. Parcelforce 10, 12 or 24 b. Special Delivery Service 2. SECRET documents are only to be sent to private addresses in exceptional circumstances and with specific permission from a Head of Establishment. They are not to be sent to addresses where foreign servants are employed or where there is no suitable container in which to keep them (see para 04093 - 04094). 3. Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 20. Prepare and affix a receipt (MOD Form 24) to the document. 21. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 22. Address the envelope/package by name and/or appointment/branch and full postal address. If the document bears a National caveat, eg. "UK EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 23. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "WEU" or "NATO" if the contents are so marked. 24. Insert the document (and receipt) and stick down the flap (or pack the document sticking down all seams). JSP 440 Volume 1 Issue 2 4C2-5 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 25. Outer envelope/wrapping. Select a second unused envelope (or unused wrappings). 26. For mail to official addresses, apply the address as at para 22 above. 27. For mail to private addresses, use a plain envelope; address by name without reference to rank, decorations, appointment, etc. 28. Insert the first envelope/package and stick down the flap (or pack sticking down all seams). Note: The outer envelope/wrapping must not bear any security markings, branch stamp, or other markings which might associate it with the Department. "PO Box 701, London WC2H 8BG" should be shown as the return address. 29. Mail for ships in UK ports or home waters should be addressed to "HMS....., c/o BFPO 999." 30. Mark the envelope/package with the appropriate approved mail service in the top left hand corner. Normal Despatch 31. Sealed envelopes or packages should be placed in the "out" tray for collection by transit services. JSP 440 Volume 1 Issue 2 4C2-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION IV TRANSMISSION TO DIPLOMATIC POSTS ABROAD, AND OTHER ADDRESSES OVERSEAS INCLUDING NORTHERN IRELAND FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING 1. In no circumstances may Post Office services be used for transmission of SECRET material to Northern Ireland or to other overseas locations. 2. Envelopes or packages in transit must never be left unattended. 3. SECRET material for foreign or Commonwealth Governments or their defence contractors may only be transmitted to those countries approved by the RMIPC, and then only via the appropriate British Diplomatic post. 4. Approval must be obtained from InfoSy(Industry)1/Command HQs before SECRET mail is sent (via the appropriate British Diplomatic post) to a foreign or Commonwealth-based defence contractor. 5. The appropriate MOD Form 189 (condition of release stamp) or statement of release (Annex C to Chapter 11 of JSP 440 Volume 1) must be firmly attached to each SECRET document sent to a foreign or Commonwealth Government, or defence contractor of that country. The prefix "UK" or, where appropriate, "NATO" or "WEU", should appear before the protective marking on the document. 6. The use of Keepsafe security envelopes is permitted. Preparation for Normal Despatch 32. Prepare and affix a receipt (MOD Form 24) to the document. In addition, a completed despatch Note (see Appendix 6) should be attached to documents intended for transmission to foreign or Commonwealth Governments or their defence contractors. Note 1: For the transmission of mail to foreign or Commonwealth Governments or their defence contractors (sent via the appropriate British Diplomatic Post), see para 42. Note 2: For the transmission of mail to British Defence Attaches/Advisers and to addresses in Northern Ireland, see para 33. JSP 440 Volume 1 Issue 2 4C2-7 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Note 3: For the transmission of mail to British officers or civilians serving in international organisations, see para 55. Note 4: see para 64. For the transmission of mail to HM Ships in overseas ports or waters, Mail to British Defence Attaches/Advisors, BDS Washington and BFPO addresses including Northern Ireland 33. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible stamp identifying the despatching organisation (eg a branch stamp) and the reference and date of origin of the document to be enclosed. 34. Address the envelope/package to the British Defence Attache/Adviser by name or appointment, with full address of the diplomatic post. For mail to Northern Ireland, address envelope as appropriate. 35. If the document bears a (composite) National caveat, eg "UK/US EYES ONLY", the envelope/package must be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelopment/package. 36. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 37. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 38. Insert document and receipt (MOD Form 24) and seal the flap and seams of the envelope with high security tape as described at Appendix 5. 39. 40. 41. If a Keepsafe security envelope is used - seal in accordance with para 04073. Packages - seal using wafer seals (see para 04078). Outer envelope/wrapping: a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). JSP 440 Volume 1 Issue 2 4C2-8 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (4) b. Despatch as described in para 76 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". NO protective marking is to appear on the envelope. (3) Insert inner envelope/package, seal the flap (or pack sticking down all seams). (4) Mark the envelope/package with the appropriate approved mail service (Parcelforce 10, 12 or 24 or Special Delivery Service) in the top left-hand corner. (5) Despatch as described in para 76 below. Mail to Foreign or Commonwealth Governments or their Defence Contractors (sent via the appropriate British Diplomatic Post) 42. First envelope/wrapping. wrappings) of a suitable size. Select one unused envelope (or unused 43. Address the envelope/package by name and/or appointment/branch and full postal address of the foreign or Commonwealth government. Apply the reference and date of origin of the document to be enclosed. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package must be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 44. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO", or "WEU" if the contents are so marked. 45. Insert the document and receipt (MOD Form 24) and despatch note (see Appendix 6). Do not seal the flap of the envelope; packages should be loosely secured, ie, do not stick down seams. 46. Second envelope/wrapping. Select a second unused envelope (or unused wrappings) of a suitable size. Apply a legible stamp identifying the despatching organisation (eg a branch stamp) and the reference and date of origin of the document to be enclosed. 47. Address the envelope/package to the British Defence Attache/Adviser by name or appointment, with full address of the diplomatic post. JSP 440 Volume 1 Issue 2 4C2-9 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 48. If the document bears a (composite) National caveat, eg "UK/US EYES ONLY", the envelope/package must be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 49. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 50. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 51. Insert first unsealed envelope/loosely secured package and seal the flap and seams of the envelope with high security tape as described at Appendix 5. 52. 53. 54. Keepsafe security envelope - seal in accordance with para 04073. Packages - seal using wafer seals (see para 04078). Third (outer) envelope/wrapping: a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert second envelope/package and seal the flap (or pack sticking down all seams). (4) b. Despatch as described in para 76 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope. (3) Insert second envelope/package, seal the flap (or pack sticking down all seams). (4) Mark the envelope/package with the appropriate approved mail service (Parcelforce 10, 12 or 24 or Special Delivery Service) in the top left-hand corner. (5) Despatch as described in para 76 below. JSP 440 Volume 1 Issue 2 4C2-10 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Mail to British officers or Civilians serving in International Organisations 55. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible stamp identifying the despatching organisation (eg a branch stamp) and the reference and date of origin of the document to be enclosed. 56. Address the envelope/package by name and appointment with postal address (as appropriate) as follows: Within SHAPE Within NATO Within SACLANT Within WEU "c/o UKNMR, SHAPE, BFPO 26" "c/o UK Delegation to NATO, (Brussels area) Brussels, BFPO 49" "c/o UKNLR to SACLANT, HMS SAKER, BFPO 2" "c/o British Embassy, Paris" 57. If the document bears a (composite) National caveat, eg "UK/US EYES ONLY", the envelope/package must be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 58. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO", or "WEU" if the contents are so marked. 59. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 60. Insert document and receipt (MOD Form 24) and seal the flap and seams of the envelope with high security tape, if still available, as described at Appendix 5. 61. 62. 63. If a Keepsafe security envelope is used seal in accordance with para 04073. Packages - seal using wafer seals (see para 04078). Outer envelope/wrapping: a. For mail emanating from approved locations served by the MOD mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). JSP 440 Volume 1 Issue 2 4C2-11 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (2) Apply legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal flap (or pack sticking down all seams). (4) b. Despatch as described in para 76 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope. (3) Insert inner envelope/package, seal the flap (or pack sticking down all seams). (4) Mark the envelope/package "Parcelforce 24" in the top lefthand corner. (5) Despatch as described in para 76 below. Mail to HM Ships in Overseas Ports or Waters 64. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible stamp identifying the despatching organisation and the reference and date of origin of the document to be enclosed. 65. Address the envelope by name and/or appointment to "HMS..." 66. If the document bears a (composite) National caveat, eg "UK/US EYES ONLY", the envelope/package must be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 67. Mark "SECRET" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO", or "WEU" if the contents are so marked. 68. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 69. Insert the document and receipt (MOD Form 24) and seal the flap and seams of the envelope with security tape as described at Appendix 5. JSP 440 Volume 1 Issue 2 4C2-12 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 70. 71. If a Keepsafe security envelope is used seal in accordance with para 04073. Packages - seal using wafer seals (see para 04078). 72. Outer envelope/wrapping. Select an unused envelope (or unused wrappings). Apply a legible stamp identifying the despatching organisation (eg. a branch stamp), and address to "HMS..., c/o BFPO 999". No protective marking is to appear on the envelope/package. 73. Insert inner envelope/package and seal the flap (or pack sticking down all seams). 74. Mark the envelope/package "Parcelforce 24" or "Defence mail service only" (if service available) in the top left-hand corner. 75. Despatch as described in para 76 below. Normal Despatch 76. Sealed envelopes or packages should be placed in the "Out" tray for collection by transit services or forwarded to registries or Defence mail service collection points. In locations where several establishments are served by a single collection point, An audit trail will be required between the establishments and the collection point. JSP 440 Volume 1 Issue 2 4C2-13 RESTRICTED RESTRICTED Control and Carriage of Protected Documents This page intentionally left blank JSP 440 Volume 1 Issue 2 4C2-14 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 3 TO ANNEX C TO CHAPTER 4 TRANSMISSION OF CONFIDENTIAL DOCUMENTS SECTION I TRANSMISSION WITHIN MOD OR SERVICE BUILDINGS/SITES OR BETWEEN APPROVED LOCATIONS (INCLUDING OTHER GOVERNMENT DEPARTMENTS) SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) WARNING 1. Envelopes or packages in transit must never be left unattended. 2. Mail to other Government departments in Central London not served by the Defence Mail Service (see para 3 of Annex C) should be despatched in accordance with Section III. Preparation for Normal Despatch 1. Select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp). 2. Address the envelope/package by name and/or appointment/branch plus room number and building/establishment. For locations outside central London, the address should include the appropriate town, eg. Royal Military Academy, Woolwich. The post code must not be included. 3. If the document bears a National caveat, eg. "UK EYES ONLY", the envelope is to be addressed "Exclusive to" and officer by name and appointment; the caveat must not appear on the envelope, etc. 4. The protective marking of contents must not be shown on the envelope, package. Descriptors, eg. "STAFF" may be shown. 5. Insert the document and seal the flap (or pack the document sticking down all seams). 6. Mark envelope "Defence mail service only". 4C3-1 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Defence Manual of Security Normal Despatch 7. Sealed envelopes or packages should be placed in the "out" tray for collection by transit services or forward to registries or mail collection points. Despatch using Locked Pouches, etc 8. Documents transmitted in a locked pouch or box need not be enveloped unless the recipient is to forward them to a third party; the pouch, etc, is to be addressed to the intended recipient personally by name and/or appointment. (Keyholders are responsible for onward despatch (taking appropriate safeguards) of any documents received which are not of their concern). Pouches, etc should be conveyed by hand or despatched through normal transit services. JSP 440 Volume 1 Issue 2 4C3-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION II TRANSMISSION TO EMBASSIES AND HIGH COMMISSIONS IN CENTRAL LONDON SERVED BY THE DEFENCE MAIL SERVICE FROM APPROVED LOCATIONS ALSO SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) WARNING 1. Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 9. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 10. Address the envelope/package by name and/or appointment/branch plus room number and name of Embassy/High Commission. If the document bears a National caveat, eg. "UK/US EYES ONLY" the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 11. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "WEU" or "NATO" if the contents are so marked. 12. Insert the document and stick down the flap (or pack the document sticking down all seams). 13. Outer envelope/wrapping. Select a second unused envelope (or unused wrappings) and apply the address as at para 10 above. "PO Box 701, London WC2h 8BG" should be used as a return address; a branch stamp should not be used. 14. Insert the first envelope/package and stick down the flap (or pack sticking down all seams). 15. Mark envelope "Defence mail service only". Note: The outer envelope/wrapping must not bear security markings. JSP 440 Volume 1 Issue 2 4C3-3 RESTRICTED RESTRICTED Defence Manual of Security Normal Despatch 16. Sealed envelopes or packages should be placed in the "out" tray for collection by transit services or forward to registries or mail collection points. Despatch using Locked Pouches, etc 17. Documents transmitted in a locked pouch or box need not be enveloped unless the recipient is to forward them to a third party. The pouch is to be addressed to the intended recipient personally by name and/or appointment. (Key-holders are responsible for onward despatch (taking appropriate safeguards) of any documents received which are not of their concern). Pouches, etc should be conveyed by hand or despatched through normal transit services. JSP 440 Volume 1 Issue 2 4C3-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION III TRANSMISSION TO ADDRESSES IN THE UK OTHER THAN THOSE COVERED IN SECTION I & II OF APPENDIX 3 AND EXCLUDING NORTHERN IRELAND (SEE SECTION IV) FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING 1. Parcels containing CONFIDENTIAL material must be prepared for despatch by Letter Post. Parcel post is not to be used. 2. CONFIDENTIAL documents are only to be sent to private addresses in exceptional circumstances and with specific permission from a head of establishment. They are not to be sent to addresses where foreign servants are employed or where there is no suitable container in which to keep them (see paras 04093 - 04094). 3. Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 18. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of suitable size and apply a legible stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 19. Address the envelope/package by name and/or appointment/branch and full postal address. 20. If the document bears a National caveat, eg. "UK EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 21. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "WEU" or "NATO" if the contents are so marked. 22. Insert the document and stick down the flap (or pack the document sticking down all seams). 23. Outer envelope/wrapping. Select a second unused envelope (or unused wrappings). JSP 440 Volume 1 Issue 2 4C3-5 RESTRICTED RESTRICTED Defence Manual of Security 24. For mail to official addresses, apply the address as at para 21 above. 25. For mail to private addresses, use a plain envelope; address by name without reference to rank, decorations, appointment, etc. 26. Mark the envelope/package "Letter Post" in the top left hand corner. 27. Insert the first envelope/package and stick down the flap (or pack sticking down all seams). Note: The outer envelope/wrapping must not bear security markings, branch stamp, or other marking which might associate it with the department. "PO Box 701, London WC2H 8BG" should be shown as the return address. 28. Mail for ships in UK ports or home waters should be addressed to "HMS..., c/o BFPO 999". Normal Despatch 29. Sealed envelopes or packages, etc, should be placed in the "out" tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C3-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION IV TRANSMISSION TO DIPLOMATIC POSTS ABROAD, AND OTHER ADDRESSES OVERSEAS INCLUDING NORTHERN IRELAND FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING 1. In no circumstances may Post Office services be used for transmission of CONFIDENTIAL material to Northern Ireland or to other overseas locations. 2. Envelopes or packages in transit must never be left unattended. 3. CONFIDENTIAL material for foreign or Commonwealth Governments or their defence contractors may only be transmitted to those countries approved by the RMIPC and then only via the appropriate British Diplomatic Post. 4. Approval must be obtained from InfoSy(Industry)1/Command HQs before CONFIDENTIAL mail is sent (via the appropriate British Diplomatic post) to a foreign or Commonwealth-based defence contractor. 5. The appropriate MOD Form 189 (Condition of Release Stamp) must be firmly attached to each CONFIDENTIAL document sent to a foreign or Commonwealth Government, or defence contractor of that country. The prefix "UK" or where appropriate, "NATO" or "WEU" should appear before the protective marking on the document. Preparation for Normal Despatch 30. Prepare and affix a completed despatch note (see Appendix 6) to documents intended for transmission to foreign or Commonwealth Governments or their defence contractors. Note: (1) For the transmission of mail to foreign or Commonwealth Governments or their defence contractors (sent via the appropriate British Diplomatic Post), see para 38. (2) For the transmission of mail to British Defence Attaches/Advisers and to addresses in Northern Ireland, see para 31. (3) For the transmission of mail to British officers or civilians serving in international organisations, see para 51. (4) For the transmission of mail to HM Ships in overseas ports or waters, see para 58. JSP 440 Volume 1 Issue 2 4C3-7 RESTRICTED RESTRICTED Defence Manual of Security Mail to British Defence Attaches/Advisers and BFPO addresses including Northern Ireland 31. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible branch stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 32. Address the envelope/package to the British Defence Attache/Adviser by name or appointment, with full address of the diplomatic post. For mail to Northern Ireland, address as appropriate. 33. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 34. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 35. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04100). 36. 37. Insert document and seal flap (or pack sticking down all seams). Outer envelope/wrapping: a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg. a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). b. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings.) (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). JSP 440 Volume 1 Issue 2 4C3-8 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (4) (5) Mark packages/letters "Letter Post". Despatch as described in para 65 below. Mail to Foreign or Commonwealth Governments or their Defence Contractors (sent via the appropriate British Diplomatic Post) 38. First envelope/wrapping. wrappings) of a suitable size. Select one unused envelope (or unused 39. Address the envelope/package by name and/or appointment/branch and full postal address of the foreign or Commonwealth Government. Apply the reference and date of origin of the document to be enclosed. 40. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 41. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 42. Insert document and despatch note (see Appendix 6). Do not seal the flap or the envelope; packages should be loosely secured, ie. do not stick down seams. 43. Second envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible branch stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 44. Address the envelope/package to the British Defence Attache/Adviser by name or appointment, with full address of the Diplomatic post. 45. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 46. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 47. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 48. 49. Insert first unsealed envelope/loosely secured package. Seal flap (or pack sticking down all seams). JSP 440 Volume 1 Issue 2 4C3-9 RESTRICTED RESTRICTED Defence Manual of Security 50. Third (outer) envelope/wrapping: a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert second envelope/package and seal the flap (or pack sticking down all seams). (4) b. Despatch as described in para 65 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert second envelope/package and seal the flap (or pack sticking down all seams). (4) (5) Mark packages/letters "Letter Post". Despatch as described in para 65 below. Mail to British Service Personnel or Civilians serving in International Organisations 51. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible branch stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 52. Address the envelope/package by name and appointment with postal address (as appropriate) as follows: Within SHAPE SHAPE,BFPO 26 Within NATO (Brussels area) c/o UKNMR c/o UK Delegation to NATO, Brussels, BFPO 49 JSP 440 Volume 1 Issue 2 4C3-10 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Within SACLANT Within WEU - c/o UKNLR to SACLANT, HMS SAKER, BFPO 2 c/o British Embassy, Paris 53. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 54. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 55. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 56. 57. Insert document and seal flap (or pack sticking down all seams). Outer envelope/wrapping. a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). (4) b. Despatch as described in para 65 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings.) (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "LCT, BFPO 1000". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). (4) (5) Mark packages/letters "Letter Post". Despatch as described in para 65 below. JSP 440 Volume 1 Issue 2 4C3-11 RESTRICTED RESTRICTED Defence Manual of Security Mail to HM Ships in Overseas Ports or Waters 58. Inner envelope/wrapping. Select one unused envelope (or unused wrappings) of a suitable size. Apply a legible branch stamp identifying the despatching organisation (eg. a branch stamp) and the reference and date of origin of the document to be enclosed. 59. Address the envelope/package by name and/or appointment to "HMS.....". 60. If the document bears a (composite) National caveat, eg. "UK/US EYES ONLY", the envelope/package is to be addressed "Exclusive to" an officer by name and appointment; the caveat must not appear on the envelope/package. 61. Mark "CONFIDENTIAL" boldly in red above and below the address; the protective marking should be prefixed "UK", "NATO" or "WEU" if the contents are so marked. 62. Mark the envelope/package "Certified Official", this being endorsed by an authorising officer (see para 04099). 63. 64. Insert document and seal flap (or pack sticking down all seams). Outer envelope/wrapping: a. For mail emanating from approved locations served by the Defence mail service (see para 3 of Annex C): (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp), and address to "HMS ...., c/o BFPO 999". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). (4) b. Despatch as described in para 65 below. For mail emanating from other locations: (1) Select an unused envelope (or unused wrappings). (2) Apply a legible stamp identifying the despatching organisation (eg a branch stamp) and address to "HMS...., c/o BFPO 999". No protective marking is to appear on the envelope/package. (3) Insert inner envelope/package and seal the flap (or pack sticking down all seams). (4) Mark packages/letters "Letter Post". 4C3-12 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents (5) Despatch as described in para 65 below. Normal Despatch 65. Sealed envelopes or packages should be placed in the out tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C3-13 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 4C3-14 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 4 TO ANNEX C TO CHAPTER 4 TRANSMISSION OF RESTRICTED DOCUMENTS SECTION I TRANSMISSION WITHIN MOD OR SERVICE BUILDINGS/SITES OR BETWEEN APPROVED LOCATIONS (INCLUDING OTHER GOVERNMENT DEPARTMENTS) SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) WARNING Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 1. Select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size, and apply a legible stamp identifying the despatching organisation (eg. a branch stamp). A transit envelope should not be used. 2. Address the envelope/package by name or appointment/branch plus room number and building/establishment. For locations outside central London, the address should include the appropriate town, eg. Royal Military Academy, Woolwich. The post code must not be included. 3. The protective marking (RESTRICTED) must not appear on the envelope/package; descriptors, eg. "STAFF" may be shown. (Alternatively, the term "to be opened by addressee only" may be used). 4. Insert the document and stick down the flap (or pack the document sticking down all seams). 5. Mark the envelope "Defence mail service only". 6. Method of despatch. Place in "out" tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C4-1 RESTRICTED RESTRICTED Defence Manual of Security SECTION II TRANSMISSION TO EMBASSIES AND HIGH COMMISSIONS IN CENTRAL LONDON SERVED BY THE DEFENCE MAIL SERVICE (SEE PARA 3 OF ANNEX C) FROM APPROVED LOCATIONS ALSO SERVED BY THE DEFENCE MAIL SERVICE WARNING Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 7. Select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size, and apply a legible stamp identifying the despatching organisation (eg. a branch stamp). A transit envelope should not be used. 8. Address the envelope/package by name and or appointment/branch plus room number and building/establishment. 9. The protective marking (RESTRICTED) must not appear on the envelope/package. 10. Insert the document and stick down the flap (or pack the document sticking down all seams). 11. Mark the envelope "Defence mail service only". 