Category Archives: Inspections

Do I Need to Resubmit a Top-Screen?

There are still circumstances which may require your facility to resubmit a Top-Screen today, even if you have already resubmitted using CSAT 2.0. For example, a facility must report material modifications to its chemical holdings or facility operations, as these changes may alter a facility’s tier. Material modifications may include:

  • The addition or removal of COI at the STQ and concentration
  • Changes to quantity, location, or packaging of a COI as previously reported on a Top-Screen

Facilities are encouraged to report the highest expected quantity and concentration of COI they anticipate possessing over the lifecycle of their operations. By taking this approach, facilities can maintain a more efficient reporting process as they will not need to resubmit a Top-Screen when the quantity or concentration of a COI is reduced through normal operations.

Additionally, CFATS-covered facilities are required to update their Top-Screens on a regular basis, as determined by their tier:

  • A Tier 1 or Tier 2 facility must update its Top-Screen two years after its SSP is approved
  • A Tier 3 or Tier 4 facility must update its Top-Screen three years after its SSP is approved

Let us know if we can help you prepare and submit your CFATS Top Screen and prepare your facility for a Compliance Inspection.

To read about what to expect from a CFATS CI, click here.

DHS OIG Review of the USCG Oversight of the TWIC Program

The Department of Homeland Security’s Office of Inspector General performed a review of the USCG oversight of the TWIC program and found that the USCG “does not have a full understanding of the extent to which the TWIC program address security risks in the maritime environment”.

Report Findings:

  • DHS did not complete the mandated TWIC Program assessment
  • USCG needs to clarify TWIC Reader requirements for industry
  • USCG needs to improve TWIC card verification process
    • USCG completed 33,800 TWIC verifications, but only used electronic TWIC readers to verify just 2,425 cards, or 1 in 15 cards
  • USCG needs to strengthen oversight guidance on TWIC program

The report also lists four recommendation for DHS and the USCG:

  • DHS Under Secretary of Science and Technology complete the TWIC program assessment required by Public Law 114-278 to evaluate the security value of the TWIC program.
  • The USCG’s Assistant Commandant for Prevention Policy take action to more clearly define the applicable facilities that have certain dangerous cargo in bulk and which must implement the use of electronic TWIC readers as an access control measure.
  • The USCG’s Assistant Commandant for Prevention Policy improve the Coast Guard’s use of electronic TWIC card readers during annual inspections at regulated facilities by procuring new TWIC card readers.
  • The USCG’s Assistant Commandant for Prevention Policy revise and strengthen the Coast Guard TWIC Verification and Enforcement Guide.

DHS concurred with all four of the recommendations and stated that the Homeland Security Operational Analysis Center is currently conducting an assessment of the TWIC program. The estimated completion date for the DHS assessment is March 30, 2020.

To download a copy of the full report, click here.

The Adversary Sets the Agenda

Security planning must take into consideration that the Adversary sets the agenda and is better informed when plotting than the security strategist.

The threat adversary sets the agenda.  This is an important and too little discussed reality.

Building occupants, even building security, do not know that an adversary is considering an adverse attack or criminal intrusion.  The building and suite occupants “blindly” implement security measures that are customary and often “cosmetic”.  However, the adversary has an agenda:

  • They have an objective ranging from simple theft of purses and wallets to incidents of workplace violent, including rage killings.
  • They know the “territory” – they have studied and surveilled the building and avenues of access.  They know how ineffective the lobby guard is.  They have a target and a plan.
  • They want to enter incognito – their observations of building activity show they what to do to maintain a low profile.
  • In active shooter situations, they may be suicidal and have no plan of escape, which makes them very dangerous.
  • They will likely identify the same vulnerabilities that have been identified during a security assessment.

Security countermeasures must mitigate these risk as far as is reasonable and possible.  They should be deterred by at least two access-controlled perimeters to complicate their plan and increase their risk of detection.

Watch for our series of blogs on the security assessment process.

Is Your Building/Office Space Secure?

