Site Security Plans

The secretary, under the law, must review and approve the required assessment, plan, and implementation for each facility. The statute prohibits the secretary from disapproving a site security plan on the basis of the presence or absence of a particular security measure, but the secretary may disapprove a site security plan that does not meet the risk-based performance standards. The secretary may approve vulnerability assessments (see chapter 5) and site security plans created through security programs not developed by DHS, so long as the results of these programs meet the risk-based performance standards established in regulation. 

Third parties can be extremely helpful in vetting site assessments and implementation plans. Currently, as site assessments have been set up within the Responsible Care Code, local law enforcement and fire chiefs can look at facility plans. They may be very familiar with the emergency response aspects of a site security plan, but they may not always be the best choice when determining other security strategies or assessing investments. 

On the other hand, the information and analysis results provides the security element with a portion of an overall plant vulnerability analysis that can be used to develop a site security plan. That plan should provide actions to be taken prior to, during, and after any sort of attack. ... 

In April 2007, the U.S. Department of Homeland Security (DHS) issued the Chemical Facility Anti-Terrorism Standard (CFATS). The DHS is to identify, assess, and ensnre effective security at high-risk chemical facilities. Included in this standard is the requirement for facilities handling chemicals above a threshold amount, to submit an SVA for DHS review and approval along with a Site Security Plan (SSP). An SVA evaluates risk from deliberate acts that could result in major incidents. It is performed in a systematic and methodical manner to analyze potential threats and evaluates these threats against plant vulnerabilities. From this analysis, it determines possible consequences and whether safeguards to prevent or mitigate their occurrence are recommended. See also Terrorism. 

Conducting a security vulnerability assessment (SVA) and developing and writing a site security plan as described below are meant to be in conjunction with establishing an effective safety and security program (see Step 5 above). ... 

Institutions may consider applying concepts of crime prevention through environmental design. Building location and properly placed en-tryways, windows, lighting, shrubbery, and other physical features can help deter criminal activity, and are cost-effective, systemic improvements that do not depend solely on technology. The security and access control policy should be the basis of the site security plan. 

The DHS does not currently regulate railroad facilities that store in rail cars large quantities of chemicals or materials on the DHS chemical of interest list, and it does not request that railroads complete the CSAT Top-Screen. Likewise, the DHS has no intention at this time of requiring long-haul natural gas pipelines to complete the CSAT Top-Screen however, chemical facilities otherwise covered by this regulation and with a pipeline within their boundaries must identify the pipeline as an asset and address it, as appropriate, in a site security plan (DHS, 2007c). 

Following a facility s submission of the security vulnerability assessment and its analysis by the DHS, the DHS will either confirm that a facility is high risk or inform a facility that the DHS no longer considers the facility to be high risk or subject to further regulation under CFATS. For facilities confirmed to be high risk, the DHS will communicate the final facility tier determination, and the facilities must develop and implement site security plans that satisfy the risk-based performance standards enumerated in 6 CFR 27.230. 

The site security plan must meet the following standards ... 

Specify other information that the assistant secretary deems necessary regarding chemical facility security. A covered facility must complete the site security plan through the CSAT process, or through any other methodology or process identified or issued by the assistant secretary. Covered facilities must submit a site security plan to the DHS in accordance with the schedule provided in 27.210. When a covered facility updates, revises, or otherwise alters its security vulnerability assessment pursuant to 27.215(d), the covered facility shall make corresponding changes to its site security plan. A covered facility must also update and revise its site security plan in accordance with the schedule in 27.210. A covered facility must conduct an annual audit of its compliance with its site security plan. 

Covered facilities must satisfy the performance standards identified in this section. The assistant secretary will issue guidance on the application of these standards to the risk-based tiers of covered facilities, and the acceptable layering of measures used to meet these standards will vary by risk-based tier. Each covered facility must select, develop in their site security plan, and implement appropriately risk-based measures designed to satisfy the following performance standards ... 

Medical station - Site safety map - Up-to-date site safety plans Providing access to up-to-date safety and health manuals and other reference materials Interfacing with the public government agencies, local politicians, medical personnel, the media, and other interested parties Monitoring work schedules and weather changes Maintaining site security Sanitary facilities First-aid administration... 

Supply chain safety— to protect the products and services on which our economy and society depend. The opportunities for chemical scientists include improved security plans at chemical production sites, automated detection systems that can sense agents inside of closed containers, and improved placarding of railroad tank cars. 

Physical access controls (limited access) (all listed implementation features must be present) This area is related to the procedures for limiting physical access to an entity while ensuring that properly authorized access is allowed. Disaster recovery Emergency operating mode Equipment control (into and out of site) Facility security plan Procedures for verifying access authorizations prior to physical access Maintenance records Need-to-know procedures for personnel access Sign-in for visitors and their escorts, if appropriate Testing and revision... 

Develop security plans for crowd control, traffic control, clinic personnel, materials/supplies/equipment at each clinic site. 

Once a situation assessment has been made and the appropriate response has been determined, the emergency response coordinator should assume responsibility. At this point, sub-elements of the emergency plan should be activated on an as-needed basis, for example, emergency notification, resource coordination, evacuation procedures, site security,... 

Each plan must include an assessment of possible transportation security risks for hazardous materials including site-specific or location-specific risks associated with facihties at which the materials are prepared for transport, stored, or unloaded incidental to movement, and appropriate measures to address them. Specific measures may vary depending upon the level of threat. At a minimum, the security plan must consist of the following elements ... 

Understand their role as an awareness individual in the employer s emergency response plan including site security control and the DOT Emergency Response Guidebook... 

An SVA may include an entire campus or specific facilities on a campus and it involves a series of comprehensive investigations and an integrated analysis. The purpose of an SVA is to catalog potential security risks to a laboratory, determine the magnitude of the risks, and assess the adequacy of systems that are in place. An SVA helps in determining the security planning needs of a facility. An SVA should include an asset evaluation, threat assessment, site survey and analysis, and physical vulnerability survey. 

Demobilization Costs - Site demobilization will include shutdown of the q>erati(Hi, final decontamination and removal of equipment, site cleanup and restoration, permanent storage costs, and site security. Site demobilization costs will vary depending on whether the treatment operation occurs at a Superfimd site or at a RCRA-corrective action site. Demobilization at the latter type of site will require detailed closure and post-closure plans and permits. Demobilizaticxi at a Superfund site does not require as extensive post-closure care for example, 30-year monitoring is not required. This analysis assumed site demobilization costs are limited to the removal of all equipment and facilities from the site. It is estimated that demobilization would take about two weeks and consist primarily of labor charges. Labor costs include salary and living expenses. Demobilization is estimated to be 10,000. 

Pre-emergency planning and coordination with outside parties Personnel roles, lines of authority, training, and communication Emergency recognition and prevention Safe distances and places of refuge Site security and control Evacuation routes and procedures... 

Many of the site controls have been covered earlier in this chapter (Section 7.2 - General hazards and controls). Site controls can be conveniently subdivided under four headings - site planning, site preparation, site security and the arrangements with the client and/or occupier of the premises. 

Every operator of an establishment shall prepare an on-site emergency plan which shall be adequate for securing the objectives specified in Part 1 of Schedule 5 and shall contain the information specified in Part 2 of that Schedule. 

---