Managing the Facility Security Plan (FSP) related administrative duties and associated training requirements can be time-consuming and complex, particularly for large companies. With multiple, dynamic, and security-related response planning variables, many large companies implement a response planning system with a training and exercises management component. Advanced web-based systems can ease the burdens of training documentation, scheduling, and maintenance while verifying regulatory compliance. Managing an enterprise-wide security training program can be complicated by:
- Multiple fluctuating certification/expiration dates
- Diverse and varying scope of responder/employee responsibilities
- Site-specific operations and response objectives
- Maintaining company standards and best practice priorities
- Regulatory compliance measures
- Multiple facilities across several locations
- Employee turnover
A FSP and those facilities required to comply with U.S. Coast Guard’s (USCG) 40 CFR 105 regulation should include site-specific details on the following components:
Notification: The Facility Security Officer must have a means to effectively notify facility personnel of changes in security conditions at a facility. Transportation security incidents are reported to the National Response Center and to appropriate emergency responders. At each active facility access point, a system must be in place to allow communication with authorities with security responsibilities, including the police, security control, and the emergency operations center.
Fencing and monitoring: The FSP must describe security measures to prevent unauthorized access to cargo storage areas, including continuous monitoring through a combination of lighting, security guards, and other methods.
Evacuation: The owner or operator must identify the location of escape and evacuation routes and assembly stations to ensure that personnel are able to evacuate during security threats.
Assessment: The Facility Security Assessment requires description of the layout of the facility, and response procedures for emergency conditions, threat assessment, and vulnerabilities, with a focus on areas at the facility that may be vulnerable to a security threat, such as utility equipment and services vital to operations.
Training: A security plan should describe the training, drills, and security actions of persons at the facility. These actions should deter, to the maximum extent practicable, a transportation security incident, or a substantial security threat. If a facility is required to comply with §105.210, facility personnel with security duties must be trained in the following: (Note: These guidelines are also beneficial to facilities not required to comply with the USCG’s 40 CFR part 105 requirement)
- Knowledge of current security threats and patterns
- Recognition and detection of dangerous substances and devices
- Recognition of characteristics and behavioral patterns of persons who are likely to threaten security
- Techniques used to circumvent security measures
- Crowd management and control techniques
- Security related communications
- Knowledge of emergency procedures and contingency plans
- Operation of security equipment and systems
- Testing, calibration, and maintenance of security equipment and systems
- Inspection, control, and monitoring techniques
- Relevant provisions of the FSP
Proper documentation is a critical aspect of any emergency management program. If a facility is required to comply with the USCG’s 40 CFR part 105 regulations, certain documentation is required to be available at the facility and made available to the USCG upon request. A web-based planning system can ensure plan documentation is available from various locations and can expedite plan distribution. The USCG’s 40 CFR 105 requires the following documentation:
- The approved FSP, as well as any approved revisions or amendments thereto, and a letter of approval from the COTP dated within the last 5 years.
- The FSP submitted for approval and an acknowledgement letter from the COTP stating that the USCG is currently reviewing the FSP submitted for approval, and that the facility may continue to operate so long as the facility remains in compliance with the submitted FSP.
- For facilities operating under a USCG-approved Alternative Security Program as provided in §105.140, a copy of the Alternative Security Program the facility is using, including a facility specific security assessment report generated under the Alternative Security Program, as specified in §101.120(b)(3), and a letter signed by the facility owner or operator, stating which Alternative Security Program the facility is using and certifying that the facility is in full compliance with that program.