12. Method of despatch. Place in "out" tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C4-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents SECTION III TRANSMISSION TO ADDRESSES IN THE UK OTHER THAN THOSE COVERED IN SECTION I & II OF APPENDIX 4 EXCLUDING NORTHERN IRELAND (SEE SECTION IV) FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING Envelopes or packages in transit must never be left unattended. Preparation for Normal Despatch 13. Select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size. A transit envelope should not be used. 14. For mail to private addresses, use a plain envelope; address by name without reference to rank, decorations, appointments, etc. 15. Mail to and from locations not served by the Defence mail service should be given the full postal address. 16. The protective marking (RESTRICTED) must not appear on the envelope/package; where descriptors are used, the envelope must be marked "To be opened by addressee only". 17. The envelope/wrapping must not bear any markings, branch stamp, etc, which might associate it with the department. "PO Box 701 London WC2 8BG" should be shown as the return address. 18. Insert the document and stick down the flap (or pack the document sticking down all seams). 19. Method of despatch. Place in "out" tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C4-3 RESTRICTED RESTRICTED Defence Manual of Security SECTION IV TRANSMISSION TO DIPLOMATIC POSTS ABROAD AND OTHER ADDRESSES OVERSEAS, INCLUDING NORTHERN IRELAND, FROM ANY MOD OR SERVICE LOCATION IN THE UK WARNING 1. Envelopes or packages in transit must never be left unattended. 2. RESTRICTED (and UNCLASSIFIED) mail to Northern Ireland should be addressed to the appropriate establishment by BFPO number. Mail should only be sent to private addresses in Northern Ireland or the Republic of Ireland in exceptional circumstances (see para 04096). RESTRICTED mail to other private addresses is only to be despatched in accordance with para 04106. 3. RESTRICTED material for foreign or Commonwealth Governments or their defence contractors may only be transmitted to those countries approved by the RMIPC. RESTRICTED material to such organisations in countries listed in para 6 of Annex C and para 23 below, must be sent via the appropriate British diplomatic post. 4. Approval must be obtained from InfoSy(Industry)1 before RESTRICTED mail is sent to any defence contractor in the countries listed in para 23 below. 5. The appropriate MOD F 189 (Condition of Release Stamp) must be firmly attached to each RESTRICTED document sent to a foreign or Commonwealth Government or defence contractor of that country. The prefix UK or, where appropriate, NATO or WEU should appear before the protective marking on the document. Preparation for Despatch 20. These instructions apply to both RESTRICTED and UNCLASSIFIED documents. 21. Private addresses. Mail for private addresses should be sent in accordance with the appropriate advice contained in either paras 04096 or 04106. 22. Ships. Mail for ships in overseas ports or waters should be addressed to "HMS..., BFPO..." (see para 04107). A legible branch stamp incorporating the full postal address of the sender may be used to indicate the return address. Where this is not possible the return address should be "PO Box 701 London WC2H 8BG". JSP 440 Volume 1 Issue 2 4C4-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 23. Companies in America/Australia/Austria/Canada /Israel/Italy/ Netherlands/ Republic of Korea/Spain and Switzerland. Mail addressed to any companies based in America, Australia, Austria, Canada, Israel, Italy, Netherlands, Republic of Korea, Spain or Switzerland must be prepared as follows: a. Inner envelope/wrapping. (1) Select one unused envelope (or unused wrappings) of suitable size and apply the reference and date of origin of the document to be enclosed. "PO Box 701 London WC2H 8BG" should be used as a return address; a branch stamp is not required. (2) Address the envelope/package to the company concerned by name and full address. (3) Mark "UK RESTRICTED" boldly in red above and below the address. (4) Insert the document and stick down the flap (or pack the document sticking down the seams). b. Outer envelope/wrapping - for companies in Australia, Austria, Israel, Netherlands, Republic of Korea, Spain and Switzerland. (1) Prepare a second unused envelope (or wrappings), applying details as at 23a(1) above. Insert the first envelope/package (together with a completed Despatch Note (see Appendix 6) and stick down the flap (or pack sticking down all seams); address the second envelope/package, as appropriate, to: (a) Defence Advisor British High Commission Commonwealth Avenue Yarralumla, Canberra, ACT 2600 Australia or (b) Defence Attaché British Embassy Jauresgasse 12 1030 Vienna, Austria or JSP 440 Volume 1 Issue 2 4C4-5 RESTRICTED RESTRICTED Defence Manual of Security (c) Defence Attaché British Embassy 192 Hayarkon Street Tel Aviv 63404, Israel Defence Attaché British Embassy Lange Voorhout 102514 ED The Hague Netherlands Defence Attaché British Embassy 4 Chung-Dong Chung-Ku Seoul Republic of Korea or (d) or (e) or (f) Defence Attaché British Embassy Calle de Fernanado el Santo 16 Madrid 4 Spain Defence Attaché British Embassy Thunstrasse 50 3005 Berne Switzerland or (g) c. Outer envelope - for companies in America, Canada and Italy. The full company name and address as detailed on the inner envelope in accordance with sub-paragraph 23a(2) above. Receipts (MOD F24) are required. 24. Use of the diplomatic bag. Mail addressed to diplomatic posts in countries listed at para 6 of Annex C must always be despatched by diplomatic bag. The following procedure should be followed: JSP 440 Volume 1 Issue 2 4C4-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. Inner envelope/wrapping. (1) Select one unused envelope (or unused wrappings) of suitable size and apply a legible stamp identifying the despatching organisation (eg a branch stamp) and the reference and date of origin of the document to be enclosed. (2) Address the envelope by name and/or appointment and branch with full postal address. (3) Mark "RESTRICTED" or "UNCLASSIFIED" boldly in red above and below the address. (4) Insert the document (together with a completed Despatch Note (see Appendix 6) where the document is intended for onward transmission to a foreign or Commonwealth Government or its defence contractor) and stick down the flap (or pack the document sticking down all seams). (5) Mark the envelope/package "Certified Official", this being endorsed by an authorizing officer (see para 04101). b. Outer envelope/wrapping. Select a second unused envelope (or unused wrappings) and address to HQ DCS, BFPO 747. A legible branch stamp incorporating the full postal address of the sender may be used to show the return address. Where this is not possible, the return address given should be "PO Box 701 London WC2H 8BG". Insert the first envelope/package and stick down the flap (or pack sticking down all seams). 25. Other destinations. For destinations other than those shown at para 23b above, select one unused envelope (or unused wrappings), or an envelope of good quality to be used with an economy label, of suitable size and apply the reference and date of origin of the document to be enclosed. In the case of UNCLASSIFIED mail, the reference and date of origin of the document enclosed may be omitted from the envelope. Address the envelope/package by name and/or appointment/branch and full postal address. "PO Box 701 London WC2H 8BG" should be used as a return address; a branch stamp is not required. The protective marking (RESTRICTED) must not appear on the envelope/package. 26. Method of despatch. Place in "out" tray for collection by transit services or forward to registries or mail collection points. JSP 440 Volume 1 Issue 2 4C4-7 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4C4-8 RESTRICTED RESTRICTED Control and carriage of protected documents APPENDIX 5 TO ANNEX C SEALING OF ENVELOPES WITH HIGH SECURITY TAPE 1. High security tape must be applied over all the envelope's seams, avoiding the need for small pieces of tape; pocket or wallet style envelopes should be used, seam arrangements simplifying tape application. Pocket style envelopes have a straight sealing flap on one narrow side with a sealed flap opposite, and a seam running the length of the envelope. Wallet style envelopes have a straight edge sealing flap along their length, and side seams. Banker style envelopes are not suitable for use with the tape; These have a triangular shaped sealing flap situated on one broad side of the envelope and seams running diagonally across the envelope. 2. Moisten and stick down the gummed flap of the envelope. Apply high security tape to cover the flap edge; tape should extend at least 1.5 cm on to the front of the envelope. On pocket style envelopes, then apply tape to the sealed flap opposite. Tape remaining seam(s) on the envelope last, overlapping tape on to other flaps/seams and extending beyond crossover points on to the front of the envelope so that both ends of each piece of tape are visible and seen to be firmly stuck to the envelopes surface. Tape should always be applied to flaps/seams parallel to the nearest edge of the envelope. See diagrams below. Note: Some envelopes have deep flaps/seams which cannot be completely covered by single widths of high security tape. In such cases additional strips of tape should be applied to cover the exposed joins and extending round to the front of the envelope as described above. 3. Care should be taken to ensure address labels, where used, do not prevent application of the tape directly to the surface of the envelope. Similarly, address labels should not be applied so that they obscure high security tape. JSP 440 Volume 1 Issue 2 4C5-1 RESTRICTED RESTRICTED Defence Manual of Security Wallet style envelope Wallet style envelope sealed - back Wallet style envelope sealed - front JSP 440 Volume 1 Issue 2 4C5-2 RESTRICTED RESTRICTED Control and carriage of protected documents Pocket style envelope Pocket style envelope sealed - back Flap B Pocket style envelope sealed - front JSP 440 Volume 1 Issue 2 4C5-3 RESTRICTED RESTRICTED Defence Manual of Security Pocket style envelope with deep flap back incorrectly sealed Deep flap not completely covered by tape Pocket style envelope - back correctly sealed Extra strip of sealing tape Extra strip of sealing tape Pocket style envelope - front view correctly sealed Extra strips of tape extending to front of envelope JSP 440 Volume 1 Issue 2 4C5-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 6 TO ANNEX C TO CHAPTER 4 SPECIMEN DESPATCH NOTE UNCLASSIFIED covering (insert protective marking) To: (British Defence Attache/Advisor) _______________________________ _______________________________ _______________________________ Date: Reference: From: _____________________________ _____________________________ _____________________________ The documents listed below have been approved by the Ministry of Defence for release to (insert full postal address of government or contractor facility) _________________________________ _________________________________ _________________________________ (Insert details of enclosed documents) Reference No Protective Marking Date ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ Would you please arrange for their onward transmission through the appropriate security channel. Signed_______________ UNCLASSIFIED covering (insert protective marking) JSP 440 Volume 1 Issue 2 4C6-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4C6-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents APPENDIX 7 TO ANNEX C TO CHAPTER 4 TRANSMISSION OF DOCUMENTS BEARING DESCRIPTORS AND RESTRICTIVE MARKINGS Rules on the transmission of such material are produced below for the convenience of despatch staff. Documents bearing descriptors CONTROLLED DISTRIBUTION REQUIRED Material Address : by name or appointment a. Despatch to Enveloping Marking Protective marking/descriptor to be shown on inner envelope. For transmission with MOD van service/hand delivery, single envelope. Descriptor only may be shown on the envelope. b. Despatch to Enveloping Marking c. Despatch to : MOD buildings or via Defence mail service : Single : Single envelope to be marked "Personal" together with the legend "To be opened only by (named addressee)" : Elsewhere in UK : Double : Inner envelope to be marked as for a. : Overseas In accordance with that for relevant protective markings. For transmission outside MOD van service locations, double envelope. Envelope and despatch in accordance with regulations as detailed in Section IV, Appendix 2, Chapter 4. Notes: (1) In all the above cases the restrictive marking "CONTROLLED DISTRIBUTION REQUIRED" should not appear on inner, single or outer envelopes. (2) MOD Form 24 receipts are mandatory for all despatches except within a MOD HQ building. JSP 440 Volume 1 Issue 2 4C7-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4C7-2 RESTRICTED METHODS OF TRANSMISSION WITHIN AND FROM UK ­ SUMMARY Protective marking TOP SECRET Destination Any addressee Type of covering and marking (if required) Single wrapping + appropriate marking(s) + MOD Form 488 or Keepsafe envelope + MOD Form 488 Single wrapping ­ no protective marking or Pouch (see Note 1) Double wrapping + appropriate marking(s) on the inner wrapping only or Pouch (see Note 1) Double wrapping + appropriate marking(s) on the inner wrapping only Sealing security tape Stick down flap Receipt Yes Transmission JSP 440 Volume 1 Issue 2 SECRET 4D-1 SECRET SECRET 1. Within MOD bldgs or between approved locations (inc OGDs) served by the Defence Mail Service 2. Embassies and High Commissions in Central London served by the Defence Mail Service 3. Addresses in UK other than 1 and 2 above (excluding NI) Stick down flap By hand of courier. For diplomatic posts abroad include "c/o LCT BFPO 1000". For ships in UK or overseas include "c/o BFPO 999" Yes ­ outside Defence Mail the building Service Control and carriage of protected documents ANNEX D TO CHAPTER 4 RESTRICTED RESTRICTED Stick down flap Yes Defence Mail Service Stick down flap Yes 1. Parcelforce 24 2. Parcelforce 10 and 12 (see Note 2) 3. Special Delivery Service JSP 440 Volume 1 Issue 2 Protective marking SECRET Destination 4. Overseas including NI a. Foreign and Commonwealth Govts or their defence contractors Type of covering and marking (if required) See Annex C Appendix 2, Section IV for detailed instructions Triple wrapping + appropriate marking(s) on the 1st and 2nd inner wrappings but not the outer wrapping. Sealing Receipt Transmission 1st wrapping should NOT be sealed 2nd wrapping to be sealed with security tape or use Keepsafe envelope 3rd wrapping to be stuck down Yes 1st. Address to the foreign govt or company 2nd. Address to the responsible British Embassy official Defence Manual of Security RESTRICTED RESTRICTED 4D-2 SECRET b. Defence Attachs/ Advisers and NI Double wrapping + appropriate marking(s) on the inner wrapping only 1st wrapping seal with security tape or use Keepsafe envelope 2nd wrapping to be stuck down Yes 3rd. Address to LCT BFPO 1000 and use approved mail services. 1st. Address to the Defence Attache/ Adviser or official address in NI. 2nd. Address to LCT BFPO 1000 and use approved mail services. Protective marking SECRET Destination c. British officers/ civilians serving in international organisations Type of covering and marking (if required) Double wrapping + appropriate marking(s) on the inner wrapping only Sealing Receipt Transmission 1st. Address to person concerned and the appropriate international organisation. 2nd. Address to LCT BFPO 1000 and use approved mail services. 1st. Address to appropriate person or CO of the ship using appropriate BFPO number. 2nd. Address c/o BFPO 999 using approved mail services. Defence Mail Service JSP 440 Volume 1 Issue 2 4D-3 SECRET d. HM Ships in overseas ports or waters Double wrapping + appropriate marking(s) on the inner wrapping only CONFIDENTIAL 1. Within MOD bldgs or between approved locations (inc OGDs) served by Defence Mail Service Single wrapping with no protective marking showing or Pouch (see Note 1) Yes 1st wrapping to be sealed with security tape or use Keepsafe envelope 2nd wrapping to be stuck down (see note 3) 1st wrapping to Yes be sealed with security tape or use Keepsafe envelope 2nd wrapping to be stuck down Stick down No flap Control and carriage of protected documents RESTRICTED RESTRICTED Protective marking CONFIDENTIAL Destination 2. Embassies and High Commissions in Central London served by the Defence Mail Service 3. Addresses in the UK other than 1 and 2 above (excluding NI) CONFIDENTIAL Type of covering and marking (if required) Double wrapping + appropriate marking(s) on the inner wrapping only or Pouch (see Note 1) Double wrapping + appropriate marking(s) on the inner wrapping only Sealing Stick down flaps No Receipt Transmission Defence Mail Service Defence Manual of Security JSP 440 Volume 1 Issue 2 Stick down flaps No 2nd Class letter post. For Ships in home ports or waters address c/o BFPO 999 RESTRICTED RESTRICTED 4D- 4 CONFIDENTIAL 4. Overseas including NI a. Foreign or Commonwealth Govts or their defence contractors See Annex C Appendix 3, Section IV for detailed instructions Triple wrapping + appropriate marking(s) on the 1st and 2nd inner wrappings but not the 3rd outer one 1st wrapping should NOT be sealed 2nd wrapping to be stuck down 3rd wrapping to be stuck down No 1st. Address to the foreign govt or company. 2nd. Address to the responsible British Embassy official. 3rd. Address to LCT BFPO 1000 and use approved mail services. Protective marking CONFIDENTIAL Destination b. Defence Attachs/ Advisers and NI Type of covering and marking (if required) Double wrapping + appropriate marking(s) on inner wrapping only Sealing Stick down flap No Receipt Transmission 1st. Address to the Defence Attache/ Adviser or official address in NI. 2nd. Address outer envelope to LCT BFPO 1000 and use approved mail services. 1st. Address to person concerned at the appropriate international organisation. 2nd. Address outer envelope to LCT BFPO 1000 and use approved mail services. 1st. Address to appropriate person or CO of the ship using appropriate BFPO number. 2nd. Address c/o BFPO 999 using approved mail services. JSP 440 Volume 1 Issue 2 Defence Manual of Security RESTRICTED CONFIDENTIAL c. British officers/ civilians serving in international organisations Double wrapping + appropriate marking(s) on inner wrapping only Stick down flap No RESTRICTED 4D- 5 CONFIDENTIAL d. HM Ships in overseas ports or waters Double wrapping + appropriate marking(s) on inner wrapping only Stick down flap No Protective marking RESTRICTED Destination 1. Within MOD bldgs or between approved locations (inc OGDs) served by Defence Mail Service 2. Embassies and High Commissions in Central London served by the Defence Mail Service 3. Addresses in the UK other than 1 and 2 above (excluding NI) 4. Overseas including NI Type of covering and marking (if required) Single wrapping with no protective marking showing Sealing Stick down flap No Receipt Transmission Defence Mail Service Defence Manual of Security JSP 440 Volume 1 Issue 2 RESTRICTED Single wrapping with no protective marking showing Single wrapping with no protective marking showing Double wrapping + appropriate marking(s) on the inner wrapping only Stick down flap Stick down flap Stick down flaps No Defence Mail Service 2nd Class letter post RESTRICTED RESTRICTED RESTRICTED No 4D- 6 Note: RESTRICTED No (see Note 4) British Forces Post Office or letter post. For mail to diplomatic posts in countries listed at para 6 of Annex C the outer wrapping should be addressed "HQ DCS BFPO 747" 1. 2. 3. 4. Documents transmitted in a locked pouch or box need not be enveloped unless the recipient is to forward them to a third person. The use of Parcelforce 10 and 12 is more expensive than Parcelforce 24. D Def PCS agreement should be obtained for their use. For mail emanating from locations not served by the British Forces Post Office the outer wrapping should be marked "Parcelforce 24" in the top left hand corner. Receipts are required for RESTRICTED documents transmitted to America, Canada and Italy. RESTRICTED Control and Carriage of Protected Documents ANNEX E TO CHAPTER 4 SPECIMEN FORM OF APPLICATION FOR AUTHORITY TO TAKE DOCUMENTS MARKED CONFIDENTIAL OR ABOVE OVERSEAS To (Insert appropriate Principal Security Adviser) 1. Authority is requested for the personal carriage of protectively marked documents overseas by casual courier. 2. Personal details of proposed courier: a. Surname_________________________________________________ Forenames_______________________________________________ b. d. Rank/grade______ c. Establishment___________________________ Tel No_________________ e. Building/Room No_______________ Passport details: f. h. Passport No_____________ g. Place of Issue___________________ Date___________________ i. Date of last renewal_______________ 3. Details of document(s) to be carried (ref. No. of document with highest protective marking to be given): a. c. Protective marking_______________ b. Ref. No.________________ Indicate: (1) If NATO documents_____ (2) If UK documents______________ (3) If other documents (describe)_____________________________ d. Reasons why personal carriage is necessary_____________________ ______________________________________________________________ ______________________________________________________________ JSP 440 Volume 1 Issue 2 4E-1 RESTRICTED RESTRICTED Defence Manual of Security 4. Itinerary of journey: a. Countries to be visited (also destinations within countries visited) ______________________________________________________________ ______________________________________________________________ b. Method of travel (if by air, state whether RAF or civil; if civil state flight no. and airline). Date of Journey From (airport/port of departure) To (airport/port of arrival 5. State reasons why documents cannot be sent in advance by Defence Courier Service or FCO Queens Messenger. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ Note: Casual courier status affords reduced protection for protectively marked documents in transit and will only be authorized when absolutely necessary. ___________________________ Head of Establishment Name(block capitals)_________________________________ Rank/grade_________________ Date_______________________ Branch Stamp JSP 440 Volume 1 Issue 2 4E-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX F TO CHAPTER 4 MINISTRY OF DEFENCE CASUAL COURIER AUTHORIZATION CERTIFICATE Reference No._____________________________ This is to certify that___________________________________________________ Holder of passport no. _________________, an official of the United Kingdom Government is authorised to carry on the journeys detailed below package(s) containing official documents relating to the work carried out by the Ministry of Defence in the interests of the United Kingdom Government/North Atlantic Treaty Organisation, and bearing reference no. ____________________ together with the stamp and signature which appears at the foot of this authorization; and that the contents consist solely of documents. Itinerary Outward Date Method of Travel From To Return Date of Issue Stamp of authorizing official, or establishment Signature of directorate, division authorizing official Name_______________ Rank/Grade___________ (DUPLICATE: To be held by the establishment security officer). JSP 440 Volume 1 Issue 2 4F-1 RESTRICTED RESTRICTED Defence Manual of Security MINISTRY OF DEFENCE CASUAL COURIER AUTHORIZATION CERTIFICATE Reference No.______________________________ This is to certify that___________________________________________________ Holder of passport no. _________________, an official of the United Kingdom Government is authorised to carry on the journeys detailed below package(s) containing official documents relating to the work carried out by the Ministry of Defence in the interests of the United Kingdom Government/North Atlantic Treaty Organisation, and bearing reference no. ____________________ together with the stamp and signature which appears at the foot of this authorization; and that the contents consist solely of documents. Itinerary Outward Date Method of Travel From To Return Date of Issue Stamp of authorizing official, or establishment Signature of directorate, division authorizing official Name_______________ Rank/grade___________ (A certificate of undertaking must be completed by the casual courier prior to the journey). JSP 440 Volume 1 Issue 2 4F-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX G TO CHAPTER 4 INSTRUCTIONS TO OFFICERS ON THE PERSONAL CARRIAGE OF PROTECTIVELY MARKED DOCUMENTS OVERSEAS (To be issued with, but separately from, each Authorization) 1. 2. These instructions are to be carefully observed. The package is addressed to you care of (establishment to be visited). 3. You should ensure that a list of all documents that you will carry has been prepared in duplicate and that the original has been left with your directorate or establishment. The duplicate list must not be inside the package containing the documents. 4. You should carry the package in a brief case or similar container of a type detailed in sub para 04111b. Except in the circumstances described in para 9 below, you should not open the package until you reach your destination. You should ensure that during your journey the package does not leave your possession, thus you should not leave it in hotel rooms or deposit it in hotel safes, luggage offices or lockers. At your destination you should, wherever practicable, have the documents housed overnight with a United Kingdom overseas Government representative or an authority (see 7 below) approved by your Principal Security Adviser. If this is not practicable the documents must not leave your personal custody even for a moment. 5. While carrying these documents you are not to travel: a. By air over, or by airline of, any of the following countries: Afghanistan Belarus China (including Hong Kong SAR, Tibet and Macao) Cuba Iran Iraq Lebannon Libya North Korea Russia Sudan JSP 440 Volume 1 Issue 2 4G-1 RESTRICTED RESTRICTED Defence Manual of Security Syria Ukraine Vietnam Yugoslavia (Serbia and Montenegro) b. By surface route to or through countries other than the following: Australia Austria * Belgium Canada Denmark France Germany Greece Iceland Italy * 6. Japan* Netherlands New Zealand* Norway Portugal Spain Sweden* Switzerland* Turkey United States Delete if NATO documents are being carried. You are not to discuss the documents you are carrying in any public place. 7. Should you lose the documents or if you are unable, because of sickness or for any other reason, to safeguard them, you should seek immediate assistance from a British Embassy, High Commission or Consular Officer (or Diplomatic Mission or Government Department of any NATO country, NATO International Command or Agency).+ + If NATO documents are not being carried delete the words in brackets. 8. Wherever practicable you should return the documents to the United Kingdom by diplomatic bag through a British Embassy, High Commission or Consular Office. (The package should be open so that the contents can be verified in order to comply with regulations) but it may be sealed in the presence of the Embassy, High Commission or Consular Officer who receives it. If it is necessary for you to carry the documents back with you, you should place them in the spare cover provided bearing the same reference number, stamp and signature as used on the outward journey. The cover must be sealed with wafer seals. (Wafer seals should have the addition of a signature in ink across the seals and the package which should be reinforced by strips of cellulose tape covering the seals and seams. If you have no means of sealing the package in this way you should make the best use of whatever adhesive material is available.) You should address it to yourself at your department. JSP 440 Volume 1 Issue 2 4G-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 9. There is no assurance of immunity from search by customs, Airport or Port officials of the countries whose borders you will be crossing. If any official inquires into the contents of the package, you should show your authorization but not these instructions, which must be kept separate from the authorization. This may suffice to pass the package (but not necessarily the briefcase) through the customs unopened. If, nevertheless, an official demands to see the contents of the package you may open it but should take precaution to show him only as much of the contents as will satisfy him that the package contains nothing more than it purports to contain. On no account should you allow the package out of your possession or permit a full examination of the documents. You should request the official to provide evidence of the opening and inspection of the package, for example, by signing or stamping it when closed. You should reseal the package. 