As with any product or service, your inherent risk assessment should inform you of the types and amounts of risks in any product or service. Couriers, in particular, can be moving anything from legal documents requiring a signature to marketing materials requiring approval to sensitive intellectual property or, in extreme cases, medical equipment or human organs for transplants. There is not a single one size fits all category for couriers. But based on your business, you should be able to define reasonable tiering based on what they carry for you.
I might recommend having some documented standards about what can/can't be sent by courier and reserving a single company or two for the most sensitive data or materials. Those companies should have the highest security standards and courier tracking methods, including GPS location and time stamps, and tamper-proof carrier pouches.
From a due diligence perspective, all courier companies should background check and bond their employees; appropriate insurance is also necessary. They should also be able to provide their chain of custody, information security, and privacy policies.
I hope this information is helpful, but I would also love to hear from other members.
Original Message:
Sent: 06-26-2023 10:46 AM
From: Anonymous Member
Subject: Courier Services
This message was posted by a user wishing to remain anonymous
Assigning a tier level to a courier service...
How do you Tier your third-party courier services? (Referring to anything from a local courier that delivers something from one office to another all the way up to the larger more well known services)
What level of due diligence and ongoing monitoring do you put forth to review Couriers?
We are evaluating if we want to review couriers differently going forward and would appreciate any feedback that the community has that could help guide us in our decisions. Thank you in advance.