This is the second in a series of blog posts about the recently published American Chemistry Council Alternative Security Plan for the CFATS program. The initial blog post is listed below and dealt with an overview of the place of the ASP in the CFATS program. This post will look at the “Alternate Security Program (ASP) Guidance for CFATS Covered Chemical Facilities” (Guidance document) that forms the core of the downloadable program.
There are two embedded documents in the Guidance document; the template and the instructions for the ASP and they form the basis of the actual ASP that will be submitted to DHS as part of the facility site security plan. There is a significant amount of additional information available in the document.
The first five pages of the Guidance document provide a fairly detailed guide to the CFATS program. Now anyone who is in the process of considering options for submitting an ASP in lieu of an SSP should be fairly familiar with the CFATS program, so this would seem to be somewhat superfluous.
We have to remember, however, that once a facility reaches the SSP stage of the SSP process, the funding issues become rather large. The upper level management that needs to become involved in the budgeting process at this point could use a high level lesson in the requirements of the CFATS program and these five pages could form a good starting point for that discussion.
In its discussion of the CFATS inspection process the Guidance document provides a reasonably good description of the purpose and process of the Pre-Authorization Inspection. Since DHS ISCD has yet to formally address this addition to the CFATS program in any of their written documents the following description taken from the Guidance document serves an important purpose;
“Pre-Authorization Inspections (PAI) are conducted AFTER the submission of an SSP/ASP but BEFORE a letter of authorization, in which the SSP/ASP is preliminarily approved as the regulatory standard for that facility. Pre-authorization inspections were instituted after it became clear that the CSAT SSP template was not producing enough detail to result in the issuance of letters of authorization. Their purpose is for the inspection team to establish the facts on the ground and for DHS to provide feedback for both the improvement of the detailed content of the SSP/ASP and potentially for improvements in existing security measures to meet the RBPSs.”
Of course, part of the purpose of the publication of this ASP template and instructions is to provide an initial data submission to DHS and ISCD that precludes the necessity for DHS to conduct such PAIs.
Authorization Inspection Process
The ACC Guidance document provides information on the Authorization Inspection process as well. Again this is another area where detailed information has been lacking from the folks at ISCD, unless they are providing it directly to facilities when they schedule the inspections. In any case, the information provided here will be very beneficial to any facility beginning to prepare for their authorization inspections.
The Guidance document includes four appendixes that provide a variety of additional information on the CFATS program. The four appendixes are:
• Definitions and Acronyms
• Alternate Security Program Template
• CFATS Risk‐Based Performance Standards
• CFATS Reference Links
Of the four the second is, of course, the most important for facilities considering the submission of their SSP. It includes two imbedded Word® documents that form the basis for the ASP submission.
• ACC ASP Template Guide and Instructions Final20121130.docx
• ACC ASP Template Final20121107.docx
I’ll discuss these two documents in later blog posts in the series, but I suspect that the ACC will be a tad bit more proactive in updating these files as additional facilities use them to prepare and submit their SSP/ASP
I think that the ACC has produced a very good CFATS summary document here. In many cases it is more informative than the formal DHS documents upon which it draws. The major drawback is that it spends almost no time discussing the preparation of the ASP. While that is covered in the imbedded instruction document, it would be helpful if there were some discussion here about some of the ASP/SSP issues.
For instance, there is nothing said about the relationship between an adequate level of information necessary for DHS assessment and the need to leave room for minor modifications in the program that won’t require a resubmission of the ASP. Too much detail and the smallest change will have to go through a long-delayed reassessment process at ISCD. Too little detail and the facility will have to go through the added problem of an AIP inspection.
Additionally, I think that there should be a little more emphasis on the fact that any security procedures, processes and equipment mentioned in the authorized SSP/ASP become a regulatory requirement for the facility in all future DHS-ISCD inspections. While DHS cannot specify which security processes need to be employed to get an SSP/ASP authorized, they can and will require strict adherence to the authorized SSP/ASP.
I’ll look at how these issues are addressed in the instructions and template in future blog posts.
All and all this is a much better document than anything that the folks at DHS have done for the SSP process.