Monday, April 29, 2013

CFATS PSP Comments – 04-27-13

This is part of a continuing series of blog posts on the public comments submitted about the DHS 60-day ICR notice for the CFATS Personnel Surety Program (PSP). The other post in the series is:

We are more than half way through the comment period on this ICR notice and we only added one comment in the last week bringing the total to three. I am surprised that there have been no comments to date from any chemical companies, though I do expect that will change as we get closer to the May 21st deadline for comments. We do have our first corporate comment this week, however, from AGL Resources, a natural gas distribution company.

AGL has three specific suggestions for improving the PSP dealing with:

• Vendor PSP certification;
• Bulk data submissions to the PSP; and
• Exemption from PII data sharing rules.

The issue of dealing with vetting vendor employees will be the area that will give high-risk chemical facilities the most problem with the PSP. While facility security managers are certainly going want to restrict vendor access to critical areas of the facility to the largest extent possible, there is still going to be some unaccompanied access required for selected vendors.

I don’t expect ISCD to get too specific about how this should be handled; the §550 rule about specifying security measures hangs heavy over their heads. Generally speaking, I would expect them to address this issue in the ICR by stating that each facility will have to address the issue in their site security plans which will be reviewed on an individual basis.

I really believe that the most effective way to handle this issue for most facilities is that they would require such vendors to have a TWIC that would be verified by a TWIC reader at some centralized location (security company most likely) and then checked against an approved list at the facility entrance. Larger facilities would be able to afford a TWIC reader at the gate.

Which brings up an interesting question; how long before we have a Tablet Application that scans IDs and compares them to a facility access list?

No comments:

/* Use this with templates/template-twocol.html */