Your Solution for SMART Response Plans

Don't Get Caught Non-Compliant: Top Tips for Regulatory Compliance

Posted on Thu, Jan 23, 2014

In early January, a chemical leak from a Freedom Industries storage facility caused West Virginia American Water to shut off the water supply to nearly 300,000 people. The West Virginia Department of Environmental Protection identified five violations which will likely result in substantial fines. In addition, criminal penalties may be pursued.

As demonstrated month after month, compliance is a requirement, not an option.  Some argue that the bureaucracy is riddled with inefficiencies. However, the “rules” are aimed to protect communities and the surrounding environment.  According to David Hall’s Wall Street Journal article, The Morning Ledger: Companies Beef Up Compliance Departments, “Hefty fines and other penalties have jolted companies, especially banks, into a compliance hiring spree, as governments at home and abroad tighten business laws and regulations and ramp up their enforcement activity.” Compliance costs are typically lower than the expenditures associated with non-compliance fines, litigation, reputational risk, and government mandated shutdown of operations. Companies must implement a budget that ensures regulatory compliance.

Managing regulatory compliance for industrial facilities can be a daunting task. Industrial facilities must operate profitably; yet comply with a complex array of federal, state and local regulations.  The consequences of disregarding the various required elements can be corporate self-destruction.

Key concepts for managing regulatory compliance from a corporate perspective include, but are not limited to:

Database Technology

Technology is a useful, and relatively inexpensive tool that enables companies to monitor continually evolving regulatory requirements. In recent history, companies have utilized Excel spreadsheets to manage requirements. However, as a company expands or new regulations are implemented, spreadsheets can become overwhelming, ineffective, and time consuming. Larger operations should consider utilizing database technology to ensure that compliance can be effectively managed on an enterprise-wide level. Utilizing a database limits the duplication of tasks generated when multiple agencies have regulations that are related to the same subject matter.

Available Expertise

Internal resources or outsourced compliance expertise can enable a company to leverage regulatory knowledge enterprise-wide. In order to focus on core business components and reduce managerial and administration efforts required to manage compliance, companies can examine utilizing consultants to ensure appropriate response planning and compliance measures.

Facility-Specific Regulations

A company must recognize mandatory submission requirements and tasks for each facility associated with each regulatory requirement. The implementation of a tracking management system that can eliminate redundancies across converging compliance requirements is extremely beneficial for organizations that have multiple applicable regulatory requirements.

A methodological tracking system should itemize applicable federal, state, and local regulations, and include categorical information that satisfies that regulation. A tracking system should, at a minimum contain the following components: 

  • Operational categories: Categories can range from air quality and hazardous materials, to construction safety and general safety and health. Depending on the detail required by the regulations, further breakouts by subcategories may also be required.
  • Applicable Regulation Level:  Regulations should be further broken down to Federal, state or local regulation categories.  
  • Time/Date Stamping: The Time and Date that each regulation was last updated.
  • Compliance Feedback:  Applicable notes regarding compliance or non-compliance.
  • Industry Standard:  Apply best practices related to compliance with specific regulatory requirements, when practical to do so.
  • Cross-reference: Itemize list of additional regulations that may be applicable to the information provided.
  • Facility Compliance responsibility: Identify contact assigned to maintain compliance for each regulatory requirement.
  • Action Item Reporting: Provides a list of outstanding and completed action items, along with due dates and person(s) assigned. Reports should have filters to customize queries as required by the users.
  • Search Functionality - Create the ability to search database for key words and phrases associated with regulations.

One of the most important aspects of maintaining compliance is ensuring that required response plan and associated revisions are submitted to the proper regulatory agencies in a timely manner. The various agencies have different submission requirements regarding initial and plan revision compliance.

For a free fire pre plan guide, click the image below:

 

TRP Corp Fire Pre-Plans Pre Fire Plan

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tags: DHS, DOT, OSHA, CFATS, Response Plans, EPA, Regulatory Compliance

Regulatory Compliance - It's the Law!

Posted on Fri, Mar 11, 2011

An organization can have numerous locations that cross county, state, and/or country borders. Despite operating within the same industry, each site may need to comply with specific applicable local, state, and/or federal regulatory mandates.

