Yesterday the DHS Infrastructure Security Compliance
Division (ISCD), in conjunction with their Federal
Register announcement about the implementation of CSAT 2.0, updated a
number of their Chemical Facility Anti-Terrorism Standards (CFATS) program web
sites. They also added a new page briefly outlining the new tiering methodology
implementation.
Revised Pages
The following web sites were modified:
For the most part each page was modified by adding minor
variations of the following note:
“Per the notice published in the Federal
Register on July 20, 2016, DHS has temporarily suspended
the requirement to submit a Chemical Security Assessment Tool (CSAT) Top-Screen and Security
Vulnerability Assessment as the Department improves the tiering methodology
process.”
Tiering Methodology Page
The new Chemical Facility
Anti-Terrorism Standards Tiering Methodology page provides a brief overview
of most of the information that was presented in yesterday’s Federal
Register notice. Other than mentioning that the Site Security Plan (SSP)
CSAT tool will also be ‘revised and streamlined’ there is no mention of the new
relationship between the SSP and SVA tools.
The page also notes that ISCD is intending to add new (and
presumably revise some existing) frequently asked questions on the CFATS Knowledge Center to address the
changes being wrought in the CFATS program. As of the time of the writing of
this blog post (06:00 am EDT), no such changes have been made to the FAQs.
Commentary
These pages were modified/added overnight. This is a fairly comprehensive
and timely update of a Federal web site to reflect an important new change in a
regulatory program. While ISCD is to be commended on its prompt attention to
the program web site, I do have a couple of complaints.
First, and foremost, is the lack of any real mention of the
changes being made to the SSP portion of the CSAT tool. I am severely
disappointed that the SSP page was not updated to include a mention of the fact
that any un-submitted SSP data in a facilities SSP tool will be erased when the
SSP tool is updated sometime next month. Particularly considering the unwieldly
nature of the current SSP tool (which hopefully is being substantially
reformatted in CSAT 2.0), the amount of work that could potentially be lost
could be very disheartening for many CSAT Preparers.
Second it is almost as disturbing to see no mention of the
change in the relationship between the SVA and SSP. In the old CSAT these two
reports were submitted sequentially and submission of the SSP did not begin
until the SVA was ‘approved’ by ISCD. The move to developing the tiering
notification based upon the Top Screen makes infinitely more sense, but it will
make for a major shift on how a facility implements its CFATS process. This
surely should have received at least some mention in yesterday’s website
update.
Finally, when I saw the new tiering methodology page I
expected to see at least some information about the actual methodology. I know
that ISCD has committed to providing some level of detail about that new risk
assessment process and this would have been an appropriate time and place to do
so.
This is certainly not going to be the last change to the
CFATS website reflecting changes being brought about by the implementation of
the new risk assessment process or CSAT 2.0. In the next month or so we can
expect to see a number of new and/or revised CSAT publications being published.
I hope that ISCD intends to publish those in a phased manor so that we have a
chance to review and digest the changes in each CSAT 2.0 tool before we
consider the next tool revision.
Posts
No comments:
Post a Comment