The Chemical Facility Anti-Terrorism Standards (CFATS) is now several years old, and many facilities have already submitted Site Security Plans (SSPs) to the Infrastructure Security Compliance Division (ISCD) – the component with the Department of Homeland Security responsible for CFATS compliance. The overwhelming majority of these facilities are waiting for ISCD to assess their SSP and make an initial approval or denial decision. For those facilities whose SSPs are initially approved, ISCD will then conduct a physical site inspection. To date, a small number of facilities have undergone this Authorization Inspection, a step required by regulation before the SSP is formally approved.
Although the SSP questions have not changed since their initial deployment in May 2009, techniques and strategies that inform how best to complete the SSP have evolved over time. Indeed, in late 2010, ISCD even published its own document entitled "Helpful Tips for Completing a Chemical Facility Anti-Terrorism Standards Site Security Plan." Recognizing that SSPs require accurate information – but understanding the changing nature of facility operations – led ISCD to initiate the SSP Edit Process in the fall of 2010. In some instances, information that was accurate when a facility submitted its SSP is no longer accurate. For example, facility-specific information such as the name of the person responsible for cybersecurity may have changed. Alternatively, there may be changes that alter the security measures reflected in the Risk-Based Performance Standards.
The SSP Edit Process is activated via the Chemical Security Assessment Tool (CSAT), the same mechanism by which the SSP and other CFATS documents are electronically submitted to DHS. To assist facilities in understanding the SSP Edit Process, ISCD published a corresponding "CSAT SSP Edit Process User Guide." This short but helpful guide is available at the CFATS Knowledge Center.
There are two types of SSP edits: administrative edits and technical edits. According to ISCD's guide, "[a]n administrative edit involves making changes to information pertaining to your facility's description, contact information, local police, fire and Emergency Management Team (EMT) jurisdiction information, and employee and workshift information." A technical edit "…involves making changes to information pertaining to your facility's operations, security measures, and other areas which are not considered an administrative edit." Importantly, technical edits are permitted "…once every 90 days after the final approval by DHS of the SSP." As indicated above, final approval of the SSP occurs only after the Authorization Inspection.
The deployment of the SSP Edit Process feature is certainly a welcome addition to the CSAT application suite, which hopefully will be further enhanced with additional functionality in the future.
To view the complete CFATS e-newsletter this article was featured in, click here.
Content contributed by Steve Roberts, of the Houston, Texas-based Roberts Law Group. Roberts is an attorney who advises chemical and petrochemical companies on homeland security regulations, especially the Chemical Facility Anti-Terrorism Standards.