FAQs Section

Choose your section

General

Training

FSR

PSR

TSR

General TAPA EMEA faqs

TAPA Security Standards faqs

Certifications - TAPA programmes

Certifications - TAPA programmes - Self certification

General TAPA EMEA faqs

What does TAPA do?

We are the Transported Asset Protection Association.

TAPA's mission is to increase resilience and minimise supply chain risks. TAPA achieves this through the development and application of global security standards, recognised industry practices, technology, education, benchmarking, regulatory collaboration, and the proactive identification of crime trends and supply chain security threats. TAPA’s vision is to provide its members with scalable risk management tools in the form of globally recognised standards, robust audit process, actionable incident intelligence, high quality training, and representation and liaison with government agencies to build cost effective, resilient and sustainable supply chains.

Who are our members?

TAPA is the leading Security Expert Network for everyone in the supply chain. Our members include leading global Manufacturers and their Logistics Service Providers, Security Service Providers, Insurers, Law Enforcement Agencies, and other supply chain security stakeholders. In the Europe, Middle East & Africa (EMEA) region, TAPA now has more than 600 member companies and partners, including over 100 companies which joined the Association in 2020.

When was the Association founded?

TAPA was founded in the United States by a small group of global technology manufacturers in 1997 to prevent losses from supply chains and, in its early years, was known as the Technology Asset Protection Association. The Association was later rebranded as the Transported Asset Protection Association to reflect the fact that virtually all types of products are now at risk of theft from supply chains.

Is TAPA a global Association?

The Association consists of three international regions: the Americas, Asia Pacific, and Europe, Middle East & Africa.

What other bodies does TAPA work with?

As the leading industry Association focusing on supply chain resilience and reducing losses from supply chains, TAPA is a Subject Matter Expert which supports, and participates in, forums and working groups with partners including the European Commission, United Nations, Interpol, Europol, the World Customs Organisation, UNECE, IUMI, and others. If you represent a body which wishes to engage with TAPA EMEA, please contact us at info@tapaemea.org

How big a problem is cargo crime?

A study by the European Parliament has estimated the value of cargo losses from supply chains in Europe alone of some €8.2 billion a year. A more recent study involving 13 leading industry associations in Germany, including TAPA EMEA, identified the national cost of such crimes to be some €2.2bn a year in just this one European nation.

Sadly, the majority of cargo crimes are still not specifically recorded as such. Instead, they are often allocated to other generic crime categories, such as motor vehicle or commercial property crimes. In 2019, TAPA’s Incident Information Service (IIS) received reports of over 8,500 cargo theft incidents in the EMEA region alone with a loss value exceeding €137 million. The true cost of loss for certain products stolen from supply chains, i.e. pharmaceuticals, can be 5-7x the value of the stolen goods alone once the full recovery costs are taken into account.

Which industry sectors does TAPA represent?

TAPA’s membership reflects the broad nature of cargo crime and the sectors which are most targeted by cargo thieves and Organised Crime Groups. These sectors include food and drink, clothing and footwear, cosmetics and hygiene, tobacco, technology, furniture/household appliances, metal, cash, automotive, pharmaceutical, and tools/building materials.

What benefits do TAPA members receive?

Our members have access to TAPA’s supply chain Security Standards for Facilities, Trucking and Secure Parking, as well as the Association’s Incident Information Service (IIS) database, which enables them to see when and where cargo losses have occurred as well as the types of incidents, locations, modus operandi and the types of products targeted. They can also identify safe truck parking places using our unique digital mapping tool. This helps our members to avoid cargo crime ‘hotspots’ and to adopt fit-for-purpose security protocols in the individual geographies they operate in. The Association also provides incident alerts and intelligence via monthly, half-yearly and annual cargo theft data and analysis reports. TAPA also provides face-to-face and online training for members adopting its Security Standards, as well as valuable networking and intelligence-gathering opportunities through its main conferences and regional events in countries with high rates of cargo losses.

Ultimately, by fully utilising the benefits the Association offers alongside their own in-house security programmes, TAPA members are known to significantly reduce cargo losses and insurance liability, and enhance the reputations of their brands with their customers by ensuring the resilience of their transportation and delivery services.

What levels of membership does TAPA offer?

TAPA offers several levels of membership for Manufacturers, Logistics Service Providers, Security Service Providers, Insurers, Parking Place Operators, and Law Enforcement Agencies, as well as other partners and stakeholders. To find out more or to apply to join the Association, click here.

How do you apply to join the Association?

Once you have identified the category of membership most relevant to you, simply complete and send our membership application form, which is available using this link

Do Law Enforcement Agencies pay a membership fee to join TAPA EMEA?

No. TAPA highly values its close working relationships with international, national and regional Law Enforcement Agencies, which provide much of the incident intelligence recorded in the Association’s Incident Information Service (IIS) database. This information increases our members’ understanding of the types of cargo crimes taking place and helps major companies optimise their security resilience planning. By reducing the number of crimes, TAPA members are, naturally, less likely to need to call on police response and investigation services, lessening the pressure of their already overstretched resources. TAPA is always looking to build new working partnerships with LEAs across the EMEA region. If you are a representative of a Law Enforcement Agency and wish to find out more about working with TAPA, contact us at info@tapaemea.org or via this link.

How to we gather cargo crime intelligence?

A high percentage of all data in TAPA’s Incident Information Service (IIS) database is provided through data sharing agreements with national Law Enforcement Agencies and other policing bodies. TAPA members also share incident data, as do non-member companies and Insurers. Credible media sources are also used as a source of information.

How do you report a cargo theft incident to TAPA?

This process is quick and easy – and is explained in our two-minute ‘How to report to TAPA’s IIS’

Explainer Video. To watch the video, click here.

When reporting an incident, do you have to give your name or company identity?

No. TAPA never asks for the names of individuals or companies reporting cargo thefts. We simply seek intelligence which is of greatest value to our members’ supply chain resilience planning. This includes the date and a description of each incident, the type of incident, the M.O. used, the location of the incident, the value of the stolen goods, and product category.

