Category Archives: PSP

CFATS Quarterly Update

Recently DHS released their Fall Quarterly Update providing more detail on the implementation of the CFATS program.

CFATS Update

As of September 1, 2017, CFATS covers 3,478 facilities. DHS has completed more than 2,700 Compliance Inspections (to read more about Compliance Inspections, click here). Since launching CSAT 2.0 a year ago, DHS has received more than 25,000 CSAT Top Screens. DHS is continuing to issue tiering letters to facilities as their Top Screens are received and reviewed.

You can read more about CSAT 2.0 here.

SVA/SSP Questions

One topic discussed in the update in the new questions that facilities will need to answer when submitting a new or revised SVA/SSP.

When submitting the SSP, the new questions facilities will need to address include:

  • Q3.10.050 Personnel Presence
  • Q3.10.400 through Q3.10.420 Inventory Controls
  • Q3.40.400 through Q3.40.430 Cyber Control and Business Systems
  • Q3.50.320 Personnel Surety, Types of Affected Individuals
  • Q3.50.710 Recordkeeping Affirmation

In addition to these new SSP question, facilities are asked to select whether a certain detection and delay security measure applies to perimeter and/or critical assets. The following SSP questions should be reviewed to ensure the location(s) are correctly associated with the security measures applied:

  • Q3.10.070 Mobile Patrols
  • Q3.10.120 Intrusion Detection Systems
  • Q3.10.180 through Q3.10.230 Intrusion Detection Sensors
  • Q3.10.290 and Q3.10.310 Closed Circuit Television
  • Q3.20.030 through Q3.20.160 Perimeter Security
  • Q3.20.430 and Q3.20.440 Access Control Systems
  • Q3.20.560 Anti-Vehicle Measures

Personnel Surety Program (PSP)

Tier 1 and Tier 2 facilities will see questions that address RBPS 12(iv), screening for terrorist ties. Questions Q3.50.330 through Q3.50.550 allow facilities to identify the option(s) chosen and measure(s) used to implement those options for compliance with RBPS 12(iv). To read more about those options, click here.

Additionally, DHS is going to integrate the Personnel Surety Program into the CSAT 2.0 Portal. This should make it much easier and provide better functionality for the user.

Chiefs of Regulatory Compliance

DHS also announced in this update that they have hired Chiefs of Regulatory Compliance (CRCs) for majority of their Regional Offices. CRCs will serve as the lead DHS representatives administering the CFATS regulation and serving as advisors to the Office of Infrastructure Protection Regional Directors.

Region CRCs:

  • Region 1 (VT, RI, ME, NH, CT, MA) – Charles Colley charles.colley@hq.dhs.gov
  • Region 2 (VI, PR, NJ, NY) – John Dean john.dean@hq.dhs.gov
  • Region 3 (DC, DE, WV, MD, VA, PA) – Don Keen donald.keen@hq.dhs.gov
  • Region 4 (MS, SC, AL, KY, FL, NC, TN, GA) – Cheryl Louck cheryl.louck@hq.dhs.gov
  • Region 5 (MN, WI, IN, MI, IL, OH) – Kathy Young kathryn.young@hq.dhs.gov
  • Region 6 (NM, OK, LA, AR, TX) – Steve Shedd steven.shedd@hq.dhs.gov
  • Region 7 (NE, KS, IA, MO) – Dave Martak david.martak@hq.dhs.gov
  • Region 8 (WY, ND, SD, MT, UT, CO) – Jim Williams james.williams@hq.dhs.gov
  • Region 9 (MP, GU, HI, NV, AZ, CA) – Marcie Stone marcie.stone@hq.dhs.gov
  • Region 10 (AK, ID, OR, WA) – Marc Glasser marc.glasser@hq.dhs.gov

Feel free to contact us if more information or support is needed.

CFATS Quarterly Update

On April 4, 2017, the Department of Homeland Security (DHS) began issuing tiering notifications to Chemical Facility Anti- Terrorism Standards (CFATS) regulated facilities based on the results of DHS’s new enhanced risk-tiering methodology.

To date, approximately 12,000 updated Top-Screens have been received from the 27,000 facilities that previously reported holdings of chemicals of interest (COI) at or above the screening threshold quantity.

