This is the second in a series of blog posts about the
recently published American Chemistry Council Alternative Security Plan for the
CFATS program. The initial blog post is listed below and dealt with an overview
of the place of the ASP in the CFATS program. This post will look at the “Alternate
Security Program (ASP) Guidance for CFATS Covered Chemical Facilities” (Guidance
document) that forms the core of the downloadable program.
There are two embedded documents in the Guidance document;
the template and the instructions for the ASP and they form the basis of the
actual ASP that will be submitted to DHS as part of the facility site security
plan. There is a significant amount of additional information available in the
document.
CFATS Overview
The first five pages of the Guidance document provide a
fairly detailed guide to the CFATS program. Now anyone who is in the process of
considering options for submitting an ASP in lieu of an SSP should be fairly
familiar with the CFATS program, so this would seem to be somewhat superfluous.
We have to remember, however, that once a facility reaches
the SSP stage of the SSP process, the funding issues become rather large. The upper
level management that needs to become involved in the budgeting process at this
point could use a high level lesson in the requirements of the CFATS program
and these five pages could form a good starting point for that discussion.
Pre-Authorization Inspection
In its discussion of the CFATS inspection process the
Guidance document provides a reasonably good description of the purpose and
process of the Pre-Authorization Inspection. Since DHS ISCD has yet to formally
address this addition to the CFATS program in any of their written documents
the following description taken from the Guidance document serves an important
purpose;
“Pre-Authorization Inspections
(PAI) are conducted AFTER the submission of an SSP/ASP but BEFORE a letter of
authorization, in which the SSP/ASP is preliminarily approved as the regulatory
standard for that facility. Pre-authorization inspections were instituted after
it became clear that the CSAT SSP template was not producing enough detail to
result in the issuance of letters of authorization. Their purpose is for the
inspection team to establish the facts on the ground and for DHS to provide
feedback for both the improvement of the detailed content of the SSP/ASP and
potentially for improvements in existing security measures to meet the RBPSs.”
Of course, part of the purpose of the publication of this
ASP template and instructions is to provide an initial data submission to DHS
and ISCD that precludes the necessity for DHS to conduct such PAIs.
Authorization Inspection Process
The ACC Guidance document provides information on the
Authorization Inspection process as well. Again this is another area where
detailed information has been lacking from the folks at ISCD, unless they are
providing it directly to facilities when they schedule the inspections. In any
case, the information provided here will be very beneficial to any facility
beginning to prepare for their authorization inspections.
The Appendixes
The Guidance document includes four appendixes that provide
a variety of additional information on the CFATS program. The four appendixes
are:
• Definitions and Acronyms
• Alternate Security Program
Template
• CFATS Risk‐Based
Performance Standards
• CFATS Reference Links
Of the four the second is, of course, the most important for
facilities considering the submission of their SSP. It includes two imbedded
Word® documents that form the basis for the ASP submission.
• ACC ASP Template Guide and
Instructions Final20121130.docx
• ACC ASP Template Final20121107.docx
I’ll discuss these two documents in later blog posts in the
series, but I suspect that the ACC will be a tad bit more proactive in updating
these files as additional facilities use them to prepare and submit their
SSP/ASP
Assessment
I think that the ACC has produced a very good CFATS summary
document here. In many cases it is more informative than the formal DHS
documents upon which it draws. The major drawback is that it spends almost no
time discussing the preparation of the ASP. While that is covered in the
imbedded instruction document, it would be helpful if there were some
discussion here about some of the ASP/SSP issues.
For instance, there is nothing said about the relationship
between an adequate level of information necessary for DHS assessment and the
need to leave room for minor modifications in the program that won’t require a
resubmission of the ASP. Too much detail and the smallest change will have to
go through a long-delayed reassessment process at ISCD. Too little detail and
the facility will have to go through the added problem of an AIP inspection.
Additionally, I think that there should be a little more
emphasis on the fact that any security procedures, processes and equipment
mentioned in the authorized SSP/ASP become a regulatory requirement for the
facility in all future DHS-ISCD inspections. While DHS cannot specify which
security processes need to be employed to get an SSP/ASP authorized, they can
and will require strict adherence to the authorized SSP/ASP.
I’ll look at how these issues are addressed in the
instructions and template in future blog posts.
All and all this is a much better document than anything
that the folks at DHS have done for the SSP process.
Posts
No comments:
Post a Comment