Late in May 2015, the Department of Homeland Security (DHS) issued guidelines under which qualifying chemical facilities can apply for expedited approval of site safety plans (SSPs) intended to protect the facilities against criminal or terrorist activity. These guidelines respond to a Congressional requirement included in amendments adopted in December 2014 to DHS’ Chemical Facility Anti-terrorism Standards (CFATS) program.
Congress first authorized CFATS as part of DHS’ 2007 budget, directing the agency to create a program to identify chemicals that might be tempting targets for terrorists, and to require facility that handle sufficiently large quantities of these chemicals of interest to establish security programs subject to DHS oversight. DHS adopted rules that provide for four risk-based tiers of facilities, with Tier 1 covering the highest risk facilities through Tier 4 for the lowest risk facilities. Compliance began in 2008. The 2014 amendments affirm most provisions in DHS’ regulations and program, and impose revisions intended to address the criticisms (“Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014” (6 U.S.C. §§ 621 – 629)). I blogged about this here.
Expediting Review of Site Safety Plans
The 2014 amendments respond to lengthy backlogs in DHS reviews of site safety plans, particularly for lower-risk facilities in Tiers 3 and 4. The amendments direct DHS to issue guidance specifying requirements that a Tier 3 or Tier 4 facility can meet in order to qualify to seek expedited approval of its SSP from DHS. A qualifying owner or operator can certify to DHS that the facility has developed and implemented an SSP with no material deviations from that guidance. DHS “may” review such a facility to confirm its compliance, and may require additional measures.
DHS’ guidance provides examples for activities to meet each of the eighteen CFATS risk-based performance standards (RBPS):
-
RBPS 1: Restrict Area Perimeter
-
RBPS 2: Secure Site Assets
-
RBPS 3: Screen and Control Access
-
RBPS 4: Deter, Detect, and Delay [a possible attack]
-
RBPS 5: Shipping, Receipt, and Storage [of hazardous materials]
-
RBPS 6: Theft and Diversion [deterrence]
-
RBPS 7: Sabotage [deterrence]
-
RBPS 8: Cyber [sabotage deterrence]
-
RBPS 9: Response [planning]
-
RBPS 10: Monitoring
-
RBPS 11: Training
-
RBPS 12: Personnel Surety [via background checks]
-
RBPS 13: Elevated Threats [i.e.,scalation of protective measures for periods of elevated threat]
-
RBPS 14: Specific Threats, Vulnerabilities, or Riskscompliance with RBPS 12(iv)) has been implemented.
-
RBPS 15: Reporting of Significant Security Incidents
-
RBPS 16: Significant Security Incidents and Suspicious Activities [Identify, investigate report, and maintain records of significant security incidents and suspicious activities]
-
RBPS 17: Officials and Organization
-
RBPS 18: Records
DHS also provides a sample SSP following these guidelines, formatted to allow a facility to check items that are being implement. DHS also provides the text of an appropriate owner/operator certification, to accompany the filing of an SSP following these procedures.
A facility assigned to Tier 3 or 4 before December 18, 2014 (the date of the amendments) that submits a SSP and certification under the Expedited Approval Program must submit the SSP by November 13, 2015. A facility assigned to Tier 3 or 4 after December 18, 2014 has until November 13, 2015, or 120 days after its assignment, whichever is later.
Self-Assessment Checklist
Does the organization have any facility that handles a CFATS chemical of interest in quantity and concentration that meet screening threshold quantity (STQ) thresholds?
Has each of the organization’s “chemical facilities” met each of the following (successive) CFATS compliance responsibilities:
-
Prepared and submitted a Top-Screen.
-
Received a preliminary risk Tier assignment, and provided information required by DHS or necessary to contest any aspect of that assignment.
-
Prepared and submitted a Security Vulnerability Assessment (or Alternative Security Program, if appropriate).
-
Received a final risk Tier assignment, provided any additional information required by DHS or necessary to contest any aspect of that assignment.
-
Prepared and submitted a Site Security Plan (or Alternative Security Program, if appropriate).
-
Received DHS’ document review and inspection, and satisfied any agency requirements.
-
Implemented the Site Security Plan, and ongoing record keeping and operational procedures.
Has any of the organization’s facilities that is assigned to risk Tier 3 or 4 prepared an SSP and certification, and to seek Expedited Approval of its SSP from DHS?
Where Can I Go For More Information?
-
DHS CFATS program website
-
2014 amendments (HR 4007) and associated documents
Specialty Technical Publishers (STP) provides a variety of single-law and multi-law services, intended to facilitate clients’ understanding of and compliance with requirements. These include:
About the Author
Jon Elliott is President of Touchstone Environmental and has been a major contributor to STP’s product range for over 25 years. He was involved in developing 12 existing products, including Environmental Compliance: A Simplified National Guide and The Complete Guide to Environmental Law.
Mr. Elliott has a diverse educational background. In addition to his Juris Doctor (University of California, Boalt Hall School of Law, 1981), he holds a Master of Public Policy (Goldman School of Public Policy [GSPP], UC Berkeley, 1980), and a Bachelor of Science in Mechanical Engineering (Princeton University, 1977).
Mr. Elliott is active in professional and community organizations. In addition, he is a past chairman of the Board of Directors of the GSPP Alumni Association, and past member of the Executive Committee of the State Bar of California's Environmental Law Section (including past chair of its Legislative Committee).
You may contact Mr. Elliott directly at: tei@ix.netcom.com.