How do TAPA members use cargo crime intelligence?

TAPA’s Incident Information Service (IIS) allows members to interrogate our cargo crime database and to use their findings to improve their route planning and broader supply chain security programmes. For example, a company can enter a specific routing they plan to use to transport high value, theft targeted goods and see incidents of cargo crime along this routing, as well as the closest TAPA-approved secure truck parking locations. You can find out more about TAPA’s IIS by watching our two-minute Explainer Video via this link.

What is TAPA doing to encourage more secure parking for trucks?

Helping to encourage a bigger network of secure truck parking places in the EMEA region is one of TAPA’s main priorities, which is why the Association created its Parking Security Requirements for Parking Place Operators. The security standard has been developed by security professionals in Manufacturers and Logistics Service Providers or, in other words, the buyers of secure parking places. Within just two years of its launch, TAPA’s PSR is now the most-adopted secure truck parking standard by Parking Place Operators in the region. However, demand still far outweighs supply. TAPA estimates that demand current exists for over 2,000 sites in EMEA or more than 400,000 parking places. If you wish to learn more about TAPA’s PSR, you can watch our ‘Secure Parking Online Tool’ Explainer Video via this link.

Can non-members be sponsors or exhibitors at TAPA’s annual conference?

Yes, they can, although first priority will always be given to TAPA EMEA member companies. You can view our 2021 TAPA EMEA Conference Sponsorship & Exhibitor Opportunities brochure via this link.

Can you be a speaker or panellist at a TAPA event?

We are always looking for great speakers and panellists to participate in our conferences, webinars and other events. We also welcome speakers willing to share interesting supply chain security case studies. If you have a topic you wish to present or are a Subject Matter Expert willing to share your knowledge and expertise, please send a short bio and a brief summary of your proposed presentation to us at info@tapaemea.org

Can you contribute to TAPA’s Vigilant magazine?

Yes, we welcome insightful, non-commercial editorial contributions from Subject Matter Experts which we feel will help our members’ supply chain resilience programmes as well as their awareness of cargo crime trends and new security technologies and solutions. If you wish to pitch your idea for an article to our editorial team, please send a summary to us at info@tapaemea.org

TAPA Security Standards faqs

What are the TAPA Security Standards?

TAPA has developed the leading supply chain Security Standards to help secure high value, theft targeted products during the supply chain process, either being stored within facilities or when they are onboard moving or parked trucks. To find out more about TAPA’s Facility Security Requirements (FSR), Trucking Security Requirement (TSR), or Parking Security Requirements (PSR) use this link .

TAPA’s Standards – which are reviewed and revised by the Association’s members every three years - are highly respected globally as proven security processes and protocols because the FSR, TSR and PSR Standards have been developed ‘by industry, for industry’. The number of TAPA certifications is now at its highest level in the Association’s history as more companies seek the most resilient industry standards to enhance their supply chain security.

Do you pay a fee to TAPA when obtaining one of the Association’s Standards?

If you are a non-member of TAPA EMEA, and you are completing your audit through one of TAPA’s Independent Audit Bodies, there will be a certification administration fee of €499 + VAT if applicable, payable to TAPA. This allows for the certificate to be issued by an Independent Audit Body (IAB) and enables your details to be posted on our website so that members requiring services may find your information. This fee is waived for members.

If you are a non-member of TAPA EMEA and wish to complete a self-certification, there will be a fee per submission of €250 + VAT if applicable.

Can anyone attend a TAPA Security Standards training course?

Anyone interested in obtaining an FSR or TSR certification can attend our training courses, as this is now a mandatory requirement for all certifications since the latest versions of our Standards were launched in 2020. The fee for non-members is €1,499 + VAT if applicable per person, per course. For members, each full member company can send three representatives on our courses free of charge. Security Service Provider (SSP) members can send two representatives. For extra members, above these allocations, there will be a charge of €200 per person.

What happens to ideas for changes to standards that are sent to TAPA?

If submitted during the period when change requests for new revisions are being considered all change requests will acknowledged and the sent to the change control board for review. The decision of the committee will be communicated back the originator. If the change request is submitted outside of the revision cycle the requests will be filed until the revision cycle window is opened and then reviewed by the change control board.

What if I can’t meet the Standard requirements mandatory to pass certification and what are my options?

There is a lot of flexibility in the standards to find a suitable option. It could be that meeting the requirement is the normal expected outcome but where this is not possible one or more of the following options are available:

Contact your Audit Body or a TAPA representative for advice

Submit a waiver request with a justification that offers alternative measures and/or reasons for not needing to meet the original requirement

Use a risk assessment process to support a waiver

How are waivers requests processed?

Each of the TAPA regions has established an intake process and waiver committees to review waiver applications. Normally a waiver application is processed and result communicated within 10 working days. Complex waivers or where information is missing can take longer.

When a revised standard is released how will this affect my existing certification status?

There will be no impact as recertification to the revised standard is not required until the existing certificate expires.

What are the costs for certification?

Funds will be needed to meet the required standards and to fund the Independent Audit Body (IAB) certification work. There is no guide for these costs because each operation will have to complete different actions to meet the standards and IAB selection can be subject to competitive bid. IAB’s can offer a pre-audit service to help determine the actions needed to meet certification.

How often are the standards updated?

The standards will be reviewed and a new revision released every 3 years.

We are interested in getting TAPA certified. Can you give us information and contact details on the certification process?

TAPA has 3 certification programs.

· Facility Security Requirements (FSR) for warehousing operations

· Truck Security Requirements (TSR) for road transport vehicle operations

· Parking Security Requirements (PSR EMEA Only) for road transport parking areas.