A recent FBI report reveals that a majority of active shooters spend at least a week planning their attack and often attack people and places with which they were already familiar. In the majority of active shooter cases, the active shooter knew and actively targeted at least one of the victims.

In this growing threat environment, employees are expressing concerns about acts of workplace violence and active shooter. The most important security measures for workplace protection are employee awareness training and a fundamental building security program.

A thorough and detailed building security vulnerability assessment (SVA) and report are the first steps in developing an effective building security program to protect people and critical assets. The SVA provides for the foundation of a risk management program.

 The objective of conducting a security assessment is to assess security risks as a means to assist management in identifying and understanding the risks that face the organization.  This assists management in making informed decisions on the adequacy of security and the need for additional security countermeasures to address threats, vulnerabilities and potential consequences.

Contact Don Greenwood & Associates, Inc. to have us conduct a security assessment on your building or office spaces.

Preparing for a CFATS Compliance Inspection

Many companies aren’t prepared when they receive a letter from the DHS Infrastructure Security Compliance Division (ISCD) notifying them of an upcoming facility Compliance Inspection (CI). You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful CFATS Compliance Inspection.

Review Your Documents

When you receive a notice from DHS about an upcoming inspection, this is always a good time to review your security plan and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required drills and/or exercises, and an annual audit of the security plan.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including access control, monitoring, screening, security personnel (who is the FSO, Alt. FSO?), NTAS security measures, etc.

 Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the inspectors will want to review during the inspection. We have had great success with these binders for all of our regulated clients; CFATS, MTSA, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a Compliance Inspection that they passed without any issues, “We went through our security plan book while the inspector was here and we were complimented on how all the files were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about.”

Let us know if we can help you prepare for your CFATS Compliance Inspection and develop a security binder for you and help you succeed with your inspections.

To read about what to expect from a CFATS CI, click here.

TSA Begins Issuing New TWIC Cards

The Transportation Security Administration (TSA) began issuing the new TWIC NexGen cards on July 10, 2018. The new cards incorporate enhanced security features (click here to read more).

Details about the new TWIC NexGen card:

  • Current TWIC card holders do not need to replace a valid TWIC card with the new TWIC card design.
  • Regulated entities that require TWIC for access will accept and recognize both the current and new TWIC designs until the card’s expiration.
  • The new card design is compatible with qualified TWIC readers.
  • To deter alteration of the card’s expiration date, the new card includes a color-coded expiration date box that will update on an annual basis.
  • The fee for the newly re-designed TWIC card remains unchanged ($125.25) and the credential is valid for five years.

Click here to read more about the TWIC NexGen cards.

Click here for a TWIC NexGen Authentication Guide

New Coast Guard Facility Inspection Form

Effective immediately, USCG facility inspectors are going to start using a new form for facility inspections. The new form, CG-835F, replaces CG-Form 835, “Vessel/Facility Inspection Requirements”. CG-835F is specifically formatted for facility inspections. There are no major changes to the new form or the information collected during the inspection.

Facility owners and operators may start seeing Coast Guard facility inspectors using the new form immediately, but some inspectors may still use the older CG-835 form during the transition.

Click here for a link to the new CG-385F form.

3 Tips for a Successful USCG Inspection

Many companies aren’t prepared when they receive a letter from the U.S. Coast Guard notifying them of an upcoming facility security inspection. You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful USCG Inspection.

Review Your Documents

When you receive a notice from the USCG about an upcoming inspection, this is always a good time to review your FSP and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required quarterly drills, annual exercise, and annual audit of the FSP.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including TWIC, screening, security personnel (who is the FSO, Alt. FSO?), MARSEC security measures, etc.

Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the USCG will want to review during the inspection. We have had great success with these binders for all of our regulated clients; MTSA, CFATS, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a US Coast Guard inspection that they passed without any issues, “We went through our MARSEC book while the USCG was here and we were complimented on how all the files for MARSEC were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about. “

Let us know if we can help you prepare for USCG Security Inspection and develop a security binder for you and help you succeed with your inspections.

