Today the CISA Infrastructure Security Compliance Division (ISCD)
published a new frequently asked question (and response) on the Chemical
Facility Anti-Terrorism Standards (CFATS) Knowledge
Center. FAQ #1795 addresses the requirement for facilities to conduct
annual audits of their site security plan (or alternate security plan as
appropriate).
The new FAQ
FAQ #1795 - When is a covered facility required to conduct a
Site Security Plan/Alternative Security Program (SSP/ASP) Audit?
Answer - A covered facility must conduct an audit of its
compliance with its SSP/ASP no later than one year after the date of the
SSP/ASP approval. Thereafter, it must conduct its annual audit no later than
one year after the date of its previous audit.
Commentary
It is just a little bit odd that the response does not
include a reference. There is no law requiring a FAQ response to quote the
appropriate place in the regulation or statute that provides the quoted mandate,
but ISCD has been very good (almost compulsive) about including such
references. For the record 6 CFR 27.225(e) contains the requirement for a facility
to “conduct an annual audit of its compliance with its Site Security Plan.” All
FAQ #1795 does is inserts a common regulatory definition of the term ‘annual’
in that requirement.
There is no listing in the ‘Latest News’ section of the
Knowledge Center announcing the new FAQ. We will probably see on later this
week.
NOTE: A couple of weeks back CISA started to add revision
dates back to the web pages on the CFATS
web site. Instead of putting a ‘last changed’ date on the bottom of the
page as the standard used-to-be, CISA is adding an ‘Original Release Date: │ Last Revised:’ line just
below the page title. I am glad to see them doing this. It makes it easier for
gadflies like me to keep up with the changes.
BTW: The CFATS Knowledge Center page does not have the
dateline added yet.
Posts
No comments:
Post a Comment