Chemical facility security

ez Explanations

Facilities that use chemicals, even in very low volumes, are under particular scrutiny, as their operations are considered especially vulnerable to threats. These threats may come in different forms and from different sources: from outside the facility (trespassing, unauthorized entry, theft, burglary, vandalism, bomb threats, or terrorism); or from inside the facility (theft, substance abuse, sabotage, disgruntled employee or contractor, and workplace violence).

Because of the increased threat, chemical facilities need to focus on terrorist or criminal actions that could have significant national impact (e.g., through the loss of chemicals vital to the national defense or economy) or cause releases of hazardous chemicals that would compromise the integrity of the facility, cause serious injuries or fatalities among facility employees, contaminate adjoining areas, or cause injuries or fatalities among adjoining populations.

Scope

For many facilities, compliance with existing regulations led to changes in operations that reduced risk and increased security. Facilities have been able to identify and reduce the chemicals of greatest concern at their facilities. For companies not previously affected by security-related regulations, existing regulations and guidance provide a solid starting point for evaluating processes and implementing changes to improve security.

Regulatory citations

6 CFR 27 — Chemical facility anti-terrorism standards (see note below)
29 CFR 1910.38 — Emergency action plans
29 CFR 1910.39 — Fire prevention plans
29 CFR 1910.119 — Process safety management of highly hazardous chemicals
29 CFR 1910.120 — Hazardous waste operations and emergency response
29 CFR 1910.1200 — Hazard communication
33 CFR 6 — Protection and security of vessels, harbors, and waterfront facilities
33 CFR 101 to 107 — Maritime security
40 CFR 68 — Chemical accident prevention provisions
40 CFR 112 — Oil pollution prevention
40 CFR 355 — Emergency planning and notification
49 CFR 130 — Oil spill prevention and response plans
49 CFR 172.800 to .822 — Safety and security plans
49 CFR 1570 — Maritime and land transportation security: General rules
49 CFR 1572 — Credentialing and security threat assessments
49 CFR 1580 — Rail transportation security

Note: As of July 28, 2023, Congress allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program at 6 CFR 27 to expire. Therefore, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) cannot enforce compliance with the CFATS regulations at this time. Because Congress has the power to return statutory authority, watch for updates at https://www.cisa.gov/resources-tools/programs/chemical-facility-anti-terrorism-standards-cfats.)

Key definitions

Information security: Protecting sensitive information and preventing disruption of operations. These measures include securing records, shredding documents, following retention periods, using passwords, backing up data, and supervising visitors.
In-transit security: Protecting assets while they are being transported or transmitted. These measures include background checks, fingerprinting, locks, and satellite tracking.
People security: Protecting employees, contractors, customers, and visitors. These measures include installing metal detectors and emergency telephones, using code words and the buddy system, and reporting suspicious behavior.
Physical security: Delaying, denying, or detecting the access of unauthorized persons. These measures include installing locks, fencing, security cameras, proper lighting, and network firewalls.

Summary of requirements

Determine if the regulations listed in the Regulatory Citations section apply. If so comply with the applicable regulations. Each regulation has its own applicability and requirements to consider.
In addition to the regulatory programs, consider:
- Guidance from chemical industry associations, and
- Guidance from federal and state regulatory agencies. (Note: EPA issued EPA-K-550-F00-002, Chemical Accident Prevention: Site Security.)
Consider general principles applied when increasing security at a chemical plant facility:
- Identify potential targets at your facility (assess the hazards).
- Characterize potential threats (internal, external, IS vulnerability, employee screening).
- Eliminate targets when feasible (e.g., change chemicals).
- Control/minimize access to remaining targets (add protections/barriers, relocate processes/storage areas, security procedures, etc.).
- Mitigate/minimize potential effects of incidents involving remaining targets (minimize amounts onsite, relocate/alter processes or equipment, add protections (provide shut-offs, etc.), emergency planning/response plans, etc.).
Consider creating a facility security program. Several different components should be included in a comprehensive facility security program:
- Physical security. Physical security is the process of permitting access to the facility or systems by authorized persons while denying access to others.
- Information security. Information security is protecting sensitive information, preventing sabotage and disruption, and keeping critical business processes operational.
- Personal security. People (employees, contractors, customers, and visitors) are a company’s largest assets. Consider these as part of your security plan. Background checks help ensure that you hire trustworthy employees.
- In-transit security. People, products, property, cash, and information are especially vulnerable while being transported or transmitted from one location to another.
Consider adequately training all employees to understand the need for and workings of your site security procedures.

['CERCLA, SARA, EPCRA', 'Facility Security']

['Release Notifications', 'Terrorism', 'Chemical Facility Security', 'Toxic/Hazardous Substance Releases', 'Workplace Security', 'Facility Security', 'SARA Compliance']

UPGRADE TO CONTINUE READING

About Notice at Collection Terms of Use Do Not Sell or Share My Personal Information Accessibility Support