Yesterday the DHS Infrastructure Security Compliance
Division updated its Chemical Facility Anti-Terrorism Security (CFATS) program
web site to provide links to new versions of two of its CFATS Chemical Security
Assessment Tool (CSAT) 2.0 manuals. These two new manuals are not the simple
tweaks and clarifications that we have been seeing in CSAT 2.0 manuals since
the program was changed last October. They are significant re-writes.
The two new versions of the manual are:
Interestingly the new manuals are dated today, not
yesterday.
The Site Updates
The most obvious web site update is found on the CFATS Knowledge Center page. This page provides
a notice in the ‘Latest News’ section about the two new manuals with links to
the manuals found in the ‘Documentation’ section of the page. Listings for the
older versions of the manuals were removed from that section.
The main landing
page does not contain any mention of the new documents, but it was updated
with a link to a new version of the CFATS Personnel
Surety Program page. That new page does not mention any program changes and
still provides a link to the old
PSP Manual. The CSAT page was not changed (still dated June 21st,
2017), but the link to the CSAT Portal Users Manual now takes you to the new
manual through an updated intermediate
page.
PSP Manual
The new PSP manual is a complete re-write of the manual with
a completely new format. This means that it will be time consuming to determine
what program changes (if any) have actually been made that were reflected in
the new manual. At first glance, I do not see any major changes, nor do I
expect there to be any since there was no update provided on the PSP web page.
There may, however, have been some changes to the way the web site is used.
More on that in a future post.
CSAT Portal Manual
The changes to the Portal Manual do not involve a complete
rewrite so I can take a quick look at the table of contents to initially look
for changes to this manual; and there are some interesting ones. It does not
look like any real policy change, but there appear to have been some additions
made to the CSAT Portal tool.
I do not see any changes in the table of contents until we
get to Section 9, User Management Tab. First the manual completely changes
Section 9.4, Users. That section not provides the following information:
9.4.1 Export User List
9.4.2 View User Information
9.4.3 Reset Password
9.4.4 Delete User Account
9.4.5 Administrator
9.4.6 Personnel Surety Program
A completely new subsection is then added; 9.5, Groups. That
subsection includes:
9.5.1 Corporation Group
9.5.2 Create Group
9.5.3 Edit Group
9.5.4 Delete Group
9.5.5 Merge Group
So far, no new policy; just some added functionality and/or
better listing of capabilities already existing within the system.
Next, we find that ISCD has flipped Sections 10 and 11. The new
Section 10 addresses Personnel Surety Program issues. This is a complete
re-write and probably is related to the changes in the PSP manual that I
mentioned in passing earlier. I’ll probably address this new section in detail
when I cover the new PSP manual. In the meantime, the following new subsections
were added to Section 10:
10.1 Search Affected Individuals
10.2 Affected Individuals
10.2.1 Add Individual
10.2.2 View an Affected Individual
10.2.3 Edit an Affected Individual
10.2.4 Remove Affected Individual(s)
10.2.5 Bulk Upload
10.2.6 Export to PDF
10.3 User Defined Fields
10.3.1 Create User Defined Fields
10.3.2 User Defined Field List
The new Section 11 is just the old Section 10, Manage My
Account. No other changes appear to have been made.
I have not yet gone completely through the manual to see if
any significant changes have been made to any of the other portions of the
manual. That is fodder for a potential future blog post, if there are any
changes.
Commentary
It is not unexpected to see a major rewrite of the PSP
manual. ISCD has been implementing the PSP program in the hand-holding mode
since its inception last year. I am sure that there have been a large number of
lessons learned and hopefully this new manual accurately reflects those
changes. I am more than slightly disappointed that there was not more of a
formal role out of this new manual. As controversial as the PSP program has
been since it was first mentioned, I would have thought that ISCD would have
announced a webinar to explain what had been learned in the first year of the
operation of this program.
At first glance it looks like the CSAT Portal Manual is just
a routine update of both the CSAT site and the Users Manual. The only problem
is that you cannot be sure about that without doing an almost line-by-line
examination of the manual.
One of the things that ISCD changed when they started CSAT
2.0 was the removal of version numbers and change logs from their new
publications. I suspect that this may have been a DHS wide requirement because
most other DHS agencies have not been that user friendly in their publications.
It does make it difficult for users of these manuals to keep up with what is
going on in the program.
Most facility or corporate security managers do not hold
just that job. It is an additional duty place on top of their normal corporate
responsibilities. This means that they do not have the time to do the type of
page-by-page analysis of new program manuals (and there are a bunch of manuals
supporting the CFATS program) to ensure that they understand the changes that
are being made in the program. Failure to understand those changes, however,
could result in their organizations falling out of compliance with program requirements.
I hate to say this about anything involved with the
government, but failure to properly document changes in program manuals is not
fair. It puts an improper burden on the regulated facilities, a burden that
most cannot bear, particularly the smaller facilities. DHS really needs to play
fair with the CFATS community if it wants to continue to operate the program as
a partnership with the chemical community rather than as an adversarial
regulatory relationship.
Posts
No comments:
Post a Comment