What is ISO 17712?

International Standard ISO 17712, Freight containers - Mechanical seals, published in September 2010, is the third generation of 17712. The first generation was a Publicly Available Specification (PAS) published in 2003; the second generation was a revision to ISO/PAS 17712 published in 2006. The generations are cumulative except for some finetuning of earlier work. The International Organization for Standardization (ISO) permits its technical committees to draft and vote on Publicly Available Specifications (PAS) as, in effect, a kind of interim International Standard. A PAS is faster to approve than a formal standard, but it has a limited shelf-life. The first generation: ISO Technical Committee (TC) 104, Freight Containers, formed Working Group 8 (WG8), Mechanical Seals late in 2002. Industry and government experts concluded that an international standard on mechanical security seals would enhance post-9/11 cargo security. Using ISO's PAS procedures, ISO/PAS 17712 was finished quickly. The PAS focused on the physical parameters of three classes or levels of seal barrier strength: indicative ("I"), security ("S"), and high security ("H"). The barrier strength of a seal was and still is measured with four tests: impact, shear, bend and tensile strength. The test values that distinguished between "I", "S" and "H" classes reflected numbers in use by major customs authorities. The quality of seals used in international trade improved as trade-related programs encouraged or required use of ISO-compliant "H" seals. Two of the earliest programs were the US Customs-Trade Partnership Against Terrorism (C-TPAT) and the World Customs Organization's "Framework of Standards to Secure and Facilitate Global Trade." ISO/PAS 17712:2003's narrow scope reflected the time-urgency of industry stakeholders. It was clear that the seal suppliers' security-related business practises were at least as important as the physical strength of a seal. Seal manufacturers and distributors with immature or careless security-related management practises could effectively compromise the security of the best physical seal before it was shipped out of the door. The major thrust of second-generation activities produced Annex A (normative), "Seal manufacturers' security-related practises." The purpose of the annex is to raise the quality of security-related practises in the mechanical seal industry and assure a buyer

that its supplier conforms to industry best practises. Annex A defines more than two dozen required practices, such as mantenance of quality assurance programs (ISO 9001), facility risk assessment, seven year data retention programs for all seals, and access control to production and storage areas. The annex requires a report of a successful audit (often referred to as a certificate) from an independent auditor accredited under ISOsanctioned procedures. After a successful international ballot, ISO published the revised PAS 17712 in 2006.

The revision made an important linkage of two features:

Compliant seals must show a mark to indicate their classification - "H" for high security, "S" for security and "I" for indicative. Only manufacturers certified as compliant with the normative annex may put grade marks on seals.

The linkage means that ISO-compliant seals can come only from ISO compliant sources.
The third generation changes published in ISO 17712: 2010 addressed technical issues, added testing for tamper evidence and established an 18 month transition buffer after publication for critical issues. Most of the technical changes that affect accredited testing labs, which must have ISO 17712 included in their scope of competence: the changes clarified test fixture designs and added specificity to the test procedures. Another technical change, reflecting user experience, established an 18mm minimum widest diameter for bolt seals. ISO/PAS 17712 had addressed seal diameter as a functional requirement and the industry norm tended to be 17mm. The 18 month transition buffer applied to the 18mm requirement to accomodate manufacturer's tooling requirements and particularly to allow seal inventory adjustment throughout bolt seal supply chains. Testing for tamper evidence is the most important change since addition of the normative Annex A. Customs regulators in the European Commission approached ISO and expressed strong interest in tamper testing and vetting of security seals. ISO TC 104 leaders decided that WG8 would work with the EC to address their concerns. All parties shared a goal: to facilitate maintenance of a common global regime for security seals.

ISO 17712 gives testing labs unusual flexibility in finalizing their test procedures for evidence of tampering. Tamper attempts must leave detectable evidence of tampering in each of three tests; three successes earn a "Pass" grade but an "undetectable" result on any test generates a "Fail" grade for the seal. All classes of seals - "I", "S" and "H" must earn "Pass" grades to qualify as 17712 compliant. Tamper evident testing in ISO 17712 is a compromise to accomodate two valid but conflicting goals: providing specific common test procedures and not providing a public "cookbook" of ways to defeat security seals. The compromise presents a challenge to conscientious testing laboratories.

Annex B (normative) requires and 18 month transition before the tamper evident testing and the 18mm minimum widest diameter become required of all compliant seals. The transition is critical for tamper evident testing; it allows time for suppliers to re-examine and enhance anti-tamper features; for testing labs to define and refine their test methods; for lab accreditation agencies to learn the issues sufficiently to vet labs; and for security seal inventory adjustment throughout supply chains. Beginning 1 March 2012, all ISO 17712 compliant seals must be certified as tamper evident. You may purchase copies of ISO 17712: 2010 from ISO itself or from any national standards bodies, such as AFNOR (France), ANSI (US), or BSI (UK).

