CFATS Professionals: Slow-Moving Approval Process No Reason To Rest

• By L.K. Williams
• Oct 25, 2010

Three professionals who help chemical facilities meet security responsibilities note that facility officials need to ensure that they can deliver on their site plan promises.

Chemical facilities that have submitted their site security plans (SSPs) really don't have time to relax despite the fact that the Department of Homeland Security has only been able to authorize three of the more than 3,669 submissions it has received as of Oct. 1.

SSPs are required for high-risk facilities through the Chemical Facility Anti-Terrorism Standards and a presentation on this subject was given by Michael Saad, CPP, senior director of consulting services at Huffmaster Crisis Response LLC; Wade Pinnell, CPP, vice president, Huffmaster Companies; and Evan Wolff, director, Homeland Security Practice Resources Regulatory and Environmental Law, Hunton and Williams, during ASIS 2010 in Dallas.
 
Pinnel, who has attended seven pre-authorization inspections, urged facility managers to review their plans as an inspector would.

"You need to check to see if what you told DHS you were going to do is actually in place," he said.

Pinnel also stressed that inspectors will be interviewing not only uniformed security officers, but also receptionists and anyone else who is assigned to implement security policy and procedure.

From his experience, Pinnel said that "we all submitted far too little information. Can inspectors visualize what we are doing in our facilities?"

If they can't, the security plan probably needs some work, including screening site visitors, searching vehicles, and preparing staff to take on their security roles.

Pinnel cautioned against letting technology drive security solutions.

"We need to integrate with the individuals performing the security roles," he said.

Saad took that tact a step further, urging security managers to develop relationships with law enforcement.

"Bring them to your facilities, show how you do what you do, provide site drawings and then re-engage them during training," he said.

An important aspect of planning is communicating the plan. Saad explained that planned security measures must be written into company policy and procedures. There also should be written protocols for security incident reporting, security incident investigation, training, drills, and exercises.

The key ingredients for success, Saad said, hinge on executive commitment to the programs (there is no ROI, we must comply) and a good project manager. Without someone dedicated to developing and implementing facility security under CFATS, deadlines may be missed, he noted. Realistic timelines are essential and, if those are not kept, managers must document why to discover gaps and provide information to DHS, he added.
 
From an attorney's perspective, Wolff encouraged managers to have their companies develop a corporate policy on security, a security compliance policy that establishes clear leadership and management, and a corporate inspection process.

"DHS has broad inspection authority," he said, adding that adjudication is based on the records a facility creates.