Each standard has 3 levels of security. The selection of the appropriate Standard and security level is based on the needs of the company and/or their clients. The 2 highest levels of FSR A and B, TSR 1 and 2 and PSR 1 and 2 require assessments and certification by a TAPA approved Independent audit bodies (IAB). The lowest level FSR C, TSR 3 and PSR 3 can be obtained by an IAB or self-certified by the company’s own employee if they attend a TAPA training and pass the relevant exam.

If you require the services of an approved IAB these can be found here. These certification bodies are approved by TAPA but certification costs are negotiated directly by you and your preferred IAB. If you need more information about TAPA Standards in general please contact our secretariat. You can also download the Standard you are looking for here.

Country laws often restrict criminal background vetting. As this is a requirement in TAPA Standards, how should LSP’s and Applicants seeking to be certified deal with this?

Many countries have stringent laws/regulations in place preventing employers carrying out criminal background checks. TAPA recognises this by including in the FSR section header 7.1 and TSR section header E “as allowed by local law”. It is also worth noting that many countries do allow or require criminal background checks. For example, air cargo security is heavily regulated and it is common in most countries for personnel with access to international cargo shipments to be vetted before they are given access to sensitive areas. TAPA Standards include the same requirements on vetting in the FSR and TSR, but we will reference the FSR to keep the explanation shorter. Hopefully below will explain how to obtain conformance to the Standards:

· TAPA Standards require a criminal history check of personnel where legally permissible.

· Requirement 7.1.1 requires the existence of a “screening process” and if criminal history checks are not allowed then permissible checks on previous employment history are still expected to be documented and completed.

· Where criminal history cannot be used, the inclusion of alternative permitted checks that may include credit checks, gaps in employment, personal references etc. are often added to an organisation’s in-house screening processes. If these steps are followed then a waiver is not going to be needed.

· We do not want to see waiver requests to mitigate compliance with local laws. A waiver should only be considered if a screening process was not present for other reasons than legal compliance.

· Where the screening process exists but criminal checks are not legally permitted it is sufficient to record in the audit that “criminal checks are not permitted” and reference the applicable law for that country.

· The auditor should look for and document all measures that are taken to screen employees and validate such measures are being followed.

· Based on the above guidance the expected response in the TAPA Certification audit is “YES” with a description of the measures used. However, if a “N0” + waiver request or “Not Applicable” response is still considered appropriate, please refer to the appropriate TAPA Standards for additional information.

What are the requirements for the LSP/Applicant who is conducting the interim self audits between certification audits? Must this person be an authorised TAPA Auditor?

TAPA Standards do not require that the person completing and submitting the annual self audits (years 1 and 2) is trained by TAPA or is a qualified TAPA authorised auditor. However, there may be regional differences. TAPA EMEA and TAPA Americas will currently accept annual self audits that are submitted by non-TAPA trained personnel. TAPA APAC requires a TAPA trained and authorised person to submit these audits. TAPA hope to standardise this based on one of these methods as part of the next Standards update cycle. Note that the above should not be confused with the Self Certification Process, where all initial certification audits must be conducted and submitted by a TAPA trained auditor.

Why do we need Self-Certification for TAPA Standards?

The Self-Certification option was introduced to help address two frequent comments we received from our members:

1. Question from Shipper/Buyer members: How can we source more Logistics Service Providers with TAPA certification capability?

2. Question from Logistics Service Provider members: Can TAPA help reduce costs of certification and re-certification?

The introduction of Self-Certification was specifically targeted at the entry level of the Standards to promote growth in FSR C and TSR 3 certifications. The requirements did not change but the method to obtain certification for the entry level security levels was simplified by excluding the need for an external Independent Audit Body (IAB).

How are costs reduced for Logistics Service Providers?

TAPA manages the administration of the Self-Certification free of charge for TAPA members and there are no external IAB costs.

As Self-Certification is a lower cost option for Logistics Service Providers, why should FSR A&B and TSR 1&2 still be considered?

Self-Certification is an entry level to the TAPA Standards and provides robust but minimal security measures. In most instances FSR C and TSR 3 should offer perfectly acceptable security for general cargo. Where Buyers, Shippers, Insurers or Logistics Service Providers’ risk assessments deem additional security measures are needed, then FSR A&B and/or TSR 1&2 can provide this assurance. More scrutiny is needed to ensure these measures are in place and we use industry recognised certification bodies to perform this role.

Can you provide me with some advice on how to get started with Self-Certification and explain what’s involved?

This is a summary of the steps to complete a Self-Certification:

Register for FSR and or TSR training on the TAPA EMEA website. You must pass the relevant exam to obtain Internal Authorised Auditor (AA) status. Only AA’s are approved by TAPA to conduct Self-Certification assessments.

Download the "Self-Certification On Line Tool" user guide here.

Create an account.

Apply for an audit to be assigned to you for each facility/operation that you require to be certified .

Complete your online Self-Certification. Answer all questions and provide supporting detail. If approved, TAPA will notify you and provide a certificate, If denied, a specific time will be allocated for you to correct any non-compliances.

TAPA will provide email and telephone support if needed free of charge to our members.

I see three different types of audits mentioned in the Standards. Can you explain what they are for?

The three types of audits mentioned in the Standards are:

1. TAPA CERTIFICATION AUDIT - Conducted every 3 years by a TAPA-trained Authorised Auditor (AA)

2. SELF CERTIFICATION AUDIT (FSR Level C and TSR Level 3 only) Conducted every 3 years by a TAPA-trained Authorised Auditor (AA)

3. SELF AUDIT OR INTERIM SELF AUDIT - Conducted by a representative of the certification holder. An internal process is in place in order to monitor compliance, in years two and three, in between formal certification audits conducted by an AA.

Who can qualify as an Authorised Auditor (AA)?

There are two types of AA:

1. An auditor can be recognised as an AA when they have taken TAPA training, passed an exam and are working for a TAPA-approved Independent Audit Body. They must have taken the training for each relevant TAPA Standard where they are recognised as an AA. They can perform certification audits for any level of the standard.

