Yesterday the DHS Infrastructure Security Compliance Division (ISCD), in conjunction with their Federal Register announcement about the implementation of CSAT 2.0, updated a number of their Chemical Facility Anti-Terrorism Standards (CFATS) program web sites. They also added a new page briefly outlining the new tiering methodology implementation.
The following web sites were modified:
For the most part each page was modified by adding minor variations of the following note:
“Per the notice published in the Federal Register on July 20, 2016, DHS has temporarily suspended the requirement to submit a Chemical Security Assessment Tool (CSAT) Top-Screen and Security Vulnerability Assessment as the Department improves the tiering methodology process.”
Tiering Methodology Page
The new Chemical Facility Anti-Terrorism Standards Tiering Methodology page provides a brief overview of most of the information that was presented in yesterday’s Federal Register notice. Other than mentioning that the Site Security Plan (SSP) CSAT tool will also be ‘revised and streamlined’ there is no mention of the new relationship between the SSP and SVA tools.
The page also notes that ISCD is intending to add new (and presumably revise some existing) frequently asked questions on the CFATS Knowledge Center to address the changes being wrought in the CFATS program. As of the time of the writing of this blog post (06:00 am EDT), no such changes have been made to the FAQs.
These pages were modified/added overnight. This is a fairly comprehensive and timely update of a Federal web site to reflect an important new change in a regulatory program. While ISCD is to be commended on its prompt attention to the program web site, I do have a couple of complaints.
First, and foremost, is the lack of any real mention of the changes being made to the SSP portion of the CSAT tool. I am severely disappointed that the SSP page was not updated to include a mention of the fact that any un-submitted SSP data in a facilities SSP tool will be erased when the SSP tool is updated sometime next month. Particularly considering the unwieldly nature of the current SSP tool (which hopefully is being substantially reformatted in CSAT 2.0), the amount of work that could potentially be lost could be very disheartening for many CSAT Preparers.
Second it is almost as disturbing to see no mention of the change in the relationship between the SVA and SSP. In the old CSAT these two reports were submitted sequentially and submission of the SSP did not begin until the SVA was ‘approved’ by ISCD. The move to developing the tiering notification based upon the Top Screen makes infinitely more sense, but it will make for a major shift on how a facility implements its CFATS process. This surely should have received at least some mention in yesterday’s website update.
Finally, when I saw the new tiering methodology page I expected to see at least some information about the actual methodology. I know that ISCD has committed to providing some level of detail about that new risk assessment process and this would have been an appropriate time and place to do so.
This is certainly not going to be the last change to the CFATS website reflecting changes being brought about by the implementation of the new risk assessment process or CSAT 2.0. In the next month or so we can expect to see a number of new and/or revised CSAT publications being published. I hope that ISCD intends to publish those in a phased manor so that we have a chance to review and digest the changes in each CSAT 2.0 tool before we consider the next tool revision.