10. If you have been obliged to open the package at the request of an official of the country you are visiting, you should where possible notify the local British Embassy, High Commission or Consular Office and you should report the incident to your Principal Security Adviser or to your security officer on your return. If the action was taken by a United Kingdom official you should also inform the above authorities. 11. On your return you should personally verify with the officer holding the duplicate list that all documents have been returned or receipts obtained. 12. On your return you must send your authorization certificate to your security officer and notify him of any incident of possible security significance. For example, any failure or inability on your part to safeguard the documents or any undue interest on the part of other persons in what you were carrying. JSP 440 Volume 1 Issue 2 4G-3 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4G-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX H TO CHAPTER 4 INSTRUCTIONS TO OFFICERS ON THE PERSONAL CARRIAGE OF PROTECTIVELY MARKED DOCUMENTS OVERSEAS I certify that I have read and understood the above instructions and that I undertake to observe them. Signature..................................................................... Name in block letters..................................................... Rank ......................................................................... Establishment................................................................ Date........................................................................... A list of documents has been left with: (Name)....................................................................... JSP 440 Volume 1 Issue 2 4H-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4H-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX I TO CHAPTER 4 GUIDELINES TO COURIERS IN REGARD TO HIJACKING (The following advice should be given to all couriers on the threat from hijacking and measures to be taken to counter this threat.) 1. There is an ever present threat of hijacking on all commercial routes worldwide. 2. British airlines are given official advice on security measures against hijacking. These airlines can therefore be relied on to a greater extent than others. These airlines or service aircraft or aircraft on charter to the Armed Services should be used whenever possible. 3. A casual courier should return from overseas with as few protectively marked documents as possible. 4. If a courier is involved in a hijack he/she should do nothing to draw attention to him/herself. 5. At the conclusion of a hijacking when passengers are freed, the courier should whenever possible carry away the documents. 6. If a courier is freed but is forced by hijackers to leave the documents on board the aircraft, he/she should, if possible, ascertain the destination of the aircraft from the airport authorities and have the UK mission or protecting power at the destination informed of the presence of the documents so that action can be taken to recover them. JSP 440 Volume 1 Issue 2 4I-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4I-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX J TO CHAPTER 4 DESCRIPTORS 1. Descriptors may be helpful in implementing the "need to know" principle by indicating the nature of the asset's sensitivity and thereby helping to ensure that access is limited accordingly. Aside from PERSONAL, which by definition requires that the information is only made available in the first instance to the addressee, the descriptors will normally be used in conjunction with a protective marking. Used alone, descriptors may indicate who should see the material but do not of themselves impose any particular handling or level of protection. A list of MOD descriptors is below: a. APPOINTMENTS. Concerning actual or potential appointments that have not been announced. b. BUDGET. Concerning proposed or actual measures for the Budget before they are announced. c. COMMERCIAL. Subject matter of actual or potential commercial value, the disclosure of which would prejudice a commercial interest. The rules for the use of this marking are given in Chapter 12. d. CONTRACTS. Matters concerning tenders under consideration and the terms of tenders accepted. e. CONTROL (or DS). Exercise papers for use only by control or directing staff. (For MOD use only.) f. EXAMINATION. Subject matter relating to setting, marking or future examination papers. (For MOD use only.) g. EXERCISES. Concerning orders and instructions pertaining to military exercises at home and abroad. (For MOD use only.) h. HONOURS. awards. Matters concerning military or civilian honours and i. INTELLIGENCE. Concerning intelligence source material and assessments. (For MOD use only.) j. INVESTIGATION. criminal matters. k. LOCSEN. Concerning investigations into disciplinary or Concerning locally sensitive information. JSP 440 Volume 1 Issue 2 4J-1 RESTRICTED RESTRICTED Defence Manual of Security l. MANAGEMENT. Management policy and planning matters, the premature disclosure of which would not be in the interest of the Ministry of Defence or the Services. m. MEDICAL. Medical matters concerning individuals including reports and records. n. OPERATIONS. Concerning orders and instructions pertaining to military operations at home and abroad. (For MOD use only.) o. PERSONAL. addressed. Material only to be seen by the person to whom it is p. POLICE. Police matters concerning police operations and activities. (For MOD use only.) q. r. POLICY. publication. Concerning proposals for new or changed policy before REGULATORY. Material which has come into the possession of government departments or agencies in the course of carrying out their statutory regulatory duties. s. STAFF. Matters concerning the administration (eg confidential reports), discipline, security status and service of named or identifiable personnel. t. VETTING. Concerning matters pertaining to the security clearance of personnel. (For MOD use only.) u. VISITS. Concerning details of visits by, for example, Royalty, ministers or very senior staff. 2. Should additions to this list be sought, they should be addressed to D Def Sy through the security reporting chain. JSP 440 Volume 1 Issue 2 4J-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX K TO CHAPTER 4 CODEWORDS, NICKNAMES AND THE PROTECTION OF COMPARTMENTED INFORMATION Codewords and nicknames 1. Definitions. A codeword is a single word that is always expressed in CAPITAL letters and is used to provide security cover for reference to a particular protected matter. A nickname is a name made up of two words selected by the originator and used for convenience for reference to any matter where security protection is not required. 2. It is important to understand the difference between codewords (which provide security cover) and nicknames (which do not) because confusion in the use of these terms could lead to breaches of security. The adoption of local or unofficial terms or procedures (eg `code names') is forbidden. 3. Use of codewords. Codewords are to be used solely for security purposes and only registered codewords may be used. The primary purpose of codewords is to conceal intentions, but they may also be used to limit the knowledge of particular matters. They may be used: a. b. c. As names for protected plans, projects, equipments, etc. To describe or initiate phases of operations. To initiate action for emergency or contingency plans. d. To provide a short reference to a protected matter, knowledge of which must be restricted to a limited circle of people. e. To identify protected documents with a limited circulation, ie subject to special handling procedures. 4. Control and Allotment of Codewords. All codewords are to be taken from the United Kingdom Codeword Index maintained by the Defence Crisis Management Centre (DCMC). The DCMC makes block allocations of codewords to lead Commands; Service establishments are to apply for codewords or information about codewords to Command HQs. Blocks of codewords not yet taken into use should be treated as CONFIDENTIAL documents to avoid any risk of compromise in their subsequent use. Central Staffs branches should apply for codewords or information about codewords direct to DCMC. DPA and DLO staff should apply to JSP 440 Volume 1 Issue 2 4K-1 RESTRICTED RESTRICTED Control and Carriage of Protected Documents their Principal Security Adviser. In the event of a codeword being required out of normal working hours, application may be made to the Chief of the Defence Staff's Duty Officer. 5. Notification of Use. When a codeword is taken into use, its meaning, with the protective marking for both the codeword itself and its meaning, must be notified by the user to the issuing authority through normal channels. Any changes must be notified as they occur. Codewords taken into use but subsequently cancelled may not be re-used without authority from the issuing authority. 6. Procedure for Bringing Codewords into Use. The user of a codeword is responsible for allotting a meaning to it with protective markings for both the codeword itself and its meaning. The user should ensure, in conjunction with the issuing authority, that within the limitations of the available registered words, the codeword chosen is suitable for the matter to which it is to refer, namely, it should be: a. Neither frivolous nor likely to invest the matter with an undesirable significance. b. Unrelated to the meaning, eg ICEBERG is unsuitable for cold weather operations. c. Unrelated to other words of a series, eg a series of bird names is unsuitable for, say, the various phases of an operation. 7. The Meaning. The meaning given to a codeword is to be specific and selfexplanatory but should not reveal more than is necessary. 8. Protective Marking. The purpose of a codeword is to conceal the meaning attached to it and as long as this concealment is complete there is normally no reason for the codeword itself, as opposed to its meaning, to attract a protective marking. An unclassified codeword may be used in an unclassified letter or in a telephone conversation in clear to convey a protected meaning, eg contingency plans may have a high protective marking but the order to implement them might be given by signalling a codeword in clear, or by voice over a radio net or by telephone. Occasionally there may be a matter of such secrecy that knowledge of its existence must be limited to few people. In these circumstances a wide knowledge of the codeword might excite unwanted curiosity. When this is the case, the codeword itself should be given a protective marking, although not necessarily as high as its meaning. When a codeword marking is applied, the asset or event must attract a protective marking of RESTRICTED as a minimum. 9. Security of Codewords in Use. Users must ensure that: a. Protective markings of codewords and their meanings are progressively downgraded as the need for secrecy of plans, projects or operations diminishes. JSP 440 Volume 1 Issue 2 4K-1 RESTRICTED RESTRICTED Defence Manual of Security b. A codeword together with its meaning must never feature in any electronic transmission such as a signal, telegram, telex, fax or telephone conversation, although they may appear in the same document, provided the document is correctly protectively marked. c. Codewords in frequent use on a wide distribution are changed from time to time as a protection against possible compromise. 10. Exercises. If, for real security reasons, codewords as opposed to nicknames, are required for exercises, they should be issued by commands from the list of those allotted by the DCMC. Care should be taken in defining the meanings of codewords used on exercises particularly if there is a likelihood that it may become necessary later to release codewords and their meanings to the Press. A codeword used for an exercise must always be prefixed by the word EXERCISE, for example, EXERCISE MATADOR. Nicknames only are required for RESTRICTED exercises. 11. Cancellation of codewords. Users are responsible for notifying the issuing authority, through normal channels, of the cancellation and surrender of a codeword when its purpose has been completed or it has been replaced after compromise. This notification should include the protective marking retained by the meaning. Surrendered codewords must in no circumstances be taken into use again without specific re-issue by the issuing authority. 12. Compromise of codewords. If a codeword is compromised, the appropriate Principal Secuurity Adviser must be informed immediately. To minimize any risk of compromising, a new codeword should not be referred to in the same document as the one it is replacing. When a change of codeword becomes necessary all concerned must be informed that the original has been cancelled and will be replaced by a new codeword to be contained in a later communication. A used codeword will not be reallocated for at least 3 years (or, if the branch concerned so requests, for a period up to a maximum of 5 years) after cancellation. It will be reallocated only if there is no suitable codeword available and if the controller is satisfied that its further use will not cause misunderstanding. The second communication should be given the same protective marking as the meaning of the codeword and should merely refer to the first communication and state `Codeword is ...' 13. Use of codewords for equipment after declassification of the meaning. A codeword allotted to an equipment may be continued in use, if appropriate, as a name for the equipment after it has been declassified. 14. Handling of codewords. Codewords are to be handled as CONFIDENTIAL until they are taken into use and allotted a new protective marking by the user. 15. Use of nicknames. The use of nicknames is limited to RESTRICTED and unclassified matters, examples of which are: JSP 440 Volume 1 Issue 2 4K-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents a. b. Operations. Enemy locations and target indication. Training. Names for exercises. c. Administration. Titles for logistic projects, routes for movement, geographical locations and place names. 16. Selection, notification and cancellation of nicknames. The user of a nickname is responsible for its selection, notification, use and cancellation as follows: a. It must consist of two words chosen at random which must be distinct and which cannot be run together into a single word (eg. GREAT COAT or PIG SKIN are not to be used). This is to avoid confusion with codewords. b. Notification is to be limited to those concerned with the matter to which the nickname refers. c. Nicknames do not need to be reported to the Ministry of Defence or Command headquarters. Protection of compartmented information 17. For some categories of sensitive material or externally sourced material, generically referred to as compartmented information, but often referred to as Codeword material, in addition to the general requirements for IT system and site accreditation from the designated Accreditor(s), approval is also required from all relevant Control or Release Authorities before the material may be stored, processed or forwarded on IT system(s). 18. Compartment approval. This may be referred to by 3rd parties (i.e. those outside MOD) as an "accreditation", but within MOD the term accreditation is reserved for the activity of ensuring that the IT systems are implemented to meet the needs of UK protectively marked material at the High Water Mark of any and all compartments to be used, which is carried out by the Defence Security Standards Organisation (DSSO). 19. Risk assessment. The only compartmented information which has a MOD recognised Risk Assessment methodology is the STRAP system as laid down in JSP440 Volume 5. In order to assess the overall security requirements for other Compartmented data, a STRAP Equivalent Level (SEL) should be derived before discussing protection requirement with security staffs. Advice on the selection of an appropriate SEL can be obtained from Head of InfoSy(Tech), MB4154, 84505MB. 20. Compartmented INFOSEC representative. Where the compartmented information has a formal Control or Release Authority, a Designated Security Authority (DSA) or Cognizant Security Authority (CSA) will normally fulfil the capacity of a Compartment Infosec Representative (CIR) for the material concerned, acting as a competent authority on behalf of the Control / Release Authority. JSP 440 Volume 1 Issue 2 4K-3 RESTRICTED RESTRICTED Defence Manual of Security 21. In the cases of compartmented information where the UK Control or Release Authority resides within MOD, for instance the ATOMIC system, the DSA must be drawn from the staff of the DSSO. The Control / Release Authority is responsible for nominating their CIR(s), and the details of this nomination must be supplied to the DSSO in accordance with the format laid down at Appendix 1 to this Annex. In selecting an agent, the following metric should be used: a. Where the system(s) processing the compartmented information are solely contained within the real estate of a single Principal Security Adviser, that authority should be asked to acts as the CIR; b. Where the system(s) processing the compartmented information cross Authority boundaries, either within or without MOD, including NATO or Other Government Departments (OGD), D Def Sy should be consulted, and may in some cases elect to nominate a DD Def Sy(Info) staff officer to fill this capacity. 22. Compartmented information not solely controlled within MOD, for instance STRAP, will have their own arrangements for appointment of CIRs, and any queries should be addressed to Head of InfoSy(Tech), MB4154, 84505MB. 23. Where a requirement to process information from a compartment is identified, but the CIR is not known to the project office, then Head of InfoSy(Tech) should be consulted. 24. Incident handling. If any security incident occurs affecting systems used to store, process or forward compartmented material, then in addition to any local reporting arrangements, the MOD Joint Security Co-ordination Centre (JSyCC), which has overall responsibility for such matters on behalf of the Departmental Security Officer, must also be informed immediately. JSyCC can be contacted on 020-72180117 (80117MB). JSP 440 Volume 1 Issue 2 4K-4 RESTRICTED RESTRICTED Defence Manual of Security This page is intentionally left blank JSP 440 Volume 1 Issue 2 4K1-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX L TO CHAPTER 4 INTERNATIONAL DEFENCE ORGANISATIONS AND INTERNATIONAL ORGANISATIONS INTERNATIONAL DEFENCE ORGANISATION MARKINGS General 1. International defence organization (IDO) documents are those which belong to the defence organizations of the North Atlantic Treaty Organization (NATO) including the North Atlantic Cooperation Council (NACC)/Partnership for Peace (PfP) or the Western European Union (WEU). The United Kingdom is a member of both organizations. Documents are marked NATO, NACC, PfP or WEU as appropriate and are circulated on a need to know basis within the IDOs concerned. These documents are subject to certain security procedures and to the regulations of these organizations. 2. The IDO markings NATO, NACC, PfP or WEU immediately precede the protective marking as follows: a. NATO documents. (1) (2) (3) (4) b. NATO UNCLASSIFIED NATO RESTRICTED NATO CONFIDENTIAL NATO SECRET NACC documents. (1) (2) (3) (4) NACC UNCLASSIFIED NACC RESTRICTED NACC CONFIDENTIAL NACC SECRET JSP 440 Volume 1 Issue 2 4L-1 RESTRICTED RESTRICTED Defence Manual of Security c. PfP documents. (1) (2) (3) (4) d. PfP UNCLASSIFIED PfP RESTRICTED PfP CONFIDENTIAL PfP SECRET WEU documents. (1) (2) (3) (4) WEU UNCLASSIFIED WEU RESTRICTED WEU CONFIDENTIAL WEU SECRET 3. NATO and WEU documents which are protectively marked TOP SECRET are also marked with the IDO markings COSMIC or FOCAL respectively, as follows: a. NATO documents. COSMIC TOP SECRET b. WEU documents. FOCAL TOP SECRET 4. The meanings of the protective markings (or classifications) are similar to those given at para 0103 of Chapter 1 with the exception that the degree of compromise relates to the international organization concerned and not to the Nation. Should NATO or a partner country wish to restrict distribution on certain NACC/PfP information, this will be indicated by NATO/name of country ONLY on a separate line immediately below the protective marking, eg. PfP CONFIDENTIAL NATO/POLAND ONLY 5. NATO documents containing certain information dealing with nuclear matters are given the restrictive marking ATOMAL. 6. Control officers. A sub control officer, who is appropriately cleared, is to be appointed in each establishment which is required to handle accountable IDO documents. JSP 440 Volume 1 Issue 2 4L-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Handling procedures 7. Accountable IDO documents. Accountable IDO documents require special handling and safeguarding in accordance with instructions issued on a `need to know' basis. Accountable IDO documents must not be filed with National protectively marked documents since the holder may be required to produce them to an IDO inspecting officer who may not be a United Kingdom National. Accountable IDO documents are: a. b. c. NATO documents marked COSMIC TOP SECRET. NATO documents marked ATOMAL. WEU documents marked FOCAL TOP SECRET. 8. When there is no longer need to hold an accountable IDO document, in the United Kingdom it is to be returned to the appropriate IDO sub-registry and forwarded to the Ministry of Defence (DIS Sy IDR) for destruction. Elsewhere, local security instructions should be consulted. 9. IDO accountable documents are to be stored at the standards required for United Kingdom TOP SECRET material. 10. Non-accountable IDO documents. Non-accountable IDO documents need not be registered or kept separately from National documents unless they are permanently attached to accountable IDO documents. Files containing non-accountable IDO documents or extracts must however be clearly marked on the outside as follows: `This file contains NATO (or WEU, NACC or PfP) information' as appropriate. 11. Separate MOD Forms 102 are to be used for registering IDO accountable documents. Classification and markings 12. Correct use of markings. It is important to use IDO markings correctly because documents so marked are authorized for circulation on a `need-to-know' basis within the IDO concerned and have to be accounted for to it; they are liable to inspection by an international team from the IDO concerned. Incorrect marking may give an IDO the responsibility for documents that are of concern to the United Kingdom only, and, in the event of the loss of such documents, for the subsequent reports and investigations which correctly should be the responsibility of the United Kingdom. 13. The markings NATO, NACC, PfP,COSMIC, WEU, FOCAL or ATOMAL are only to be placed on United Kingdom originated documents when: JSP 440 Volume 1 Issue 2 4L-3 RESTRICTED RESTRICTED Defence Manual of Security a. The document is specifically prepared for issue direct to an IDO. In such cases only the copies for the IDO are to be given the appropriate IDO marking; copies retained for National use are not to be so marked, or b. Copies of a document prepared for United Kingdom use are released to an IDO; only the copies sent to the IDO are to be given the appropriate IDO marking. 14. Reversion to lower classification when detached. Individual parts of protected documents (and covering letters) may revert to a lower classification when detached. This is to be indicated on the parts (or covering letters) concerned, eg, `NATO RESTRICTED when detached'. 15. Covering letters. A letter covering an IDO document is to be protectively marked at least as high as the most highly classified attachment but see para 14. 16. Extracts. When an extract is made from an IDO document it should be protectively marked according to the content of the extract using the appropriate IDO protective marking, eg, NATO SECRET. If the information extracted was originally supplied by the United Kingdom a National protective marking is appropriate. 17. Downgrading. IDO documents may not be downgraded without the consent of the originator. 18. Copy numbering. All IDO TOP SECRET and SECRET documents are to be copy-numbered with the total distribution shown, eg `Copy No 1 of 20'. 19. Page numbering. All IDO documents except those on a single sheet are to be page-numbered. IDO TOP SECRET and SECRET documents are to show the total number of pages of the whole document on the front page, eg `Total pages 14'. IDO TOP SECRET and SECRET documents are also to show the total number of pages in the main part, eg `1 of 9'; annexes and appendices are also to show this information, eg `A1 of 3' or `B2-1 of 7'. 20. Reference numbering. All IDO documents protectively marked SECRET or above are to bear a reference number on each page. A new annex or appendix added to a COSMIC or FOCAL TOP SECRET document, or NATO or WEU SECRET document, is to state on the first page: a. b. The reference number of the original document with its date of issue. The purpose of the new text, eg addition or substitution. Transmission of IDO documents 21. Procedures governing the transmission of documents bearing such markings as ATOMAL, COSMIC and FOCAL are issued to those with a need to know. JSP 440 Volume 1 Issue 2 4L-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents 22. IDO documents protectively marked SECRET and CONFIDENTIAL are to be handled in accordance with the rules for UK documents protectively marked SECRET and CONFIDENTIAL as set out in Annex C. 23. IDO documents marked RESTRICTED and bearing only the supplementary markings NATO or WEU are to be handled in accordance with the general rules for UK documents protectively marked RESTRICTED set out in Annex C. Storage 24. IDO classified documents are to be stored in accordance with the minimum standards for UK documents of the equivalent protective marking (but see para 9 above). Carriage of IDO documents by casual couriers 25. COSMIC, ATOMAL or FOCAL TOP SECRET documents are not to be carried by casual couriers (either diplomatic or non-diplomatic) in any circumstances. Release of IDO classified information 26. NATO classified information may not be disseminated to Nations or military commands outside the NATO Alliance without the approval of the North Atlantic Council, the Military Committee or, when appropriate, the National security authority (ie the Official Committee on Security.) 27. All information exchanged under the NACC/PfP programmes is privileged information and for official use only. It will, therefore, only be disseminated to organisations and persons involved in the programmes and with a need-to-know of the information. 28. WEU classified information may not be passed outside the organization except by the originator or with his consent. Surveys and inspections of IDO sub-registries 29. Principal Security Advisers are to ensure that surveys and inspections include IDO sub-registries and control points and associated communication centres where these are established. Inspections are to be carried out annually and will be additional to any which may be carried out by the security representatives of the IDO concerned. 30. Guidance on the method of carrying out NATO sub-registry and control point surveys and inspection is contained in NATO Document AC/35/D/1006 (Revised) dated 5 July 1976. 31. Separate reports on inspections of NATO sub-registries and control points are to be sent to the Ministry of Defence DIS Sy IDR for onward transmission to NATO. JSP 440 Volume 1 Issue 2 4L-5 RESTRICTED RESTRICTED Defence Manual of Security Detailed rules for IDO document security 32. The full rules for handling IDO documents are set out in the following documents which are issued to, or are available for staff who need to use them: a. NATO: (1) Security within The North Atlantic Treaty Organisation (CM(55)15 (Final)). (Note: Policy in respect of the exchange of information between NATO and NACC/PfP countries will be incorporated in this document.) (2) Agreement for co-operation regarding ATOMIC information (C-M(64)39). (3) Administrative arrangements to implement the agreement between the parties to the North Atlantic Treaty for Co-operation regarding ATOMAL information (C-M(68)41(5th Revise)). (4) Special procedures for the handling of US-Single Integrated Operational Plan (SIOP) information (C-M(71)(27) (Revised) and AC35/WP75 (attached to C-M(71)(27). (5) Handling of a ATOMAL information with classified communication centres (ACP 122 NATO Supplement No 2). b. WEU: (1) Western European Union security regulations RS 100 April 1995. International organisations 33. United Nations (UN). The UN sometimes require its material to be protected and routinely employ markings (classifications) with the prefix "UN" which are indistinguishable from our own. Although the terms may be the same, the protection required may be different. Unless otherwise instructed, all UN marked material should be accorded the same level of protection as comparable UK markings would dictate. 