tag:blogger.com,1999:blog-9122514974659083342.post3459344086169052151..comments2024-02-02T22:30:20.736-05:00Comments on Chemical Facility Security News: Reader Comment 03-13-10 SSP ExperiencePJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9122514974659083342.post-81262473233193436392010-03-16T23:02:35.302-04:002010-03-16T23:02:35.302-04:00For my response to the comments made by Clark, Lup...For my response to the comments made by Clark, Lupacchino, and Sem see: http://chemical-facility-security-news.blogspot.com/2010/03/3-reader-comments-03-15-10-ssp.htmlPJCoylehttps://www.blogger.com/profile/03390039682578324978noreply@blogger.comtag:blogger.com,1999:blog-9122514974659083342.post-4887419585808328912010-03-15T14:17:12.526-04:002010-03-15T14:17:12.526-04:00I respect Dick Sem's comments, as he made some...I respect Dick Sem's comments, as he made some valid points. As a consultant who assists clients work through the SSP process, I have would like to share the following:<br /><br />The SSP process is a detailed, diagnostic assessment of the efficacy of a high risk facility's security posture specifically driven by the COI's security issues and the intelligence-based threat scenarios.<br /><br />The SSP's 1500 questions reveal opportunities to evaluate, implement and enhance security policy, process and strategy. A by-product of the inquiry is a snapshot of the current state of the facility's security culture and practice, including risks and gaps as it relates to COI's.<br /><br />The SSP not only reviews the characteristics of the physical plant and property, it also evaluates the cross functional business activities that intersect with the COI's security issues. <br />Sales, Human Resources, and Customer Service uniquely impact COI security at different phases of the inventory or production cycle. One effect of SSP interaction with support departments can be the bridging of "silos" within some organizations. The SSP process can initiate synergy and convergence of security awareness for a more holistic security program.<br /><br />The SSP process also fosters relationships with local and state emergency services. This exchange contributes to a more thorough understanding of the challenges first responders face specific to the facility's COI.<br /><br />The DHS resources that exist (CFATS Help Desk, compliance assistance visits, DHS website, etc.) to support the facility is significant. It is obvious DHS is committed to communication and collaboration.<br /><br />The Risk Based Performance Standards(RBPS)Guidance document is indispensable in the SSP process. Not only does it provide clarifications on how to meet the RBPS expectations,it offers examples of security measures, practices and metrics. THE RBPS Guidance document also paints a picture of what these components might look like at different tier levels.<br /><br />When combined with the current state snapshot that the completed SSP reveals, a high risk facility can began to create a security program around the assets and COI's or validate aspects of an existing security program.<br /><br />As the compliance effort matures, I trust that DHS and industry will continue in dialogue regarding lessons learned and process improvement. <br /><br />Ultimately, the high risk facility's ability to recognize, react and respond to modern day threats is highly dependent on a proactive, holistic and validated security program. The SSP process is a significant effort in meeting that objective.<br /><br />Thank you for the work you do here and for the opportunity to comment.<br /><br />Jim Lupacchino<br />Director, Operational Support<br /><a href="http://www.dayzim.com/en/Services_and_Products/Security" rel="nofollow">Day & Zimmermann Security Services</a>Jim Lupacchinonoreply@blogger.comtag:blogger.com,1999:blog-9122514974659083342.post-74668403285057399652010-03-15T12:58:38.663-04:002010-03-15T12:58:38.663-04:00Patrick, I'd like to thank you for the thought...Patrick, I'd like to thank you for the thoughtful response and discussion. Two further thoughts:<br />Most of the questions in the SSP only allow for either "yes" or "no" answers when a "N/A" would be much more appropriate. And, the SSP does address "facility-wide security measures" pretty thoroughly and I think virtually all physical and procedural aspects of most facilities' security measures would end up being addressed in the SSP.<br /><br />As to Ed's comment, while I agree that the skilled security analyst might more easily address this tool, I would think that most covered facilities don't have such a person, at least in-house. I would think that most of these are being completed by someone not in security, such as the facility EHS person. Anecdotally, an EHS person from a small chemical facility on the east coast called me and said he had attended two DHS-sponsored CFATS training programs and came out of them more confused than when he went in.Dick Semhttp://www.semsecurity.comnoreply@blogger.comtag:blogger.com,1999:blog-9122514974659083342.post-34410275956237048742010-03-15T09:38:32.858-04:002010-03-15T09:38:32.858-04:00Gents,
While I in no way shape or form think that...Gents,<br /><br />While I in no way shape or form think that CFATS is a well oiled risk management machine, it does allow the skilled security analyst to assess the risk and implement appropriate mitigation strategies.<br /><br />Here is a link to a webinar I have put on that discusses how to prepare for and develop a CFATS SSP.<br />http://bit.ly/CFATS_SSPEdwardhttps://www.blogger.com/profile/15197900489469445849noreply@blogger.com