This is the last in a series of blog posts about the
recently published American Chemistry Council Alternative Security Plan for the
CFATS program. The earlier posts are listed below. This post will look at how
the ASP is submitted to ISCD and address some way that this ASP might improve
the CFATS SSP process.
ASP Submission
Before an organization tries to submit the ASP they must
realize that they will still be completing the SSP submission via the SSP tool
in CSAT. There are a number of questions that must still be completed in the
SSP tool when submitting the SSP. The SSP
Questions Manual describes the questions that the facility will be required
to answer when submitting an SSP.
All of the questions described through page 49 must be
answered by all facilities, regardless of whether or not they are submitting an
ASP in lieu of the remainder of the SSP. The answers to many of those questions
will already be pre-populated in the SSP tool based upon earlier submissions to
ISCD via CSAT. Even if the answers are prepopulated the facility is required to
review the information to ensure that it is correct. Contact the CSAT Help Desk
{(866) 323-2957} for assistance in correcting invalid data.
On page 50 the manual shows that facilities wishing to
submit an ASP will check the ‘Yes’ button for Q 5.6-17939. Four additional
questions will then be asked about the adequacy of the ASP in meeting DHS
requirements for an ASP. DHS has generally agreed that a properly executed ACC
ASP will fulfill these requirements so most facilities will answer ‘Yes’ to all
four questions. A ‘No’ answer to any of the four questions will require the
answering of a fifth question asking if the facility really wants to submit the
ASP anyway.
At that point the facility will be required to identify and
describe the documents to be upload to the SSP; the process is described on
page 51 of the manual. This will include the completed WORD® file downloaded as
part of the ACC
ASP Guidance document. Supporting diagrams, maps, photographs and
supporting documents will also be uploaded at the same time.
According to the SSP
Instructions Manual once the data is uploaded, the CSAT SSP tool will take
the submitter to the validation portion of the submission at the end of the
tool. From that point on the process will be the same as for those facilities
completing the standard SSP.
Other ASPs
While the ACC really designed their ASP for the use of their
member companies, they are not stopping others from using the ASP. While I don’t
see why any type of high-risk chemical facility couldn’t use the ACC ASP, I
understand that there are other industry organizations that are working with
DHS to get ASPs of their own design approved; designs one would expect to be
tailored to facilities within that type of industry.
The one group that might have concerns with this ASP would
be colleges and universities. Educational organizations have been pressing DHS
to develop an ASP particularly for their ‘unique’ situation since the CFATS
program was first introduced. I suspect that they will continue to have a hard
time accepting that DHS actually intends for them to put significant security
measures in place at their facilities that DHS has judged to be at high-risk of
a terrorist attack. They will continue to hope that an ASP will be able to be
used as a dispensation from the CFATS risk-based performance standards requirements.
The ACC ASP will severely disappoint the scholarly community.
ISCD and the ACC ASP
I have not yet seen an official notice from the folks at
ISCD that they will ‘accept’ an ACC ASP submission and part of me does not
expect to. The way that the SSP tool handles the ASP submission process, there
is nothing involved that would identify a submission as being made via an ACC
ASP. Theoretically, a facility could submit any sort of document using the
procedures that I have described above as an ASP. The SSP tool would accept it.
That, doesn’t mean, of course, that ISCD would actually use
the information submitted. Scott Jenson and Bill Erny from ACC both assure me
that DHS has told them that information submitted via the ACC ASP format meets
the needs for their analysis. That means that ISCD knows where to look for the
specific information that they need to evaluate the SSP/ASP submission. Some
other format that hasn’t been pre-cleared with ISCD may not provide the needed
information or may provide it in a format that is not easily decipherable by
ISCD. ISCD is having a hard enough time getting the information they need from
a straight SSP submission; they are not going to waste any time trying to
decipher something that they don’t understand.
ISCD Improving SSP
I understand that ISCD has folks working on a plan to
improve the current SSP submission process. I fully believe that they would do
well to take a hard look at the format used by the ACC ASP and adapt it to an
on-line submission process. They should definitely strive to have the printed
document from the end of that submission process be in a format that the
average corporate reader or chemical facility security inspector could readily
read the document and find the information needed to implement or audit the
implementation of the Site Security Plan.
Lacking that sort of fundamental change I would like to
suggest that ISCD should consider including a specific template for the
submission of the ACC ASP (and any other subsequently approved ASP format). If
I were setting it up I would have a separate upload of each of the
sub-paragraphs listed on the ASP Table of Contents page. Each sub-paragraph
would be a separate file and it would be easy to parse those files to the
appropriate analyst at Headquarters for the evaluation of the SSP/ASP. It would
also make it easier to make subsequent changes to the SSP/ASP, requiring only a
submission of the portions that will be changing.
Recommendation – Two Thumbs Up
Just in case I haven’t made it clear in my analysis to date,
I really do believe that the ACC ASP is a significant improvement over the
current SSP submission. The folks at ACC are to be commended for the work they
have done on the document. I highly recommend that any high-risk facility that
has yet to submit their SSP consider using this ASP template for their
submission. Facilities that have yet to have ISCD authorize previously
submitted SSP’s (and there is a large number of those) needs to contact ISCD
and see if changing to the ACC template would make the approval process any easier.
Posts
No comments:
Post a Comment