34. Any messages handed in to a UK commcen for transmission over UK channels are to be protectively marked in accordance with current UK regulations. Any messages handed in with the prefix "UN" for transmission over such UK channels are to be returned to the originator with a request that the prefix be deleted and the appropriate level of protection according to current UK regulations be inserted. Messages prefixed "UN" may of course be passed over UN provided and protected channels. JSP 440 Volume 1 Issue 2 4L-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX M TO CHAPTER 4 SECURITY INSTRUCTIONS FOR HOMEWORKERS Introduction 1. These instructions are designed to ensure that the minimum standards which protect information in MOD offices are applied, as far as possible, in home circumstances and a copy will accompany all letters of appointment for homeworkers. They may not be relaxed and may be applied only in Great Britain. These rules will also apply to those MOD office-based employees who regularly take work home. General 2. Homeworkers are permitted to have access to official information with a protective marking up to and including RESTRICTED, provided: a. He or she understands his/her obligations in respect of physical and procedural security measures necessary to protect such material; and b. All the necessary practical arrangements, as called for by the security staff, have been made to ensure they can be fulfilled. 3. Before homeworking commences the homeworker must provide his or her line manager with a written agreement to a visit to the home (and, thereafter, to periodic spot checks) by representatives of the Principal Security Adviser's staff to confirm that satisfactory physical and procedural security measures are in place. Such agreement must be confirmed whenever regular access to official information is involved, irrespective of its protective marking level. Personal security 4. Homeworkers should be especially careful not to draw attention to the fact that they are working on official information at home. As homeworkers will have few opportunities to discuss work problems with colleagues, they may be more vulnerable to compromise by someone professing to show an interest in their work. They need to be alert to this danger, and any instances of outsiders (or those without a "need to know") showing undue interest should be reported to the appropriate Principal Security Adviser's staff. JSP 440 Volume 1 Issue 2 4M-1 RESTRICTED RESTRICTED Defence Manual of Security Security in the work area (Including Storage of Information) 5. Many aspects of security which are taken for granted in MOD buildings and establishments are difficult to replicate in the home. As far as possible, homeworkers must adhere to the following guidelines: a. Where possible, a lockable room should be set aside as a working area, used exclusively for official work. If this is not possible, a working area should be selected to minimize, and control, unexpected interruptions from family or visitors. b. If interruptions occur during official work, the homeworker should ensure that official documents, and particularly protectively marked documents, are covered so that they cannot be overlooked. c. When not working on official documents, they should be stored in an appropriate locked container exclusively for the protection of MOD documents (the key(s) to which must be held personally by the homeworker and spare keys to be deposited with the line manager/ESyO of the parent establishment), unless: (1) (2) and (3) The homeworker intends to return to it after a short interval; and It is in a room to which the door and windows have been locked; The homeworker remains in the home. Telephone Security 6. Homeworkers should be alert to the dangers of passing protectively marked information of possible use to terrorists, for targeting purposes, over the public telephone network. Always confirm the identity of originators/recipients of telephone calls. To minimize risk of eavesdropping, party-lines or multi-extensions are not advisable. Similarly, use of radio telephones (including cordless and cellular telephones) for passing RESTRICTED information is prohibited. The following table addresses the precautions necessary when using the telephone to discuss protectively marked information: Type of Telephone Call Within Mainland UK Excluding Northern Ireland Protective Marking RESTRICTED To & Within Northern Ireland UNCLASSIFIED Overseas UNCLASSIFIED JSP 440 Volume 1 Issue 2 4M-2 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Facsimile Transmission Security 7. The considerations outlined in the previous paragraph also apply to facsimile transmissions. Where the need for speed is paramount, an officially approved facsimile machine located in the home may be used for passing information protectively marked up to and including RESTRICTED over networks within the UK. The homeworker must verify that the recipient is ready to receive the message prior to transmission. Unprotected circuits outside the UK and Northern Ireland are only to be used to transmit UNCLASSIFIED information. Computer and Word Processor Security 8. The use of a personal computer or word processor for RESTRICTED or other official information should be approved by the parent establishment IT Security Officer (ITSO). If approved for use at home, the ITSO will issue a site specific Security Operating Procedures (SyOPs). Staff should consult JSP 440 Volume 3 for detailed instructions on the use of such equipment. Photocopying/printing 9. It is important to keep copies of documents to the minimum necessary for the proper conduct of business. Reproduction of RESTRICTED and above documents may only be undertaken on an approved photocopier. UNCLASSIFIED documents may be reproduced on local commercial copiers if operated by the homeworker, care being taken to ensure, as far as possible, that documents are not read or identified as MOD/official documents by others. Posting Documents - to, from and between Homeworkers 10. The minimum standards for transmitting documents, within Great Britain, through the postal services are as follows: Protective Marking RESTRICTED Approved means Enveloping, sealing and marking Single envelope. Ordinary letter post. Full address (including post code). Security markings are not to be shown. As above. As above. Address by name and mark "Personal For:" As for RESTRICTED. As above. RESTRICTED (plus Descriptor(s) UNCLASSIFIED JSP 440 Volume 1 Issue 2 4M-3 RESTRICTED RESTRICTED Defence Manual of Security 11. The homeworker's attention is also drawn to Annex C of Chapter 4 for full details on postal arrangements to locations in Northern Ireland and overseas and the use of return addresses on official mail. Carriage - by the Homeworker and other MOD Staff 12. Where it is necessary to remove RESTRICTED documents from the home (to attend a meeting, for example), it should be carried in a locked container such as a briefcase with a combination lock. The container is to bear a label securely attached to the outside giving instructions to the finder. Only one side should normally be visible, the reverse being obscured by a protective cover. The visible side of the label is to read: "IF FOUND, PLEASE SEE INSTRUCTIONS ON THE REVERSE SIDE OF THIS LABEL". The reverse side is to read: "ANYONE FINDING THIS CONTAINER IS ASKED TO TELEPHONE 0171-21-86806 OR HAND IT IN AT THE NEAREST POLICE STATION OR RAILWAY STATION OR OTHER TRANSPORT AUTHORITY WITH A REQUEST THAT THEY SHOULD TAKE THAT ACTION". Note: The telephone number given is that of the security control room, MOD Main Building. The number of the appropriate Principal Security Adviser may be given instead. 13. While carrying protectively marked documents, the container should remain in the homeworker's possession at all times. Protectively marked documents are not to be read in any public place or on public transport. Note: Never journey abroad or to Northern Ireland carrying a briefcase bearing the Royal cipher. Review of Holdings 14. The homeworker should minimize official documents held at home. Holdings should be reviewed at least every six months and, where appropriate, forwarded/returned to the MOD. Destruction of Waste 15. UNCLASSIFIED paper waste may be disposed of by shredding or tearing it into small pieces and placing into household waste bins; it must be well mixed with domestic rubbish. It must not be used as "rough" paper for use by other members of the homeworker's household. RESTRICTED paper waste must be disposed of by a method approved of by the appropriate Principal Security Adviser's staff or returned to the MOD for secure disposal. All non-paper waste must be returned to the MOD for secure disposal. JSP 440 Volume 1 Issue 2 4M-4 RESTRICTED RESTRICTED Control and Carriage of Protected Documents Files and File Lists 16. MOD practice should be followed. Lists of all files held at home should be kept by both the homeworker and his/her line manager's Registry to facilitate spot checks. JSP 440 Volume 1 Issue 2 4M-5 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 4M-6 RESTRICTED RESTRICTED Control and Carriage of Protected Documents ANNEX N TO CHAPTER 4 CASUAL COURIERS - PROHIBITED ITEMS 1. Casual couriers who have been granted a single journey - casual courier passport (with diplomatic immunity) for the purposes of carrying protectively marked material overseas are to be aware that the following items are prohibited from being carried in their diplomatic bag: a. Contraband, including controlled substances (particularly narcotics and dangerous drugs). b. Firearms, explosives, ammunition or other material hazardous to personnel. c. d. Combustibles. Liquids, foodstuffs and perishable items. e. Currency, military payment certificates, bonds, securities, gold, silver, jewels, jewellery, postage stamps in quantity or other negotiable instruments. f. Office equipment and office supplies, including blank forms and paper. g. h. Supply items such as blankets, repair parts, tools and clothing. Tobacco and alcohol. 2. Casual couriers travelling within the United Kingdom, and those who have not been granted diplomatic immunity but have nevertheless been authorised by their relevant Principal Security Adviser to carry protectively marked documents overseas, are prohibited from carrying the following items: a. b. c. Contraband, including controlled substances (particularly narcotics and dangerous drugs). Firearms, explosives, ammunition or other material hazardous to personnel. Combustibles. d. Currency, military payment certificates, bonds, securities, gold, silver, jewels, jewellery, postage stamps in quantity or other negotiable instruments. JSP 440 Volume 1 Issue 2 4N-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 4N-2 RESTRICTED RESTRICTED Physical Security CHAPTER 5 PHYSICAL SECURITY Section 0 I II III IV V VI VII VIII IX X XI XII XIII XIV XV XVI Introduction General Principles Security Aspects of Works Projects and Services External Perimeter Security Measures The Physical Security of Buildings Precautions against Overlooking and Overhearing Closed Circuit Television Intruder Detection Systems Guards and Patrols Control of Entry ­ Pass Systems and General Regulations Automatic Access Control Systems Security Containers and Secure Rooms Locks and Security Keys Mechanical Document Transfer Systems and Automated Document Account Systems Accommodation Moves Reprographic Machines Destruction of Protectively Marked Waste Title JSP 440 Volume 1 Issue 2 5-0-1 RESTRICTED RESTRICTED Defence Manual of Security XVII XVIII XIX Conference Security Security of Equipment Site Access Management Systems JSP 440 Volume 1 Issue 2 5-0-2 RESTRICTED RESTRICTED Physical Security PHYSICAL SECURITY Chapter 05 Introduction Section I. Introduction The Minimum Baseline Measures Matrix Menu of Measures Physical Security Measures Performance Standards Matrix Section 1. Matrix Section 2. Matrix Section 3. Matrix Section 4. Matrix Section 5. Matrix Section 6. Annex A. Annex B. Annex C. Annex D. Containers and Security Locks Rooms Buildings Entry control Guards and Alarm Systems Outer Perimeter Minimum Baseline Measures Matrix Menu of Minimum Baseline Measures Minimum Baseline Measures Matrix ­ Points Checksheet Guide to the Use of the Minimum Baseline Measures Matrix General Principles 05101 05104 05109 05113 05114 05116 05118 05119 05122 05124 5-1-A-1 5-1-B-1 5-1-C-1 Para Page 5-1-D-1 JSP 440 Volume 1 Issue 2 5-0-3 RESTRICTED RESTRICTED Defence Manual of Security Appendix 1. Example - Minimum Baseline Measures Matrix - Points Checksheet Summary of Classes of Security Equipment and Security Measures Security Aspects of Works Projects and Services 05201 05203 05207 05211 05212 05213 05224 05227 05234 05247 5-1-D1-1 Annex E. 5-1-E-1 Section II. General Coordination of Works Projects/Services Procurement of Security Equipment/Systems Counter Terrorist Physical Security Measures for MOD Buildings Site Selection Site Layout Accommodation Planning Secure Zones Security in Open Plan Offices Security of Documents and Activated IT Systems in Unattended Offices Annex A. Annex B. Annex C. Special Services Group (SSG) Security Advice - Capital Works Projects Security Advice - Works Service (PROPMAN) 5-2-A-1 5-2-B-1 5-2-C-1 JSP 440 Volume 1 Issue 2 5-0-4 RESTRICTED RESTRICTED Physical Security Annex D. Security Involvement in Works Related Private Finance Initiative Drafting the Statement of Security Requirement (SSR) and Operational Requirement Request for Initial SSG Advisory Service in Respect of Security Requirements at a Defence Site Counter Terrorist Physical Security Measures for all MOD Owned or Occupied Buildings External Perimeter Security Measures 05301 05303 05312 05313 05316 05321 05323 5-2-D-1 Annex E. 5-2-E-1 Annex F. 5-2-F-1 Annex G. 5-2-G-1 Section III. Introduction Fences Entrances and Exits Security Notice Boards Perimeter Intruder Detection Systems (PIDS) Security Lighting Types of Security Lighting Section IV. General Use of Security Measures Doors Inter-communicating Doors Internal Doors JSP 440 Volume 1 Issue 2 5-0-5 The Physical Security of Buildings 05401 05407 05409 05415 05416 RESTRICTED RESTRICTED Defence Manual of Security Emergency Exit Doors Door Frames Door Bolts Hinges and Dog Bolts Grilles and Shutters Wide Angle Optical Viewers Windows Glazing Double Glazing Roofs Skylights, Fanlights, Rooflights Downpipes Sunken Outside Areas Parking/loading Bays Public Utilities Section V. General Overlooking Overhearing Section VI. General System Considerations Video and Disc Recording JSP 440 Volume 1 Issue 2 5-0-6 Closed Circuit Television Precautions against Overlooking and Overhearing 05417 05419 05420 05421 05423 05425 05426 05429 05430 05432 05434 05435 05436 05437 05438 05501 05503 05506 05601 05607 05614 RESTRICTED RESTRICTED Physical Security Video Movement Detection Systems Section VII. General Intruder Detection Systems Operational Requirement System Components Detection Sensors Types of Sensor Control Panel Event Log Alarm Display Alarm Signalling for Remote Sites Installation Wiring Reaction Force and Response Time System Management Installation and Maintenance Access Control Panel Testing Event Logs Investigation of Alarms Refurbishment of Buildings Portable Intruder Detection Systems Intruder Detection Systems 05615 05701 05704 05706 05709 05710 05711 05712 05713 05715 05716 05717 05718 05719 05721 05724 05725 05726 05727 05728 05729 JSP 440 Volume 1 Issue 2 5-0-7 RESTRICTED RESTRICTED Defence Manual of Security Annex A. Section VIII. General Definitions The AC12 Intruder Detection System Guards and Patrols 05801 05803 05804 5-7-A-1 Principles of Guarding and Patrolling Categories of Defence Establishments for Guarding Purposes and Composition of Guard Force Duties of Guards Search Trespassers Response Plan Static Posts Cadet Units Accommodation and Equipment Access to Protectively Marked Material by Guard Forces Commercial Guard Forces Supervision of Guards Instructions Patrols ­ General Principles Patrol Procedures Dogs Additional Security Measures 05811 05812 05816 05818 05819 05820 05821 05826 05827 05829 05836 05837 05840 05843 05848 05853 JSP 440 Volume 1 Issue 2 5-0-8 RESTRICTED RESTRICTED Physical Security Action to be taken for Unsecured Protectively Marked Material Annex A. Annex B Security Patrol Room Check Sheet Rules of Engagement for the release of dogs by Defence Personnel on duty in the United Kingdom Searching Record of Search Appropriate Wording for Advertising a Liability to Search on MOD Property Control of Entry ­ Pass Systems and General Regulations (UNDER REVIEW) Automatic Access Control Systems 05856 5-8-A-1 5-8-B-1 5-8-C-1 5-8-C1-1 Annex C Appendix 1 Appendix 2 5-8-C2-1 Section IX. Section X. Inroduction 051001 051006 051007 051010 051011 051012 051014 051015 051018 051020 5-0-9 Responsibility for AACS Operational Requirement Definitions Classes of AACS Types of AACS Installation Criteria Security Criteria System Criteria Effective Use JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Defence Manual of Security Management Doors Secondary Systems Section XI. Security Containers and Secure Rooms 051028 051031 051032 Security Containers - General Classification of Containers Standards Care of Security Containers Control of Security Containers Container Records Action in the Event of Suspected Tampering Secure Rooms Classes of Room Choosing a Room Types of Room Annex A. Section XII. Locks - General Classification of Locks Combination Locks Vulnerabilities of Combination Locks Action in the Event of Suspected Compromise Maintenance and Repairs JSP 440 Volume 1 Issue 2 5-0-10 Secure Rooms Locks and Security Keys 051101 051104 051105 051109 051111 051116 051118 051119 051121 051122 051123 5-11-A-1 051201 051203 051204 051213 051215 051216 RESTRICTED RESTRICTED Physical Security Vulnerabilities of Key Locks Security Keys - Definition Other Keys Action in the Event of Suspected Compromise or Loss of a Security Key or Combination Setting 051218 051222 051237 051238 Section XIII. Mechanical Document Transfer Systems and Automated Document Account Systems 051301 051303 051305 051309 051312 051314 051315 051316 051317 051320 051321 Accommodation Moves 051401 051403 Mechanical Document Transfer (MDT) Systems ­ Introduction General Security Measures Level of Physical Security Measures Ducting Security Protection of Despatch Control Unit Emergency Power Transmission between Secure Zones Automated Document Transfer Systems (ADAS) General Facilities Security Measures Section XIV. General Planning JSP 440 Volume 1 Issue 2 5-0-11 RESTRICTED RESTRICTED Defence Manual of Security The Move Closure of Establishments Section XV. General Control of Use Potential Risks Maintenance and Disposal Power Supply Tempest Section XVI. General Administrative Procedures Rules for Destruction Collection, Handling and Storage of Waste Methods of Destruction - Incineration The Destruction of Paper and Paper-based Waste Shredding Pulping Disintegrators and Hammer-mills The Destruction of Magnetic Media Incineration Disintegrators Sanding Shredding JSP 440 Volume 1 Issue 2 5-0-12 Destruction of Protectively Marked Waste Reprographic Machines 051405 051406 051501 051503 051505 051506 051507 051508 051601 051604 051605 051606 051609 051611 051613 051614 051617 051618 051619 051624 051625 RESTRICTED RESTRICTED Physical Security Acid and Chemical techniques The Destruction of Microform Total Destruction Partial Destruction Emergency Destruction Methods of Emergency Destruction Annex A. Annex B. Methods of Destruction Table Emergency Destruction of Protectively Marked Material in Ships Conference Security 051626 051627 051628 051631 051633 051637 5-16-A-1 5-16-B-1 Section XVII. General 051701 051703 051705 051706 051707 051708 051709 051710 051711 051712 051713 051714 051715 051719 5-0-13 Conference Security Officer Security Plan Access Control Passes Secure Zones Controlled Areas Documents Security Protectively Marked Waste Security Containers Tape Recorders Technical Security Simultaneous Interpretation Equipment (SIE) Room Security JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Defence Manual of Security Security Breaches Security and Emergency Instructions Counter Terrorist Measures Section XVIII. General Definition of Equipment The Use of a Matrix The Security of Equipment Minimum Baseline Measures Matrix Security of Equipment Menu of Measures Physical Security Measures - Performance Standards Movement of Protectively Marked Equipment Annex A. Minimum Baseline Measures Matrix for Large Items of Equipment Kept Inside Special-to-type Buildings Minimum Baseline Measures Matrix for Large Items of Equipment Kept in the Open Menu of Minimum Baseline Measures for Security of Equipment Minimum Baseline Measures Matrix - Points Checksheet for Large Items of Equipment kept Inside Special-to-type Buildings Minimum Baseline Measures Matrix - Points Checksheet for Large Items of Equipment kept in the Open 5-0-14 Security of Equipment 051720 051721 051722 051801 051803 051804 051806 051814 051818 051819 5-18-A-1 Annex B. 5-18-B-1 Annex C. 5-18-C-1 Annex D. 5-18-D-1 Annex E. 5-18-E-1 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Physical Security Annex F. Guide to the Use of the Minimum Baseline Measures Matrices and Menu for the Protection of Protectively Marked Equipment Example ­ Minimum Baseline Measures Matrix - Points Checksheet for Large Items of Equipment kept inside Specialto-type Buildings Example ­ Minimum Baseline Measures Matrix ­ Points Checksheet for Large Items of Equipment kept in the Open Site Access Management Systems 051901 051906 051910 051915 051918 5-18-F-1 Appendix 1. 5-18-F1-1 Appendix 2. 5-18-F2-1 Section XIX. General Networking SAMS System Procurement System Management Pass Production JSP 440 Volume 1 Issue 2 5-0-15 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 5-0-16 RESTRICTED RESTRICTED Physical Security CHAPTER 5 GENERAL PHYSICAL SECURITY INTRODUCTION Layout of Chapter 5 05001. This chapter is set out in 18 sections following a similar format to the Cabinet Office base-document, the Manual of Protective Security (MPS). It is so set out to allow for simple amendment of the individual parts of the physical security chapter following changes in policy. Each section has a paragraph at the beginning entitled 'Further advice, information and guidance' the purpose of which is to help the user in the following ways: a. Identify other documents that contain policy direction or more detail on the subject if so required. b. Notify the user that certain documents must be used in conjunction with the Defence Manual of Security (DMS). c. Identify other chapters, sections and parts of the DMS which contain additional information for the user. d. Notify the requirement, where applicable, for the involvement of TLB security staff by an establishment in the decision making process at the earliest opportunity (e.g. in the procurement process for automatic access control systems (AACS), closed circuit television (CCTV), intruder detection systems (IDS) etc). Definition of Physical Security 05002. In general terms, physical security means the positioning of obstacles to prevent: a. Unauthorised access to official material. b. Unauthorised access to property for the purpose of destroying, disabling, compromising or removing it, with the object of impeding operations, or in the pursuance of espionage or personal/financial profit. c. Unauthorised access to official information of Defence property for the purpose of killing or injuring Defence personnel or damaging or destroying Defence property. JSP 440 Volume 1 Issue 2 5-0-3 RESTRICTED RESTRICTED Defence Manual of Security Nature and Scope 05003. There is no standard method of providing physical security within the MOD. To give all establishments equal protection would be wasteful. The degree of protection will vary from area to area and HOE must determine their own requirements based on advice from the appropriate security organisation within the minimum baseline measures described fully in section I of this chapter and such other regulations that are promulgated from time to time. The physical security of Defence establishments is to be provided by a balanced mix of physical security measures such as: a. b. c. d. e. f. g. h. i. j. k. l. Fences. Lighting. Perimeter intruder detection systems (PIDS). Intruder detection systems IDS). Automated access control systems (AACS). Guards. Guard dogs. Locks and containers. Control of entry. Secure rooms. Hardened buildings. CCTV. Physical security measures are not primarily intended to prevent or deter attack by overt military action. Monitoring 05004. A system of regular surveys, inspections, reviews and checks is to be implemented to ensure that physical security measures are well organised and maintained as a part of the overall protective security of an establishment. Defence in Depth 05005. The physical security measures chosen as a result of the risk analysis (RA) (see Chapter 3) and minimum baseline measures methodologies carried out by an JSP 440 Volume 1 Issue 2 5-0-4 RESTRICTED RESTRICTED Physical Security establishment should be arranged so as to be mutually supporting. Additional measures may be required to achieve the degree of protection necessitated by: a. b. The designation of an establishment as a Key Point (KP). The security categorisation of an establishment (see Chapter 2). Basic Principles 05006. The following basic principles apply: a. Physical security measures are more effective and less costly if they are incorporated in the design stage of new projects. It is appropriate, therefore, to plan for higher levels of threat. b. Where cost effective, maximum use is to be made of security equipment such as IDS, PIDS and AACS. c. Protectively marked information and equipment is to be concentrated in as few places as possible. d. Physical security systems are to be related to operational needs and administrative requirements. e. Security measures must produce defence in depth. Responsibility for Physical Security 05007. Responsibility for physical security within Defence establishments is as follows: a. Directorate of Defence Security. D Def Sy is responsible for the issue of security policy for physical security for the Defence estate. b. Top Level Budget Holder. The TLB Holders are responsible for the implementation of security policy at establishments within the Defence estate. Each TLB Holder will have a Principal Security Advisor (PSyA) within his staff. c. Head of Establishment (HOE). Responsibility for physical security measures rests with the HOE who is advised as appropriate by the establishment security officer (ESyO), specialist security unit and/or TLB PSyA. d. OIC buildings, unit commanders, branch and establishment/unit security officers. These office holders are responsible for ensuring that the requirements of this chapter are applied within their areas of responsibility. JSP 440 Volume 1 Issue 2 5-0-5 RESTRICTED RESTRICTED Defence Manual of Security They are to ensure that physical security is properly enforced at all times and that orders exist for duty checkers/guards. e. Individual responsibility. It is the personal responsibility of all Service and MOD civilian personnel, attached members of other Services and Crown employees serving with them, to ensure that all prescribed physical security measures are correctly applied and to take the appropriate countermeasures when breaches of security occur or are suspected. Security Orders and Plans 05008. HOE are responsible for ensuring that their establishment has comprehensive security orders and plans readily available to and which are signed as having been read and understood by appropriate personnel. The Minimum Baseline Measures Matrix 05009. As a result of the Review of Protective Security (RPS), physical security measures, which will indicate the adequacy of the security measures on the