Monday, March 24, 2008

Risk Based Performance Standards under HR 5577

This is part of a continuing series taking a detailed look at the provisions of the new Chemical Facility Anti-terrorism Act of 2008 recently introduced in Congress (HR 5577IH). Today’s entry looks at the part of Section 2103 dealing with the Risk Based Performance Standards for Site Security Plans, Section 2103(c).


Previous blogs in this series include:


·        CFATA of 2008 Introduced as HR. 5577

·        Personnel Background Checks and HR 5577

·        Ranking of Chemical Facilities by HR 5577

·        General SVA and SSP Requirements under HR 5577

·        Minimum SVA Requirements under HR 5577

·        Minimum SSP Requirements under HR 5577


This section deals with the general requirements for the risk based performance standards required for the site security plans for high-risk chemical facilities. The specific standards that are required are found in the definition section {Section 2101(2)} of the legislation. An unannotated list of those requirements will be included at the end of this blog.


General Explanation of Risk Based Performance Standards


This legislation requires the Secretary to establish ‘risk based performance standards’ for facilities to use when establishing their site security plans. These standards will require higher risk facilities to use increasingly stringent “stringent risk-based chemical security performance standards”. They will be allowed to select a combination of security measures to meet these standards.


Criteria to Be Considered


In addition to ensuring that the standards are both risk-based and performance-based, the Secretary is charged with ensuring that the standards take into consideration:


·        “the cost and technical feasibility of compliance by a covered chemical facility with the requirements under this title;”


·        “the different quantities and forms of substances of concern stored, used, and handled at covered chemical facilities; and”


·        “the potential extent of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, national security, the national economy, and public welfare that would result from a chemical facility terrorist incident.”


Guidance to Be Provided


A new requirement to this legislation is the requirement that the Secretary is to provide guidance to each “covered chemical facility” what types of “security performance measures” could be used in a site security plan to fulfill the requirements of the risk based performance standards. Under the current CFATS regulations there are no provisions for such guidance; in keeping with the restrictions of the authorizing legislation.


Additionally the Secretary is required to inform each covered facility what types of “methods to reduce the consequences of a terrorist attack” (the phrase used in this legislation to mean inherently safer technology) that would result in a lower risk tier ranking or even being removed from the list of covered facilities.


Interestingly this section of the legislation does not refer to ‘high risk tier’ facilities when discussing the requirement for site security plans. The Section 2103(b)(2) requirements for site security plans only pertain to facilities “assigned to a high-risk tier”. The requirements in this section apply to ‘covered facilities’. Thus, it seems that HR 5577 intends for a separate set of rules lower-risk tier facilities. Both sets of rules would include the same risk based performance standards.


List of Risk-Based Performance Standards


The following is an abbreviated list of the risk-based performance standards listed in the definition section of the proposed law. While some of these standards are self-explanatory, others will require a more detailed look in future blogs.


(A) restricting the area perimeter;


(B) securing site assets;


(C) screening and controlling access to the facility


(D) methods to deter, detect, and delay a chemical facility terrorist incident


(E) securing and monitoring the shipping, receipt, and storage of a substance of concern for the chemical facility;


(F) deterring theft or diversion of a substance of concern;


(G) deterring insider sabotage;


(H) deterring cyber sabotage


(I) developing an emergency plan to respond to chemical facility terrorist incidents


(J) maintaining effective monitoring, communications, and warning systems


(K) ensuring mandatory annual security training, exercises, and drills of chemical facil1ity personnel;


(L) performing personnel surety for individuals with access to restricted areas or critical assets


M) escalating the level of protective measures for periods of elevated threat;


(N) specific threats, vulnerabilities, or risks identified by the Secretary for that chemical facility;


(O) reporting of significant security incidents to the Department and to appropriate local law enforcement officials;


(P) identifying, investigating, reporting, and maintaining records of significant security incidents and suspicious activities in or near the site;


(Q) establishing one or more officials and an organization responsible for security and for compliance with these standards;


(R) maintaining appropriate records relating to the security of the facility;


(S) assessing, as appropriate, or utilizing methods to reduce the consequences of a terrorist attack; or


            (T) any additional security performance standards the Secretary may specify.

No comments:

/* Use this with templates/template-twocol.html */