ISO 17712 and How it Affects Suppliers

What is ISO 17712?
ISO 17712 is an ISO International Standard published in September 2010; it supplants the earlier Publicly Available Specification (ISO PAS) 17712. The Standard establishes uniform procedures for the classification, acceptance, and withdrawal of acceptance of mechanical freight container seals. ISO 17712 defines the various types of security seals available the general performance requirements for each product type and detailed test specifications.

The standard has three main features, each of which requires documentation of compliance by properly accredited test laboratories or business process auditors; the labs and auditors must have ISO 17712 as part of the scope of competence. (You can read ISMA's recommendations to seal buyers at How can buyers be sure?

1. Testing of physical strength (as barriers to entry) 2. Auditing of manufacturer's security-related business practices 3. Testing of a seal's ability to indicate evidence of tampering (which becomes mandatory for all compliant seals 1st March 2012. Physical strength. ISO 17712 defines three classes of seal strength or barrier capacity: "I" Indicative, "S" Security and "H" High Security; cargo security programs such as C-TPAT call for "H" class seals. Classification requires independent testing by a laboratory accredited according to ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories. ISO 17712 includes specific tests for tensile strength, shear resistence, bend resistence or endurance and resistance to physical impacts. Manufacturer's security-related business practises. Immature or careless security-related practises can undercut the effectiveness of the highest quality security seals. ISO 17712's Annex A (normative) defines more than two dozen required pratices, such as maintenance of quality assurance programs (ISO 9001), facility risk assessment, seven year data retention programs for seals, and access control to production and storage areas. To demonstrate conformance with Annex A, manufactuers must be audited by an independent process certifier that is specifically accredited to audit conformance with ISO 17712. As a supplier you may not sell any seal as "ISO 17712 compliant" unless your firm has the proper independent certification that your firm's practices conform to Annex A. ISO 17712 is explicit: only firms in conformance with Annex A may place an "H", "S" or "I" class indicator on a seal.

Testing of a seal's ability to indicate evidence of tampering. The primary reason to use a security seal is to provide evidence of attempts to tamper with the seal. In ISO 17712's tamper test procedures, laboratory tamper attempts must leave detectable evidence of tampering in each of the three tests; three successes earn a "Pass" grade but an "undetectable" result on any test generates a "Fail" grade for the seal. All classes of seals - "I", "S" and "H" - must earn "Pass grades to qualify as 17712 compliant.

Experienced suppliers know that valid tamper evident testing is difficult. It was added to the Standard after requests by and discussions with officials of the European Commission. Tamper evident testing in ISO 17712 is a compromise to accomodate two valid but conflicting goals: providing specific common test procedures and not providing a public "cookbook" of ways to defeat security seals. The compromise presents a challenge to conscientious testing laboratories and suppliers. You may purchase copies of ISO 17712: 2010 from ISO itself or from many national standards bodies such as AFNOR (France), ANSI (US) or BSI (UK).

ISO 17712 And How It Affects Buyers

Buyers of 17712-compliant seals cannot simply accept "Yes, we comply" as an answer from a supplier. You must be able to ensure that you bought a fully compliant product. For example, if you purchase seals that cannot be proven to be ISO 17712 compliant, then you risk shipment delays under C-TPAT procedures. For information on how buyers can be sure that they are receiving genuinely compliant seals, see How can buyers be sure?

What Is ISO 17712?

ISO 17712 establishes uniform procedures for the classification, acceptance, and withdrawal of acceptance of mechanical freight container seals. The standard defines the various types of security seals and describes the performance requirements for each product type as well as details of testing specifications.

International Standard ISO 17712 replaced ISO's Publicly Available Specification (ISO/PAS) 17712 in September 2010. The Standard refined test procedures and added a technical specification for bolt seals. More importantly, the Standard added new test requirements for tamper evidence that apply to all seals that claim ISO compliance, regardless of type. Tamper evidence test certificatation goes into effect 1 March 2012, after an 18 month transition period. General requirements stipulate that mechanical security seals must be:

Strong and durable against weather, chemical action and undetectable tampering. Easy to apply and seal. Permanently and uniquely marked and numbered. Marked with an easily identifiable manufacturer's logo.

