Category Archives: Security Awareness Training

Preparing for a CFATS Compliance Inspection

Many companies aren’t prepared when they receive a letter from the DHS Infrastructure Security Compliance Division (ISCD) notifying them of an upcoming facility Compliance Inspection (CI). You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful CFATS Compliance Inspection.

Review Your Documents

When you receive a notice from DHS about an upcoming inspection, this is always a good time to review your security plan and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required drills and/or exercises, and an annual audit of the security plan.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including access control, monitoring, screening, security personnel (who is the FSO, Alt. FSO?), NTAS security measures, etc.

 Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the inspectors will want to review during the inspection. We have had great success with these binders for all of our regulated clients; CFATS, MTSA, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a Compliance Inspection that they passed without any issues, “We went through our security plan book while the inspector was here and we were complimented on how all the files were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about.”

Let us know if we can help you prepare for your CFATS Compliance Inspection and develop a security binder for you and help you succeed with your inspections.

To read about what to expect from a CFATS CI, click here.

Complete Active Shooter and Workplace Violence Program

“I knew this was going to happen.” That is the statement given in more than 50% of workplace and school rage killings.

We have learned that employees are unlikely to report emerging situations to management unless they feel confident that management has a plan and an organized response to address the issue.

Don Greenwood & Associates has supported clients with workplace violence prevention and response programs since 1995 – companies in oil & gas, field services, manufacturing, business, chemicals and computing.

Our program is comprehensive, ready for rapid deployment throughout the workforce, and includes:

  • A template for establishing a Threat Management Team (consistent with ASIS and SHRM guidelines) that includes specific responsibilities for Security, HSE, HR, Legal, and Operations.
  • A Quick Action Guide addressing active shooter situations – ready for distribution to your employees immediately.
  • A PowerPoint training program for employees that encourages reporting, engagement, and concise standards of behavior.
  • A PowerPoint for managers and supervisors with guidelines and standards for intervening in and managing workplace disruption.
  • Training materials to help employees formulate their own plans for run, hide, and fight – based on their immediate workplace environment.
  • Guidelines on assessing the potential for violence in emerging situations and strategies for managing these threats.

The program is complete, cost effective, and ready to tailor to your company’s needs and culture.

Send me an email or give me a call for more information – Don Greenwood, don@greenwoodsecurity.com, 281-435-2339.

Check out our website – www.greenwoodsecurity.com

Don Greenwood & Associates, Inc. – Full Service Security Management Consultants since 2003

2018 Port Security Grant Program Posted

Yesterday, the Department of Homeland Security and FEMA posted the 2018 Port Security Grant Notice of Funding Opportunity (NOFO).  Federal allocation this year is $100 million, more than last year.  However, for private, for profit companies, the federal match is 50/50 vs the 25%/75% if last year.  Which means, that if a recipient applies for $100,000 in funding for an appropriate security project, DHS will award $50,000 and the company receiving the award will need to provide $50,000 in matching funds.

That may make the grants program less attractive for many companies; however, it is logical that fewer will apply, so the chances of winning an award may be better than last year.

The deadline for filing applications is June 20th – we have less than 30 days.

In the last few years, Don Greenwood & Associates Inc. has help clients write and submit ten grant applications and have won awards for eight of the ten, including the largest award given to a private company in 2016 – just under $1 million dollars.  Writing successful grant applications depends on the consultant’s ability to draft a persuasive argument that the facility in question needs the award to support the goals of the larger community, the Area Maritime Committee, as well as the submitting company and port facility.

Contact us at 281-435-2339 or don@greenwoodsecurity.com for more information.

3 Tips for a Successful USCG Inspection

Many companies aren’t prepared when they receive a letter from the U.S. Coast Guard notifying them of an upcoming facility security inspection. You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful USCG Inspection.

Review Your Documents

When you receive a notice from the USCG about an upcoming inspection, this is always a good time to review your FSP and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required quarterly drills, annual exercise, and annual audit of the FSP.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including TWIC, screening, security personnel (who is the FSO, Alt. FSO?), MARSEC security measures, etc.

Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the USCG will want to review during the inspection. We have had great success with these binders for all of our regulated clients; MTSA, CFATS, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a US Coast Guard inspection that they passed without any issues, “We went through our MARSEC book while the USCG was here and we were complimented on how all the files for MARSEC were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about. “

Let us know if we can help you prepare for USCG Security Inspection and develop a security binder for you and help you succeed with your inspections.

CFATS Quarterly Update

Recently DHS released their Fall Quarterly Update providing more detail on the implementation of the CFATS program.

CFATS Update

As of September 1, 2017, CFATS covers 3,478 facilities. DHS has completed more than 2,700 Compliance Inspections (to read more about Compliance Inspections, click here). Since launching CSAT 2.0 a year ago, DHS has received more than 25,000 CSAT Top Screens. DHS is continuing to issue tiering letters to facilities as their Top Screens are received and reviewed.

