Wednesday, June 25, 2008

SVA for Tier 4 Facilities

This is the next in a series of blogs concerning the Security Vulnerability Assessment (SVA) instructions recently published by DHS. This blog deals with the options available to Tier 4 high-risk chemical facilities. The previous blog in this series is listed below.

Tier 4 chemical facilities are the high-risk facilities with the lowest level of a threat for terrorist attack. DHS made this preliminary determination based on information provided in the Top Screen submission made by the facility. This preliminary determination may be changed based on information provided during the SVA submission; the facility may be:

  • Removed from the high-risk list,
  • Have their Tier ranking increased to Tier 1, 2 or 3; or
  • Remain a Tier 4 facility.

Alternate Security Program

Tier 4 facilities have the option of completing the SVA in the CSAT tool or submitting an Alternate Security Program (ASP). The ASP option is designed to lower the regulatory burden on facilities that have already completed a vulnerability assessment using techniques other than those embodied in the CSAT program. The lower risk rating of these facilities means that there is less of a likelihood of this alternative program significantly compromising the safety of the facility or its community due to a successful terrorist attack.

When an ASP is submitted by a Tier 4 chemical facility DHS has the option of:

  • Approving the ASP as providing for an equivalent level of security as the CSAT program,
  • Disapproving the ASP in its entirety (resulting in the facility having to complete an SVA), or
  • Requiring the facility to provide additional information that will bring the ASP to an equivalent level of security.

Before attempting to submit an ASP the facility management must satisfy itself that the program being submitted meets the requirements of Section 27.215 (Security vulnerability assessments) and Section 27.235 (Alternative security program) of 6 CFR. Failure to understand these requirements may result in a disapproved ASP and the subsequent requirement to complete a CSAT SVA.

ASP Questions for CSATSubmission

Tier 4 facilities will have a question not seen on SVA’s for higher Tier facilities; "Do you want to upload an Alternate Security Program (ASP)?" A ‘No’ answer will return the facility to questions for an SVA. A ‘Yes’ answer will result in an additional set of questions being added to the SVA tool. The answers to these questions will aid DHS in deciding to accept all or part of the ASP in lieu of an SVA. Generally speaking a ‘No’ answer to any of the subsequent questions will lower the possibility of approval of the ASP.

Does the ASP cover all of the facility assets that are associated with the security issues and chemicals of interest specified in the DHS Initial Notification letter? This includes all of the Appendix A chemicals of interest at the facility in excess of the STQ and all of the security issues identified in the notification letter from DHS.

Does the ASP use a Center for Chemical Process Safety (CCPS)-approved methodology? The CCPS helped to develop the methodology used in the CSAT SVA. It has certified to DHS that the following publicly available methodologies have been reviewed and have found to meet the CCPS SVA criteria:

  • CCPS® SVA
  • API/NPRA SVA (for petroleum and petrochemical sites)
  • SOCMA SVA (manual must be used)
  • National Paint and Coatings Association SVA (for Paint and coating sites)

As of January of this year CCPS has reviewed the following company SVA’s and found that they meet the CCPS SVA criteria:

  • ExxonMobil SSQRA
  • BASF SVA
  • Air Products and Chemical SVA
  • Georgia-Pacific SHA
  • FMC SVA
  • PPG SVA
  • Asmark SVA (For Ag Chemical Distributors)
  • Bayer SVA
  • Marathon Ashland Petroleum

There will be a series of questions dealing with the provisions of Section 27.215. The questions will ask if the ASP addresses Asset Characterization, Threat Assessment, Countermeasures Factors, and Risk Assessment Factors specified in that section.

Does the ASP cover all of the applicable attack modes included in the CSAT SVA? A yes answer means that the ASP covers all eight of the attack scenarios used in the SVA. Details of these scenarios are available online at http://www.csat.dhs.gov/csat "to active CSAT users that have completed CVI training and have started their SVA" {page 16}.

Finally, the facility will be asked to provide the name of the SVA methodology used to develop the ASP to be submitted and the date the analysis was completed. The last question to be asked (if a ‘no’ answer was provided for any of the above questions) is: Do you still want to upload the ASP for consideration? A yes answer will take the facility to the uploading step. A no answer will take the facility back to the SVA submission program.

Uploading ASP Files

To start the upload process type a descriptive file name into the provided box for the first data file and push the "ADD" button. A "DESCRIPTION" button will then appear, push it. Use the resulting block to browse for the File Name on the facility computer and click the "ADD" button. Repeat as necessary to add all of the data files for the ASP.

Once the facility can answer the following question in the affirmative; "Have all the ASP files been uploaded?" the facility can begin the submission of plot plans or maps that support that ASP. These files will be uploaded using the same basic procedure used for the data files. There are, however, two additional pieces of information for these mapping files, the image width and height expressed in miles.

When all of the data and mapping files have been uploaded and confirmed as having been completed by the Preparer. The following notice will appear on the screen:

  • "Thank you for submitting an ASP in lieu of the CSAT SVA for consideration by DHS. DHS will review your ASP submission and subsequently inform you of its acceptance or rejection."

Finish Filing ASP

The remainder of the filing process is the same as will be used by those facilities that are completing a CSAT SVA. The Preparer will complete a validation process to ensure that all of the appropriate information is provided and is in the expected format. A summary report will be prepared and printed. The Preparer will then ‘send’it to the Submitter for approval.

After checking the document for accuracy and completeness the Submitter can return it to the Preparer for editing. Once the document is complete and accurate the Submitter will print a final copy of the document and then submit the ASP to DHS. Once it is submitted, the facility will no longer have access to the document. The printed document is required to be maintained in the facilities security file and is considered a CVI documents, requiring the appropriate protections.

DHS will review the submitted ASP and notify the facility of the results of the review. If the ASP is approved, the facility will be notified of the final tiering decision based on the Top Screen and ASP data. If the ASP is not approved, DHS may require additional information to be provided or require the facility to submit a regular SVA.

No comments:

 
/* Use this with templates/template-twocol.html */