2. A LSP/Applicant representative who has taken TAPA training and passed an exam can be recognised as an AA. They must have taken the training for each relevant TAPA Standard where they are recognised as an AA. They can only perform certification audits for the lowest level of the Standards (FSR Level C or TSR Level 3) and for their own employer’s business. They cannot certify their sub-contractors or other businesses.

What are the requirements for the LSP/Applicant person who is conducting the interim self audits between certification audits? Must this person be Authorised Auditor trained/approved?

TAPA Standards do not require that the person completing and submitting the annual self audits (years 2 and 3) is trained by TAPA or is a qualified TAPA Authorised Auditor. However, there may be regional differences. TAPA EMEA and TAPA AMERICAS will currently accept annual self audits that are submitted by non-TAPA trained personnel. TAPA APAC requires a TAPA-trained and authorised person to submit these audits. TAPA hopes to standardise on one of these methods as part of the next Standards version update cycle.

My business can’t have own TAPA-trained Authorised Auditors. For self certification, the TAPA Standards state that “An AA can be an internal employee/associate, trained and authorised by TAPA . What is mean by “associate” and how could I use this option?

TAPA self-certification was set up for LSPs to cost effectively audit themselves by utilising a trained in-house Authorised Auditor. Where the LSP did not have a resource available to perform this role (typical in smaller operations), they could contract in a person or associate provided they have had the appropriate TAPA training and passed the TAPA exam. TAPA allows approved named associates (not auditing organisations) to perform the TSR 3/FSR C self-certification audits as Authorised Auditors provided an agreement to perform the Authorised Auditor role between the two parties is in place. The associate Authorised Auditor is restricted as an Authorised Auditor only for the LSP named in the agreement. In this way the same restriction on an associate and the LSP’s own Authorised Auditor is in place. TAPA would not support an associate who marketed themselves to multiple LSPs as an Authorised Auditor for TAPA self-certification. We would see this as an unapproved Independent Audit Body and would take appropriate steps to prevent this from happening

I have been approached by a security company offering to complete my TAPA self-certification audits. Does TAPA authorise third-party auditing/inspection companies to complete self-certification?

TAPA does NOT authorise any third-party auditing/inspection companies to complete self-certification for the TAPA Standards. If you are approached by such a company, please send the details to TAPA.

How many waiver requests does TAPA EMEA receive and how many are approved?

We get around 50 waiver requests each year. Over 90% will be approved.

What advice can you give to ensure a waiver request is likely to be approved?

Attention to detail is the key. Follow the correct process for completing and submitting the waiver request. The more evidence and explanation that can be provided, the higher probability the waiver will be approved first time round. Around 1 in 4 waivers are returned due to a lack of detail or failure to follow the process.

When waiver requests are denied, what can the LSP/Applicant do to avoid their certification audit failing?

The preferred answer is to achieve compliance with the requirement. What may also be possible is to work with TAPA so we can better understand your challenges. We have, in the past, extended deadlines or assisted the LSP/Applicant with content knowledge to enable them to meet compliance or modify the terms of their waiver. A failed audit is a lost certificate. Often this can be avoided

Who reviews and approves the waivers of TAPA EMEA?

TAPA EMEA waiver reviews come under the responsibility of the TAPA EMEA Standards Team. Routine waivers are processed by the Standards Secretariat, more complex waiver requests are discussed within the team.

If I have a need for the same waiver at more than one location, do I need to submit a waiver for each one?

Normally we recommend that each location to be certified submits waiver requests for only that location. However, we recognise that if identical waivers are to be requested for many sites, this can cause a lot of repetitive work for both the LSP/Applicant and TAPA. So, in some circumstances, we will also consider and approve a multiple site waiver if the necessary conditions to manage this option are specified and maintained.

Exactly what is GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise regardless of its location and the data subjects' citizenship or residence that is processing the personal information of individuals inside the EEA.

(Source Wikipedia)

Is it still possible to follow in the EU the Standards requirements to store records to help provide deterrents and maintain a robust audit trail should a security incident require further investigation?

TAPA does not see any conflict between its Standards and the EU GDPR regulations. TAPA expects that each certification submission will follow the existing process for obtaining certification status. Knowledge of the process and where to seek help is key to minimising delays in your certification

Should there be a conflict between the GDPR company policy and TAPA’s requirements, what should I do?

If there are genuine instances where TAPA Standards conflict with company GDPR policy, then the company should seek alternative measures to meet the intent of the requirement and utilise the waiver request process if necessary. TAPA will not accept a response of “Not possible due to GDPR policy” unless evidence to show all reasonable means have been explored before offering this response.

We consider CCTV images are personal data. TAPA requires that I keep the recorded images for 30 days. How can I achieve this and meet TAPA and GDPR requirements?

TAPA FSR specifies ‘CCTV recordings stored for a minimum of 30 days where allowed by local law. LSP/Applicant must provide evidence of any local laws that prohibit the use of CCTV and/or limit the video data storage to less than 30 days.’ By following the internal process to classify and control personal data, TAPA would expect that an intent to meet TAPA CCTV recording requirements is tailored to also meet local GDPR policy. For example, it may be possible to display clear signage informing all that they are in a CCTV-covered area, that they are under surveillance, that recordings are kept for a maximum of 30 days and will only be used by authorised staff if needed when investigating criminal acts.

Truck GPS data is considered personal data as it tracks driver movements? Does TAPA have a view on this?

When GPS is used for monitoring and recording movements for safety reasons, GPS plays a significant role in the protection of the driver, the truck and the cargo. The driver or their representatives should ideally readily agree to monitoring for these purposes and the company should seek to update their internal policies to continue these practices if applicable

TAPA will be looking into “modular” standards. Are there any updates on what’s happening?

This is an exciting area of development for TAPA. The concept of modular standards is basically a ‘plug and play’ system that allows existing TAPA Standards to be expanded to include other forms of storage, transport and security controls. The current project is looking at adapting the TSR Standard to include other types of vehicles, trailers and containers not typically covered by the current TSR version. This work is in the ‘concept approval’ phase and updates will be shared with members before any decisions to implement proposals are taken. If the modular approach is successful with TSR, the next phase would be to look at other types of storage facilities that could benefit from an FSR modular standard.

