Friday, December 12, 2008

More on the SOCMA SVA Problems

Last week I noted that SOCMA was reporting that some Tier 4 facilities were having problems getting DHS to accept the SOCMA SVA as an alternative SVA (see: “Alternative SVA Problems”). I have yet to hear back from SOCMA, but now PharmTech is reporting some additional information on the issue. The article quotes a SOCMA spokesman as saying:
“Upon recent discussions with DHS, we have learned that our tool may provide only limited amounts of data necessary for submission to DHS. In fact, it seems clear to us that no SVA other than DHS’s own will provide complete assurance to members that all data necessary for collection under this CFATS requirement will be sufficient. This is a last-minute reversal of what we have been led to believe.”
CFATS Requirements for Alternative SVA Section 27.235(a) sets for the requirements for an alternative SVA. It requires that
“The Assistant Secretary may approve an Alternate Security Program, in whole, in part, or subject to revisions or supplements, upon a determination that the Alternate Security Program meets the requirements of this Part and provides for an equivalent level of security to that established by this Part.”
In the preamble for the final interim rule (page 69) DHS provided some additional explanation for the Alternate Security Program (ASP):
“Tier 4 facilities may submit for review and approval the Sandia RAM for chemical facilities, the CCPS Methodology for fixed chemical facilities, or any methodology certified by CCPS as equivalent to CCPS and has equivalent steps, assumptions, and outputs and sufficiently addresses the risk-based performance standards and CSAT SVA potential terrorist attack scenarios” (emphasis added).
The CCPS Methodology outlined in Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites (2003) provides guidelines for analyzing attack scenarios (pages 132-6) and provides a form for the analysis (pg 190), it does not identify particular scenarios. I would assume that the SOCMA tool deals with attack scenarios in essentially the same way. If users of either tool do not use the same attack scenarios that are included in the DHS SVA for the particular COI for that facility, DHS could request additional information for the missing scenario(s). Since SOCMA is not answering my direct questions, I do not know for sure what problems users of their SVA tool are experiencing with their ASP submissions. The attack scenario issue could be a problem using these ASPs. There could be additional information missing from these methodologies that are required for the CSAT SVA. I have not had a chance to do a line-by-line comparison of the CCSP SVA vs the CSAT SVA. DHS Adhering to the Letter of the Law It should not be surprising that DHS would be adhering to a strict interpretation of the provisions for ASPs. DHS has come under a great deal of criticism for providing special treatment to facilities because they are part of ‘voluntary industry security programs’ (see CAP report Chemical Security 101, page 26 for example). The new Congress will certainly be scrutinizing the implementation of the CFATS rules as they discuss permanent legislation to replace the temporary CFATS authorization. I’ll continue to try to get more information from SOCMA about the problems facilities are having with their ASP submissions. Additional information from the readership would also be appreciated.

1 comment:

Anonymous said...

Mr. Coyle - I regret to hear your efforts to reach us have not worked out. Please feel free to email me at panettieria (at) socma (dot) com so that I may try to help you obtain the information you need. Hope to hear from you soon.

Angelina Panettieri
Assistant Manager, Communications

/* Use this with templates/template-twocol.html */