establishment according to a given threat level, are given points according to the minimum baseline measures matrix. Full details of the matrix and how it is to be used are contained at Section 1. In particular the following is to be noted: a. The matrix is primarily designed to counter the ESPIONAGE threat, although some of the measures applied will afford a degree of counter terrorist, sabotage and criminal damage defence. Its use is mandatory for the protection against compromise of confidentiality. The risk management process detailed in Chapter 3 will determine its use for 'integrity' and 'availability'. b. The matrix is to be used at LOW THREAT unless establishments are notified otherwise by PSyAs following advice from D Def Sy. c. Notwithstanding sub para b. above, the threat to certain sensitive establishments may be considered to be at higher than LOW. PSyAs may dictate to certain establishments what threat level they face. d. Establishments are to follow the SPIRIT of the baseline measures matrix at all times. HOE are not to allow nonsensical situations to arise such as the fitting of a high standard of lock to a standard office door with glass panes, in order to score more points on the matrix, which would allow other normal security precautions to be dispensed with. Anomalies with the Matrix 05010. Anomalies may arise in the application of this new methodology which may require amendment in due course. Any apparent anomalies are to be notified by establishments to TLB PSyA for onward staffing to D Def Sy. JSP 440 Volume 1 Issue 2 5-0-6 RESTRICTED RESTRICTED Physical Security Reference Documents References in Manual 05011. A list of the documents referred to in this Chapter is at Annex A. Security Units 05012. Establishment security staff should use the services of their appropriate security units when required, in the implementation of the policy in this Chapter. It is not expected that all appointed ESyOs will have the specialist security knowledge and/or security staff to be able to implement, without specialist security unit advice, the instructions contained in the Chapter. The role of the appropriate single-Service security units/TLB PSyA staffs in the implementation process is, therefore, important. Conflict of Standards 05013. Where there is a conflict of physical security standards between JSP 440 and other security instructions, the more rigorous standard will prevail unless specifically notified otherwise. JSP 440 Volume 1 Issue 2 5-0-7 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 5-0-8 RESTRICTED RESTRICTED Physical Security SECTION I TO CHAPTER 5 GENERAL PRINCIPLES Introduction General 05101. This section of Chapter 5 contains instructions for the physical protection of information and equipment against attempts to acquire them illicitly by surreptitious attack or theft. Defence in Depth 05102. Physical measures represent only one aspect of protective security and they need to be supported by sound personnel, document handling, communications and computer security. Sensible management of security risks involves finding the most effective (and cost effective) ways of countering the given threats by a combination of measures from each of these areas. Good physical protection, preferably built into any site or building from the beginning, is of fundamental importance. Risk Management and Minimum Baseline Objectives 05103. Risk management offers a high degree of flexibility in providing the levels of protection required to safeguard protectively marked assets. To ensure that there is some degree of consistency and mutual assurance about the way one establishment's assets are handled by another, certain minimum baseline objectives apply to all areas of protective security. They are intended to provide acceptable security at all levels of protection where the threat is assessed as 'Low'. Further information on risk management can be found in Chapter 3. The Minimum Baseline Measures Matrix (MBMM) Meeting Baseline Objectives 05104. The matrix and menu of minimum baseline measures for physical security at Annexes A and B provide a range of options which meet the baseline objectives. They are designed to help the management of security risks by offering a means for the identification and selection of the most suitable and cost-effective physical security measures to safeguard protectively marked material against attempts to acquire them illicitly by surreptitious attack or theft. Although many of the measures suggested will be helpful in a counter-terrorist context (and suitable counter-terrorist measures already in place may be taken into account in meeting the baseline measures), the weighting given to the measures in the matrix is not primarily intended to meet terrorist threats. The matrix and menu are intended as a guide and particular circumstances may require different solutions. The achievement of a minimum score cannot be taken to be a substitute for a sound assessment of security measures based on the importance of the assets, the conditions and layout of the site, the level of the threat and protection required. Local circumstances may dictate that, despite an adequate score, enhanced JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-1 RESTRICTED Defence Manual of Security measures or alternative combinations of measures should be considered. (See also para 05009.) Threat Levels 05105. The minimum baseline measures are those in the first column of the matrix (headed L). The remaining columns offer a means of deciding on the increased measures appropriate to levels of threat higher than Low. ESyOs are to keep themselves regularly up-to-date on the nature and levels of threat to their assets (by consulting their appropriate PSyA and local Service and civil police authorities); and are to decide for themselves on the proper response to increased levels of threat, in the light of local circumstances. About the Matrix 05106. The minimum baseline measures are set as numerical values within a matrix, which correspond to the level of protectively marked material and to the level of the threat. The matrix, as shown at Annex A, is supported by a menu of physical security measures (Annex B) from which measures can be selected so that the sum total of the value of the individual measures equals or exceeds the required numerical value of the appropriate minimum baseline measures. It is a fundamental principle that points are only valid when correct security procedures and practices accompany the selected measure. Numerical Values 05107. The numerical value of the baseline measures required for each level of the protective marking system is made up from different sections of the menu of measures: 2 from mandatory sections of the menu of measures and the remainder from any of the sections. This system of mandatory and additional measures is to ensure that a sensible balance of measures is achieved and allows HOEs flexibility in the measures they apply to reach the baseline position, taking into account the security facilities, equipment and manpower at their disposal. How the Matrix is Used 05108. The matrix is used by selecting the appropriate level of protectively marked material and then reading off the scores to be achieved against the mandatory and additional sections of the menu of measures. Having identified the points score required, the user should then turn to the menu of measures. A minimum baseline measures matrix points check sheet for use by ESyOs is at Annex C. A guide to the use of the minimum baseline measures matrix is at Annex D and a sample of how to complete the full documentation is at Appendix 1 to Annex D. Menu of Measures Sections 05109. The menu of measures is divided into 6 sections, each dealing with a particular aspect of security (or layer of 'defence in depth'). For ease of application, the menu is laid out as a proforma with scores (loading) provided for various options. Spaces are also provided for inserting the various points scores. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-2 RESTRICTED Physical Security Weighting of Measures 05110. Some measures are weighted in that their points score multiplies with that of another measure (eg containers and locks), whilst others are added (eg fences, Perimeter Intruder Detection Systems, lighting and CCTV). The value of zero is used as a multiplier where a fence has no control of entry at its entry/exit points. Where control of entry is provided, the multiplier of one will validate the points awarded to the fence. Selection of Measures 05111. In deciding what measures to select, the user is to include existing security measures and then fill in the score obtained. The results can then be compared with the requirements of the matrix. From the comparison it will be apparent whether the measures are excessive, adequate or need supplementing. Additional Measures 05112. If additional measures are required, establishments are to decide which measures to select in the light of the actual threats faced by them. If there is a threat from forcible attack, for instance, the strength of a container may be a higher factor than the Class of lock; conversely, if the threat is from surreptitious attack, a high class lock may be a more important factor than the strength of the container. Used in this way, with imagination and common sense, the menu will help ESyOs to find the measures most appropriate to their particular situation, the threats they face and the resources available. Physical Security Measures - Performance Standards & the MBMM 05113. The descriptions given below (and which are used in the menu to the MBMM) are a guide to the levels of performance offered by different Classes of equipment, buildings or precautionary measures. The 4 classes of performance standard used in these descriptions are based on those being introduced into certain European standards and do not relate to those previously used to designate the performance of approved UK security equipment. Details of the type and specification of approved security equipment falling within the classifications below and which have been tested against both surreptitious and forcible attack are contained in the 'Catalogue of Security Equipment'. Copies of this document are issued to PSyAs and other security staff. A summary of the names of approved containers, locks doors and other security equipment is at Annex E. Matrix Section 1 - Containers and Security Locks Security Containers 05114. Containers are classified according to the level of security they offer, Class 4 being the highest and 1 the lowest. The classifications of containers can be described as follows: a. Class 4 containers. These are HIGH SECURITY containers which: (1) Have a high degree of resistance to an attacker using force and fully equipped with hand and power tools. JSP 440 Volume 1 Issue 2 5-1-3 RESTRICTED RESTRICTED Defence Manual of Security (2) Offers resistance to the prising of doors, drawers or lids to facilitate a fishing or probing attack. b. Class 3 containers. which: These are MEDIUM SECURITY containers (1) Offer a degree of resistance to an attacker using force and having access to a limited range of hand tools. (2) Resist flexing, twisting or jolting that will distort the carcass and allow the insertion of probes or devices in order to gain access to the container. c. Class 2 containers. (1) These are SECURITY containers which are : Of substantial design and construction. (2) Offer resistance to the casual or opportunist attacker who has not been prepared for the attack and only has use of items that are readily to hand. d. Class 1 containers. These are general purpose containers which have no particular security design features but which are lockable and are judged to offer a level of privacy. Security Locks 05115. Security locks are classified according to the level of protection they offer, Class 4 being the highest and Class 1 the lowest level. a. Class 4 locks. These are HIGH SECURITY locks which have a high degree of resistance to expert and professional attack using exclusively developed skills and resources judged not to be available commercially. b. Class 3 locks. These are MEDIUM SECURITY locks which have a high degree of resistance to expert and professional attack using skills and resources that are available commercially to a professional locksmith. c. Class 2 locks. These are SECURITY locks which have a degree of resistance to a skilful attacker having minimal resources. d. Class 1 locks. These are QUALITY locks having a moderate degree of resistance to unauthorised opening. Note: All keys to security containers must be held securely in accordance with the instructions in Section XII. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-4 RESTRICTED Physical Security Matrix Section 2 - Rooms The Level of Protection 05116. The level of protection offered by a room will depend on the strength and structure of the walls, floor and ceiling/roof, the strength and quality of the door and its lock and the quality and protection given to any windows. The specifications and standards for strong and secure rooms are contained at Section XI; the names of the rooms by Class are shown at Annex E to this section. The types of room are described below: a. Strong room. A strong room is a windowless room which: (1) Is designed with a high degree of resistance to an attacker using force and equipped with an extensive range of hand and power tools. (2) Will normally have walls, floor and ceiling of concrete slab construction. (3) Has a door of steel with bolt work secured by Class 3 or 4 lock. b. Secure room. A room that meets the standard for a secure room is as follows: (1) Offers a degree of resistance to a forced attack in which a limited range of hand tools are used. (2) Offers a high degree of resistance to a surreptitious attack. (3) Has walls, floor and ceiling of lightweight brick or block construction or plywood and plasterboard on supporting frame. (4) Has a door of solid wood or laminate construction fitted with a lock that offers the required level of protection (normally a Class 2 or 3 lock). (5) Has windows fitted with laminated security glass in a suitable frame or be protected by window bars. c. Locked room. A locked room is a room or office that can be locked (when left unattended) and offers a degree of protection to its contents. If the room is required to offer protection against a surreptitious attack for long periods, such as overnight or at weekends, the standard of door and its lock and the standard and locking of windows should reflect the level of threat. Normally a Class 1 lock will provide adequate protection. Selection of Locks 05117. Locks, for use on rooms, are to be selected from the range of locks listed in paragraph 05115 above and detailed, by type, at Annex E. JSP 440 Volume 1 Issue 2 5-1-5 RESTRICTED RESTRICTED Defence Manual of Security Matrix Section 3 - Buildings Building Rating 05118. Buildings are rated according to their resistance to both forced and surreptitious attack. The method of construction, material used and the security of doors and windows will contribute to the overall assessment. The Classes of building are described below: a. Class 4 buildings. construction which: (1) A Class 4 building is one of substantial Offers a high degree of resistance to a forced attack. (2) Has walls, floor and ceiling/roof of reinforced concrete or concrete slab. (3) Has doors of reinforced steel or wood, faced with sheet steel. (4) Has windows kept to a minimum but where necessary are suitably protected. Their frame, fixing and glazing offers substantial resistance to a physical attack. b. Class 3 buildings. (1) A building which: Offers a degree of resistance to a forced attack. (2) Is of solid construction, normally brick or block, on cavity wall principles. (3) Has windows and doors of a standard equal to that of the building in its resistance to a forced attack. Modern building techniques of pre-cast or fabricated panels or steel frame and glass, may also rate Class 3. c. Class 2 buildings. (1) A building which: Has a resistance to a forced attack. (2) Is of lightweight construction normally single brick or lightweight block or be a substantial transportable office unit. (3) Has doors and windows of a standard equivalent to the structure in having a resistance to a forced and/or surreptitious attack. d. Class 1 buildings. A building that offers Class 1 standard of strength is normally a lightweight prefabricated structure intended simply to protect its contents and those who work in it from the elements. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-6 RESTRICTED Physical Security Matrix Section 4 - Control of Entry to Building, Area or Site Control of Entry 05119. Control of entry can be exercised over a site, a building or buildings on a site or to areas or room within a building. The control may be either electronic, electro mechanical, guard or receptionist control or physical barriers. More information on control of entry pass systems can be found in Section IX of this chapter and the requirements for Automated Access Control Systems (AACS) are detailed in Section X. The Classes of control of entry systems are described below: a. Class 4 system. An automatic access control system (AACS) which: (1) Offers a degree of inherent security requiring the minimum of guard oversight. (2) Is based on the use of a card or token in association with a user unique Personal Identification Number (PIN). (3) Is used in conjunction with an access barrier that prevents pass back and ensures "one transaction, one entry". b. Class 3 system. A Class 3 entry control system is an electronic AACS which: (1) Operates as a card and PIN. (2) Entry is controlled by a suitable barrier that may require direct supervision by a guard. c. Class 2 system. involving: (1) A Class 2 entry control system is one Security guards, custodians, or a receptionist. (2) Involves the use of a photograph or unique design pass entry system. Other identification documents, such as Defence Identity Cards are accepted for entry purposes. d. Class 1 system. A Class 1 entry control system is one based on a locked door with access allowed by either: (1) A mechanical or stand alone electronic push button code lock (PBCL). (2) 05120 Spare The issue of keys to "authorised key holders". JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-7 RESTRICTED Defence Manual of Security The Control of Visitors 05121. The control of visitors within a protected area where sensitive material is held or worked on or where special access control are exercised will depend on the level of security clearance of the visitor and on any special control requirements that the establishment may impose on non-staff personnel. The type of control exercised over visitors is described below: a. Escorted visitors. Visitors who are required to be escorted within a protected area are accompanied at all times by an appointed escort or by personnel they are visiting. If they need to visit a number of different departments or other members of staff, they are to be formally handed over from one escort to the next with, if required, the visitor's pass being annotated accordingly. b. Pass/badge. Visitors are allowed unescorted entry to a protected area, or parts of it. They are required to wear a badge/pass that identifies them as a visitor and not as a member of staff. It should be noted that a visitor badging system is only effective if all staff are also required to wear a pass. Note: Points for 'Escorted Visitors' within the MBMM can only be scored where all visitors (including MOD employees) to an establishment are escorted. Matrix Section 5 - Guards and Alarm Systems Guards 05122. The employment of guards to protect buildings or sites provides a valuable deterrent to criminals and to those who might plan a covert attack. The guards' duties and the need and frequency of patrols will be decided by considering the level of threat and security systems or equipment that might be in place. More detailed instructions on the employment of guards and patrols are contained in Section VIII to this chapter. The types of guarding are described below: a. Frequent internal patrols. A patrol that operates inside a building at random intervals, not exceeding 2 hours, is a frequent patrol. It is to follow a different route, on each patrol, so that the time and place of the guards' visit cannot be predicted. Guards are to have specific tasks to perform on the patrol such as checking locked doors and security furniture and checking external doors and windows to see that they are properly secured. b. Infrequent internal patrols. Internal random patrols at intervals not exceeding 6 hours allows for 2 or 3 patrols during the night and periodic security checks during a weekend or holiday period. The first patrol is to normally take place soon after cease work and is to be concerned with checking that the site or building is properly secure. Patrol routes are to be varied so that the timing and location of the guard cannot be predicted. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-8 RESTRICTED Physical Security c. External patrols. Patrols that are limited to the external areas of a site or building and which are carried out by guards who do not normally have access to the buildings are 'external patrols' only. The frequency of external patrolling will be dependent upon the particular requirements of the establishment. External patrols can be vehicle mounted or on foot and patrol the perimeter, inside or outside, and checking buildings that may be covered by an internal alarm system. The mobile patrol will also act as an immediate response force. d. Resident or on-site guards. Guards that are employed to man an incident control room or guard post/guardroom, but are not required to patrol are classed as 'Resident' or 'Site' guards. They can be required to survey the protected area or parts of it either visually or by using CCTV surveillance equipment. Responding to other building alarm or monitoring systems can also be included in their duties. e. Visiting guards. Guards who visit a site during the night and at weekends and carry out rudimentary perimeter checks are classed as 'visiting guards'. Such types of guard include those that may not normally be allowed to enter the site or building visited but respond by calling out the "Key Holder" in the event of a suspected intrusion. Note: There are a further 2 types of guarding used in the security of equipment matrix; these are described at para 051818. Intruder Detection Systems (IDS) 05123. IDS are used inside buildings in place of or to assist site guards. To be effective an IDS will have a response force that will react in the event of an alarm condition. Alarm systems have been graded according to the level of security they offer. A Class 4 system offering the highest level of security and Class 1 the lowest. More detailed information regarding IDS is contained at Section VII to this chapter. The Classes of IDS system are described below: a. Class 4 systems. A Class 4 IDS is one which: (1) Is intended for use in applications where security takes precedence over all other factors. (2) Offers a level of protection where the intruder has to plan the intrusion in detail and have a full range of equipment capable of substitution of vital system components. (3) Is supplemented with comprehensive physical security measures and security procedures. b. Class 3 systems. A Class 3 alarm system is one which: (1) Is used in premises where high value assets are held. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-9 RESTRICTED Defence Manual of Security (2) Includes appropriate physical security protection. (3) Offers protection from intruders who are conversant with intruder detection systems and have available a comprehensive range of tools and portable electronic equipment. c. Class 2 systems. A Class 2 alarm system is one which: (1) Is used in premises where the security risks of a sophisticated attack are not high. (2) Intruders are expected to have a limited knowledge of alarm systems and have available only basic tools and portable instruments. d. Class 1 systems. A Class 1 alarm system is one which: (1) Is used in low risk premises where potential intruders have little knowledge of alarm systems and a limited range of readily available tools. (2) Does not normally have an appointed response force and relies on a public response to a local alarm sounder or strobe lights. Matrix Section 6 - Outer Perimeter The Perimeter 05124. A perimeter fence forms a useful barrier and identifies the boundary of a protected or restricted area. The level of protection offered by a fence depends on its height, construction, the material used and any additional security features used to increase its performance or effectiveness such as topping, PIDS, lighting or CCTV. The type of fence used on the perimeter of a site should reflect the type of threat, ie. terrorist, criminal, saboteur, vandals. Fences are graded according to the level of protection they offer, Class 4 offering the highest security and Class 1 the lowest. Instructions for external perimeter security measures are at Section III, CCTV at Section VI and security lighting at Section III to this chapter. The types of fence attracting a particular Class are shown at Annex E. The Classes of fence are described below: a. Class 4 fence. A Class 4 fence is a high security barrier which: (1) Is designed to offer the maximum deterrent and delay to a skilled and determined intruder who is well equipped and resourced. (2) Is designed and constructed to offer a high degree of resistance to a climbing or breaching attack. (3) Is normally supported by other perimeter security systems. b. Class 3 fence. A Class 3 fence is an intermediate security barrier which: JSP 440 Volume 1 Issue 2 5-1-10 RESTRICTED RESTRICTED Physical Security (1) Is designed to deter and delay a resourceful attacker who has access to a limited range of hand tools. (2) Offers resistance to attempts at climbing and breaching. c. Class 2 fence. A Class 2 fence is an anti-intruder fence which offers a degree of resistance to climbing and breaching by an opportunist intruder not having particular skills and using material and breaching items that are readily to hand. d. Class 1 fence. A Class 1 fence is one which: (1) Is designed with no particular security requirements. (2) Is only intended to mark a boundary and to offer a minimum of deterrence or resistance to anyone other than a determined intruder. (3) Any type of construction material or hedging is used. Entry and Exit Searches 05125. Establishments may undertake entry searches as a condition of entry. In particularly sensitive areas, entry searching is to be designed to guard against the possibility of unauthorised electronic recording and transmitting equipment or copying equipment such as cameras or scanners being brought into the establishment. Such searches also guard against the possibility of an explosive device being carried into the establishment. Exit searches can only be undertaken in accordance with HOEs statutory powers, contracts of employment or the law relating to search (Police and Criminal Evidence Act). However such searches can act as a deterrent to the unauthorized removal of protectively marked or otherwise valuable assets from the establishment. Gates 05126. Gates are to be constructed to the same security standard as the fence and some form of entry control must be in place otherwise the security of the fence will be negated. Perimeter Intruder Detection Systems (PIDS) 05127. PIDS may be used on perimeters to enhance the level of security offered by the fence. PIDS may be installed as covert devices (although this is usually for aesthetic reasons) or overtly, to act as a deterrent. PIDS are inherently prone to false alarm and should therefore normally only be used with an alarm verification system such as CCTV. Closed Circuit Television (CCTV) 05128. CCTV is a useful aid to security guards in covering large sites or perimeters. The effectiveness of such a system however will depend on the selection of suitable equipment and its installation. Detailed professional advice via PSyAs is to be sought. JSP 440 Volume 1 Issue 2 5-1-11 RESTRICTED RESTRICTED Defence Manual of Security Security Lighting 05129. Security lighting can offer a high degree of deterrence to a potential intruder in addition to providing the illumination necessary for effective surveillance either directly by the guards or indirectly through a CCTV system. The standard of lighting is to meet the minimum requirement and its installation be appropriate to the site conditions. 