DHS has sent out over 10,000 tiering determination letters to facilities that have submitted new Top-Screens. Tiering letters are being prioritized based on when DHS received the facility Top-Screen, upcoming compliance inspection schedules, and to consider workload for submitters that have a high number of covered facilities with changes.

Over the next 18 months we will continue to notify facilities of the requirement to submit new Top-Screens and issue tiering decisions on a rolling basis.

I’ve Received a Tiering Letter, Now What?

As facilities receive tiering letters, their next steps will depend on their results.

Facilities new to the CFATS program will be required to submit security plans. If a current facility receives a revised tiering assessment, it does not necessarily mean that it will be required to submit a Site Security Plan (SSP)/Alternative Security Program (ASP).

Facilities should review their tiering letter along with their approved SSP/ASP to determine whether it meets the security measures associated with all the chemicals of interest (COI), specific security issues (Theft/Diversion, Release, or Sabotage), and tiers in the letter. If not, an SSP/ASP update may be required.

Examples of situations in which a facility will need to update its SSP may include:

  • Facilities that add a newly tiered COI, which is located in a new asset area not currently addressed in the SSP/ASP;
  • Facilities that increase in tier and do not have sufficient security measures to account for the higher tier;
  • Facilities with an added security concern from a current COI that lacks sufficient security measures to account for the new security concern.

For example, if a facility possesses chlorine tiered for “theft/diversion” but now must also account for chlorine as a “release” concern, the existing SSP/ASP would need to be revised to include security measures to address risks associated with release COI.

DHS will assess facilities on a case-by-case basis to ensure security measures are appropriate to their level of risk.

CFATS Update

According to DHS, approximately 2,500 security plans have been approved as of April 15. DHS also states that at their current rate, the Department will have inspected and approved all submitted security plans within the next four months.

The CFATS program is moving forward with the implementation of the Personnel Surety Program, enhancements and updates to the Chemical Security Assessment Tool (CSAT), conducting Compliance Inspections (CI) (to read more about What to Expect During a CI, click here), and improving their methodology on risk-tiering for facilities.

CFATS Personnel Surety Program (PSP) Update

 The Department released a Notice of Implementation on December 18, 2015 informing the public of their intention to implement the PSP. The program has been implemented in a phased manner, with Tier 1 and 2 facilities first then Tier 3 and 4 facilities later this year or in 2017. DHS will contact facilities on an individual basis to begin implementation of the Personnel Surety Program. Facilities should wait until they are contact by DHS before making any modifications to their security plans.

The first Compliance Inspection that included PSP implementation was conducted January 28, 2016 and the first updated security plan was approved on March 4, 2016.

To read more about the PSP, click here.

New Requirements for CFATS Facilities

Effective Now – New Requirements for CFATS Facilities – RBPS 12, Personnel Surety

DHS announced and distributed new requirements for Personnel Surety compliance, a clarification and instructions on CFATS Risk Based Performance Standard 12 – Personnel Surety (basically background screening as it relates to federal terrorism databases).

This requirement applies to Tier One and Two High Risk facilities. Each Tier One and Two facility will receive individual letters from DHS giving more detailed requirements and setting individual facility deadlines for compliance, including implementation and amending Security Plans. Requirements for Tier Three and Four facilities will be announced at a later date.

The new requirement relates to RBPS 12(iv) – Measures designed to identify people with terrorist ties, and focuses on Affected Individuals, defined as “facility personnel and unescorted visitors with access to restricted areas or critical assets.”  For many of our clients this means almost all employees and contractors working in their plants.

Facilities may choose one of four options to comply or may propose a combination or alternative plan for compliance.

The four options (explained in detail in the instruction) are summarized below:

  • Option 1: DHS to Vet Affected Individuals
  • Option 2: Affected Individuals Who Possess Certain Credentials
  • Option 3: Electronic Verification of TWIC
  • Option 4: Visual Verification of Credentials

The requirement (attached) is well written and reasonably easy to understand.  However the devil is, as always, in the details, and there is a lot of detail.  The overriding questions chemical companies will ask are how do we implement these screening requirements for existing employees, what action will we take if existing employees fail the federal checks, and how do we comply with limited people and resources?  These questions and the options should to be discussed between Human Resources and Corporate Security.

We are preparing templates now to help facilitate this discussion and to provide suitable amendments for Site Security Plans.