Today the DHS Infrastructure Security Compliance Division (ISCD) updated fifteen for frequently asked question (FAQ) responses on the Chemical Facility Anti-Terrorism Standards (CFATS) Knowledge Center. It also added a new FAQ concerning recent DHS emails requesting new Top Screen submissions.
FAQ #1441 was added to the CFATS Knowledge Center. It asks: “If a facility has not made any changes to its holdings of chemicals of interest (COI) as indicated on its most recent Top-Screen, and DHS previously determined the facility to not be high risk, why did the facility receive an email from DHS requesting that a new Top-Screen be completed?”
The response refers back to the Federal Register notice about the introduction of CSAT 2.0 and the new CFATS risk assessment methodology.
The FAQ responses that were changed were:
FAQ #1143 What is required of co-located facilities in regards to the Chemical Facility Anti-Terrorism Standard (CFATS)? Do both companies need to develop a Top-Screen and Security Vulnerability Assessment (SVA)/Site Security Plan (SSP)? Is it possible for the imbedded facility to share the Top-Screen and SVA/SSP with the host company? If this is possible, what would be required by both companies to accomplish this and be compliant under 6 CFR Part 27?possible, what would be required by both companies to accomplish this and be compliant under 6 CFR Part 27?
FAQ #1238 How do I comply with the Chemical Facility Anti-Terrorism Standard (CFSATS) regulation if my facility does not have Internet access?
FAQ #1562 What is a Public Water System?
FAQ #1620 How does an individual report a possible security concern involving the Chemical Facility Anti-Terrorism Standards (CFATS) regulation at one’s facility or another facility?
FAQ #1628 How does a facility submit an Alternative Security Program (ASP) in lieu of a Site Security Plan (SSP)?
FAQ #1634 Should my facility include information in the Security Vulnerability Assessment (SVA)/Site Security Plan (SSP) about Chemicals of Interest (COI) and/or security/vulnerability issues that are not listed in its Tiering Letter, but that the facility believes to be of concern?. What are the Department’s expectations about these other security/vulnerability issues and COI?
FAQ #1650 What happens after a facility submits its Security Vulnerability Assessment (SVA)/Site Security Plan (SSP)?
FAQ #1653 If a facility is in a location where another entity provides certain security measures (for example: industrial park, co-located facility; office park, etc., can the facility include these security measures as part of its Site Vulnerability Assessment (SVA)/Site Security Plan (SPP)?
FAQ #1745 If a facility has submitted a Site Security Plan (SSP) or an Alternative Security Plan (ASP) in lieu of an SSP, but does not have an approval, can it still be part of the Expedited Approval
FAQ #1751 If my facility has been issued a “letter of acceptance” through the Expedited Approval Program (EAP), but then the Department of Homeland Security (DHS) discovers that the measures in the Site Security Plan (SSP) insufficiently meet the risk-based performance standards (RBPS) during a compliance inspection, what happens?
There was one major response re-write, FAQ # 641. The dated original entry referred to dates and requirements that were only applicable at the start of the CFATS program. The new version reflects the on-going requirements to submit Top Screens for facilities not currently covered under the CFATS program as well as Top Screen renewal requirements for covered facilities.
One common change was the addition of links to 6 CFR 27, 6 USC 22 or some other federal regulation when the FAQ response includes reference to those publications. We see these changes in FAQ #1143, #1194, #1442, #1612, #1620, #1653, #1658, #1666, #1745 and #1751. I counted 22 other FAQ responses that included similar references where regulatory links could be added. It will be interesting to see if ISCD updates those FAQ responses as well.
Another common change was to change wording to FAQ responses reflecting the CSAT 2.0 change to submit a combined Security Vulnerability Assessment (SVA) and Site Security Plan (SSP), or as it is now called SVA/SSP. This change was made in FAQ responses #1628, #1634, #1650, #1653, and #1660.
One truly inconsequential change was made to the response to FAQ #1562. It added “(STQ)” following the words “Screening Threshold Quantity” in the second paragraph of the response.
Finally, one FAQ response (#1238) was corrected to properly reflect the original publication date.