Organizations must comply with an ever increasing number of regulations. For example, one specific industrial facility in Louisiana has to meet as many as 700 individual requirements. Non-compliance can cost organizations thousands of dollars, yet documenting and managing these mandates within day to day operations can be a daunting task. 

The implementation of a tracking management system that can eliminate redundancies across converging compliance specifications is extremely beneficial for organizations that have multiple applicable regulatory requirements.

A tracking system should itemize applicable federal, state and local regulations and include categorical information that satisfies that regulation.  A tracking system should contain the following components, at a minimum:

  • Operational category: Categories can range from air quality and hazardous materials, to construction safety and general safety and health. Depending on the detail required by the regulations, further breakouts by subcategories may also be required.
  • Applicable Regulation Level:  Regulations should be further broken down to Federal, state or local regulation categories. 
  • Last update: Date that each regulation was last updated.
    Compliance Task:  Tasks that needs to be completed for compliance.
  • Compliance Feedback:  Applicable notes.
  • Industry Standard:  Industry standards or best practices that apply to the specific  regulatory requirement
  • Cross reference: Itemize list of additional regulations that may be applicable to the information provided.
  • Facility Compliance responsibility: Person(s) responsible to maintain compliance for each regulatory requirement.
  • Action Item Reporting: Provides a list of outstanding and completed action items, along with due dates and persons assigned. Reports should have filters to customize queries as required by the users. 

The results of an effective compliance tracking system is an efficient and integrated program that optimizes the efforts of all stakeholders and allows for optimum compliance.

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Download

Tags: USCG, DOT, CFATS, Emergency Preparedness, Crisis Management, SPCC, EPA, Regulatory Compliance, Emergency Management Program

Regulatory Compliance Management

Posted on Fri, Feb 11, 2011

Managing regulations for industrial facilities can be a daunting task.  Industrial facilities must operate profitably, yet comply with a complex array of federal, state and local regulations. 

To ensure regulatory compliance, companies must establish an effective method of tracking and documenting actions items required for compliance.

Companies are always searching to reduce the costs and efforts required to manage compliance, so they can focus budgets within their core business.  However, lack of compliance can result in additional financial burdens resulting from fines, negative public perception, and possibly government mandated shutdown of operations.

Technology can be a useful, and relatively inexpensive tool for companies to monitor continually evolving regulatory requirements. The use of Excel spreadsheets is a common way to manage these requirements and may be effective for small operations. However, as companies grow and numbers of facilities increase, spreadsheets can become overwhelming, ineffective, and time consuming. Larger operations should consider utilizing database technology to ensure that compliance can be effectively managed on an enterprise-wide level.

Key concepts for managing regulatory compliance from a corporate perspective include, but are not limited to:

  • Use of Database Technology - This allows association of each regulatory requirement to applicable facilities. Updating evolving regulatory information can be effectively managed across multiple facilities with the use of a database.
  • Available Expertise - Identify corporate resources or outsource compliance expertise, and leverage that knowledge enterprise-wide.
  • Identify Facility-Specific Regulations -  Highlight mandatory submission requirements and tasks for each facility associated with each regulatory requirements.
  • Tasking -  Assign compliance tasks, frequencies, due dates, persons responsible, and document completion actions.
  • Identify Best Practices -  Apply best practices related to compliance with specific regulatory requirements, when practical to do so.
  • Organize Compliance Information - Utilize a database to limit duplication of tasks generated when multiple agencies have regulations that are related to the same subject matter.
  • Search Functionality - Create the ability to search database for key words and phrases associated with regulations.

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Download

Tags: USCG, DOT, CFATS, Emergency Preparedness, EPA, OPA 90, Regulatory Compliance, OSHA HAZWOPER standard training

Facility Security Plans and the Maritime Transportation Security Act

Posted on Fri, Sep 24, 2010

 

Certain industrial and municipal facilities are vulnerable to breaches in security and associated threats. Those vulnerabilities vary according to the location and characteristics of the sites; however, the main goal of assessments are to identify and limit security risks to your facility, equipment, and personnel. Being able to identify and quantify risks allows you to establish policies and procedures that can minimize the risk and consequences of security threats, and provide increased safety.

