Keeping CFATS Costs Under Control

One of the things I get asked most often is how much it will cost for a facility to meet the CFATS mandates and how those costs can be kept down. It's an important question for facilities trying to get CFATS authorization and become more secure while at the same time keeping an eye on costs and profitability.

Protection Strategy
Advanced planning is really the key to getting the most out of your technology investment. Facilities need to first develop a protection strategy. Management needs to look at what is/are the asset(s) that need to be protected. In some cases, the asset is the facility itself and the physical security costs may be greater because you have to protect the facility to the lowest CFATS tier identified in the facility's Final Tier Notification Letter. This usually involves securing a larger area or perimeter which ups the costs. But, the entire facility is not always the asset. Depending on the type, quantity and location of Chemicals of Interest (COI) some facilities will have individual assets to protect within the site's operating boundaries. This asset-based approach shrinks the perimeter, targeting the specific assets which can lower the cost and save money. In one scenario, where the facility is the asset you may have to secure acres of perimeter to Tier 1 standards. In an asset-based example there may just be two or three buildings in the entire facility that have to be secured.

Cost - Capital vs. Operating
Another thing that can affect the cost of meeting the CFATS mandates is the type of costs you incur. One time purchases of equipment or services are less costly than ongoing or reoccurring expenditures. So, your equipment purchase, installation and infrastructure costs along with one-time project commission costs can be less expensive than meeting Risked-Based Performance Standard (RBPS 10) which entails ongoing monitoring and maintenance. Third-party monitoring or guard services would also fall under reoccurring expenditures. You need to prepare for ongoing cost and budget for them. Determine which costs are best handled in house and where it is more cost effective to outsource. Remotely monitored video may work well for certain sites including those that do not have a security command or control center onsite or sites that are not manned 24/7. It may also work well for remote facilities that need monitoring.

Other Cost Considerations
There are a number of other things that factor into the costs for CFATS. Facilities need to plan for delays and other project surprises along the way. Also, I believe in the importance of value engineering. It is an essential part of getting the most out of your security technology dollars in the CFATS process.

You might want to listen in on a recent Webinar we just had where I went into a little more detail about costs for CFATS. Also if you have any questions, feel free to ask me here.



Copyright © ADT Security Services, Inc. 2011 - All Rights Reserved. Legal Disclaimer - Some of the individuals posting to this site, including the moderators, work for ADT Security Services, Inc. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of ADT Security Services, Inc. The content is provided for informational purposes only and is not meant to be an endorsement or representation by ADT Security Services, Inc. or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release ADT Security Services, Inc. from any liability related to your use of the Website. You also grant to ADT Security Services, Inc. a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.



Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>Ryan,</p> <p>I believe I understand what you are saying by stating "the asset is the facility itself and the physical security costs may be greater because you have to protect the facility to the lowest CFATS tier identified in the facility's Final Tier Notification Letter.", but others may be confused with the phrase "lowest CFATS tier". </p> <p>Do you mean lowest number (1 being lower that 4), or lowest tier (4 being lower than 1)? Big difference, especially when comes to facility vs. asset specific security measures.</p> <p>From RBPS Guidance Manual: "A facility’s tier level is the tier level assigned to the highest risk asset on-site. For example, if a facility has a building located on-site that contains a Tier 2 theft hazard, and 20 storage vessels, each of which is a Tier 4 release hazard, the facility is a Tier 2 facility despite the significantly larger number of Tier 4 assets on-site. In such a scenario, while the Tier 2 theft hazard must be protected to Tier 2 performance levels, the measures directed at the Tier 4 assets need only meet Tier 4 performance standards."</p> <p>Thanks from an avid reader, Jon Greenwood</p>


  • <p>Jon thanks for the question/comment. When I refer to protecting the facility to the lowest CFATS tier identified, I am referring to the numerical tier designations with Tier 1 being the lowest and Tier 4 the highest. You are correct, when we discuss risk the order does reverse and Tier 1 is the highest risk and Tier 4 the lowest. That is the reason when the facility is the asset it has to be protected to the lowest Tier rating or the highest risk standard. Simply put, if the asset is the facility, it needs to be protected to tier level with the highest risk.</p>


  • <p>Ryan,</p> <p>I appreciate your response, but I believe your wording can still be very confusing for someone not intimately familiar with CFATS. I am familiar with CFATS, having done several SSPs, ASP, and PAIs, so I understand what you are saying, but I'm more concerned with the individual that may be new to CFATS and not fully understand the tiering rankings. Referring to Tier 1 as the lowest Tier rating can be very confusing to that individual. </p> <p>Sorry, maybe I'm just being nit picky.</p> <p>Jon </p>


RSS feed for comments on this page | RSS feed for all comments