Customs and Excise Act, 1964 (Act No. 91 of 1964)Customs and Excise RulesChapter VIII : Registration, Licensing and Accredited ClientsRules for Section 64E of the ActAccreditation of clientsPart 3 : Criteria for levels of accredited client statusCriteria for Level 2 accredited client status (AEO Security) |
64E.13
(1) | The criteria referred to in paragraphs (a) to (e) of rule 64E.12 apply for purposes of an applicant for Level 2 accredited client status: Provided that the record of compliance contemplated in rule 64E.12(1)(a) is five years in respect of applicants for Level 2 accredited client status. |
(2) | An applicant for Level 2 accredited client status must, in addition to compliance with the criteria contemplated in subrule (1), for purposes of section 64E(1)(b)(vi), meet the following safety and security standards: |
(a) | The applicant must implement adequate and appropriate security measures to secure premises, buildings and facilities, including prohibiting unauthorised access by any person, vehicle or goods to security sensitive areas within such premises, buildings and facilities which present a higher security risk if breached, by implementing a system of access control or other appropriate security precautions; |
(b) | security measures must be in place in respect of personnel and other persons gaining access to the applicant’s premises providing for— |
(i) | the unique identification of an individual as a member of the applicant’s personnel to mitigate the risk of unauthorised persons gaining access to secure areas; |
(ii) | security screening in respect of prospective employees applying for posts which entail working in security sensitive areas; |
(iii) | periodic security screening of current employees working in security sensitive areas; and |
(iv) | the identification, recording and dealing with unauthorised or unidentified persons, such as photo identification and sign-in registers for visitors at all entry points to the premises; |
(c) | the applicant must identify his or her business partners participating in any aspect of the supply chain of goods involved in the relevant customs activity and must be able to demonstrate that efforts were made to ensure that business partners meet or enhance supply chain security requirements through— |
(i) | the review of relevant commercial information relating to prospective contracting parties before entering into contractual arrangements; and |
(ii) | the implementation of appropriate contractual arrangements or other measures appropriate for the applicant’s business model; |
(d) | measures must be in place to ensure that the security and integrity of cargo and any conveyance is maintained whilst under the applicant’s supervision or control, including procedures for— |
(i) | storing of, access to and removal of, cargo and conveyances in secure areas; |
(ii) | proper sealing by designated personnel; |
(iii) | training of operators of conveyances used for the transportation of cargo to ensure the security of conveyances and the cargo at all times; |
(iv) | inspection of conveyances and recognizing and reporting compromised seals, cargo and conveyances, as well as keeping record of inspections; and |
(v) | ensuring that cargo is secure during transport and whilst loading or unloading from a conveyance; |
(e) | the applicant must have a contingency plan for crisis management and recovery procedures to mitigate any risk of loss or destruction of the applicant’s records and information; |
(f) | regularly reviewed measures must be in place for the education and training of personnel with regard to the risks associated with the international supply chain, the recognition of suspicious incidents and potential threats and actions to be taken in response to it; |
(g) | adequate information technology security measures must be employed to protect the applicant’s information technology systems, evidenced by— |
(i) | a dedicated person responsible for managing information technology and information technology security; |
(ii) | written information technology security procedures or confirmation of the implementation of information security measures; |
(iii) | employee training in respect of information technology security policies, procedures and standards; |
(iv) | monitoring systems to identify improper access to information technology, tampering with or the altering of business data, as well as procedures to deal with any breaches of security by personnel or other persons; |
(v) | measures providing for— |
(aa) | accessing of information technology systems by personnel through individually assigned accounts; |
(bb) | limiting access to master data and the creation of user profiles providing access to information connected to the specific tasks of the user; and |
(cc) | periodic change of passwords; |
(vi) | security features incorporated into information security systems, such as firewalls, spyware, encryption, monitoring of software; and |
(vii) | the physical securing of the applicant’s information technology server room, including authorised access control; |
(h) | the applicant must at all times have dedicated personnel with an understanding of its business and access to the relevant information tasked with consultation, co-operation and communication with SARS in relation to customs matters; and |
(i) | the applicant must practice good corporate governance and be able to show compliance with the guidelines contained in the latest revision of the King Report on Corporate Governance, to the extent applicable to the applicant. |