Chemical Processing - March 2008 - (Page 27)

Internet (https://csat-registration.dhs.gov/). There are very stringent requirements on controlling information associated with the CSAT process. Prior to getting access to the CSAT system, all persons who are involved must be precerti ed by DHS. To gain certi cation persons must demonstrate an understanding of the importance of safeguarding information related to chemical security vulnerability. To register and get the appropriate employees trained, visit the DHS web site at https://csat.dhs.gov/cvi_training/. After completing your Top Screen process online, a screen informing the user that the facility “may be regulated” or “not regulated” will appear. Subsequently, DHS will notify you by mail to con rm whether or not you will be regulated under CFATS and, if so, to what risk tier you will be assigned. Security vulnerability assessment If, following the Top Screen process, DHS informs your company that a facility will be regulated, you must conduct a Security Vulnerability Assessment (SVA). You will have 90 days after DHS classi es the site to complete and submit this assessment. The mission of the vulnerability assessment will be to reduce the risk of: • toxic chemical release; • theft and diversion of chemicals that could be used as precursors for explosives or weapons of mass destruction; • sabotage or contamination of chemicals; and • impact on critical government activities and the national economy. The SVA clearly is a collaborative process whose success depends upon the quality of the team that’s assembled to conduct the study. The team typically should consist of representatives from site security, risk management, operations, engineering, safety, environmental protection, regulatory compliance, logistics/distribution, information technology and other areas, as required. To have a valid outcome, it’s important to include a security professional on your team. Many organizations will need to look outside for the security expertise necessary to complete the SVA. Hire only an independent consultant. Consider, for example, members of the International Association of Professional Security Consultants (IAPSC), as they must adhere to a strict code of ethics and are truly full-time independent consultants, not part-time consultants or ones tied to the sale of products or other services like hardware salesmen, guard contractors or private detectives who may profess to do it all. Your consultant should have experience working in the chemical industry and with the common methodologies for conducting SVAs, such as that from the Center for Chemical Process Safety. Look for credentials like Certi ed Protection Professional (CPP) or Physical Security Professional (PSP) from ASIS International or Certi ed Security Consultant (CSC) from the International Association of Professional Security Consultants. A key component of SVAs is actually understanding where adversaries www.chemicalprocessing.com >> Risk matrix Probability of occurrence A B 1 2 2 3 4 C 2 2 3 4 4 D 2 3 4 4 5 E 3 4 4 5 5 Severity of occurrence 1 2 3 4 5 Severity 1 – Critical 2 – High 3 – Medium 4 – Low 5 – Negligible 1 1 2 2 3 Probability A – Likely B – Probable C – Possible D – Unlikely E – Improbable Risk 1 – Critical 2 – High 3 – Medium 4 – Low 5 – Negligible Figure 1. Risk analysis must take into account both the probability of an event and the severity of its consequences. can exploit weaknesses in a facility’s security — certiﬁcations indicate that a consultant can offer sound opinions. Preparing your SVA DHS’s identi cation of the chemicals of interest and the risks associated with them will provide the focus for your SVA. Doing it doesn’t have to be an onerous task. Selecting the right people and proper pre-planning can make the process operate very smoothly (see sidebar). To make the most of your assessment, it’s important to understand each of the required steps and their associated best practices: Asset characterization. This involves the identi cation of critical assets (done in the Top Screen), evaluation of existing countermeasures and quanti cation of the severity of consequences. The severity of the consequences and asset attractiveness are used to screen the facility assets into those that require only general security countermeasures versus those that require more speciﬁc actions; protection levels must be spelled out in your site security plan. As soon as possible identify the scenarios that will be addressed in your SVA (i.e., release, theft/diversion, etc.) because the remainder of the SVA will focus on the risk associated with these scenarios. Threat assessment. This determines the estimated general threat level, which varies as situations develop. Depending upon the threat level, security measures greater than baseline ones likely will be necessary. While threat assessments are key decision-support tools, always bear in mind that such assessments, even if updated often, might not adequately capture emerging threats posed by some adversaries. No matter how much we know about potential threats, we’ll never know that we have identi ed every threat or that we have complete information even on the threats about which we are aware. March 2008 • 27 https://csat-registration.dhs.gov/ https://csat.dhs.gov/cvi_training/ http://www.chemicalprocessing.com

Table of Contents Feed for the Digital Edition of Chemical Processing - March 2008

Chemical Processing - March 2008 Contents From the Editor ChemicalProcessing.com Field Notes In Process Energy Saver Compliance Advisor Distillation is Bubbling Feel Secure About Vulnerability Assessments The Door Opens For Membranes Achieve Effective Heat Exchanger Control Epoxy Maker Finds the Right Glue for Its Business Process Puzzler Plant InSites Equipment & Services Product Spotlight/Classifieds Ad Index End Point

Chemical Processing - March 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.