If I have any comments on the existing or future TAPA Standards, who should I contact?

TAPA EMEA has a team of people waiting to hear your views. Any questions you have should be submitted to our help desk by emailing info@tapaemea.org. Your request will be processed by one or more of the following: • TAPA EMEA admin representative • TAPA EMEA Standards Secretariat • A member of the TAPA EMEA Standards Team • A member of the TAPA EMEA Board of Directors Alternatively, you can approach any official of TAPA EMEA at one of our conferences who will be more than happy to assist you. In all cases you will receive a response.

I have some comments to share on the existing Standards that may help improve the next revision. Who should I send these to and what happens with the request?

There are several ways to provide your input to TAPA. The formal way is to send your ideas to your regional TAPA administration team, who will forward your comments to the Standards Team. Or find out who represents your region on the Standards Team and contact them directly. In addition, as TAPA progresses the development of the Standards, we will send out general updates to members and seek feedback when appropriate. Look out for these messages as they are the best way to make your voice heard - but you must respond within the given timeframe.

Who should pay the costs to meet TAPA Standards?

The question is open ended as multiple answers are applicable. The most obvious answer is “we all do” as it is assumed some of the costs will be passed on to others in the supply chain in the form of freight rates or direct fees.

Here are a few of the less complex solutions we see being used:

1. The Logistics Service Provider invests in TAPA Standards as a general policy for security and customer compliance reasons. No costs are passed directly to their clients;
2. The Logistics Service Provider invests in TAPA Standards as a direct result of needing to be compliant to their client's contracted security requirements which mandate the use of TAPA Standards. Costs may be covered by the Logistics Service Provider as a cost of doing business or, subject to negotiation, the client may also contribute to the cost if this reduces the general rates for services;
3. The Logistics Service Provider is required to provide a facility and meet the TAPA Standards for one customer. Costs are normally negotiated. The client can contribute or have security costs included in the contracted rates.

Why is there a clause in the TAPA Standards?

Some Buyers/Clients will expect to validate their supplier’s security operation regardless of TAPA certification. This requires an agreement to be made between the Logistics Service Provider and the client to describe which information can be shared and how it must be handled. We have seen some LSPs refuse to share their hard/soft copy security procedures but allow clients to inspect the operations and have procedures verbally explained to them, while others are more than happy to provide any documented procedures that their client’s security organisation requests.

Some of my facilities do not use English language. Does the clause below mean I can translate the standards into local languages?

In geographical areas where English is not the first language, and where translation is necessary and applicable, it is the responsibility of the LSP/Applicant and its agents to ensure that any translation of the FSR, or any of its parts, accurately reflects the intentions of TAPA in the development and publication of these Standards. Answer: Firstly, it’s worth checking the TAPA website to see if we have already translated the Standard into your local language. If not, then yes, we do support local translations being undertaken by the Logistics Service Provider. However, due to the possibility that translations may not accurately capture the intentions of the original standards, any disputes or clarifications needed on the TAPA Standards must be settled using the current published English versions.

Can you explain the slightly different comments I found on use of subcontractors in the TAPA Standards?

Ideally, the Logistics Service Provider should require its subcontractors to be TAPA certified but, for operational reasons, this may not always be possible. So, these requirements intend to address different situations that may be encountered. 1. This may mean the subcontractor could be subject to audits which are required by the Buyer/Client. These audits need to be formally agreed between the relevant parties. A Client/Buyer may have clear security requirements for its supplier to impose on its subcontractors. Normally, these are compliance to relevant sections of the TAPA Standards but can also be unique requirements suitable for the business being conducted. 2. Evidence must be available that confirms subcontractors/vendors are aware of, and comply with, LSP/ Applicant relevant security programs.

If I get self-certified, no-one checks if my audit is accurate. I could say I meet all the requirements without doing anything. Is this a weakness in the scheme?

The self-certification option is the certified entry level of TAPA’s Facility, Trucking and Parking Security Requirements. TAPA will validate that correct responses have been submitted and will investigate and remove anyone from the programme who has deliberately falsified the information that has been submitted. This could also have implications for the applicant as their reputation with clients could be severely damaged. The higher levels of TAPA’s Security Standards which are available require a trained auditor to assess and validate the level of compliance in respect of the relevant TAPA Standard.

My company is using more self certifications to prove we are TAPA compliant to our customers. Why can’t I use self-certification for the higher security levels of TAPA’s Security Standards?

As explained in our FAQ, self certification is the certified entry level. The higher certification levels require an audit to be conducted by one of TAPA’s authorised Independent Audit Bodies. In addition to more scrutiny and validation of the compliance requirements, this also provides assurances to your clients and yourselves that the increased security requirements are in place and will mitigate security risks to facilities, operations, goods and personnel.

Why do Logistics Service Providers seek to obtain TAPA certification?

Typically, the TAPA certificate holders fall into 3 categories and the reasons for this are as follows:

1. Compliance: In many instances, Logistic Service Providers obtain TAPA certification to comply with customer contractual requirements. This is perfectly fine and fits the profile of many of our certification holders;

2. Opportunity: Logistics Service Providers which have incorporated TAPA Standards into their own company security policies and procedures. They proactively seek TAPA certification as an opportunity to promote their investment in security measures. They are “security ready” when contacted by potential new customers;

3. Compliance and Opportunity: A hybrid of 1 and 2, but we often see a proactive supporter of TAPA Standards actually using the Standards to promote their business and services, especially in niche markets for the transportation of vulnerable loads, where security is one of the most important customer requirements. The Logistics Service Provider will often use TAPA Standards as a baseline but then offer additional security measures according to customer requirements.

If I want to promote my TAPA certification to my customers, what advice can TAPA give me?

