Review – ChemLock and Tiering

This is part of a series of blog posts looking at the potential for the authorization of CISA’s existing ChemLock program and using it as a voluntary replacement for the now defunct Chemical Facility Anti-Terrorism Standards (CFATS) program. Other posts in this series include:

• CFATS is Dead,

• Making ChemLock Safety Act Compliant – ChemLock Program Background

NOTE: Previous articles in this series have been removed from the CFSN Detailed Analysis paywall.

Risk Assessment

One of the things that made the CFATS program so successful over the years was the realization that there were different levels of risk associated with different chemical facilities and that meant that different levels of security were needed to mitigate that threat. DHS developed, and CISA upgraded, a sophisticated tool to complete the risk assessment process that was based upon data provided by each chemical facility called the Top Screen tool. Facility security managers completed a secure, online questionnaire about their facility and CISA used that information to determine if facilities were at a high enough risk to be covered under the CFATS program and if they were to assign the facility to one of four Tiers. That Tier level served as the basis for the much of what the facility was subsequently required to do under the program.

A similar risk assessment process will be required for the ChemLock program if it is going to be used as a basis for providing facilities with Safety Act (6 USC 441 et seq) protections as an incentive to actively participate in the ChemLock program. Obviously, some changes need to be made, but the existing (and currently mothballed) Top Screen process would serve as an excellent basis for such assessments.

Moving Forward

Congress would not need to directly address changes to the Top Screen process nor the Chemicals of Interest list in their rulemaking authorizing the ChemLock process and tying it into the Safety Act process. It could simply authorize CISA to update the existing Top Screen process and adapt it to a voluntary ChemLock reporting process. It would, however, need to require CISA to adopt a screening process that would allow for the establishment of risk-based security measures needed to qualify facilities for Safety Act protections.

 

For a more detailed discussion about revisions to the Top Screen process and COI list, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/chemlock-and-tiering - subscription required.