Category Archives: FSO

Getting Your Arms Around the Risk and Cost of Business Travel

Rick, a Houston based HR manager, arranges travel to the company’s Guatemala City office to roll-out next year’s benefits package.  He arrives at the Guatemala office only to learn the people he needs to meet with have all departed to Houston for meetings with operation leadership.  Wouldn’t it be great to have an easy to use software that requires Rick’s trip be approved ahead of time by his boss, the host country manager, and perhaps his cost center manager?  How about notifying Corporate Security of his travel plans? Business Travel Assurance (BTA) is a fully deployed, stable software system developed by Don Greenwood & Associates Inc. that accomplishes all of this and more.

On a more serious note, when on 9/1/2012 the U.S. embassy was attacked in Benghazi, our client had operations in Libya.  In minutes, they knew which employees were there, which were in route, and who had planned travel to go there in the near term.  All easy to pull reports from BTA.

BTA operates on the company email system – no need to sign-on to a separate software application. When a travel itinerary is booked, BTA checks the destinations against a configurable list and takes these actions:

  • An automatically generated email alert is sent to the traveler stating this travel booking needs approval.
  • If the country is in the high-risk category, Corporate Security is notified and must clear the travel before it can proceed.
  • A similar email is sent to the traveler’s manager, asking for the approval.  The manager can take one of three options – approve the trip, disapprove, or ask for more information.
  • An email is also sent to the cost center manager seeking financial approval.  And an email notifies the destination country manager as well.
  • If the destination is on a health alert list, an email is sent to the medical department, so they can provide necessary inoculations and information.
  • The system also asks the traveler if they are going to a conference.  If the answer is yes, it asks if they are a presenter and several other questions.  Therefore, travel costs for conferences is significantly reduced.
  • Manager can pull many reports from the system: travelers by approving manager, trips by a single traveler, volume of travel to a specific destination, etc.

BTA is a fully deployed, cloud-based solution designed to help assure business traveler safety, managerial awareness, and cost control. Originally designed to facilitate a client-specific international travel approval process, BTA has evolved as a comprehensive platform for managing business travel at the enterprise level.

Click here to learn more about BTA.

Contact Don Greenwood & Associates, Inc. for further information.

don@greenwoodsecurity.com or info@greenwoodsecurity.com

The Reception/Front Desk Reference Guide and The Field Security Resource Manual

Two content rich templates ready to customize for your facilities.

The Reception/Front Desk Reference Guide

  • Developed from our large procedure library with recent input from Security Directors.
  •  Includes Reception Duties, Confidentiality, Use of Email and Phone Systems, and Emergency Response guidance ranging from dealing with activists and protestors, angry and distressed persons in the lobby, process servers, weather emergencies, and dozens of other response procedures.
  • We are ready to align our template with your department’s specific requirements and insert your contact lists in the finished document.
  • In use now by several large companies in oil, gas, and chemicals.

The Field Security Resource Manual

  • Most of our oil, gas, pipeline, and chemical clients have field facilities where security is managed or supervised by EH&S, port FSOs, or operations personnel.  Clients asked us for a field security guide that would speed up training for the field and provide a catalogue of general security management information for their everyday reference.
  • Our template includes a wide range of topics from Guard Force Contracting and Management, to practical steps in Risk Assessment, perimeter protection and responding to threats.

*Contact us to arrange a visit to view the Field Security Manual; or ask for an online meeting.

CFATS PSP for Tier 3 and 4 Facilities

On July 9, 2019, the DHS Cybersecurity and Infrastructure Security Agency (CISA) published a notice in the Federal Register that announced the implementation of the Personnel Surety Program for all cover CFATS facilities, including Tier 3 and 4 facilities. Regulated CFATS facilities that have an approved SSP/ASP, will be notified by the Agency in a phased manner of the need to update their security plans with measures to comply with RBPS 12(iv).

To read more about the PSP requirements, click here and here.

To download a copy of the notice, click here.

Contact us if you need help revising your SSP/ASP and implementing your Personnel Surety Program.

SEAFARERS ACCESS TO MARITIME FACILITIES

On April 1, 2019, the USCG issued a final rule, “Seafarers Access to Maritime Facilities” requiring owners or operators of a maritime facility regulated by the Maritime Transportation Security Act (MTSA) to implement a system providing seafarers, pilots, and representatives of seamen’s welfare and labor organizations access between vessels moored at the facility and the facility gate. Access between the vessel and the gate has to be provided in a timely manner and at no cost to the seafarer or other individuals.

These access procedures must be documented in the Facility Security Plan (FSP) for each regulated Part 105 facility and approved by the local Captain of the Port (COTP). Facility owners or operators will need to amend or update their FSP to ensure that they are in compliance with these requirements. The COTP will then review the submitted amendments to ensure they are in compliance with the requirements listed in 33CFR105.237 (c)-(e).