TAPA certification is now an established and credible method of demonstrating a Logistics Service Providers’ intent to provide adequate security.

These are some tips we would recommend:

1. Make sure your customers know about your TAPA certification, even if they don’t require it. This will mark you out as a provider which cares about the security of their customers’ goods;

2. Include security performance as a discussion topic in your customer meetings. In addition to explaining your security programme, tell them about your relationship with TAPA;

3. TAPA encourages use of its logos where the Logistics Service Provider follows and meets the terms and conditions of use. You can find this information on our website or contact us for help and advice.

If we want to incorporate TAPA branding into our own promotional material, can TAPA help us with this?

We are available to help and support any members’ ideas to promote their business through their association with TAPA. We have to emphasise that our rules do not allow us to endorse Logistics Service Providers’ products or services, but we can certainly help regarding the correct use of our branding materials and agreeing text and graphics which can be included in a Logistics Service Providers’ promotional materials.

I know Logistics Service Providers who have an agreement with customers that they must be TAPA compliant. What does this mean?

Customers requiring TAPA compliance normally have an agreement with a Logistics Service Provider. The reason for this type of arrangement is often given as it saves costs. This practice is not endorsed or advised by TAPA and it can give false assurances as to the security measures that should be in place. What TAPA compliance often means is that Logistics Service Providers will be expected to implement the TAPA requirements, but they will not have been audited by a TAPA-approved Independent Audit Body (IAB) to validate their conformance to the TAPA Standards. Holding a valid TAPA certificate is the answer to proving a supplier’s TAPA conformance status. If things go wrong, a customer who has signed a deal with a TAPA compliant supplier is basically on their own as it is almost certain there will be many non-conformances. It’s like driving a car without a licence, you only know there may be a problem after an accident has happened. Is it a benefit option? TAPA compliance has no tangible benefits because it’s not a sustainable model. The current security measures may or may not be in place and TAPA or its Authorised IABs have no role in the quality or support of ongoing conformance.

How will TAPA introduce control measures to address supply chain cyber threats?

TAPA is currently looking at ways to introduce cyber threat control measures into both the FSR and TSR Standards. We are very aware that other standards and regulations exist on this topic, so we are being careful not to duplicate what is already out there. A list of cyber threat controls has been developed and now we need to decide which controls should reside in the main body of the TAPA Standards and which ones will be provided as an optional extra that the Logistics Service provider (LSP)/ Applicant can add onto their normal certification.

I noticed there is a new addition in the FSR for ‘IT and Cyber Security Threat’. Why is this an optional and not mandatory requirement when in today’s world the protection of IT networks is a core requirement?

Both FSR and TSR make the IT and Cyber Security Threat option available. For TAPA, this is the first phase in introducing entry level security measures to improve protection of critical supply chain information systems. Ideally, we would have liked to have made these measures mandatory from day 1 of the updated 2020 Standards being launched, but realistically we had to acknowledge the concerns of many of our members who need time to understand and plan for any infrastructure changes. Therefore, FSR and TSR will continue to have the entry level IT and Cyber Security Threat module as an ‘optional’ feature so that it can be included in certifications as required.

Phase 2 in 2021 will see the introduction of a standalone IT and Cyber Security Standard that will require an FSR/TSR IT and Cyber Security certificate to enable it to be eligible for the higher level of certification. The intent of the future IT and Cyber Security Threat Security Standard is the protection of critical supply chain information systems and services. Where possible, the TAPA requirements should not duplicate existing industry standards on cyber threat protection.

Is there an comparison chart for the previous 2017 versions to highlight the differences in the new Standards 2020 version?

No, not at the moment because we have changed the layout of the documents and it’s not possible to show a side-by-side comparison. We are considering ways to better explain the main differences and will publish more information on this when the final versions are published.

We are already TSR and FSR certified. Will the new formats increase my costs and the number of requirements I need to be compliant with?

If you do not wish to use new options which are included in FSR/TSR 2020, you should not see any significant changes to your existing FSR/TSR 2017 certification when you go through the re-certification process

How can I provide feedback to TAPA if I have any comments on the updated Standards?

In the message we issue to confirm the Standards are available to review, we will include information on how to provide us with your comments.

If I need help to understand new Standards, who can I contact?

Previous FAQ updates in Vigilant magazine have covered many topics on new Standards so these are a useful point of reference. If you can’t find the answer you need, we will be creating and sharing a dedicated email link to receive your comments and feedback. Alternatively, you can contact your regional TAPA Standards Team representatives, who will be happy to help.

What should I do to prepare for the new Standards?

TAPA advises the following:

Familiarize yourself with the content of the new Standards

Ask TAPA if there is anything you don’t understand or need help with

Take note of the updates and other information coming from TAPA

Look out for the training schedule once it’s published to find out how to participate in future training events

If you intend to use FSR/TSR 2020, do some gap analyses of your operations in advance.

My company uses a different audit body to the ones TAPA has approved. Why can’t I use the same audit body?

TAPA needs to ensure compliance and consistency of approach regarding the use of our Security Standards. To achieve this, TAPA needs to ensure it has agreements and close working relationships with the accredited audit bodies that perform the actual certifications. Therefore, TAPA has appointed a number of audit bodies with global capabilities to perform TAPA certification audits under a Memorandum of Understanding agreement. TAPA has also appointed local or regional audit bodies where the global companies may not have strong representation. We believe this provides a choice of certification audit providers and competitive pricing options for the company seeking an auditor. This approach also allows TAPA to monitor and control the audit quality of the audit bodies.

The reason TAPA does not support the use of non-approved audit bodies or auditors is because they have not gone through the required training or signed the appropriate agreements with TAPA to enable them to deliver the TAPA certification requirements. Therefore, when TAPA receives a single site request to use a non-approved audit body, we generally have to refuse the request.

In the interest of expanding TAPA’s certifications programme to make it more affordable and achievable in the future, the Association is investigating options to allow the inclusion of more accredited audit bodies.

