Before there was CFATS, there was the Responsible Care Security Code. It was started in 1988 by the American Chemical Council and the code was made mandatory in 2001 – it is a requirement for all members of the ACC. It is an aggressive security initiative to protect facilities, information, communities and the public. It involves physical facility, cyber and transportation security and it requires many of the same things mandated by CFATS. Security Vulnerability Assessments (SVAs) for facilities are part of the code, as are implementation and independent verification. Facilities have to create security plans and systems and implement them under a strict timeline. The process also involves documentation to ensure best practices and quality control.
If it sounds a lot like CFATS, that's no coincidence. The Responsible Care Security Code has been recognized by the federal, state and local governments as a model security standard. It was one of the risk-based standards that DHS looked at when working with Congress to put together a security mandate for the chemical industry. The Code includes a set of management practices that are designed to protect the "chemical industry value chain" against possible emergency or terrorist attack. The value chain includes all industry activities from the design, procurement, manufacturing, marketing, distribution, transportation, customer support, use and recycle or disposal of chemical products.
The code does not stop at the SVA and implementation; it calls for continuous evaluation and improvement in security and acknowledges that security is everyone's business, a shared responsibility that involves everyone throughout the value chain working together with law enforcement, government officials and agencies. This type of code can only really work when we all take our part seriously.
According to the ACC, the guiding principles of the code are as follows:
- To operate our facilities in a manner that protects the environment and the health and safety of our employees and the public.
- To lead in the development of responsible laws, regulations and standards that safeguard the community, workplace and environment.
- To work with customers, carriers, suppliers, distributors and contractors to foster the safe use, transport and disposal of chemicals.
- To seek and incorporate public input regarding our products and operations.
- To make health, safety, the environment and resource conservation critical considerations for all new and existing products and processes.
- To practice Responsible Care by encouraging and assisting others to adhere to these principles and practices.
The ACC code outlines 13 management practices that include everything from the "Analysis of Threats, Vulnerabilities and Consequences" to "Continuous Improvement." The first practice is probably the most important – it calls for the buy in and commitment from company and facility leadership. This acknowledges that the job of security can only be fully taken on with the buy in from C-level company leaders – commitment starts at the top.
The ACC has had some pretty impressive success with this program. The organization says that today, 98 percent of ACC members have completed the RCSC on schedule. Since 9/11, Responsible Care companies and facilities have invested more than $8.4 billion in enhanced security and safety for their facilities. This type of commitment and preparedness show the willingness of the industry to put in place the safeguards needed to protect themselves and their neighboring communities from accidents or intentional acts of sabotage.
To view the complete CFATS e-newsletter this article was featured in, click here.
Ryan Loughin is Director of Petrochemical & Energy Solutions for the Advanced Integration division of ADT. He provides security education to CFATS and MTSA-affected companies and is a member of the National Petrochemical and Refiners Association (NPRA), Society of Chemical Manufacturers and Associates (SOCMA), American Chemistry Council (ACC), Energy Security Council (ESC) and American Society for Industrial Security (ASIS). Loughin has also completed multiple levels of CVI Authorized User training (Chemical- Terrorism Vulnerability Information) which was authored by the U.S. Department of Homeland Security.