Important dates associated with the regulation:

  • May 1, 2019 – Seafarers’ Access to Maritime Facilities regulation became effective;
  • February 3, 2020 – The system of access must be documented in the FSP; and,
  • June 1, 2020 – The facility owner or operator must implement their system of access.

33CFR105.237 (c)-(e) Requirements:

(c) Timely access

(d) Access methods

(e) No cost to individuals

Port Security Grant-Themed Malicious Email (TLP-GREEN)

MPS-ISAO Warning Report, “Malicious Port Security Grant-Themed Email“.  The MPS-ISAO received an email sample from a U.S. Port customer this morning, and have confirmed that it is malicious.  The distribution list for this port security grant-themed email was over 500.  Please click here to see the report for email indicators.

Thanks Lester Millet for the report.

Lester J. Millet III, LEM
Safety Agency Risk Manager / FSO Workgroup Chairman
Port of South Louisiana

Identification of Additional Facilities and Assets at Risk

DHS Issues 60 Day ICR Notice for CSAT

From Chemical Facility Security News

Yesterday the DHS Cybersecurity and Infrastructure Security Agency, the agency that oversees the CFATS program, published a 60-day Information Collection Request (ICR) notice for revisions to the Chemical Security Assessment Tool (CSAT). The notice is intended to revise collection and burden estimates for data collection using CSAT 2.0.

Also included in yesterday’s ICR notice is a detailed review of the risk identification tool, Identification of Additional Facilities and Assets at Risk, that DHS is using to collect data during compliance inspections. At facilities that ship and receive COIs, the facilities are requested to voluntarily provide information on:

  • Shipping and/or receiving procedures
  • Invoices and receipts
  • Company names and locations that COI is shipped and/or received from

Facilities that are identified has having SCADA, DCS, PCS, or ICS systems are requested to voluntarily provide information on:

  • Details on the system(s) that controls, monitors, and/or manages small to large production systems as well as how the system(s) operates.
  • If it is standalone or connected to other systems or networks and document the specific brand and name of the system(s)

Thanks to PJ Coyle for the information on this ICR. To read a more detailed review of the ICR, click here. While there, subscribe the PJ’s blog.

Do you need a DOT HAZMAT Security Plan?

If you transport certain hazardous material, you probably need to implement a security plan. Many oil and gas operators are already familiar with the U.S. Coast Guard Maritime Transportation Security Act (MTSA) and DHS Chemical Facility Anti-Terrorism Standards (CFATS), but many are not familiar with the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) HAZMAT Site Security Plan requirements (49 CFR Part 172.800). The rule took effect in September 2003 and requires companies that transport hazardous material to establish a written security plan. The regulation also requires specific security training requirements for HAZMAT drivers and HAZMAT employees.

Security Plan Requirements

The security plan must include an assessment of the transportation security risk for HAZMAT shipments, including site-specific and location-specific risks associated with the facilities at which the materials are prepared for transport, stored, or unloaded incident to movement, and appropriate measures to address the assessed risks. At a minimum, the security plan must include the following elements:

  • Personnel security;
  • Unauthorized access;
  • En route security;
  • Identification by job title the senior management official responsible for the development and implementation of the security plan;
  • Security duties for each position or department responsible for implementing the plan; and
  • A plan for training HAZMAT employees.

Training Requirements

The regulation requires the company/facility to ensure that each of its hazmat employees receive security awareness training as well as in-depth security training.

For more information of the DOT regulation, click here.

Last Minute Deal Extends CFATS Program

According to The Hill, Senators have struck a last-minute deal to extend the Chemical Facility Anti-Terrorism (CFATS) program. This program regulates how manufacturers must guard against potential terror attacks.

Congress will now vote on the bill to reauthorize the CFATS program for 15 months. The CFATS program was set to officially expire at the end of Thursday, January 17, 2019.

To read more about CFATS, click here.

To read The Hill, article click here.

To read more on the bill, click here.

 

Do I Need to Resubmit a Top-Screen?

There are still circumstances which may require your facility to resubmit a Top-Screen today, even if you have already resubmitted using CSAT 2.0. For example, a facility must report material modifications to its chemical holdings or facility operations, as these changes may alter a facility’s tier. Material modifications may include:

  • The addition or removal of COI at the STQ and concentration
  • Changes to quantity, location, or packaging of a COI as previously reported on a Top-Screen

Facilities are encouraged to report the highest expected quantity and concentration of COI they anticipate possessing over the lifecycle of their operations. By taking this approach, facilities can maintain a more efficient reporting process as they will not need to resubmit a Top-Screen when the quantity or concentration of a COI is reduced through normal operations.

Additionally, CFATS-covered facilities are required to update their Top-Screens on a regular basis, as determined by their tier:

  • A Tier 1 or Tier 2 facility must update its Top-Screen two years after its SSP is approved
  • A Tier 3 or Tier 4 facility must update its Top-Screen three years after its SSP is approved

Let us know if we can help you prepare and submit your CFATS Top Screen and prepare your facility for a Compliance Inspection.

To read about what to expect from a CFATS CI, click here.