Marine Transportation Security Act requires “any structure or facility of any kind located in, on, under, or adjacent to any waters subject to the jurisdiction of the United States to conduct a vulnerability assessment and prepare and submit a security plan to the Secretary of Homeland Security based on the assessment.”

The following topics should be considered in developing security plans:
  • Internal and external risks, and vulnerability assessment of those levels of risks.
  • On-site and/or off-site security oversight organization and specific duties and responsibilities.
  • Detailed list of security personnel and Facility Security Officer training, exercises and drill procedures.
  • Security of facility record keeping and documentation procedures.
  • Procedures for implementing MARSEC Level security measures, within 12 hours of notification of an increase.

Maritime_Response_Planning.jpg

  • Specific standard internal and external communications procedures, and alternate communication procedures (ex: Interfacing with Vessels, Declaration of Security (DoS)).
  • Security measures for access control in general and restricted areas for employees, contractors and outside parties for each MARSEC Level.
  • Identify alternate security measures if initial systems fail.
  • Identification of on-site and off-site security command center.
  • Evaluation and identification of procedures and security measure for deliveries of hazardous and/or non-hazardous materials, and delivery of vessel stores and bunkers.
  • Identification of potential ignition sources and security control procedures.
  • Detailed site-specific incident security and monitoring procedures.
  • Identification and evaluation of security procedures for auditing and updating security plans
  • Facilities must be able to present a Facility Security Assessment (FSA) Report and Facility Vulnerability and Security Measures Summary (Form CG-6025).
  • If these items are not included in the Facility Security plan, the plan will not be approved by Coast Guard Inspectors.

 

TRP Corp - Emergency Response Planning Crisis Management

Tags: USCG, CFATS, Emergency Preparedness, Security plans

CFATS 101

Posted on Tue, Jul 27, 2010

With the unsuccessful bombing attempt in Times Square a few months ago, it is apparent that home-based terrorism continues to plague U.S. citizens and its infrastructure.  The security of vulnerable infrastructures, such as chemical plants and other facilities that house combustible material, has had little oversight until recently.  A plotted incident at one of these facilities could result in catastrophic loss.

However in 2007, the Department of Homeland Security was given the responsibility to develop and administer the appropriate security regulations for specific "high risk" facilities through the Section 550 of the DHS Appropriations Act of 2007.  These facilities are now required by the Department of Homeland Security to develop and implement security plans in accordance the Chemical Facility Anti-terrorism Standards (CFATS).  Any business or facility manufacturing, processing, using, or storing specific chemicals in specific quantities, unless exempt by statute or rule, must now adhere to CFATS requirements. 

The Department assigns facilities to one of four risk-based tiers, ranging from high (Tier 1) to low (Tier 4) risk. It is estimated that over 6,000 facilities are covered by CFATS regulations.  Facilities that submitted a Security Vulnerability Assessment (SVA) and were subsequently notified in writing as high-risk have access via the Chemical Security Assessment Tool (CSAT) to complete and submit the CSAT Site Security Plan (SSP) within 120 days. Congress established steep non-compliance penalties of up to $25,000 per day for missed deadlines and/or potential facility closure.

TRP Corp.

The SSP identifies and details countermeasure of security vulnerabilities. It should cover the current 18 Risk-Based Performace Standards, (RBPS) which covers

  • Area Perimeter
  • Site Assets
  • Screen and Control Access
  • Deter, Detect, and Delay
  • Shipping, Receipt, and Storage
  • Theft or Diversion
  • Sabotage
  • Cyber
  • Response
  • Monitoring
  • Training
  • Personnel Surety
  • Elevated Threats
  • Specific Threats, Vulnerabilities, or Risks
  • Reporting of Significant Security Incidents
  • Significant Security Incidents and Suspicious Activities
  • Officials and Organization
  • Record

Facilities will be inspected after an initial Site Security plan (SSP) approval to ensure CFATS compliance

For more tips and best practices on designing a crisis management program, download our Free Best Practices Guide

TRP Corp.

Tags: CFATS, Security plans