The standard has three major features, each of which requires documentation of compliance by properly accredited test laboratories or business process auditors; the labs and auditors must have ISO 17712 as the scope of competence. 1. Testing of physical strength (as barriers to entry). 2. Auditing of manufacturer's security-related business practises 3. Testing of a seal's ability to indicate evidence of tampering. Physical strength. ISO 17712 defines three classes of seal strength or barrier capacity: "I" Indicative, "S" Security and "H" High Security; cargo security programs such as C-TPAT call for "H" class seals. Suppliers must use independently third party test laboratories to validate a seal's classification. Labs must be accredited according to ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories. Manufacturer's security related business practises. Immature or careless security-related practices can undercut the effectiveness of the highest quality security seals. ISO 17712's Annex A (normative) defines more than two dozen required practices, such as maintenance of quality assurance programs (ISO 9001), facility risk assessment, seven year data retention programs for all seals, and access control to production and storage areas. To demonstrate conformance with Annex A, suppliers must be audited by an independent process certification provider (such as an ISO 9001 auditor) accredited to audit conformance with ISO 17712. No supplier can sell any seal as "ISO 17712 compliant" unless that firm has the proper independent certification that the firm's security-related business practices conform to Annex A. ISO 17712 is explicit: only firms in conformance with Annex A may place an "H", "S" or "I" class indicator on a seal. Testing is a seal's ability to indicate evidence of tampering. The primary reason to use a security seal is to provide evidence of attempts to tamper the seal. In ISO 17712's tamper test procedures, laboratory tamper attempts must leave detectable evidence of tampering in each of the three tests; three successes earn a "Pass" grade but an "undetectable" result on any test generates a "Fail" grade for the seal. All classes of seals - "I", "S" and "H" must earn"Pass" grades to qualify as 17712 compliant. Tamper evident testing in ISO 17712 is a compromise to accomodate two valid but conflicting goals: providing specific common test procedures and not providing a public "cookbook" of ways to defeat security seals. The compromise presents a challenge to conscientious testing laboratories.

Improving user's seal management and effectiveness

Although the scope and focus of ISO 17712 is on the characteristics and performance of seals, the Standard's Annex A has information that may help seal users take a fresh look to improve the quality of security seal programs in their supply chains. You might think of Annex A as containing guidelines for effective management and use of seals - as tools, for example, which could help enhance measures related to C-TPAT and AEO programs. As the table shows, security seals have their own life cycle, from design through manufacture, distribution, use and retention of seal data. Buyers and users have important roles to play in stages 4, 5 and 6. Stage 4 is about user knowledge and discipline. As soon as a shipment of seals arrives, buyers and users should, we suggest, think of them as accountable assets. If buyers control and secure new seals and track the use of seal IDs, they reduce the risk of compromised seals and compromised shipment security. Protect unused seals from intruders and from unauthorized access by employees. In addition, train users in shipping facilities to correctly install and document seals. Stage 5 is about user knowledge and discipline in the field, while seals are attached to containers, etc. This includes supply chain seal verification programs and procedures to deal with compromised or suspect seals. An effective seal program will establish a "chain of custody" for the seal and its shipment. Stage 6 involves both physical and information issues. If a seal has been tampered with or compromised, supply chain risk managers among others may want the seal or its parts for forensic or insurance reasons. Stage 6 also addresses the care, use and storage of seal data; these may provide useful chain of custody pattern information for security and business managers.

Stages in the Life of a Security Seal * 1. Design Process 2. Manufacturing 3. Distribution 4. User control from receipt to application 5. In-transit management 6. After-life

* Adapted from Table A.1, ISO 17712: 2010

You may purchase copies of ISO 17712: 2010 from ISO itself or from many national standards bodies, such as AFNOR (France), ANSI (US) or BSI (UK).

How can buyers be sure? How can buyers be sure they have compliant product?
Many security seal buyers have been confused by seal manufacturer's claims of conformance. Candidly, some suppliers falsely claimed compliance. In addition, managers of accredited testing laboratories have shown ISMA members counterfeit certificates of compliance used by some suppliers. Some security-related programs, such as C-TPAT, require members to have a programs in place that assure that the member and its supply chain partners use ISO compliant seals. C-TPAT validation reviews check this area. It pays for serious supply chain participants to be particularly vigilant that their firm and its trading partners buy and use fully compliant seals from fully compliant suppliers.

So, how can you tell the difference between those who comply and those who dont?
There are two positive ways of knowing if the supplier and their products conform to the requirements of ISO/PAS 17712.

1. Ask For Proof

As the supplier for copies of conformance certificates for product testing and securityrelated business practices (normative Annex A). The certificates are usually summary cover pages from test and audit reports. As of March 2012, conformance must cover tamper evidence testing.

You may also ask for certification that the lab and auditor are properly accredited according to ISO procedures, such as ISO 17025 for independent third party test laboratories. Beware of fraudulent documents. In order to assure content integrity and author authenticity, at least one reputable testing laboratory has adopted digitally signed and certified test reports. The lab is Dayton T. Brown; as ISMA learn of other labs or auditors that use enhanced document validation, we shall add their names to this page. Be particularly sceptical of any supplier advertising very early compliance with the tamper evidence requirements of ISO 17712: 2010. As of this writing (December 2010), ISMA members were unaware of any testing laboratory that has been accredited for tamper evident testing.

2. Source From An ISMA Member

You may rest assured when you source your seals from a member of the International Seal Manufacturer's Association (ISMA). Remember, all ISMA members conform fully and completely to the active parts of ISO 17712: 2010 and compliance certificates will be made readily available to you. All ISMA members have adopted a strict Code of Ethics.