Does This New Regulation Apply to Your Facility?

Facilities that manufacture, use, store or distribute toxic or flammable chemicals, explosives, poison inhalation hazards, chemical weapon and IED precursors, and water reactive chemicals above screening threshold quantities must submit a Top-Screen consequence questionnaire through the secure DHS Chemical Security Assessment Tool (CSAT) web site. DHS evaluates Top-Screen submissions to identify those facilities that will be required to:

• Prepare and submit a Security Vulnerability Assessment (SVA) using the CSAT SVA tool
• Prepare, submit, and implement a Site Security Plan (SSP) to address both the Vulnerability Assessment and applicable risk based performance standards (RBPS)

DHS reviews the submissions and follows-up with site inspections before issuing final approvals. DHS may request revision and resubmission of the SVA and site security plan to assure that they adequately meet the requirements of the regulation. Noncompliance may result in fines and even facility shut-down.

CSAT-SVA and Tiering Assignments

DHS released initial tier assignments the week of June 24, 2008, starting the clock on CSAT-SVAs. Over 6,000 facilities were sent a preliminary assignment of Tier level 1 through 4. Approximately 25,000 facilities have been tiered out of the program and will not need to submit further information. Facilities in Tiers 1-4 will need to submit a CSAT-SVA via the on-line DHS tool.  DHS has released the following Tier statistics: 

Tier 1            205 Facilities
Tier 2            740 Facilities
Tier 3        1,663 Facilities 
Tier 4        4,068 Facilities

DHS reviews SVAs and issues final tier determinations and further instructions on a rolling schedule.  Sites have 120 days to submit a Site Security Plan (SSP) unless notified otherwise by letter or Federal Register notice.  Detailed inspections are scheduled following submission of SSPs to verify information contained in the plan and determine if the plan meets regulatory requirements.

AcuTech iSVA Template for CSAT SVAs 

AcuTech has developed the iSVA Template for  Dyadem's SVAPro^TM software that provides a flexible time-efficient methodology for gathering, input, analysis and review of data to be entered into the on-line CSAT SVA tool.  Click on the PDF above for complete information on this new tool.

Steps for CFATS Compliance - Site Security Plans and RIsk Based Performance Standards

Once a covered facility has received their initial notification of high risk and a preliminary tier assisgnment and has submitted a CSAT SVA, it is time to get ready for the next stage of compliance - the SSP. The DHS Guidance on Risk –Based Performance Standards (RBPS) has been published to assist facilities in developing a compliant SSP.  The RBPS guidance document provides an excellent idea of how DHS expects facilities at different tiers to comply with the 18 RBPS and document compliance through the Site Security Plan.  Facilities at all tiers will be required to have an SSP which they will submit through the DHS CSAT tool using the DHS SSP template or an Alternative Security Program. 

Having served as subject matter experts to DHS during the development of CFATS and the CSAT system, AcuTech staff are expert in understanding how to take a facility from an SVA to an SSP by analyzing gaps in existing countermeasures against the RBPS. AcuTech has experts to design cost-effective security solutions to meet all RBPS at all tiers and to assist in the development of a suitable Site Security Plan. We can even act as your Preparer and save you the time it takes to fill out the lengthy online template to document your SSP.

There are 18 RBPS that range from securing the site, to training, recordkeeping and coordinating emergency response and crisis management. Measures that satisfy the RBPS can result in “layers of protection” and individual measures may help a facility meet more than one RBPS. AcuTech is expert at designing cost-effective, resource efficient, well-organized plans that document coordination among existing plans, incorporate new measures needed to fill CFATS-specific gaps and meet your compliance needs. We have written security and emergency response plans for a wide variety of industries including oil refining, chemical manufacturing, LNG terminals, food manufacturers, and more…

AcuTech's 6 Step CFATS SSP Approach

1. Strategy -- formulate a plan for completion of SSPs, including development of an overarching Corporate Security Plan (policy level) and preparation of facility-specific SSPs to meet DHS CSAT SSP requirements or ASP. Provide additional operational guidance documentation as required.
2. Site visit -- review existing security measures and capture all data necessary to complete the DHS CSAT SSP for each facility and, if needed, develop a “template” that can be used for multiple, similar facility SSP submissions.
3. Gap analysis -- evaluate existing facility security countermeasures identified in Step #2, and compare those security measures with the associated RBPS metrics for each site’s applicable DHS CFATS tier level.
4. Identify solutions -- recommend security measures required to meet the RBPS, or document the rationale explaining in depth why existing systems are sufficient to provide the necessary security. This step may require direct communication with DHS to seek and achieve concurrence.
5. Prepare the CSAT SSP -- complete the DHS SSP using CSAT and the information developed in the earlier steps to ensure facility compliance, establishing the foundation for DHS SSP approval, against which each regulated facility is to be inspected.
6. Inspection, audit, and ongoing support -- provide independent 3rd party review of facility SSPs, assess facility readiness for a DHS CFATS inspection, support facility training, and interface with organizations essential to meet CSAT SSP response requirements. In addition, assist in representing the facility in the event of DHS inspections or citations. Provide complete CFATS support, including training, SVAs, and other services.

Once a facility has submitted a CSAT SSP to the Department of Homeland Security (DHS), its obligations under CFATS are not finished. In order for a facility to remain in compliance and create a workable CFATS compliance program, it is important to have a way to put into practice the commitments made to DHS as part of the CSAT SSP submittal. A practical Operational Site Security Plan helps a site stay current with its security needs and provides a map for how such activities meet CFATS requirements when facing an inspection and for operational excellence.   AcuTech can help you develop a this key security plan. 

Following are other services that AcuTech experts offer that will assist you with on-going compliance with the CFATS regulations:

• Development and preparation of security procedures
• Site Security Plan (SSP) Development
• Operational Security Planning
• Corporate baseline security measures
• Emergency response, crisis management, and business continuity planning
• Security Training
• Drills and Exercises
• Post SSP submission pre-inspection assessments
• “Red Teaming” and facility security system penetration testing and validation
• Preparation of system validation documents
• Assist clients negotiating equivalent security measures with DHS
• Expert consultation during DHS Inspections and technical assistance with “Appeal Proceedings”
• Transition and integration of MTSA plans to meet CFATS expectations
• Development of Corporate Security Management System elements and ISO support
• Management and protection of information, incorporating CVI data and compliance
• Security Design Services

AcuTech Uniquely Qualified to Assist Facilities

AcuTech’s team of consultants provides expert support to achieve your facility security requirements. Industry recognizes us as leaders who worked with DHS and industry groups to develop the RBPS guidance, the core document supporting the SSPs. AcuTech has a long and successful history as industry advocates supporting strong working relationships with our industry clients as well as with government regulators.

CVI Training Required

The information submitted to DHS for the Top-Screen (and subsequent submissions) will be protected as Chemical Terrorism Vulnerability Information to prevent release to the public.  DHS has posted the Chemical-Terrorism Vulnerability Information (CVI) user training on its web site (revised 9/22/08).

Anyone who is required to submit a Top-Screen needs to go through the on-line CVI training (takes about 30 minutes).   All AcuTech staff have completed CVI training are prepared to assist facilities with submissions.  Additionally, DHS has posted a revised CVI procedures manual.

  DHS CSAT-SVA Instructions (PDF) 

  DHS Inspections & Enforcement Contacts