Saturday, July 3, 2010

DHS CSAT FAQ Updates 07-02-10

As part of the introduction for the new CFATS Knowledge Center (which I covered yesterday) DHS updated three previously published responses to Frequently Asked Questions (FAQ), printed five new FAQ with responses, and added four new articles about CFATS related topics.

Updated FAQ 1368: Are background checks required for fire department personnel (firefighters and fire protection engineers)? If so, would the background check used for initial employment be acceptable? 1387: When logged in to TS, how do you know which role you are logged in as? 1546: Does a facility have to go through the CSAT process if it has already implemented security measures? The responses to the first two questions listed above were identical to the previously printed versions as far as I can tell. Why they were given new ‘published’ dates I don’t know. I don’t have a copy of the previously published version (8-15-08) of the response to 1546 in my files, but there doesn’t appear to be anything new in the current response. The short answer to that FAQ is, of course, yes. New FAQ 1652: What is a “critical asset”? 1653: If my facility is located in an office park complex and the office park complex has certain security measures, can the facility include these security measures as part of its Site Security Plan? 1654: Would disapproval of an SSP and/or receipt of a guidance letter from DHS be a good time to ask for inspector assistance? 1655: My tiered facility possesses only Theft/Diversion COI. Do I need to address all of the RBPS or just #6 pertaining to theft/diversion? 1656: In preparing its SSP, how can a facility provide information about changes in security measures to reflect changes in threat level? Any time that DHS publishes a new FAQ on this page I will continue my previous practice (from the CSAT FAQ Page reviews) of recommending that all CFATS related personnel should read the response. At the very least it will provide an understanding of the thought processes currently in vogue at ISCD; certainly a valuable bit of knowledge. It is not often that I find fault with the guidance included in the response to these FAQ. I have never found anything obviously wrong, but from time to time I find that the response does not cover an obvious complication or problem that should clearly be addressed. I found one in the response to question 1653 about including office park security measures on the SSP for a high-risk facility within the office park. The DHS response essentially says that the facility can use a variety of ‘Other’ text boxes to report these security measures and then reminds the facility that: “Sites must be prepared to provide documentation about these procedures even though they are provided by another party.”

This kind of overlooks the fact that DHS considers the security measures on the approved SSP to be part of the security requirements for the high-risk facility; requirements that can only be changed with the advanced approval of DHS. Since the office park management is not a party to this agreement, they can discontinue any of the park security measures at anytime that they wish; leaving the facility high-and-dry when it comes to SSP compliance. This ought to at least be mentioned in this response. I was especially happy with the DHS response to FAQ 1656 about security measures for periods of increased risk. DHS notes that RBPS 13 and 14 contain questions “related to variable security measures under different threat conditions, including predictable times of changed threat like a hurricane evacuation [emphasis added], holiday shutdown, or turnaround”. High-risk chemical facilities need to include security planning in all of their emergency response plans; regardless of whether or not those plans are specifically terrorist related. During any emergency response situation the facility will be more vulnerable and may be a higher visibility target due to news coverage.

New Articles 1667: Consolidating CSAT User Accounts 1668: CSAT User Account Passwords 1669: How DHS “Tiers” Chemical Facilities 1670: How DHS Notifies a Facility of Its Preliminary or Final Tiering As I noted in yesterday’s blog, the folks at ISCD have started to provide more detailed articles on various aspects of the CFATS process. It is apparent that these articles are not developed in response to a specific question received by the Help Desk personnel. I would assume that it is probably based upon a pattern of questions received at the Help Desk or asked directly of on-site inspectors. In any case, because of the depth of the discussions involved, I would certainly recommend that all CFATS related personnel should read each of these articles as they are issued and/or revised. All four of the articles listed in this week’s updates of Knowledge Center are well worth reading. Of particular interest to all high-risk facilities will be the article on facility tiering (1669). This is a particularly good discussion of the reason for, and process of placing facilities in these risk-based tiers. There is one sentence in this article that bears particular attention. It is found towards the end of the article and states:

“The Department’s tiering algorithm is classified, but the presence or quantity of a particular chemical of interest (COI) listed in Appendix A is not the sole factor in determining a facility’s tier, nor is it an indicator of a facility's eventual or continued coverage under the rule [emphasis added].”
I have been hearing rumors that this last phrase has been cropping up more frequently in discussions around DHS about the implementation of inherently safer technology (IST), particularly reducing or removing COI from high-risk facilities. It seems that there may have been some instances that the CFATS processes may have identified facilities that could be of enough of terrorist target that they would need to remain on the high-risk facility list even if their COI were reduced below the screening threshold quantities (STQ) listed in Appendix A. I’m not sure how a facility would respond to being told that their hard work at reducing their COI below STQ levels did not remove them from CFATS coverage. I would suspect that there would be some facility management that might get extremely upset. Politically, this could call into question the justification for potentially mandating IST implementation. It would be interesting to see how this would play out, if and when.

No comments:

/* Use this with templates/template-twocol.html */