Recently the Coast Guard listed the most common MTSA Facility Violations. This is a good list to ensure your program is ready for their next inspection. This is also a good list to pass on to the guard force:
Typical deficiencies areas:
- Access Control
- Restricted Areas
- Drills and Exercises
- Owner/Operator Requirements
- Audits and VSP/FSP Amendments
Most common deficiencies noted on inspection are:
Failure to secure access points:
- Gates left open or unattended.
- Facilities failing to provide an escort for persons without TWIC.
Failure to check identification:
- Individuals gaining access to facilities by piggy backing.
- Security personnel failing to properly screen vehicles and personnel entering the facility.
Damage to perimeter fencing:
- Holes found in perimeter fence.
- Vegetation growing over fence line, allowing unauthorized access to occur.
- Emergency egress gates not secure.
- Missing or improperly placed Secure Area and Restricted Area signage.
Misunderstanding or not knowing the security procedures as stated in the approved FSP:
- Facility personnel or contract guard services failing to conduct screening at the rate specified in their FSP.
- Facility personnel or contract guard services not properly trained on relevant provisions of the FSP.
Restricted Areas not properly marked.
- Areas where FSP is stored (offices, file cabinets, etc.) not containing proper signage designating the area as a Restricted Area.
- Facilities missing “Restricted Area” signage, for example:
- Facility perimeter
- Server rooms
- Control centers
Not storing required documentation within a Restricted Area:
- Sensitive Security Information (SSI) not kept in an area designated as a Restricted Area.
Drills and Exercises:
- Failing to perform security drills in 3 month intervals.
- Failing to perform an annual security exercise.
- Failing to label drill and exercise documentation as SSI and store properly.
- Failure to maintain drill and exercise records.
Improper notifications to USCG:
- Breaches of security not immediately reported to USCG or National Response Center.
- FSPs not being submitted for renewal prior to the expiration date.
- FSPs containing unapproved changes and amendments.
- Facility owners or operators failing to notify facility employees of what parts of the facility are secure areas and public access areas and ensuring such areas are clearly marked.
- Facilities failing to train personnel with security duties; including facility personnel, contract security guard service, and/or TWIC escort companies on relevant provisions of the FSP.
Proper FSP Updating:
- Owner/Operator failing to ensure annual audits of the FSP are conducted by persons with requisite knowledge as required by the regulation.
- Current list of FSOs not updated in the FSP.
- Owner/Operator section of FSP missing TWIC requirements.
- Failing to designate a FSO and failing to designate a 24hr contact number for FSO.
Proper Implementation of FSP:
- Owner/Operator failing to ensure that the facility operates in accordance with the approved FSP.
- Facilities failing to follow incident procedures outlined in approved FSP.
- Facilities failing to provide security personnel with the ability to monitor video surveillance systems per approved FSP.
Failure to conduct annual audits:
- Facilities failing to conduct an annual audit of the FSP.
- Failing to provide certifying documentation of annual audit.
- Failing to follow audit requirements in accordance with the regulation.
- Facilities failing to review the FSP and submit changes to the USCG for approval.
- Failing to update the FSA each time the FSP is submitted for revisions.
Remember, an FSP is not a “binder on the shelf”, but a security operating plan that must be fully implemented and followed in every day operations.