05130. More information on the protective measures of buildings is detailed in Section II, Annex G and Section IV to this chapter. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-12 RESTRICTED Physical Security ANNEX A TO SECTION I TO CHAPTER 5 MINIMUM BASELINE MEASURES MATRIX TOP SECRET Mandatory - Sections 1 and/or 2, plus 3 Mandatory - Sections 4 plus 5 ** Additional - Any Sections Total SECRET Mandatory - Sections 1 and/or 2, plus 3 Mandatory - Sections 4 plus 5 * Additional - Any Sections Total CONFIDENTIAL Mandatory - Sections 1 and/or 2, plus 3 Mandatory - Sections 4 plus 5 Additional - Any Sections Total RESTRICTED Mandatory - Sections 1 and/or 2, plus 3 Additional- Any Sections Total L 10 6 2 18 L 8 4 2 14 L 8 2 10 L 2 2 M 10 6 4 20 M 8 4 4 16 M 8 3 11 M 2 2 S 10 7 4 21 S 8 5 4 17 S 8 2 3 13 S 2 1 3 H 12 7 5 24 H 10 5 5 20 H 8 3 4 15 H 2 2 4 VH 15 7 6 28 VH 12 6 6 24 VH 10 4 5 19 VH 2 3 5 Notes: ** = Each Section must score at least 2 points. * = Each Section must score at least 1 point. THREAT LEVELS VH H S M L - Very High - High - Significant - Moderate - Low JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-A-1 RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-A-2 RESTRICTED Physical Security ANNEX B TO SECTION I TO CHAPTER 5 MENU OF MINIMUM BASELINE MEASURES Measure Loading Section 1 ­ Container 1. Container/casing: a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 Sub-score (ss1) = a, b, c or d 2. Lock a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 Sub-score (ss2) = a, b, c or d Remarks Section score (S1) = ss1 x ss2 Measure Loading Section 2 ­ Room 3. Room: a. Strong Room 4 b. Strong Room 3 c. Secure Room 1 d. Locked Room 0 Sub-score (ss3) = a, b, c or d 4. Lock a. Class 4 4 b. Class 4 3 c. Class 3 2 d. Class 2 1 e Class 1 0 Sub-score (ss4) = a, b, c, d or e NB. Multiply Section score (S2) = ss3 x ss4 NB. Multiply JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-B-1 RESTRICTED Defence Manual of Security Measure Section 3 ­ Building 5. Strength: a. Class 4 b. Class 3 c. Class 2 d. Class 1 Loading Remarks 5 3 2 1 Section score (S3) = a, b, c or d Measure Loading Section 4 ­ Control of entry to building, area or site 6. Control of entry: a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 e None 0 Sub-score (ss6) = a, b, c or d 7. Visitor control: a. Escorted 3 b. Pass/badge 1 c. None 0 Sub-score (ss7) = a, b, or c NB. One figure Remarks Section score (S4) = ss6 + ss7 NB. Add JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-B-2 RESTRICTED Physical Security Measure Loading Remarks Section 5 ­ Guards and IDS 8. Guards: a. Point Guard 10 b. Dog Patrol 8 c. Frequent Internal 5 Patrols d. Infrequent 4 Internal Patrols e. External Patrols 3 f. Resident/Site 2 Guard g. Visiting Guard 1 h. None 0 Sub-score (ss8) = [(a, b, c or d)* + (e or f)*] or g* or h * = if applicable. Resident/site guard will only score if there has been no other score for other guards or patrols 9. IDS: a. Class 4 5 b. Class 3 4 c. Class 2 3 d Class 1 1 e None 0 Sub-score (ss9) = a, b, or c Section score (S5) = ss8 + ss9 Measure Loading Section 6 ­ Immediate dispersal/ parking/storage area 10. Fence: a. Class 4 4 b. Class 3 3 c. Class 2 2 d Class 1 1 e None 0 Sub-score (ss10) = a, b, c, d or e 11. Entry control: a. Yes 1 b. No 0 Sub-score (ss11) = a or b NB. Add Remarks JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-B-3 RESTRICTED Defence Manual of Security Measure Loading Random entry and/or exit searches: 12. a. Yes 1 b. No 0 Sub-score (ss12) = a or b 13. PIDS: a. Yes 2 b. No 0 Sub-score (ss13) = a or b 14. CCTV (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss14) = a or b 15. Lighting (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss15) = a or b Remarks Section score (S6) = (ss10 x ss11) + ss12 + ss13 + ss14 + ss15 Measure Loading Section 7 ­ Outer Perimeter 16. Fence: a. Class 4 4 b. Class 3 3 c. Class 2 2 d Class 1 1 e None 0 Sub-score (ss16) = a, b, c, d or e 17. Entry control: a. Yes 1 b. No 0 Sub-score (ss17) = a or b Random entry and/or exit searches: 18. a. Yes 1 b. No 0 Sub-score (ss18) = a or b 19. PIDS: a. Yes 2 b. No 0 Sub-score (ss19) = a or b JSP 440 Volume 1 Issue 2 5-1-B-4 Remarks RESTRICTED RESTRICTED Physical Security 20. CCTV (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss20) = a or b 21. Lighting (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss21) = a or b Section score (S7) = (ss16 x ss17) + ss18 + ss19 + ss20 + ss21 TOTAL SCORE is the sum of SECTIONS 1 to 7 JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-B-5 RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-B-6 RESTRICTED Physical Security ANNEX C TO SECTION I TO CHAPTER 5 MINIMUM BASELINE MEASURES MATRIX - POINTS CHECKSHEET Reference: Assessment 1. Asset assessed: 2. Protective marking: 3. Threat level: Points check 4. Mandatory points. Section 1. Pts required: Section 3. Pts required: Sections 4 & 5. Pts required: 5. Additional points. Any Sections. Pts required: Sections 6 & 7 6. Summary of points. Total Pts required: 7. Remarks. Pts achieved: Pts achieved: Pts achieved: Pts achieved: Pts achieved JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-C-1 RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-C-2 RESTRICTED Physical Security ANNEX D TO SECTION I TO CHAPTER 5 GUIDE TO THE USE OF THE MINIMUM BASELINE MEASURES MATRIX First Actions 1. Produce a proforma that consists of the following documents : a. b. c. 2. A points checksheet (see Annex C). A minimum baseline measures matrix (Annex A). A menu of minimum baseline measures (Annex B). On the points checksheet fill in the following: a. Details of the asset to be assessed (for example 'Secret Docs in HQ Building'). b. The current Espionage threat (eg 'L'). 3. Using the matrix : a. Read off the total points required to protect the particular asset(s) at the current threat level and write the figure on the points checksheet (eg '14' for SECRET at Low; Low is the standard threat level unless otherwise directed from D Def Sy by PSyAs). b. Read off the mandatory points required for the sections and write the figures on the points checksheet (eg '8' for Sections 1 and/or 2 plus 3). 4. Turn to the menu of baseline measures to carry out the assessment. A sample assessment is at Appendix 1. Carrying Out the Assessment 5. Section 1 - container. Using the standards of containers detailed at para 05114 and shown, by type at Annex E, determine the Class of container that the protected assets are held in and write the 'loading' figure in the sub-score column (ss1), (eg a 5'x 2' security cabinet would give a sub- score of '3'). Likewise, the lock fitted to the cabinet should be allocated a loading ( insert at ss2) in accordance with the standards at para 05115 and shown, by type at Annex E. (eg a Mersey lock will give a score of '3'). The Section 1 score is achieved by multiplying the scores of the container and lock. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D-1 RESTRICTED Defence Manual of Security 6. Section 2 - Room. Determine the Class of the room that the asset is held in using the standards at para 05116 and shown, by type at Annex E, and insert the 'loading' figure in the sub-score column (ss3); for example an unlocked room would attract 0 points. Similarly ascertain the 'loading' for the type of lock fitted to the room using the standards at para 05115 and shown, by type at Annex E, and insert at (ss4); for example a Chubb Mortice lock would attract 1 point. The section score is achieved by multiplying the scores for the room and the lock. Notes: (1) Establishments are to follow the spirit of the baseline measures matrix at all times. Therefore, heads of establishments are not to allow nonsensical situations to arise such as fitting a Class 4 lock to a standard office door with glass panes, in order to score more points on the matrix, which in turn would allow other normal security precautions to be dispensed with. 7. Section 3 - Building. Using the standards at para 05118, determine the Class of the building (its strength) and insert the loading score in the Section score column (S3). For example a modern building of pre-cast panels can attract 3 points. 8. Section 4 - Control of Entry to Building Area or Site. Determine the Class of the control of entry to the building, area or site using the standards at para 05119 and insert in the sub-score column (ss6). Decide the loading for the visitor control and insert in the sub-score column (ss7). The Section 4 score is achieved by adding the two scores together. Example: A building where entry is allowed by the issue of keys to authorized personnel will attract 1 point. If the visitor control system is one where they are required to wear a pass identifying them from permanent staff, a further point would be gained. The total for the section would be 2 points. 9. Section 5 - Guards and Intruder Detection Systems (IDS). patrols and guarding procedures are described at para 05122: The type of a. Determine the type of patrols/guarding practices in the building, area and site and insert the 'loading' scores in the sub-score column (ss8). The points scores for guards are divided into 3 areas; internal patrols, external patrols and other (resident/site guarding). Points can be achieved for an establishment that has both internal and external patrols. Any additional resident/site guard will not attract any further points where a score has been achieved for internal or external patrols. Example: A particular building housing the protected asset may be the subject of 'Infrequent Internal Patrols' (gaining a loading score of 4) and be on an establishment that has 'External patrols' around the site (gaining a score of 3). The establishment may also have a 'Site Guard' at the incident room or guardroom; the latter would only attract points if there were no internal or external patrols. Hence the total sub-score (ss8) in this example would be 7 points. JSP 440 Volume 1 Issue 2 5-1-D-2 RESTRICTED RESTRICTED Physical Security b. Determine the sub-score for the type of IDS on the establishment, area and/or site using the standards at para 05123 and shown, by type at Annex E, and insert at (ss9). The Section 5 score is obtained by adding the scores for Guards and IDS and inserting at (S5). 10. Perimeter. Decide what Class the establishment perimeter is using the standards at paras 05124 and shown by type at Annex E and insert the 'loading' into the sub-score (ss10); e.g. an approved 2.4m high chainlink fence with security topping would merit 2 points. If the establishment has entry control insert 1 point at (ss11); if it does not then no points are allotted. Similarly, insert the 'loading' figures for the 'yes/no' measures for searches (ss12), perimeter intruder detection systems (PIDS) at (ss13), CCTV (ss14) and lighting (ss15). The total score (S6) for perimeter measures is obtained by multiplying the 'loading' scores of the Fence and Entry control and then adding this figure to the total of the rest of the sub-scores. Example: An Establishment has a Class 2 fence (2 points), with entry control (1 point). Entry/exit searches are carried out by guards (1 point) but the establishment does not have any PIDS (0 points). It does not have any CCTV (0 points) or security lighting to the appropriate standards (0 points). The total points for Section 6 would be as follows: Fence 2 x x entry control 1 = = # 2 + + total of other sub-scores 1 = = # 3 Note: It is important to note that points for CCTV and lighting can only be obtained if the equipment reaches the appropriate approved standards. Completing the Points Checksheet and Further Action 11. Completion of the Checksheet. After completing the baseline measures menu, complete the points checksheet by inserting the total points achieved. In addition, insert the points obtained in the 'Mandatory' sections. 12. Action to be taken if points required baseline is exceeded. If all of these figures exceed the 'points required' then the protected asset has adequate security and no further action is required. However, there may be scope for the ESyO, in consultation with the head of establishment, to reduce some security measures, if desired, to the baseline position and this type of review is to be actively encouraged so long as expenditure is not wasted in the pursuit of lower standards when those in force are cost-effective already. Any agreed action could be written in the 'Remarks' column of the checksheet. 13. Action to be taken if the points required baseline is not reached. If the points achieved figures have failed to reach the points required for either the total or mandatory section scores, then the ESyO in consultation with the HOE must JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D-3 RESTRICTED Defence Manual of Security re-examine the security measures implemented on the establishment and choose higher security measures accordingly to meet the baseline position. 14. Flexibility of the Matrix. The advantage of the baseline measures matrix is that it allows establishments the flexibility to choose their own security measures at a given threat level as long as the baseline measure is reached and certain mandatory measures are met. It also takes into account any enhanced security measures that the establishmentt may have invested in such as AACS, CCTV or security lighting thereby perhaps allowing the costs to be reduced in other areas of security. When to Complete a Matrix 15. General. The matrix is primarily intended to be used to assure the Confidentiality of protectively marked assets. Where similar protected assets are held in a particular type of building throughout the establishment only one menu may be required to be completed for each level of protective marking; e.g. In an establishment HQ building that houses a quantity of all 4 types of protectively marked material it may only be appropriate to complete a matrix for each type (RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET) at the current threat level. There may be no requirement to complete a matrix for each container in every building as the baseline may be able to be achieved for a particular building with a menu for each type of protectively marked material. 16. 'Standard' loading on the matrix. Much of the 'loading' on the matrix menu of measures will be the same for an establishment for each menu completed; for example, the perimeter fence, guarding/patrols posture, entry control etc may be standard for all menus on the establishment at a given threat level. 17. Change in threat level. If the threat changes, the ESyO should consult the completed points checksheet and menu of measures to see if the measures in force are still adequate or, in the case of a decrease in threat, whether certain measures can be changed or dispensed with. By trying differing options within the menu for a given protected asset, the ESyO should be able to obtain any new baseline position. Example: The threat increases from Low ('L') to Moderate ('M') and the number of points required to house TOP SECRET protectively marked material increases from 18 to 20. Assuming that a particular establishment has the minimum 18 points and meets the mandatory points (which would not change for such an increase in threat) it could meet the new baseline position by introducing 'frequent Internal Patrols' to the existing 'External Patrols' thereby gaining the 2 extra points required. Alternatively, it could choose to house all of its TOP SECRET assets in a higher Class container which when multiplied with the value of the lock would meet the new baseline. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D-4 RESTRICTED Physical Security APPENDIX 1 TO ANNEX D TO SECTION I TO CHAPTER 5 MINIMUM BASELINE MEASURES MATRIX - POINTS CHECKSHEET Reference: STR/2031/6 Assessment 1. Asset assessed: 2. 3. Protective marking: Threat level: Docs in HQ Building SECRET L _Points check 4. Mandatory points. Section 1 and/or Pts required: Pts achieved: 8 12 2 plus 3 Sections 4 & 5. Pts required: Pts achieved: 2 16 5. Additional points. Any Sections. Pts required: 2 Sections 6 & 7 Pts achieved: 3 6. Summary of points. Total Pts required: Pts achieved 14 24 7. Remarks. COULD STORE SECRET DOCS IN LOWER CLASS CONTAINERS WITH LOWER CLASS LOCKS AND/OR REVIEW PATROL ACTIVITY WITH A VIEW TO REDCUCING IT JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-1 RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-2 RESTRICTED Physical Security Minimum Baseline Measures Matrix TOP SECRET Mandatory - Section 1 and/or 2 plus 3 Mandatory - Section 3 Mandatory - Sections 4 plus 5 ** Additional - Any sections Total SECRET Mandatory - Section 1 Mandatory - Section 3 Mandatory - Sections 4 plus 5 * Additional - Any sections L 1 2 6 9 18 L 1 2 4 7 14 L 1 2 3 4 10 L 1 1 2 M 1 2 6 11 20 M 1 2 4 9 16 M 1 2 3 5 11 M 1 1 2 S 1 2 7 11 21 S 1 2 5 9 17 S 1 2 3 7 13 S 1 1 1 3 H 1 2 7 14 24 H 1 2 5 12 20 H 1 2 3 9 15 H 1 1 2 4 VH 1 2 7 18 28 VH 1 2 6 15 24 VH 1 2 3 13 19 VH 1 1 3 5 Total CONFIDENTIAL Mandatory - Section 1 Mandatory - Section 3 Mandatory - Sections 4 plus 5 Additional - Any sections Total RESTRICTED Mandatory - Section 1 Mandatory - Section 3 Additional - Any sections Total Notes: ** * Each Section must score at least 2 points. Each Section must score at least 1 point. THREAT LEVELS VH H S M L - Very High - High - Significant - Moderate - Low JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-3 RESTRICTED Defence Manual of Security This page intentionally left blank JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-4 RESTRICTED Physical Security Menu of Minimum Baseline Measures Measure Loading Section 1 ­ Container/casing 1. Container/casing: a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 Sub-score (ss1) = a, b, c or d 2. Lock a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 Sub-score (ss2) = a, b, c or d Remarks Lightweight Cupboard 3 Mersey 3 NB. Multiply Section score (S1) = ss1 x ss2 Measure Loading Section 2 ­ Room 3. Room: a. Strong Room 4 b. Secure Room 3 c. Locked Room 1 d. Unlocked Room 0 Sub-score (ss3) = a, b, c or d 4. Lock a. Class 4 4 b. Class 4 3 c. Class 3 2 d. Class 2 1 e Class 1 0 Sub-score (ss4) = a, b, c, d or e 9 Mortice 1 0 NB. Multiply Section score (S2) = ss3 x ss4 JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-5 RESTRICTED Defence Manual of Security Measure Section 3 ­ Building 5. Strength: a. Class 4 b. Class 3 c. Class 2 d. Class 1 Loading Remarks 5 3 2 1 Pre cast panels Section score (S3) = a, b, c or d Measure Loading Section 4 ­ Control of entry to building, area or site 6. Control of entry: a. Class 4 4 b. Class 3 3 c. Class 2 2 d. Class 1 1 e None 0 Sub-score (ss6) = a, b, c or d 7. Visitor control: a. Escorted 3 b. Pass/badge 1 c. None 0 Sub-score (ss7) = a, b, or c NB. One figure 3 Remarks 1 1 NB. Add Section score (S4) = ss6 + ss7 2 JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-6 RESTRICTED Physical Security Measure Loading Remarks Section 5 ­ Guards and IDS 8. Guards: Internal Patrols 10 a. Frequent 8 b. Infrequent 5 External Patrols 4 c Frequent d. Infrequent 3 Other e. Resident/Site 2 Guard f. None 0 Sub-score (ss8) = 7 [(a* or b*) + (c* or d*)] or e* or f * = if applicable. Resident/site guard will only score if there has been no other score for other guards or patrols 9. IDS: a. Class 4 5 b. Class 3 4 c. Class 2 3 d Class 1 1 e None 0 Sub-score (ss9) = a, b, or c 0 Section score (S5) = ss8 + ss9 Measure Loading Section 6 ­ Perimeter 10. Fence: a. Class 4 4 b. Class 3 3 c. Class 2 2 d Class 1 1 e None 0 Sub-score (ss10) = a, b, c, d or e 11. Entry control: a. Yes 1 b. No 0 Sub-score (ss11) = a or b NB. Add 7 Remarks Chainlink 2 1 JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-7 RESTRICTED Defence Manual of Security Measure Loading Random entry and/or exit searches: 12. a. Yes 1 b. No 0 Sub-score (ss12) = a or b 13. PIDS: a. Yes 2 b. No 0 Sub-score (ss13) = a or b 14. CCTV (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss14) = a or b 15. Lighting (to appropriate standards): a. Yes 2 b. No 0 Sub-score (ss15) = a or b Remarks 1 0 0 Section score (S6) = (ss10 x ss11) + ss12 + ss13 + ss14 + ss15 3 TOTAL SCORE is the sum of SECTIONS 1 to 6 24 JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-D1-8 RESTRICTED Physical Security ANNEX E TO SECTION I TO CHAPTER 5 SUMMARY OF THE CLASSES OF SECURITY EQUIPMENT AND SECURITY MEASURES Security Equipment 1. Catalogue of Security Equipment - Change of Terminology. As a result of the 'Review of Protective Security' the terminology used to describe the security effectiveness of certain items of security equipment listed in the 'Catalogue of Security Equipment' has changed. Items are now allocated to a Class instead of a 'Category or 'Group'. The table below will act as a conversion table until an amendment to the catalogue is issued. 2. Reference to Security Equipment. In using the minimum baseline measures matrix and when making reference to security equipment, users are to refer to the lists contained in the table below to determine the Class of specific items and all references in the catalogue to security 'Category' and 'Group' are to be interpreted as 'Class'. The page number column in the table refers to the corresponding page in the Catalogue of Security Equipment. 3. Handbook of Physical Security. The 'Catalogue of Security Equipment' is held by all PSyAs and some other security staffs and is an integral part of the 'Handbook of Physical Security'. Containers Page No A3 A12 Description Grade 1A Safe: Sizes 1,2,3 & 4 Rosengren RCC Data Safe: RCC2, RCC3, RCC4 RCC5 & RCC6 A4 A5 A6 A7 A8 A9 Dual Combination Lock Safe Heavyweight GpII Cupboard: Large and Small Document Chest Lightweight GpIII Cupboard GpIII Cupboard: Large 4 door & small single door Elite Plan File 4 4 4 4 3 3 3 Class 4 JSP 440 Volume 1 Issue 2 RESTRICTED 5 -1-E-1 RESTRICTED Defence Manual of Security A10 A13 A14 A15 A16 A17 A18 A19 A20 A21 A11 A23 A24 A25 A26 Vertical Filing cabinet: 2 Drawer & 4 drawer Large Electronic Cabinet GpIII Small Electronic Cabinet Under Desk Electronic Cabinet GpIII CPU Tower Cabinet GpIII PC Processor Cabinet GpIV Network CPU Cupboard GpIII Barton Electronic Tempest Container GpIV Combination Lock Keybox Posting Keybox Document Box Switch cover: 30 Amp & 13 Amp Switch Box Security Plug Box Circulating (Despatch) Box Envopak security Pouch: sizes 1,2 & 3 Description Manifoil MkIV Combination Lock Medway Locking Unit Mersey Keylock Henderson Cypher Lock Codeguard Keypad Ingersoll Rim Automatic Deadlock: SC10, SC12 & SC71 Ingersoll Fire Security Lock: SC73/FS Ingersoll Mortice Hookbolt Deadlock: SC74 Double sided & SC76 Single Sided 2 3 3 3 3 3 3 3 3 3 2 2 2 1 1 Class 4 4 3 3 3 2 2 2 2 Locks Page No B3 B5 B6 D11 12 B8 B9 B10 B11 Assa Twin 6000 and Assa Twin Combi JSP 440 Volume 1 Issue 2 5-1-E-2 RESTRICTED RESTRICTED Physical Security B12 B15 B16 B17 B18 B19 B19A B20 B21 B22 B23 B24 Tamar Locking Unit Avon Locking Unit Chubb Mortice Locking Latch: 3R35 Chubb Hook Bolt Mortice Lock: 3M50 Chubb Upright Two-bolt Mortice Lock: 3K70 Chubb Horizontal Two-Bolt Mortice Lock: 3J60 Chubb 'Castle' Mortice Lock: 3G110 Ingersoll Impregnable Padlock: OS 711, Cs 712, & CS 700 Abloy Padlock: 3041 Chubb Ava 1K42 Padlock: with Normal & Extended Shackle Assa Class 2 Padlock: 8mm & 10mm Shackle Chubb Hercules Combination: 1K57 Padlock with 7B018 Locking Bar Simplex Digital locks (pbcl): NL/DL 100 NL/DL 200 & NS 3000 Unican Digital Lock (pbcl) Assa Codoor 2000 Lock (Electronic pbcl) Description Strong Room Type A Secure Room Lightweight Type A Secure Room Type B Secure Room Lightweight Type B Secure Room Type C Secure Room 5 -1-E-3 2 1 1 1 1 1 1 1 1 1 1 1 D9 1 1 1 Class 4 3 3 3 3 3 D10 D13 Rooms Page No C3 C4 C5 C6 C7 C8 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Defence Manual of Security C9 Lightweight Type C Secure Room Description AC 12 IDS Control Panel CPA6 IDS Control Panel IDS Control Panel Aplex: 60 & 100 Zone IDS Control Panel Executive 1000 IDS Control Panel Genesis 1000: 15, 60 & 100 Zone Approved portable/transportable IDS system Approved electric fence incorporating an IDS 3 Class 4 3 3 3 3 2 2 IDS Page No E3 E6 E7 E8 E9 - Classes of Other Security Measures Control of entry See para 05119. Fences Description Approved weldmesh fence to a minimum height of 2.4m with approved security topping. Any approved Class 2 fence to a minimum height of 2.4m coupled with an approved electric fence to an approved design combination. (See note 1) Approved chainlink fence to a minimum height of 2.4m with approved security topping. Approved palisade fence to a minimum height of 2.4m. Approved steel profile fence to a minimum height of 2.4m with an approved security topping. Approved expanded metal (XPM) fence to a minimum height of 2.4m with an approved security topping. Class 3 3 2 2 2 2 225mm brick wall to a minimum height of 2.4m or 190-220mm block wall (min density 7KN) to a minimum height of 2.4m. Both types with approved topping and of an approved design. JSP 440 Volume 1 Issue 2 5-1-E-4 2 RESTRICTED RESTRICTED Physical Security Any other fence, hedge etc. Notes: 1 1. Depending on the design combination used, it is possible for this fence also to be considered as an IDS; thus, counting in 2 sections of the MBMM. 2. For new builds or replacements, see new CSE section. JSP 440 Volume 1 Issue 2 RESTRICTED 5 -1-E-5 RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 RESTRICTED 5-1-E-6 RESTRICTED Physical Security SECTION II TO CHAPTER 5 SECURITY ASPECTS OF WORKS PROJECTS AND SERVICES General Security Advantages 05201. Significant security advantages can be derived from the proper positioning of buildings, roads and car parks within a site. Security requirements are to be considered at the earliest stages of planning new sites or buildings, or alterations to existing buildings, since physical security measures are invariably more expensive and less effective when introduced at a later stage. It is essential that a long-term view is taken on threats when buildings are planned and commissioned. Further Information, Advice and Guidance 05202. Where necessary, advice on the current threats and specialist counter measures may be obtained via TLB PSyAs who are to be consulted by establishments in accordance with para 05206, before detailed planning or building commences. Consideration should be given to the following: a. Terrorist threat and counter measures. TLB PSyAs can obtain specialist advice on both espionage and terrorist threats via D Def Sy. Direction on the principles and requirements for the physical security of nonnuclear establishments in GB is contained in JSP 436 (direction on the security of nuclear establishments is contained in JSP 440 volume 4). Additional guidance on counter-terrorist measures is also provided in the Manual of Counter-Terrorist Measures. Specialist advice on structures, building materials, window and door design, grilles and glazing materials, use of defensive landscaping etc, required to counter them can be obtained from Defence Estates (DE) Specialist Construction Group (SCG). b. Criminal threat and counter measures. Advice on local criminal threats and crime prevention may be obtained from the appropriate Service, MOD or civil police Crime Prevention Officer. Further advice is contained in the Home Office Crime Prevention Centre's guidance on Secured by Design (SBD) and the relevant Parts of BS 8220, TLB PSyA may obtain both documents from D Def Sy. c. Weapons and ammunition sites and buildings. The detailed requirements for sites and buildings housing weapons and ammunition are contained in Chapter 6. JSP 440 Volume 1 Issue 2 5-2-1 RESTRICTED RESTRICTED Defence Manual of Security Coordination of Works Projects and Services Background 05203. It is essential that security specifications for structures, systems and equipment needed for each project/work service are properly identified, defined and approved before contracts are let. Moreover, where systems and equipments are concerned, operational performance standards and maintenance requirements must also be included. Failure to do so may result in either inadequate or inappropriate security provision, and could lead to excessive expenditure. Minimum Military Requirements (MMR) 05204. When determining security measures for incorporation within works services, the principle of MMR should be followed (i.e. only those measures required to meet operational, statutory or other mandatory requirements should be specified). Responsibilities 05205. Responsibilities for providing specialist security advice for works projects and services are as follows: a. Directorate of Defence Security. D Def Sy is responsible for issuing departmental policy for security aspects of works projects and services. b. Top level budgets (TLB) holder