Thursday, February 19, 2009
Site Security Plan Preview
As we get closer to the DHS role-out of their Site Security Plan (SSP) tool on CSAT, I have been doing some thinking on how they might implement that tool and tie in the risk-based performance standards that must be fulfilled by that plan for high-risk facilities. For this to be a web based tool like the Top Screen or SVA tools on that site, it would seem improbable that that there would be room for the kind of book of procedures that one typically thinks of when they consider preparing a ‘plan’ for something as complex at a high-risk chemical facility. SSP Tool Design Looking at the Top Screen and SVA as the design precursors to the SSP tool it seems obvious that there will be a series of questions about the facility and the individual assets that were identified in the SVA. Sources tell me this is how it will be done and that most of these questions will be answered in a simple yes/no or check-off box. Again, this is the same type design that we saw in the earlier tools. Now I have not been able to find out what the questions will be yet, but anyone can make a reasonable guess as to the way the questions will go. For an example here would be how I would write some of the questions for RBPS #1 Restrict Area Perimeter: 1. Does the facility have a continuous antipersonnel perimeter barrier broken only by controlled access points? Y N (If no, go to question 2) All measurements are in feet. 1a. What is the length of the total perimeter? _______ 1b. What length of the perimeter has a public road adjacent to it? ______ 1c. What kinds of barriers are included in the perimeter barrier? Mark all appropriate responses. Chain-link fence ___ Length: ___ Height of Fence: ___ Top Guard? Y N Other wire fence ___ Length: ___ Height of Fence: ___ Top Guard? Y N Brick/concrete wall ___ Length: ___ Height of Wall: ___ Top Guard? Y N River/lake shoreline ___ Length 1d. What is the minimum cleared space outside of the barrier? ___ 1e. What is the minimum cleared space inside of the barrier? ___ 1f. What is the minimum distance from the barrier to any of the critical assets within the facility? ___ 1f. Is the perimeter barrier under continuous observation: Y N If yes skip to 1h. 1g. Is the perimeter barrier periodically checked? Y N Max length of time between checks (hours): _____ (Go to Question 2) 1h. What type of observation is used to continuously observe perimeter barrier? Fixed guard posts ___ Roving security guards ___ CCTV System ___ Other intrusion detection system ___ From this example you can tell that this will be a long and tedious document to prepare. The good part of it is that there will be little interpretation required and the answers lend themselves to automated review. This is important when there will be a limited number of people reviewing the 7,000+ SSP’s. Have it, Get it, Want it The most important questions will deal with what the facility currently has in place, but DHS is also going to want to know what the facility intends to do to improve their security. According to my sources, DHS will divide these future actions into two categories: those things that are being implemented (purchase order or budget line item) and those things planned for the future but not yet committed to. Security Contract The thing to remember about these SSP’s is that they are essentially going to be security contracts between the high-risk chemical facility and DHS. An agreement will be reached between DHS and the facility (with DHS having a superior bargaining position) as to what security measures will be applied at the facility. DHS will then use that agreement as the basis for future inspections and enforcement actions. It will remain in force until such time as the rules change or the facility changes (adds or subtracts) one or more of its chemicals of interest and resubmits a Top Screen to start the process all over again.