It has been a month now since the OMB’s Office of Information and Regulatory Affairs (OIRA) approved the DHS information collection request (ICR) for the Chemical Facility Anti-Terrorism Standards (CFATS) program’s personnel surety program (PSP). Since then there does not seem to be much movement on implementing the program; but appearances can be deceptive.
It looks like we are waiting on the publication of two documents. First is a fact paper providing an overview of the newly approved ICR and how the folks at the Infrastructure Security Compliance Division (ISCD) plan to implement the DHS portion of the PSP. I understand that we might see that published on the CFATS Knowledge Center sometime this week. As usual, I will report on that as soon as I see it.
The next document will be a more formal implementation procedure published in the Federal Register. This will outline the changes that facilities will need to make to their existing site security plans to accommodate the implementation of PSP checks against the Terrorist Screening Database (TSDB). It will also provide more information about data submission for those facilities opting to use that PSP vetting technique.
A quick reminder, until further notice (a new ICR request) this portion of the PSP will only apply to Tier 1 and Tier 2 facilities under the CFATS program. Tier 3 and Tier 4 facilities will have the benefit of working under a somewhat revised program as the bugs are worked out before being applied to the much larger number of facilities.
The way that I understand it is that facilities will be individually notified when they are going to be required to implement this last portion of the PSP. This will allow the Chemical Security Inspectors (CSI; have I said recently how much I hate that acronym? I hear Pink Floyd every time I say or hear it) to work closely with facility management to implement the new requirements. I am hearing rumors that this will take place during facility compliance inspections.
I have not yet heard anything about new versions of the Registration Manual for the Chemical Security Assessment Tool (CSAT) that would have to be revised to reflect the use of 3rd party personnel organizations to submit PSP data to ISCD. Nor have I heard anything about a manual for a new PSP tool in CSAT.
I am beginning to suspect that ISCD is going to short-circuit the classic manual development process by this use of CSI so that a more responsive first pass of the manual is developed after the bugs are worked out. As much as I would personally wait to see the manual come out, a more effective version 1.0 would probably be a good thing.