Will TAPA be publishing the details on the changes between the old and new versions of the Standards?

Yes, when the revised Standards are released, a summary of the main changes will also be published. As previously mentioned, we have tried to limit the number of changes to our Security Requirements. We are doing this because we want to focus on introducing a Multi-Site Certification option for the Facility Security Requirements. Simultaneously, we will expand the Trucking Security Requirements to a Modular concept, which will allow more vehicles to be included in a TSR certification

Who can I contact if I have concerns about my existing TAPA certification being impacted by the release of revised TAPA Standards?


TAPA’s regional Standards Teams and Board Members are always at your disposal. Contact your regional office if you would like to discuss any matters with a TAPA representative.

A contact request will produce a response from TAPA.

How will TAPA provide more information and support to existing TAPA Standards certificate holders to help them plan their transition to the new revision of the Standards?

TAPA will be communicating a lot of information on plans and training to help members’ certification programmes. This will be shared via the TAPA website and various articles and bulletins. You can also contact TAPA directly or work with your existing Audit Body.

How will TAPA introduce control measures to address supply chain cyber threats?

TAPA is currently looking at ways to introduce cyber threat control measures into both the FSR and TSR Standards. We are very aware that other standards and regulations exist on this topic, so we are being careful not to duplicate what is already out there. A list of cyber threat controls has been developed and now we need to decide which controls should reside in the main body of the TAPA Standards and which ones will be provided as an optional extra that the Logistics Service provider (LSP)/ Applicant can add onto their normal certification.

Training

How do I find more details about TAPA training?

The TAPA website and articles published by TAPA contain many references to training. You can also contact the TAPA office for current offerings and availability

Do I need to participate in TAPA training for the updated Standards?

It’s worth noting that from 1 July, anyone completing any TAPA audits for the new versions must have taken and passed the relevant exam for the appropriate Standard. If you are required to complete and submit TAPA audits for your business to TAPA or an Independent Audit Body this may impact you. Even if you have been trained on earlier versions of the TAPA Standards, there will be additional training needed. TAPA will soon provide details on how you can be trained and qualified to support audits for the new Standards.

When will the updated training schedule be published and what form will it take?

With a change in concept being introduced for both FSR and TSR, we anticipate that quite a few changes to the TAPA Standards’ training programme will be required. We are currently exploring both classroom- attended training and access to online training modules. It’s too early to say for certain how the new training will be delivered but TAPA will be investing significantly to ensure the training materials will be easily accessible and of high quality. Our objective is to have training available to our members and the Independent Audit Bodies (IABs) before the revised Standards come into force on 1 July 2020. Watch out for further updates as we begin to focus on this very important topic.

FSR

As Self-Certification is a lower cost option for Logistics Service Providers, why should FSR A&B and TSR 1&2 still be considered?

Self-Certification is an entry level to the TAPA Standards and provides robust but minimal security measures. In most instances FSR C and TSR 3 should offer perfectly acceptable security for general cargo. Where Buyers, Shippers, Insurers or Logistics Service Providers’ risk assessments deem additional security measures are needed, then FSR A&B and/or TSR 1&2 can provide this assurance. More scrutiny is needed to ensure these measures are in place and we use industry recognised certification bodies to perform this role.

I noticed there is a new addition in the FSR for ‘IT and Cyber Security Threat’. Why is this an optional and not mandatory requirement when in today’s world the protection of IT networks is a core requirement?

Both FSR and TSR make the IT and Cyber Security Threat option available. For TAPA, this is the first phase in introducing entry level security measures to improve protection of critical supply chain information systems. Ideally, we would have liked to have made these measures mandatory from day 1 of the updated 2020 Standards being launched, but realistically we had to acknowledge the concerns of many of our members who need time to understand and plan for any infrastructure changes. Therefore, FSR and TSR will continue to have the entry level IT and Cyber Security Threat module as an ‘optional’ feature so that it can be included in certifications as required.

Phase 2 in 2021 will see the introduction of a standalone IT and Cyber Security Standard that will require an FSR/TSR IT and Cyber Security certificate to enable it to be eligible for the higher level of certification. The intent of the future IT and Cyber Security Threat Security Standard is the protection of critical supply chain information systems and services. Where possible, the TAPA requirements should not duplicate existing industry standards on cyber threat protection.

We are already TSR and FSR certified. Will the new formats increase my costs and the number of requirements I need to be compliant with?

If you do not wish to use new options which are included in FSR/TSR 2020, you should not see any significant changes to your existing FSR/TSR 2017 certification when you go through the re-certification process

How and when will I get copies of the draft FSR and TSR Security Standards?

TAPA will always publish a message to members informing them when draft Standards are available to access via a link on the TAPA website.

Can I still use the FSR/TSR 2017 versions after 1 July 2020?

As of 1 July 2020, any new certifications or recertifications should be completed using the FSR or TSR 2020 Standards. All FSR/TSR certificates are valid for 3 years, so, if you hold an FSR/TSR 2017 certificate, you do not need to recertify until your current certificate expires.

After obtaining FSR Level A certification a year ago, I recently received a reminder to complete and submit a self-audit to the audit body. Can you explain what is required and the purpose of these audits?

Once you have been issued with a Certification for the TAPA FSR, TSR or PSR Standards, TAPA requires an annual self-audit to be completed in a non-certification year.

As TAPA certifications are valid for 3 years, this means an interim self-audit is completed by the certificate holder (LSP/ Applicant), their appointed agent or Independent Audit Body in years 2 and 3. The LSP/Applicant is responsible for ensuring the annual self-audit is completed and submitted to the certificate issuing authority on time (TAPA or the Independent Audit Body). Failure to do so may result in the revoking of the certificate, so it’s important not to miss this part of the process!

The reason for the self-audit requirement is to ensure ongoing conformance to the Standard is maintained and this responsibility must be with the certificate holder. If anything has changed or new waivers are required, this is the opportunity for the LSP/Applicant to identify the non-conformances, fix them or have waivers approved as appropriate and inform the certification authority of the change in conditions.

