Saturday, January 12, 2013

ACC ASP – Submitting the ASP

This is the last in a series of blog posts about the recently published American Chemistry Council Alternative Security Plan for the CFATS program. The earlier posts are listed below. This post will look at how the ASP is submitted to ISCD and address some way that this ASP might improve the CFATS SSP process.

ASP Submission

Before an organization tries to submit the ASP they must realize that they will still be completing the SSP submission via the SSP tool in CSAT. There are a number of questions that must still be completed in the SSP tool when submitting the SSP. The SSP Questions Manual describes the questions that the facility will be required to answer when submitting an SSP.

All of the questions described through page 49 must be answered by all facilities, regardless of whether or not they are submitting an ASP in lieu of the remainder of the SSP. The answers to many of those questions will already be pre-populated in the SSP tool based upon earlier submissions to ISCD via CSAT. Even if the answers are prepopulated the facility is required to review the information to ensure that it is correct. Contact the CSAT Help Desk {(866) 323-2957} for assistance in correcting invalid data.

On page 50 the manual shows that facilities wishing to submit an ASP will check the ‘Yes’ button for Q 5.6-17939. Four additional questions will then be asked about the adequacy of the ASP in meeting DHS requirements for an ASP. DHS has generally agreed that a properly executed ACC ASP will fulfill these requirements so most facilities will answer ‘Yes’ to all four questions. A ‘No’ answer to any of the four questions will require the answering of a fifth question asking if the facility really wants to submit the ASP anyway.

At that point the facility will be required to identify and describe the documents to be upload to the SSP; the process is described on page 51 of the manual. This will include the completed WORD® file downloaded as part of the ACC ASP Guidance document. Supporting diagrams, maps, photographs and supporting documents will also be uploaded at the same time.

According to the SSP Instructions Manual once the data is uploaded, the CSAT SSP tool will take the submitter to the validation portion of the submission at the end of the tool. From that point on the process will be the same as for those facilities completing the standard SSP.

Other ASPs

While the ACC really designed their ASP for the use of their member companies, they are not stopping others from using the ASP. While I don’t see why any type of high-risk chemical facility couldn’t use the ACC ASP, I understand that there are other industry organizations that are working with DHS to get ASPs of their own design approved; designs one would expect to be tailored to facilities within that type of industry.

The one group that might have concerns with this ASP would be colleges and universities. Educational organizations have been pressing DHS to develop an ASP particularly for their ‘unique’ situation since the CFATS program was first introduced. I suspect that they will continue to have a hard time accepting that DHS actually intends for them to put significant security measures in place at their facilities that DHS has judged to be at high-risk of a terrorist attack. They will continue to hope that an ASP will be able to be used as a dispensation from the CFATS risk-based performance standards requirements. The ACC ASP will severely disappoint the scholarly community.

ISCD and the ACC ASP

I have not yet seen an official notice from the folks at ISCD that they will ‘accept’ an ACC ASP submission and part of me does not expect to. The way that the SSP tool handles the ASP submission process, there is nothing involved that would identify a submission as being made via an ACC ASP. Theoretically, a facility could submit any sort of document using the procedures that I have described above as an ASP. The SSP tool would accept it.

That, doesn’t mean, of course, that ISCD would actually use the information submitted. Scott Jenson and Bill Erny from ACC both assure me that DHS has told them that information submitted via the ACC ASP format meets the needs for their analysis. That means that ISCD knows where to look for the specific information that they need to evaluate the SSP/ASP submission. Some other format that hasn’t been pre-cleared with ISCD may not provide the needed information or may provide it in a format that is not easily decipherable by ISCD. ISCD is having a hard enough time getting the information they need from a straight SSP submission; they are not going to waste any time trying to decipher something that they don’t understand.

ISCD Improving SSP

I understand that ISCD has folks working on a plan to improve the current SSP submission process. I fully believe that they would do well to take a hard look at the format used by the ACC ASP and adapt it to an on-line submission process. They should definitely strive to have the printed document from the end of that submission process be in a format that the average corporate reader or chemical facility security inspector could readily read the document and find the information needed to implement or audit the implementation of the Site Security Plan.

Lacking that sort of fundamental change I would like to suggest that ISCD should consider including a specific template for the submission of the ACC ASP (and any other subsequently approved ASP format). If I were setting it up I would have a separate upload of each of the sub-paragraphs listed on the ASP Table of Contents page. Each sub-paragraph would be a separate file and it would be easy to parse those files to the appropriate analyst at Headquarters for the evaluation of the SSP/ASP. It would also make it easier to make subsequent changes to the SSP/ASP, requiring only a submission of the portions that will be changing.

Recommendation – Two Thumbs Up

Just in case I haven’t made it clear in my analysis to date, I really do believe that the ACC ASP is a significant improvement over the current SSP submission. The folks at ACC are to be commended for the work they have done on the document. I highly recommend that any high-risk facility that has yet to submit their SSP consider using this ASP template for their submission. Facilities that have yet to have ISCD authorize previously submitted SSP’s (and there is a large number of those) needs to contact ISCD and see if changing to the ACC template would make the approval process any easier.

No comments:

/* Use this with templates/template-twocol.html */