You can read more about CSAT 2.0 here.

SVA/SSP Questions

One topic discussed in the update in the new questions that facilities will need to answer when submitting a new or revised SVA/SSP.

When submitting the SSP, the new questions facilities will need to address include:

  • Q3.10.050 Personnel Presence
  • Q3.10.400 through Q3.10.420 Inventory Controls
  • Q3.40.400 through Q3.40.430 Cyber Control and Business Systems
  • Q3.50.320 Personnel Surety, Types of Affected Individuals
  • Q3.50.710 Recordkeeping Affirmation

In addition to these new SSP question, facilities are asked to select whether a certain detection and delay security measure applies to perimeter and/or critical assets. The following SSP questions should be reviewed to ensure the location(s) are correctly associated with the security measures applied:

  • Q3.10.070 Mobile Patrols
  • Q3.10.120 Intrusion Detection Systems
  • Q3.10.180 through Q3.10.230 Intrusion Detection Sensors
  • Q3.10.290 and Q3.10.310 Closed Circuit Television
  • Q3.20.030 through Q3.20.160 Perimeter Security
  • Q3.20.430 and Q3.20.440 Access Control Systems
  • Q3.20.560 Anti-Vehicle Measures

Personnel Surety Program (PSP)

Tier 1 and Tier 2 facilities will see questions that address RBPS 12(iv), screening for terrorist ties. Questions Q3.50.330 through Q3.50.550 allow facilities to identify the option(s) chosen and measure(s) used to implement those options for compliance with RBPS 12(iv). To read more about those options, click here.

Additionally, DHS is going to integrate the Personnel Surety Program into the CSAT 2.0 Portal. This should make it much easier and provide better functionality for the user.

Chiefs of Regulatory Compliance

DHS also announced in this update that they have hired Chiefs of Regulatory Compliance (CRCs) for majority of their Regional Offices. CRCs will serve as the lead DHS representatives administering the CFATS regulation and serving as advisors to the Office of Infrastructure Protection Regional Directors.

Region CRCs:

  • Region 1 (VT, RI, ME, NH, CT, MA) – Charles Colley charles.colley@hq.dhs.gov
  • Region 2 (VI, PR, NJ, NY) – John Dean john.dean@hq.dhs.gov
  • Region 3 (DC, DE, WV, MD, VA, PA) – Don Keen donald.keen@hq.dhs.gov
  • Region 4 (MS, SC, AL, KY, FL, NC, TN, GA) – Cheryl Louck cheryl.louck@hq.dhs.gov
  • Region 5 (MN, WI, IN, MI, IL, OH) – Kathy Young kathryn.young@hq.dhs.gov
  • Region 6 (NM, OK, LA, AR, TX) – Steve Shedd steven.shedd@hq.dhs.gov
  • Region 7 (NE, KS, IA, MO) – Dave Martak david.martak@hq.dhs.gov
  • Region 8 (WY, ND, SD, MT, UT, CO) – Jim Williams james.williams@hq.dhs.gov
  • Region 9 (MP, GU, HI, NV, AZ, CA) – Marcie Stone marcie.stone@hq.dhs.gov
  • Region 10 (AK, ID, OR, WA) – Marc Glasser marc.glasser@hq.dhs.gov

Feel free to contact us if more information or support is needed.

Chemical Sector Security Summit

For the first time after 10 years, the annual Chemical Sector Security Summit will be held outside the D.C. area in Houston, Texas. The summit is scheduled to take place in July 2017.

This year’s Summit will feature vital chemical security information for 2017 and beyond, while bringing together industry owners and operators, key government officials, first responders, and law enforcement to engage in face-to-face discussions and share the latest in security best practices.

Summit registration will open in spring 2017, along with updates on the venue, agenda, and speakers.

For more information, click here.

CFATS Quarterly Update

On April 4, 2017, the Department of Homeland Security (DHS) began issuing tiering notifications to Chemical Facility Anti- Terrorism Standards (CFATS) regulated facilities based on the results of DHS’s new enhanced risk-tiering methodology.

To date, approximately 12,000 updated Top-Screens have been received from the 27,000 facilities that previously reported holdings of chemicals of interest (COI) at or above the screening threshold quantity.

DHS has sent out over 10,000 tiering determination letters to facilities that have submitted new Top-Screens. Tiering letters are being prioritized based on when DHS received the facility Top-Screen, upcoming compliance inspection schedules, and to consider workload for submitters that have a high number of covered facilities with changes.

Over the next 18 months we will continue to notify facilities of the requirement to submit new Top-Screens and issue tiering decisions on a rolling basis.

I’ve Received a Tiering Letter, Now What?