As I make preparation plans for FSR and TSR 2020, will TAPA be available to help me make decisions on the best way to transition to the new versions?

Yes, and we will welcome these requests. TAPA is a members’ association and we want you to gain maximum benefit from your membership.

PSR

What is the PSR Security Standard and who is it intended for?

The Parking Security Requirements (PSR) is the latest TAPA Security Standard. It is for the operators of truck parking areas that want to use an industry standard which is widely recognised by shippers and the logistics industry. Our aim is to significantly grow the footprint of available TAPA-approved secure parking areas to help protect drivers, vehicles and loads when they are required to take rest breaks.

I saw an older version of PSR. What’s new in PSR 2018?

The older version was PSR 2017 and was a pilot version. It contained one security level and numerous options on how to become involved in the scheme. PSR 2018 now contains three security levels and the involvement of approved Independent Audit Bodies (IABs) to complete the certification process. As with FSR and TSR, there is also a selfcertification option for PSR Level 3.

Why do we need PSR?

In the EMEA region alone in 2017, 70% of all cargo crimes reported to TAPA’s Incident Information Service (IIS) involved trucks which had stopped in unsecured parking locations. The number of these incidents – 2,019 in total – also represented a 90% increase in these incidents over the previous year. With more and more trucks on the road, the lack of suitable parking areas is making cargo vehicles an attractive and, often, relatively easy target for criminals. Many previous initiatives to tackle the insufficient level of secure parking have failed. In response to TAPA members’ concerns – and based on the Association’s success with its other Facility Security Requirements (FSR) and Trucking Security Requirements (TSR), TAPA decided to develop and manage its own secure parking standard to benefit its members as well as the wider supply chain industry. PSR has been developed in close consultation with TAPA’s Manufacturer and Logistics Service Provider members – buyers of parking places – as well as with Parking Place Operators As and we now have a recognised Standard for secure parking that has been created by the industry, for the industry. We hope our efforts will convince hundreds of parking place operators to join our scheme and provide a choice of effective and affordable parking which meets all of the security level requirements of our industry.

Is PSR a global standard?

We have just officially launched PSR in the EMEA region. We are working with our TAPA colleagues in the AMERICAS and ASIA PACIFIC to help them consider also adopting PSR. We know of several countries in Asia which are already very interested in the PSR Security Standard and hope to see its adoption outside of EMEA soon. We will continue to send out regular updates on the growth and use of PSR.

How is PSR linked to incident data?

The PSR Standard comes complete with some valuable additional tools to help TAPA members plan secure transportation routes. Members of TAPA with access to our IIS are now able to access our new Security Parking Online Tool (SPOT), a risk management mapping solution which allows a user to enter a route, identify incidents on or close to the intended route, and then find the nearest TAPA PSR-approved secure parking sites. The tool will be populated with every parking place which meets the requirements of the TAPA Standard.

I want to use secure parking sites for my trucks in transit. I find there are not enough sites with parking places available or they to expensive to use. What is TAPA’s view of this situation and why do you think your PSR Standard will make any difference

Unfortunately, the problem of a lack of safe and secure parking for trucks is not new. There are many reasons why this situation exists, and it will require industry and national governments to collaborate on finding realistic solutions. Existing secure parking schemes are fragmented and provide limited coverage. This needs to change. The EU has just completed a study and is looking to introduce a safe and secure parking standard, but it may be some time before this is formally launched. The introduction of TAPA PSR was in response to direct requests from our members for TAPA to play a role in addressing the “lack of parking” problem. We cannot solve this on our own but hope to make a meaningful contribution. We hope the PSR certification scheme, which includes information on approved parking locations as well as access to incident data for risk assessment use, will be successful in attracting many existing parking place owners to adopt the Standard and become more visible to the industry. We are also committed to aligning with the EU and other regulators which are considering introducing similar standards. It is our stated goal that adopting TAPA PSR will be a stepping stone aligning with any future regulatory standards. It makes no sense to have competing or different standards, but TAPA wants to play a role now and in the future in managing the certification, and promoting the use of parking sites. Because TAPA PSR is available for use now, the growth in new users is gaining momentum. So, we believe PSR has a very important role in advance of future regulatory parking requirements as well as a continued role in promoting the availability and use of safe and secure parking when regulations are introduced.

TSR

As I make preparation plans for FSR and TSR 2020, will TAPA be available to help me make decisions on the best way to transition to the new versions?

Yes, and we will welcome these requests. TAPA is a members’ association and we want you to gain maximum benefit from your membership.

As Self-Certification is a lower cost option for Logistics Service Providers, why should FSR A&B and TSR 1&2 still be considered?

Self-Certification is an entry level to the TAPA Standards and provides robust but minimal security measures. In most instances FSR C and TSR 3 should offer perfectly acceptable security for general cargo. Where Buyers, Shippers, Insurers or Logistics Service Providers’ risk assessments deem additional security measures are needed, then FSR A&B and/or TSR 1&2 can provide this assurance. More scrutiny is needed to ensure these measures are in place and we use industry recognised certification bodies to perform this role.

We are already TSR and FSR certified. Will the new formats increase my costs and the number of requirements I need to be compliant with?

If you do not wish to use new options which are included in FSR/TSR 2020, you should not see any significant changes to your existing FSR/TSR 2017 certification when you go through the re-certification process

How and when will I get copies of the draft FSR and TSR Security Standards?

TAPA will always publish a message to members informing them when draft Standards are available to access via a link on the TAPA website.

Can I still use the FSR/TSR 2017 versions after 1 July 2020?

As of 1 July 2020, any new certifications or recertifications should be completed using the FSR or TSR 2020 Standards. All FSR/TSR certificates are valid for 3 years, so, if you hold an FSR/TSR 2017 certificate, you do not need to recertify until your current certificate expires.

tapa background image light