The Chemical Facility Anti-Terrorism Standards (CFATS) is a regulation aimed at enhancing the security of the nation’s highest risk chemical facilities. Unlike prescriptive regulations, CFATS utilizes risk-based performance standards and requires regulated chemical facilities to complete a Security Vulnerability Assessment (SVA) and a Site Security Plan (SSP) or Alternate Security Program (ASP), among other things. CFATS took effect on June 8, 2007, and “Appendix A” – which helps determine whether (and to what extent) a chemical facility may be regulated – was published in late 2007.
Facilities that continue to be classified as “high risk” following Department of Homeland Security (DHS) review of their SVAs receive a Final Tier Letter assigning them to one of four risk tiers that require increasingly stringent levels of security. Each of these facilities must submit a SSP or ASP to DHS that addresses the vulnerabilities identified in its SVA. Once DHS approves the SSP or ASP, the facility must ensure ongoing compliance with its approved plan.
The U.S. Coast Guard’s Maritime Transportation Security Act (MTSA) requires certain facilities located on, or adjacent, to U.S. waterways to conduct a Facility Security Assessment (FSA), develop and submit a Facility Security Plan (FSP) to the Coast Guard, and adhere to Transportation Worker Identification Credential (TWIC) requirements. TWIC is a tamper-resistant, biometric identification card required for all individuals who require unescorted access to secure areas of MTSA-regulated facilities and vessels. To obtain a TWIC, an individual must successfully pass a security threat assessment and provide biometric information to the Transportation Security Administration (TSA).
TSA and the Pipeline and Hazardous Materials Safety Administration (PHMSA) have each published their own rail security regulations. These regulations give special attention to the transportation, storage, and custody of some hazardous materials (including toxic inhalation hazards). Because chemical manufacturing and transportation require an integrated approach to security across the entire supply chain, CFATS must be considered in light of TSA and PHMSA regulations, and vice versa. Furthermore, Congress included additional surface transportation security requirements as part of the law implementing the recommendations of the 9/11 Commission in August 2007.
The Department of Transportation’s (DOT’s) HM-232 regulations aim to enhance the security of hazardous materials transported in commerce (by truck and rail). HM-232 requires shippers of certain hazardous materials to develop and adhere to a transportation security plan and train relevant employees regarding the security plan. The HM-232 regulation applies not only to those who transport the hazardous materials, but also to the facilities that offer the hazardous materials to third party drivers and rail carriers.
Homeland security regulations create enhanced compliance obligations for the regulated community. Ensuring ongoing compliance may include, among other things, detailed recordkeeping, management of change protocols, internal and external reporting, internal and external audits, and conducting routine training, drills, and exercises. It also requires a comprehensive knowledge of the law, regulations, and implementing guidance, including awarenesss of updates and changes to those laws, regulations, and guidance.