TLBs are responsible for the provision of security works services and can obtain advice from their PSyAs. c. ESyO's responsibility to Head of Establishment. The ESyO is responsible to the Head of Establishment or the provision of security advice within work services through the production of the SSR and OR. To assist him with this task the advice and assistance of the PSyA or other specialist security staffs can be sought. d. MOD DE (SCG). DE are responsible for: (1) Maintaining a library of all relevant security works material including drawings developed elsewhere and making it available to the relevant PSyA when required. (2) Acting as the technical advisory service for works interfaces with security measures that could be any combination of physical, procedural and contractual measures. (3) Works technical policy. JSP 440 Volume 1 Issue 2 5-2-2 RESTRICTED RESTRICTED Physical Security (4) Specialist advice on hardening buildings and services against attack. This will include glazing, robustness of buildings, location of services and bomb shelter areas. d. Special Services Group (SSG). The role of SSG and the services that it can provide to the MOD are detailed at Annex A. Procedures for Works 05206. Before a works project or service is undertaken, the Project Sponsor (PS), Project Staff Officer (PSO) or Property Manager (PROM) is to consult the ESyO who is to attend siting boards as required and who will, if necessary, consult the appropriate PSyA. The PSyA may wish to obtain further specialist advice. The security involvement in work services can be summarised as follows: a. Security involvement in works projects. A works project is any single item of work costing more than £240,000 (excluding VAT and fees). The stages of works implementation and the associated security tasks and responsibilities for project work are set out at Annex B. b. Security involvement in property management. A property management (PROPMAN) works service, is any single item of work costing less than £240,000 (excluding VAT and fees). The stages of works implementation and the associated security tasks and responsibilities for PROPMAN work are set out at Annex C. c. Security involvement in works related private finance initiatives (PFIs). PFI is a procurement approach, based upon a set of principles and techniques, aimed at determining the feasibility and cost effectiveness of allowing the private sector to provide the MOD with certain capabilities and services. The stages of works implementation and the associated security tasks and responsibilities for works related PFIs are set out at Annex D (to be issued). d. Statement of security requirement (SSR). The need for a SSR within the overall statement of requirement (SOR) for a project, PROPMAN or PFI work is detailed within Annexes B, C and D. Guidance on the completion of the SSR is at Annex E. The SSR will be developed in the OR and inserted into a project brief (PB) for projects or works order for PROPMAN work. e. Operational requirements (OR). An OR must be completed once approval has been given by the budget holder for any security related works project or service, or for the procurement of security equipment. Within project work, the PS requires as much detail as possible in order to provide the best estimate of costs for the option study. Therefore consideration should be given to drafting an immature OR based on available information. JSP 440 Volume 1 Issue 2 5-2-3 RESTRICTED RESTRICTED Defence Manual of Security Guidance on the completion of the OR is at Annex E. Specific details to be addressed in ORs for CCTV, IDS and AACS are given in Sections VI, VII and X respectively. f. Request for initial SSG advisory service. A proforma for use by TLB PSyAs to request an initial SSG advisory service in respect of security requirements at a Defence site is at Annex F. Individual establishments are not to make contact with SSG without the consent of their Security Authority. Procurement of Security Equipments/Systems Requirement for PSyA Approval 05207. The initial decision on the requirement for security equipments/systems will invariably be taken at establishment-level. However, for all projects involving fences (including PIDS), CCTV, IDS, security lighting or AACS, TLB PSyAs are to be consulted to ensure that the equipment is: a. Of an acceptable standard, quality and design. b. Capable of utilising existing technology available to the Defence estate. c. Capable of further exploitation/upgrading in line with planned Defence utilisation of technology. d. Good value for money throughout the life of the system (i.e is not just the cheapest option that subsequently proves to have expensive maintenance costs). e. Part of a coordinated approach towards security equipments/systems for the Defence estate. Central Monitoring 05208. a. Coordinated approach. In order to avoid an 'ad-hoc' approach to the procurement of security equipments and systems throughout the Defence estate, centralised monitoring of the process must take place. The above requirements, leading to a coordinated and strategic approach can only be achieved centrally by the involvement of TLB PSyAs from the very beginning; they are part of the policy making machinery which is centred on D Def Sy for deciding the security equipment requirements of the Defence estate. JSP 440 Volume 1 Issue 2 5-2-4 RESTRICTED RESTRICTED Physical Security b. Named security products. Exceptionally, named security products may be specified by TLB PSyAs, as clauses in contracts, provided that the specific approved equipment/item is justified on security grounds. Maintenance. 05209. To ensure any system continues to provide its optimum performance, performance testing, servicing and preventative maintenance is needed. These tasks should keep costs down and maintain acceptable performance. The frequency for each task is to be determined after consideration of the possible threat, the manufacturer's recommendations, the technical requirements of the equipment, the effort required to complete each task and the cost of carrying out the task compared to the benefits to be gained. If maintenance is not carried-out on security equipments and systems then they will fail to be regarded as one of the menu of security measures that make-up the Minimum Baseline Measures Matrix. Specific recommendations for maintenance of PIDS and IDS are contained within Sections III and VII respectively. Pre-Acceptance Board Testing 05210. It is essential that an audit of the security system is carried out, by a security specialist qualified to do so, prior to acceptance. The requirement for a security audit should be specified in the SSR and incorporated in the PB or PROPMAN works order. Where an audit finds an unacceptable fault, it is for the PS or PROM to consider whether this is a breach of the contract for the contractor to correct. a. Purpose. The purpose of the audit, which must be carried out prior to the acceptance of the facility by the Establishment, is to ensure that the security requirements specified in the PB or works order have been fully met. b. TLB PSyAs. ESyOs are to consult PSyA staff about the choice of security specialist to be employed to carry out the audit of the system. Counter Terrorist Physical Security Measures for MOD Buildings 05211. Counter terrorist physical security measures are to be applied to all MOD owned or occupied buildings; the purpose of which is to limit damage to the building fabric and injury to the occupants. It is the responsibility of TLB PSyAs to ensure that the measures applied are appropriate and take into account the location and function of the building. The minimum physical security measures are given in Annex G. JSP 440 Volume 1 Issue 2 5-2-5 RESTRICTED RESTRICTED Defence Manual of Security Site Selection Factors to Consider 05212. Where a choice of locations exists for a new facility, the security advantages and disadvantages of each are to be evaluated. Factors to consider are: a. The effect of topographical features and landscaping on perimeter security, overlooking, ease of access and communications. b. The existence and proximity of public rights of way and neighbouring buildings. c. d. The proposed use(s) of the facility. Access arrangements for emergency services. Site Layout Security Perimeter 05213. Facilities used for work on protectively marked material are to have a defined perimeter; a physical barrier such as a security fence, wall, or hedge; or a psychological barrier designed to make any intruder feel vulnerable and exposed (for details of perimeter security measures, see Section III). Open Space 05214. The measures that apply for open spaces within the site layout are as follows: a. Open space between any outer security perimeter and the buildings it surrounds is to be planned so as to help patrolling, but hinder overlooking and deprive intruders of cover. b. For similar reasons there is to be open space between buildings. c. The foliage of tall trees should be kept well clear of the ground and of any fence. Account is also to be taken of shadows they may cast. Car Parks and Road System 05215. The road system and car parks inside the perimeter are to be designed to reduce the need for (or eliminate the possibility of) parking vehicles near living or working accommodation. To allow continuous use during periods of enhanced terrorist threat, where possible, car parks are to be sited at least 25m from such buildings. In addition, consideration (if possible and appropriate) should be given to constructing an earth bund (as close as possible to the car park) between the car park and those buildings normally occupied. If possible, a separate visitors' car park is to JSP 440 Volume 1 Issue 2 5-2-6 RESTRICTED RESTRICTED Physical Security be provided away from living and working accommodation. Where underground car parks are used, access control measures must be rigidly enforced. In addition, the effects of blast in a closely confined space must be taken into account and compensatory measures taken. Vehicle Waiting Area 05216. An area can be provided outside the main site entrance for vehicles waiting to enter. Traffic congestion can distract the guards. However, as with car parks, due consideration is to be given to the potential terrorist threat. In these circumstances, for Service establishments, waiting areas are normally to be located outside the establishment close to the point of entry. Consideration should be given to landscaping these areas to minimise the effects of the blast. Ancillary Facilities 05217. Ancillary facilities are to be sited away from or at worst be on the periphery of areas used for protected work. Public access routes, eg for maintenance work, for the delivery of supplies or removal of refuse, are not, as far as possible, to pass through areas used for work on protected material. Buildings with Public Access 05218. Buildings with public access should be outside the security perimeter. If such buildings have to be inside, they are to, where feasible, form part of the security perimeter. Access through them, to the rest of the site, is to be controlled. Number of Entrances 05219. The number of entrances to a building or perimeter is to be kept to a minimum (see also Section III to this Chapter). In the case of establishments in urban areas any entrance directly off a busy street is to be avoided. There are to be separate entrances for pedestrians and vehicles. A separate goods entrance should be arranged so that vehicles can be supervised while loading and unloading. Lighting at Entrances 05220. Adequate lighting is to be provided at entrances so that vehicles and people and their passes are clearly visible to the guards. The types of lighting are detailed in Section III to this Chapter. Guard Accommodation 05221. Accommodation for guards is to give an unobstructed view of surrounding areas. The accommodation is to be equipped with domestic facilities; and any outdoor guard-point is to be weather proof (see Section VIII to this Chapter). JSP 440 Volume 1 Issue 2 5-2-7 RESTRICTED RESTRICTED Defence Manual of Security Working and Living Accommodation 05222. Working and living accommodation is to be sited well back from the perimeter and, where possible, at least 25 metres from a car park or road. Armouries and Ammunition Stores 05223. Armouries and ammunition stores are to conform to the standards detailed in Chapter 6. The authority for ammunition stores is the Explosives Storage and Transport Committee (ESTC) or the relevant Chief Inspector of Explosives; for works aspects it is DE SCG. Likewise the works authority for armouries is DE SCG under instruction from the relevant PSyA. Security Control Centre (SCC) 05223a. HOEs should seek to have all of their security systems fully integrated into one central command location. However, unit security plans should specify locations for emergency use if the primary location is rendered inoperable. Where considered necessary, and if manpower permits, a permanent manned SCC should be established separate from the guardroom. The SCC or guardroom should have an appropriate communications suite (e.g. radios, telephones and a PA system). Public Address (PA) System 05223b. A PA System, which can be used by the guard force or security personnel, should be installed, where appropriate, throughout the establishment. This will allow personnel to be alerted and respond quickly and correctly to differing levels of threat or attack. Building Finishes 05223c. Where appropriate, the inner face of perimeter walls and the lower part of building exteriors should be finished in a light coloured material to aid detection of intruders and/ or IEDs. Accommodation Planning Layout of Accommodation 05224. In addition to site planning, careful layout of accommodation within a building significantly enhances security. The Project Manager (PM), Establishment Works Consultant (EWC) or Works Service Manager (WSM) (in the case of PROPMAN work) should be briefed in detail by the PS or PROM, as appropriate, having been advised by the relevant PSyA. Formally and contractually all instructions to contractors must be issued by the PS or PROM, as appropriate. Throughout this process it must be remembered that due consideration needs to be made of statutory fire regulations. JSP 440 Volume 1 Issue 2 5-2-8 RESTRICTED RESTRICTED Physical Security Briefing of PM or WSM 05225. For each project/PROPMAN works service, the PSyA is to brief the PS/PROM on the following: a. The location of secure rooms or secure zones. b. The types of protection required for windows, skylights, doors and other access points. c. Any special requirements for installations such as IDS, AACS, mechanical document transfer (MDT) or mail screening systems. d. The security problems arising out of the installation of lifts (see para 05232), air conditioning and other ducting. e. Where to position bulk destruction facilities if it is proposed to dispose of large quantities of protectively marked waste on site. f. The need to minimise the risks of overlooking and overhearing (see Section V). The PS/PROM is to brief the PM/WSM accordingly. Protectively Marked Material 05226. The following principles are to be applied when allocating accommodation to staff working on protectively marked material: a. Ground floor. The use of the ground floor is, wherever possible, to be avoided for work on SECRET or TOP SECRET material as upper floors are less vulnerable to intrusion, overhearing and overlooking. b. Communications and computers. Communications centres, large computer installations, and equipment requiring TEMPEST protection is, wherever possible, to be located near, at, or below ground level. The requirements for the siting of communication and computer equipment should include the avoidance of water pipes and other sources of flooding. c. Registries and other areas. Registries, workshops or other areas which may contain protected material are not to constitute passageways to or from less secure areas. d. Public areas. Segregated accommodation is to be provided for members of the public eg waiting or interview rooms. JSP 440 Volume 1 Issue 2 5-2-9 RESTRICTED RESTRICTED Defence Manual of Security e. Electronic and audio counter measures. Planning is to consider the requirement to prevent electronic and audio eavesdropping from areas outside the establishment's control. f. Locally employed staff overseas. At establishments overseas, arrangements are to be made to segregate locally employed staff without security clearance from areas in which protectively marked material is used. Secure Zones General 05227. When different degrees of security protection are required in various parts of the building, the more sensitive areas are to be concentrated into a secure zone (or zones). These are parts of a building to which entry is separately controlled. Secure zones are not to be confused with secure rooms (see Section XI of this Chapter). Reason for Secure Zones 05228. A secure zone is established for one of the following reasons: a. To concentrate work on protected material in one area of a building that does not itself have access control. b. To give additional protection to an area where particularly sensitive work takes place in a building which already has a secure perimeter and to which entry is controlled. Building alterations are only required in order to provide access control to a secure zone. Strengthened walls and doors may not be required, but security furniture or a secure room of an approved standard may be required for the custody of higher levels of protected material within the secure zone. Inner Compartments 05229. Where an entire building or group of buildings is made into a secure zone, a series of inner 'compartments' may be created with entry to each controlled separately in one of the following ways: a. b. c. By guards. By the authorised occupants themselves. By the use of an access control system. JSP 440 Volume 1 Issue 2 5-2-10 RESTRICTED RESTRICTED Physical Security Adjoining Rooms 05230. Several adjoining rooms can be made into a secure zone if the rooms are inter-communicating. A secure zone is to have one entrance/exit only, although additional emergency exits may be required on safety grounds. All other doors giving access to the secure zone are to be permanently secured. Whole Floors as Secure Zones 05231. Where whole floors of a building are made into secure zones the following measures apply: a. b. Lifts 05232. When access to a secure zone, comprising several floors, is by lift, the following applies: a. The lifts are to be programmed not to proceed beyond the lowest floor of the secure zone, where a control point is to be established. b. Lift entrance doors on the higher floors are to be kept locked. The secure zone is to be established on the uppermost floor or floors. Roofs of such areas are to be made secure. Secure Zones Housing Protected Material 05233. Where secure zones are established to house registries of protected material the measures below apply: a. Entry is to be confined to those who work in the registry. b. A reception counter is to be provided near the entrance for the delivery and collection of material. c. A separate room within the registry is to be provided where authorised staff can see and work on specially sensitive material. Security in Open Plan Offices Introduction 05234. The use of open plan offices creates particular problems in respect of the security of protectively marked material and the preservation of the "need to know" principle. JSP 440 Volume 1 Issue 2 5-2-11 RESTRICTED RESTRICTED Defence Manual of Security General Principles 05235. The threat of espionage will always exist and the risk of information becoming known to unauthorised personnel will increase in open plan offices. The following general principles apply: a. Staff authorised to handle protectively marked material are to ensure that the "need to know" is rigorously enforced. b. No-one may be permitted access to protectively marked information unless specifically authorised to receive it. c. Individuals are responsible for the material with which they are entrusted at all times, and are to be aware of the risk of overhearing and overlooking, taking precautions as necessary. d. It is permitted to work routinely on documents/material protectively marked up to SECRET. e. Documents marked TOP SECRET and those bearing special markings are to be handled and worked upon in accordance with specific instructions. f. Visitors are to be escorted at all times. g. Meetings in which protectively marked information is to be discussed should not normally be held in open plan offices but be held in secure conference facilities where practicable. Sensitive Special Projects 05236. Groups dealing with special projects of a sensitive nature are to be segregated from those groups which do not need to know; however, segregation should only take place where the amount and sensitivity of material justifies separate working areas. These separate secure areas are to be subject to access control measures. Where practicable, such areas are to be in the less accessible parts of a floor or building i.e. located away from general access doors or transit corridors. The type of access control is to depend on a group size and any specific local requirements. Desk and Seating Arrangements 05237. Desk and seating arrangements are to be such as to ensure that access to protectively marked material by others without "a need to know" is difficult. This applies to both hard copy information and that displayed on computer screens. The arrangements are to take into account both overhearing and overlooking, internally and externally. JSP 440 Volume 1 Issue 2 5-2-12 RESTRICTED RESTRICTED Physical Security Unattended Workspace Overseen 05238. Where clear working groups can be identified, an individual can leave his working space for short periods (less than 30 minutes) providing his desk area is within view of an individual with the same access who can satisfactorily watch the desk. This arrangement does not relieve responsibility for the material entrusted to an individual who must ensure the material is adequately protected at all times. Unattended Workspace not Overseen or Vacated for more than 30 Minutes 05239. In instances where a desk area is vacated for less than 30 minutes but a second individual is not available to oversee or in the event the desk is vacated for more than 30 minutes then the following measures apply: a. Protectively marked material (including removable hard disk drives), CONFIDENTIAL or above are to be removed from sight and secured in security approved containers. b. RESTRICTED material with or without descriptor markings is to be held under lock and key. c. Security keys are not to be taken off site. d. VDUs are to be switched off and any protectively marked removable media secured. Special Handling Material 05240. There will be occasions when some individuals will hold small quantities of protectively marked material subject to special handling arrangements and to which access is limited. Such material is to be secured in document boxes with Manifoil Mk IV combination locks to prevent others having access. When not in use these boxes should always be held in another approved security container. Sensitive Conversations 05241. a. Care should be taken not to discuss sensitive matters in the presence of other people; consequently such conversations should not take place in open plan offices. b. Additional restrictions apply to telephone conversations. These are detailed in Chapter 9. JSP 440 Volume 1 Issue 2 5-2-13 RESTRICTED RESTRICTED Defence Manual of Security Siting of Electronic Office Equipment 05242. In open plan offices the siting and supervision of computer printers, faxes and photocopiers is important. The following rules apply: a. Computer printers are to be sited either adjacent to an individual's desk if connected to a stand-alone computer, or within a group area if connected to a networked system. b. Faxes and photocopiers are to be under the direct control of their nominated supervisors. c. Existing departmental security regulations are to apply. Duty Security Checker 05243. Open plan offices are to employ a duty security checker system to ensure that all protectively marked material is secured at cease work. Alternatively, defined working group areas within the open plan offices can ensure that the last person leaving each area conducts a security check. This check should be certified on a check list which clearly indicates the extent of the area to be checked. Key Security 05244. Within open plan offices the reduction in suitable wall space restricts the use of combination key boxes for the secure storage of keys. Key security arrangements are to be reviewed to ensure that an effective system is established utilising security containers and taking account of the requirements of authorised late workers. Visitors 05245. Open plan offices make it more difficult to control the movement of visitors and contractors e.g. maintenance staff. Uncleared personnel are always to be escorted. Cleared personnel do not require escorts and staff should be alert to unknown personnel in their work areas. Strangers should be challenged. Security Measures Checklist 05246. The following is a list of points to be covered when planning security measures in an open plan environment. a. Identify those groups dealing with similar subjects and with similar access to protectively marked material and try and ensure they are adjacent to each other. b. Arrange for the more sensitive material to be compartmentalised, where there is justification, or to be furthest from points of general access to prevent overhearing or overlooking of material by unauthorised personnel. JSP 440 Volume 1 Issue 2 5-2-14 RESTRICTED RESTRICTED Physical Security c. Define boundaries of small working groups. The boundaries are to be used for determining supervision and cease work close down procedures. These procedures should be recorded. d. Within these groups consider the arrangements for controlling protectively marked material, security containers, PC's and terminals, printers, photocopiers and faxes. e. Ensure staff are aware of their responsibilities, and the need for care when handling or discussing sensitive matters in an open plan environment. f. Check that a suitable system exists for securing protectively marked material and keys at cease work. g. Establish either a last man out system for working areas or a duty security checker system to ensure the security of areas at the close of work. h. Ensure that the last man out or duty security checker is aware of the checks to be conducted and form to be completed. Security of Documents and Activated IT Systems in Unattended Offices 05247. Protectively marked documents must be secured in appropriate security containers when offices and rooms are vacant. Security Authorities may waive this requirement, where appropriate, only during normal working hours where the room or compartment is fitted with a lock (including digital push button locks), the key or combination to which has always been controlled as a security key or combination, and the following conditions apply (comparable rules apply to IT systems which are activated, see Volume 3 Chapter 2): a. Periods of time. The maximum lengths of time that documents may be left unattended in locked offices are: (1) (2) (3) TOP SECRET - 30 minutes. SECRET and CONFIDENTIAL - 4 hours. RESTRICTED - 8 hours. Note: Special Handling material will continue to be subject to specific guidance issued by originators. JSP 440 Volume 1 Issue 2 5-2-15 RESTRICTED RESTRICTED Defence Manual of Security b. Security requirements. The following security requirements are to be applied for all protectively marked documents left in unattended offices, except for RESTRICTED documents when only the requirements of Subparas (1) to (3) inclusive apply: (1) All windows, doors and other means of entry to the vacated office are to be secured. Where doors have 2 means of locking (eg digital push button lock and normal key lock) and the absence is in excess of 30 minutes, both means of locking should be utilised (2 means of locking need not be utilised for RESTRICTED documents). (2) It must not be possible to view documents (including computer screens) from a window, glass door or any other means such that it is possible to identify the protective marking of the document or view its contents (including by the use of image intensifying or photographic equipment). (3) The key to the door is to be held by the office occupant at all times except when it is deposited with an authorised holder. (4) (5) unit. Other personnel must occupy the building at all times. There must be control of entry to the building, establishment or (6) The period of absence is not to be a matter of regular routine or predictable pattern (absences over the lunch period need not necessarily be included here, provided that the Security Authority is satisfied that the overall security measures are adequate). 