Changes in USCG Leadership Indicate Strong Continued Interest in Port Security

  • Rear Adm. Paul Thomas moves from Prevention Policy to command of the Eighth District – New Orleans.
  • Rear Adm. John Nadeau assumes position as assistant commandant for Prevention Policy.

Rear Adm. Paul Thomas, in an article posted in Maritime Commons, stated:

This week marks my last as assistant commandant for prevention policy. I assume command of the Coast Guard’s Eighth District in mid-August. It has been a distinct privilege to lead and represent the men and women of the U.S. Coast Guard who are dedicated to ensure our national security and economic prosperity by ensuring the safety, security and environmental soundness of our Marine Transportation System globally . . .Thank you for your professional and productive relationship with the U.S. Coast Guard.

About Rear Admiral Nadeau, Thomas stated:

I am pleased to introduce Rear Adm. John Nadeau as the new assistant commandant for prevention policy effective today. His most recent assignment was as assistant commandant for capability, where he was responsible for identifying and sourcing new and extended capabilities, competencies, and capacity to meet mission requirements. Prior to that, he served as commanding officer of the Coast Guard Marine Safety Center where he led the review and approval of plans for the design, construction, alteration, and repair of U.S. and foreign flag commercial vessels subject to U.S. laws, regulations, and international standards. Rear Adm. Nadeau’s other assignments cover the full spectrum of marine safety and inspections and span the bulk of his nearly three decades long career: chief of inspections, senior investigating officer, MSU commanding officer, captain of the port and federal on scene coordinator, Officer In Charge, Marine Inspection, and chief of the Office of Design and Engineering Standards.

In summary: Prevention Policy is assumed by a strong advocate for robust port security with a background in marine safety and inspection, and the command of District Eight is assumed by the former assistant commandant for prevention policy.  These moves indicate a strong continued interest in port security programs.

CFATS Quarterly Update

On April 4, 2017, the Department of Homeland Security (DHS) began issuing tiering notifications to Chemical Facility Anti- Terrorism Standards (CFATS) regulated facilities based on the results of DHS’s new enhanced risk-tiering methodology.

To date, approximately 12,000 updated Top-Screens have been received from the 27,000 facilities that previously reported holdings of chemicals of interest (COI) at or above the screening threshold quantity.

DHS has sent out over 10,000 tiering determination letters to facilities that have submitted new Top-Screens. Tiering letters are being prioritized based on when DHS received the facility Top-Screen, upcoming compliance inspection schedules, and to consider workload for submitters that have a high number of covered facilities with changes.

Over the next 18 months we will continue to notify facilities of the requirement to submit new Top-Screens and issue tiering decisions on a rolling basis.

I’ve Received a Tiering Letter, Now What?

As facilities receive tiering letters, their next steps will depend on their results.

Facilities new to the CFATS program will be required to submit security plans. If a current facility receives a revised tiering assessment, it does not necessarily mean that it will be required to submit a Site Security Plan (SSP)/Alternative Security Program (ASP).

Facilities should review their tiering letter along with their approved SSP/ASP to determine whether it meets the security measures associated with all the chemicals of interest (COI), specific security issues (Theft/Diversion, Release, or Sabotage), and tiers in the letter. If not, an SSP/ASP update may be required.

Examples of situations in which a facility will need to update its SSP may include:

  • Facilities that add a newly tiered COI, which is located in a new asset area not currently addressed in the SSP/ASP;
  • Facilities that increase in tier and do not have sufficient security measures to account for the higher tier;
  • Facilities with an added security concern from a current COI that lacks sufficient security measures to account for the new security concern.

For example, if a facility possesses chlorine tiered for “theft/diversion” but now must also account for chlorine as a “release” concern, the existing SSP/ASP would need to be revised to include security measures to address risks associated with release COI.

DHS will assess facilities on a case-by-case basis to ensure security measures are appropriate to their level of risk.