Security Briefing Tips: Managing 3rd Parties for Security Compliance

Security integrators serving the chemical and petrochemical markets - and particularly for those customers that have regulated facilities - face changing expectations. Companies expect security integrators to understand the regulatory environment and use that knowledge to develop more security solutions to support these requirements. Today, security integrators increasingly serve in a consultative role, meaning the sales team must truly understand how and why the regulation "works."

Additionally, this means that some facilities expect the security integrator to (1) collaborate to develop an appropriate testing, maintenance, and inspection program; and (2) respond in a timely manner, should critical equipment need repair. In some cases, language to this effect is included in the terms of the contract to obligate required response times.

Recently, I participated on a panel entitled "Managing Key 3rd Parties for Security Compliance - Contract Security and Security Integrators" at the 4th Annual Homeland Security Regulatory Briefing in Houston, TX on November 1. I discussed the changing expectations for security integrators, and my co- panelists - William E. Reiter, CSO, Operations Security, DuPont and Joe Olivarez, VP Western Hemisphere, Enterprise Security & Crisis Management, Baker Hughes - talked about other key considerations for working with 3rd parties:

Mr. Reiter focused on a third party web-based software solution developed specifically for CFATS compliance. This tool simplifies CFATS management and auditing and provides DuPont's corporate security department with visibility and oversight of multiple facilities subject to the regulation. Mr. Olivarez discussed his expectations for 3rd party security providers, stressing the importance of understanding the customer's core business, its risk and risk tolerance, willingness to keep cost variable, and the regulatory scope affecting the site(s).

For companies in the process of selecting a security integrator, here are some things to consider:

  • There is not a one size fits all solution - an integrator should make multiple proposals to get the most cost-effective and performance-effective solution with the least disruption to business operations.
  • For Chemical Facility Anti-Terrorism Standards (CFATS) compliance specifically, security integrators need in-depth knowledge of all of the Risk Based Performance Standards (RBPS) 1-18, and not just RBPS 1-5 (which include most of the physical security standards).
  • Be sure to ask the integrator if they have the SAFETY Act Certification and, if so, for what specifically. SAFETY Act Certification provides certain liability protections for the customer in case of an act of terrorism against the facility.

As industry responds to changing regulations, 3rd parties will continue to adapt to provide complex, technologically advanced solutions with high performance and detection, deterrence and delay capabilities. Ultimately, effective security measures will help companies comply with regulations and retain the right to operate.

Ryan Loughin is Director of Petrochemical & Energy Solutions for the Advanced Integration division of ADT- He provides security education to CFATS and MTSA-affected companies and is a member of the National Petrochemical and Refiners Association (NPRA), Society of Chemical Manufacturers and Associates (SOCMA), Energy Security Council (ESC) and American Society for Industrial Security (ASIS). Loughin has also completed multiple levels of CVI Authorized User training (Chemical- Terrorism Vulnerability Information) which was authored by the U.S. Department of Homeland Security.

Copyright © ADT Security Services, Inc. 2011 - All Rights Reserved. Legal Disclaimer - Some of the individuals posting to this site, including the moderators, work for ADT Security Services, Inc. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of ADT Security Services, Inc. The content is provided for informational purposes only and is not meant to be an endorsement or representation by ADT Security Services, Inc. or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release ADT Security Services, Inc. from any liability related to your use of the Website. You also grant to ADT Security Services, Inc. a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.