As facilities receive tiering letters, their next steps will depend on their results.

Facilities new to the CFATS program will be required to submit security plans. If a current facility receives a revised tiering assessment, it does not necessarily mean that it will be required to submit a Site Security Plan (SSP)/Alternative Security Program (ASP).

Facilities should review their tiering letter along with their approved SSP/ASP to determine whether it meets the security measures associated with all the chemicals of interest (COI), specific security issues (Theft/Diversion, Release, or Sabotage), and tiers in the letter. If not, an SSP/ASP update may be required.

Examples of situations in which a facility will need to update its SSP may include:

  • Facilities that add a newly tiered COI, which is located in a new asset area not currently addressed in the SSP/ASP;
  • Facilities that increase in tier and do not have sufficient security measures to account for the higher tier;
  • Facilities with an added security concern from a current COI that lacks sufficient security measures to account for the new security concern.

For example, if a facility possesses chlorine tiered for “theft/diversion” but now must also account for chlorine as a “release” concern, the existing SSP/ASP would need to be revised to include security measures to address risks associated with release COI.

DHS will assess facilities on a case-by-case basis to ensure security measures are appropriate to their level of risk.

2017 Port Security Grant Program (PSGP) Update 2.0 – May 2017

Port Security Grants possibly announced in two weeks.

FEMA Grant Programs Directorate provided a presentation regarding the FY2017 Port Security Grant Program (PSGP).

Summary:

  • Announcement expected May 19, 2017.
  • Grants will need to be submitted to FEMA by June 19, 2017.
  • Anticipated to be for the same amount as FY2016, $100,000,000.00.
  • Funding priorities remain the same as 2016:
    • Enhancing Maritime Domain Awareness
    • TWIC Readers
    • Cybersecurity Capabilities
    • Training and Exercises, etc.
  • Cost sharing remains the same as 2016, 25/75 split.

To read more about the PSCP, click here and here.

Get Ready Now for 2017 Port Security Grants

It is not too soon to start the registration processes.

The Administration has budgeted $93 million for port security grant awards in 2017.
It is not too soon to begin the application process. Typically, the schedule goes like this:

  • Mid-February the Grant Program is announced, Instructions are posted, and the application period begins. The 2016 application period began on February 17.
  • Late April – the application period closes. In 2016 the application deadline was April 25th.

However, before a facility can upload a grant application they must:

  • Obtain and/or verify the DUNS number for the specific facility and business unit involved. Your legal or tax department may be able to help with this.
  • Register in the government’s System for Award Management (SAM.gov).  FEMA states, “It may take 4 weeks or more after the submission of a SAM registration before the registration becomes active in SAM.gov, then an additional 24 hours for Grants.gov to recognize the information.”
  • Once the SAM’s registration is complete, register and set up an account in a second government web-portal, Grants.gov.  Receive an account log in and password.
  • Once the Grants.gov registration is complete and approved, use that account to set up a third registration in a third government web portal, NDGrants.gov (the site to specifically upload “non-disaster” grants.  All application documentation will be uploaded through NDGrants.gov.  This is also the portal wherein the FEMA officials will communicate with the applicant.

Is it worth doing? Absolutely YES!

Don Greenwood & Associates Inc. has an excellent track record in applying for and winning grants for our clients. In 2016, we developed and submitted several grant applications for a total of $3 million in awards.

Of special interest to DHS in 2016 were applications that included funds for cyber security protections, as well as the fundamentals – access control, gates, TWIC readers, etc.

Let’s get started. Before we can develop an application we need to discuss your facility, what is needed, and whether or not your needs meet the grant priorities. Successful grant writing is more an art than a science. Give us a call at 832-717-4404 or email don@greenwoodsecurity.com.

The Security Guard Audit

A few weeks ago, USCG officers arrived at a regulated facility, and observed the main gate security officer not inspecting and validating TWIC cards, and not conducting vehicle inspections as required in the Facility Security Plan. For a moment, the USCG considered shutting down the facility. Recently the USCG also released a list on common MTSA Facility Violations.

We are often retained to conduct brief audits and training moments with entry guards. It works like this: one of us arrives at the entry point and observes security checking in and admitting people to the facility. Then we check in ourselves and spend a few moments with security management to relay our findings. Within moments, we return to the security post, explain that we just conducted an audit and spend a few moments renewing their training. These moments are powerful training tools that will not soon be forgotten. Ken Blanchard, the author of The One Minute Manager, said that supervisors should make every encounter with their staff a learning moment:

  • Catch them doing something wrong, quickly reprimand and then take a moment to retrain.
  • Catch them doing something right, quickly praise and let them know what they did so well.
  • Or, just stop by for a one minute reminder on a procedure or conduct that is important.

Penetration audits can give some indication of how well personnel are performing, but the real value comes from the training that results.