05248. Separate rules exist for open plan offices (see paras 05234-05246). JSP 440 Volume 1 Issue 2 5-2-16 RESTRICTED RESTRICTED Physical Security ANNEX A TO SECTION II SPECIAL SERVICES GROUP (SSG) General 1. The purpose of this Annex is to describe the role of SSG in supplying services to MOD, and the arrangements for funding and the control of funding those services. SSG provides in-Government expertise in most aspects of physical security for employment by MOD. In setting its charges, SSG will minimize costs but is under HM Treasury remit to achieve full recovery. 2. SSG is organised into two separate parts: a. b. The SSG Authority, providing an advisory service. The SSG Executive, providing a security implementation service. 3. The services that SSG provide for the MOD are described in a Supply and Services Agreement (SSA). MOD sponsors are as follows: a. b. SSG Authority SSA ­ the point of contact is DD Def Sy(Phys). SSG Executive SSA - the point of contact is DE Contracts SSG Authority 4. The SSG Authority provides an advisory service that is currently free to MOD customers at the point of delivery. Application for this service is to be made through and supported by, PSyAs using the request form at Annex F. Tasking of the SSG Authority is to be restricted to seeking advice on technical aspects that are beyond the scope of available in-house security expertise. Examples are those services detailed at sub-paras 7a and 7b. Wherever possible, the costs of security advice for major projects, future major projects and the services described in subparas 7c, d and e should be included within the budget of the project. 5. Where the SSG Executive are contracted to carry out the work, security advice for the work, and any costs incurred, will be on a repayment basis and charged to the contract. Funding Management for SSG Authority Work for MOD 6. Under the terms of the SSA, SSG will send a monthly invoice to D Def Sy for payment, for completed SSG Authority services. A copy of the invoice will be sent by SSG to each PSyA. It is the PSyAs responsibility, within one month of receipt of each monthly invoice, to advise D Def Sy in writing if invoiced work has not been satisfactorily completed. In the event of a dispute over a service provided by the SSG Authority, resolution will be carried out under normal works service procedures. JSP 440 Volume 1 Issue 2 5-2-A-1 RESTRICTED RESTRICTED Defence Manual of Security SSG Authority Services 7. The SSG Authority will provide, on request (and in accordance with given timescales), the following services: a. A security survey report describing the overall security strategy with outline proposals (a brief), quantified performance standards and parameters and an order of cost estimate. b. An independent evaluation of the detailed design to ensure that the security requirement has been met. c. Expertise in testing or observation of tests on behalf of the PS or PROM as appropriate. d. A 'troubleshooting' service to examine and report on specific problems with installed security systems and equipment. e. Maintenance of security equipment database and trials reports. SSG Executive 8. The SSG Executive can be employed by PSs/PROMs either in competition with commercial firms or where the Security Authority has directed that SSG should be used; PSs/PROMs should note the following: a. Where it has been so directed, PSs and PROMs should ensure that SSG's responsibilities are defined within the management system of the works in general and are consistent with any regulations. Specifications and documentation should be similar to those under which contractors or sub-contractors are retained using WSMs or PMs. b. The management of services carried out by the SSG Executive and its construction, design and management regulation aspects, should be defined in the PM's contract documents for projects or in the order placed on the WSM for PROPMAN work. c. All aspects of SSG Executive service for MOD will normally be carried out on a repayment basis, including advice given by the Executive. JSP 440 Volume 1 Issue 2 5-2-A-2 RESTRICTED RESTRICTED Physical Security ANNEX B TO SECTION II SECURITY ADVICE - CAPITAL WORKS PROJECTS STAGE 1 Statement of Requirement (SOR) ESyO as stakeholder, to formulate SSR element of SOR, taking advice if appropriate, from Sector Security Authorities or other specialist security staffs. SSR to include, as a minimum: 1. 2. Vulnerability of Project facility to threats (high/medium/low). Identify what is being protected. 3. Possible alternatives which would reduce security requirement (eg could protectively marked material be stored elsewhere?) As much detail as possible should be provided to identify security implications. Further advice on drafting the SSR can be found at Annex E. STAGE 2 SOR Staffing PSyA to note and comment on content of SOR. PSyA to commence formulating checklist of security needs in order to inform the Options Study. STAGE 3 Option Study (OS) Preparation/Staffing of draft OS PSyA to provide a detailed check-list of security requirements for each option under consideration (for example: robustness, glazing, locks, fencing, IDS and lighting standards). As much detail as possible should be provided in order to ensure that all appropriate security measures are incorporated and subsequent OS costings are JSP 440 Volume 1 Issue 2 5-2-B-1 RESTRICTED RESTRICTED Defence Manual of Security accurate. To assist with this process it may be appropriate for the ESyO to start developing the OR seeking assistance from specialist security staffs (in exceptional circumstances the PSyA can request assistance from SSG). Further advice on the drafting of the OR can be found at Annex E. STAGE 4 OS STAGE 5 Approval by Budget Holder ESyO to attend Siting Board (Siting Board may have been convened earlier). Any further comments on security requirements to be passed to PS and PSyA. STAGE 6 Project Brief (PB) Preparation 1. The PB is the basis on which the appointment of the commercial Project Manager (PM) is made. 2. As required, PSyA attends Project stakeholders meeting. 3. PSyA decides whether further specialist security input is required (eg by specialist security staffs or SSG). 4. PSyA oversees preparation and completion of detailed OR (further advice on the drafting of the OR can be found at Annex E)). Note: It is important to ensure that the security scope of work in the PB is fully defined. It should include only the essential security features (to MMR)* which must be incorporated within the Project. Any changes to the scope of work after the appointment of the Project Manager will not be affordable. * In this context, MMR means only those measures which are necessary to meet operational or other military need. JSP 440 Volume 1 Issue 2 5-2-B-2 RESTRICTED RESTRICTED Physical Security STAGE 7 Appointment of Project Manager STAGE 8 Preparation of Design Brief PSyA: 1. Attends design meetings as required. 2. Maintains a constant dialogue with Project Sponsor (PS) during design development to ensure that scope of security work identified in the PB is being properly interpreted. STAGE 9 Design PSyA approves final design. STAGE 10 Appointment of Contractor STAGE 11 Construction STAGE 12 Hand-Over ESyO attends Pre-Acceptance Board Testing and Handover Boards. PSyA attends (if required). Certificates of acceptance to be provided to PS. JSP 440 Volume 1 Issue 2 5-2-B-3 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally blank. JSP 440 Volume 1 Issue 2 5-2-B-4 RESTRICTED RESTRICTED Physical Security ANNEX C TO SECTION II SECURITY ADVICE - WORKS SERVICES (PROPMAN) STAGE 1 Works Request ESyO should routinely comment on new works proposals. He is to provide an OR, taking advice, if appropriate, from PSyA or other specialist security staffs and attend siting boards (further advice on drafting the OR can be found at Annex E). STAGE 2 Maintenance of the Forward Maintenance Register ESyO to ensure Property Manager (PROM) includes security-related works and takes account of need to replace CCTV, IDS etc in future years. STAGE 3 Annual LTC Process PSyA to provide advice to TLB work staffs during the validation process. JSP 440 Volume 1 Issue 2 5-2-C-1 RESTRICTED RESTRICTED Defence Manual of Security STAGE 4 Approval by Budget Holder (Work listed in Pre-planned Maintenance Programme) ESyO to attend siting board. TLB specialist to comment upon Forms 2. STAGE 5 Design ESyO to review Work Service Manager (WSM) sketch plans and working drawings. STAGE 6 Construction Phase ESyO to implement necessary vetting procedures if appropriate. STAGE 7 Completion of Works ESyO attends Pre-Acceptance Board Testing and handover boards. Certificates of acceptance to be provided to the PROM. JSP 440 Volume 1 Issue 2 5-2-C-2 RESTRICTED RESTRICTED Physical Security ANNEX D TO SECTION II SECURITY INVOLVEMENT IN WORKS RELATED PRIVATE FINANCE INITIATIVE To be issued. JSP 440 Volume 1 Issue 2 5-2-D-1 RESTRICTED RESTRICTED Defence Manual of Security This page intentionally left blank. JSP 440 Volume 1 Issue 2 5-2-D-2 RESTRICTED RESTRICTED Physical Security ANNEX E TO SECTION II DRAFTING THE STATEMENT OF SECURITY REQUIREMENT (SSR) AND OPERATIONAL REQUIREMENT (OR) Statement of Security Requirement 1. The SSR (also known as a brief or high level OR) forms part of the work service SOR. It is a high level statement which indicates the assets to be protected, the threat assessment, the perceived vulnerabilities to the threat, the security level required, and the reliability and availability required of any proposed systems. The SSR is developed by the ESyO, in consultation with the PSyA, when a security requirement has been identified. The PROM/PS provides (via the ESyO) the Security Authority with the basis against which the threat and security concept is set. The threat appreciation is to incorporate any relevant local factors; eg a risk assessment of the site and a summary of possible methods of attack. Operational Requirements for Security Measures General 2. An OR is a statement of needs based on a thorough and systematic assessment of the problems to be solved and the hoped for solutions. The important thing to remember is that the OR will be used to guide the eventual design process for any recommended security measures. It must be clear as to what is required so that there are no surprises in the future; any changes after contract-let may not be affordable. The OR will outline in some detail the requirements in terms of deterrence, detection, physical delay, surveillance and response. The OR is the critical document that provides the link between the high level need and the system procurement process. Every step on the road to an installed system should be directed at achieving the OR. Without an OR the performance criteria cannot be agreed; without performance criteria it will be difficult to reliably test and commission the completed installation and there will be no mechanism for rejection of an inadequate system. 3. SSG have produced, on behalf of EDICTS, a guide to producing ORs for protective security measures. Copies of the document can be obtained from TLB PSyA staffs. The methodology of the checklist is summarised below: a. Content of the OR. The following list is the realistic minimum of points that must be addressed in the OR: (1) (2) Assets to be protected. The threat. 5-2-E-1 JSP 440 Volume 1 Issue 2 RESTRICTED RESTRICTED Defence Manual of Security (3) (4) (5) (6) (7) (8) (9) Consequences of compromise. Probability and frequency of occurrence. Level of security required - based on the classes in Section I. Areas of concern. Function of any proposed measures. Environmental conditions expected. Success criteria. In addition it is useful to include: (10) (11) (12) (13) (14) Responses. Information transmission. Information handling. Operators tasks. Training needs. b. Producing the OR. Using the SOR (incorporating the SSR), the OR is written by the ESyO with assistance, if necessary from the TLB PSyA staffs, a facilitator (such as SSG) and other stakeholders. There must be communication with ALL the stakeholders during the production of the OR. The stakeholders are everyone who has an interest in the operational security of the site or building. This includes security managers, building owners, building user representatives, budget holders, and the operators of any technical security systems, current or proposed. There are 5 steps to be followed in producing the OR: (1) Step 1. concern. (2) (3) (4) (5) Agree and list the assets and physical areas of Step 2. Complete the OR checklist. Step 3. Produce a checklist summary. Step 4. Consider possible solutions. Step 5. Write the OR statement. JSP 440 Volume 1 Issue 2 5-2-E-2 RESTRICTED RESTRICTED Physical Security ANNEX F TO SECTION II RESTRICTED (When completed) REQUEST FOR INITIAL SSG ADVISORY SERVICE SECURITY REQUIREMENTS AT A DEFENCE SITE (SECTIONS 1, 2, 3, 5, 6 TO BE COMPLETED BY ORIGINATING UNIT AND FORWARDED TO SECTOR SECURITY AUTHORITY (SSA). SECTION 4 (APPROVAL) TO BE COMPLETED BY SSA AND FORWARDED TO SSG (COPIED TO DDEF SY ) File Reference : From: eg. DNSyICP / HQ Land / HQ STC / CB Sy / DLO / DPA To : Head of Branch, Room 9/42, Special Services Group, SSG, St Christopher House, Southwark Street, London SE1 OTE. (Fax No: 0207 921 3802) Copy to: DDef Sy-Phys(Tech) (Fax No: 0207 218 3993) References (See Note 1): Section 1 - Location of Site -------------------------------------------------------------Grid reference : Postal address : Type of site: urban/rural, shared/sole occupant. Type of work (See Note 2): new build/ refurbishment/ IDS/ PIDS/ CCTV/ AACS/ SAMS/ lighting/ building construction/ fences/ blast protectio RESTRICTED (When Completed) JSP 440 Volume 1 Issue 2 5-2-F-1 RESTRICTED RESTRICTED Defence Manual of Security RESTRICTED (When Completed) Area of advice (See Note 3): option study/ pre-project advice/ initial project advice/ audit established system/ audit newly installed system/ trouble shooting/ other (please specify). Section 2 - Primary Establishment -------------------------------------------------------------Title : Role : Security category of establishment: Highest level of protection: TOP SECRET / SECRET / CONFIDENTIAL / RESTRICTED POINT OF CONTACT Name: Appointment: BT Tel No: BT UNCLAS Fax No (See Note 4): Section 3 - Security Section/Unit -------------------------------------------------------------POINT OF CONTACT Name: Appointment: BT Tel No: BT UNCLAS Fax No: RESTRICTED (When Completed) JSP 440 Volume 1 Issue 2 5-2-F-2 RESTRICTED RESTRICTED Physical Security RESTRICTED (When Completed) Section 4 ­ Approval from TLB PSyA Staffs -------------------------------------------------------------POINT OF CONTACT Name : Appointment: BT Tel No: BT UNCLAS Fax No: Section 5 ­ Advisory Input Requirements -------------------------------------------------------------Timsecale (See Note 5): Contacts (See Note 6): Distribution for SSG Advisory Report Name: Appointment: Address: No. of copies: BT Tel No: BT UNCLAS Fax No: Section 6 ­ Work Services Information ------------------------------------------------------------The following items are attached for information (See Note 7) Operational Requirement: Yes/ No Threat/ Risk Assessment: Yes/ No RESTRICTED (When Completed) JSP 440 Volume 1 Issue 2 5-2-F-3 RESTRICTED RESTRICTED Defence Manual of Security RESTRICTED (When Completed) Other Plans and Documentation (please specify): Distribution: External: Action (See Note 8): Information (See Note 9): Notes: (1) (2) References as necessary e.g. G2 HQ LAND Control No. Description of problem/ project/ area of advice/ work required. (3) The following services cannot be obtained through the D Def Sy funded SSG Advisory Account: installation, maintenance, commissioning, detailed project advice, purchase of equipment, examining tenders. If in doubt, speak to your PSyA Staffs or DDef Sy-Phys(Tech). (4) (5) SSG Burtonwood is not connected to the Military Telephone Network. Start/ end dates, particular dates to note i.e. meetings. (6) Initial point of contact for SSG Adviser to discuss work service particulars or arrange site visit. (7) As Operational Requirement and Threat/ Risk assessment should be attached to this request form. If not, then an explanation should be given as to why these documents have not been generated. Plans of the site/ establishment/ building (preferably A3 size) will be of assistance to SSG in completing their report. (8) Request form to be forwarded to relevant PSyA Staffs for action unless command instructions in place that state otherwise. (9) Complete as appropriate e.g. HQ G2/G4, Area Sy Team, P&SS Unit, MI Bn DLO/DPA Sy Staff etc RESTRICTED (When Completed) JSP 440 Volume 1 Issue 2 5-2-F-4 RESTRICTED RESTRICTED Physical Security ANNEX G TO SECTION II COUNTER TERRORIST PHYSICAL SECURITY MEASURES FOR ALL MOD OWNED OR OCCUPIED BUILDINGS Introduction 1. This Annex details the minimum counter-terrorist physical security measures which are to be applied to all MOD owned or occupied buildings. 2. The physical security measures, adapted for the MOD, are based on Cabinet Office guidelines on robustness measures for buildings. The purpose of these measures is to limit damage to the building fabric and injury to the occupants, whatever the level of threat. Given the varying function and location of MOD buildings, physical security measures should be applied on the basis of vulnerability of the site. 3. It is the responsibility of PSyAs to ensure that the measures applied are appropriate. Accordingly, ESyOs and/or PSyAs, in consultation with DE SCG, TLB works advisers and the Project Sponsor or Property Manager, are to assess the vulnerability of buildings as either HIGH, MODERATE or LOW taking into account the following: a. b. c. Location ie whether or not the building is within a secure perimeter. Perimeter security and access by the public. The building aspect in relation to the perimeter. d. The protection afforded by other buildings, other features and/or landscaping. e. Whether or not the building is normally occupied. f. Building usage e.g. housing departments involved in the fight against terrorism. 4. When determining building vulnerability, due account should be taken of the following general rules (together with the considerations at sub-paras 3b to f above): a. Buildings that are not located within a secure perimeter or are located within 100 metres of a secure perimeter will be HIGH unless other factors afford protection from bombs/mortars. JSP 440 Volume 1 Issue 2 5-2-G-1 RESTRICTED RESTRICTED Defence Manual of Security b. Buildings that are normally occupied by personnel, are located beyond 100 metres within a secure perimeter, will be MODERATE unless other factors afford protection from bombs/mortars. c. 5. Buildings that are not normally occupied by personnel will be LOW. The physical security measures fall into two distinct categories: a. Standard measures. Those measures that cannot be applied or removed quickly in line with a changing threat. There are two sections of Standard Measures, those for new construction and those for existing construction; and b. Enhanced measures. Those measures which can be applied or removed as the threat changes. It is important to carry out a security survey to establish the appropriate Enhanced Measures which are to be included in any contingency plan. Standard Measures 6. These measures are to be applied to all new MOD buildings being constructed, leased for MOD use or refurbished. When applying these measures, PSyAs should exercise common sense and give consideration to omitting certain standards in the case of buildings deep within the perimeter or with low occupancy, domestic facilities such as housing and sporting facilities such as squash courts. a. SM.1 - Construction Standard (1) The building should be of framed construction using either structural steel or in situ reinforced concrete. (2) The structural frames should be designed to the "degree of robustness" required by the relevant British Standards, whatever the number of storeys (ie all buildings less than 5 storeys high should be designed as a 5 storey building for robustness only). (3) If structural steelwork is used, the beam/column connections are to be designed to carry load reversals and where possible the facade columns and beams should be concrete encased. (4) The floors and roof slabs should be constructed with in situ reinforced concrete, or with pre-cast concrete slabs with a structural topping suitably tied into the structural frame. (5) Cladding should be either pre-cast concrete panels or solid masonry. If pre-cast systems are used the fixings of the panel back to the structure are to be robust, easily accessible and repairable. Further the cladding system should be designed so that each panel may be removed without affecting the surrounding panels. JSP 440 Volume 1 Issue 2 5-2-G-2 RESTRICTED RESTRICTED Physical Security b. SM.2 - Bomb shelter area (BSA) accommodation (1) High vulnerability. BSA accommodation should be provided and must be sufficient for the maximum number of people likely to be occupying the building. BSA provision may be achieved by careful planning of cores constructed in reinforced concrete, or by robust basement construction. (2) Moderate vulnerability. BSA accommodation may be provided for people likely to be vulnerable. An alternative of emergency evacuation planning may be preferred. (3) Low vulnerability. An emergency evacuation plan is to be in place. c. SM.3 - Glazing protection. Glazing protection minimises the injuries to personnel and damage to assets by reducing the quantities of flying glass. (1) High vulnerability. This protection is achieved by the installation of laminated glass in frames which are securely fixed to the surrounding structure. The plastic interlayers within the laminated glass must be polyvinyl butyral (pvb) for the glazing to offer blast resistance. If a better level of protection is required, then 7.5mm laminated glass in purpose designed frames should be specified. If a double glazing system is to be used, then the outer leaf should be 6mm toughened glass of the appropriate thickness to suit the standard design requirements; and the inner pane should be 6.8mm laminated glass for standard frames or 7.5mm thick laminated glass in enhanced frames. (2) Moderate vulnerability. If single glazing is specified, then the laminated glass should be a minimum of 6.8mm thick in standard frames. (3) Low vulnerability. As above or consideration should be given to the use of anti-shatter film. d. SM.4 - Access control. A good access control system should be installed at all pedestrian and vehicular entrances; this will minimise the opportunity for the deployment of a device within the building. A device placed inside a building would cause greater damage and potentially more injuries that a similar sized device deployed outside the building. e. SM.5 - Counter terrorist contingency plan. Current Health and Safety legislation requires an employer to have established appropriate procedures to be followed in the event of serious or imminent danger. Actions to be taken in the event of an attack are given in Chapter 7. JSP 440 Volume 1 Issue 2 5-2-G-3 RESTRICTED RESTRICTED Defence Manual of Security f. SM.6 - X-Ray Screening of delivered items. Where X-ray screening of mail and delivered items is to be carried out, a purpose designed room should be constructed so as to minimise the consequences of an explosion and offer a degree of protection to operators and staff. 7. For buildings currently occupied. a. SM.1 - Construction standard. Any of the measures noted in SM.1 for new construction which are provided by the existing structure will minimise the consequences of an explosive device. b. SM.2 - Bomb shelter area (BSA) accommodation. If the building is of framed construction it may offer BSA accommodation. Structural engineering advice should be sought to ensure that the building construction is suitable and the Shelter Area construction meets current guidance. If the building is not framed or does not provide suitable BSA accommodation, external evacuation will be required as part of the contingency planning from the threat of explosive devices. c. SM.3 - Glazing protection. Where the glazing is being renewed or refurbished consideration should be given to replacing the glazing in accordance with the recommendations in SM.3 for new construction. In all other cases anti shatter film (ASF) should be fitted in the internal surface of all external glazing, whatever the height of the building. Bomb blast net curtains (BBNC) may be fitted where appropriate. In the case of timber framed 'Georgian' windows ASF and BBNC should be fitted. d. SM.4 - Access control. See SM.4 for new construction. See SM.5 above for See SM.6 above for e. SM.5 - Counter terrorist contingency plan. new construction. f. SM.6 - X-Ray screening of delivered items. new construction. Enhanced Measures 8. Enhanced measures are those measures that are to be implemented, or removed, as the Alert States increase, or decrease. 9. Each Alert State requires a certain set of measures to be implemented. A comprehensive set of measures for each of the Alert States is to be incorporated into the contingency plan. 10. Not all the measures will necessarily be appropriate for a particular establishment. It is, however, important to undertake a Security Survey examining such aspects as location, exposure, activity, site conditions, etc so as to identify those measures that are appropriate and then incorporate them into the contingency. JSP 440 Volume 1 Issue 2 5-2-G-4 RESTRICTED RESTRICTED Physical Security SECTION III TO CHAPTER 5 EXTERNAL PERIMETER SECURITY MEASURES Introduction Perimeters 05301. A perimeter may be defined by a natural boundary, by free-standing fences or walls, by the outer walls of a building or by divisions within it. Its function is to provide a degree of physical, psychological or legal deterrence to intrusion. Its effectiveness as a security measure can be enhanced by the deployment of perimeter intruder detection systems (PIDS), closed circuit television (CCTV), security lighting and guard forces. Further Information, Advice and Guidance 05302. Further information and direction on perimeter security measures can be obtained from the following sources: a. Where establishments are considering the installation of perimeter security measures Command security staff are to be consulted to provide specialist advice and any appropriate policy input; Section II to this Chapter provides information and direction on the procurement of major security equipments and systems. In addition, where such work constitutes a works service project, the procedures detailed in Chapter 5, Section II, Annex A are to be adhered to. b. The PIDS 'Family of Documents' (full title; 'Family of Documents to Establish Optimum External Security Systems - Volume 3 - Perimeter Intruder Detection Systems (Ref 94066)) produced by the Security Equipment Assessment laboratory, under the auspices of EDICTS provides detailed advice, guidance and instruction on the deployment of PIDS. The document is the authoritative publication for the use by MOD establishments. Fences General 05303. A perimeter fence forms a barrier and identifies the boundary of a protected or restricted area. The level of protection offered by a fence depends on: a. b. c. The height of the fence. The construction of the fence. The material used in the fence. JSP 440 Volume 1 Issue 2 5-3-1 RESTRICTED RESTRICTED Defence Manual of Security d. Any additional security features used to increase its performance or effectiveness such as topping, PIDS, lighting or CCTV. The type of fence used on the perimeter of a site is to reflect the type of threat, i.e. terrorist, criminal etc. Purpose of Fences 05304. Fences are not always to be regarded as being a major obstacle in themselves. They are primarily a means of: a. b. Delineating a boundary/area hence protecting against casual intruders. Channelling visitors to legal points of entry. c. Deterring and delaying unlawful intruders who are normally loathe to operate with an obstacle behind them, particularly if they have no guarantee of getting back to their point of entry. d. Assisting guard patrols and easing the employment of guard dogs. Effectiveness of a Fence 05305. The effectiveness of a fence as a barrier to or deterrent against intruders can be increased by the follow