Robert "R.J." Hope, CPP, ABCP
Department Manager, Global Security Services
Email Robert "R.J."
P: 816-349-6754
F: 816-822-3424

Helping You Meet CFATS Requirements

Helping You Meet CFATS Requirements

Do you manufacture, distribute or store chemicals that could make your facilities potential targets for terrorist groups? What steps have you taken to secure these chemicals and protect your business, your employees, your neighbors and your community?

The Department of Homeland Security (DHS) implemented the Chemical Facility Anti-Terrorism Standards (CFATS) in 2007 to address such concerns.

Burns & McDonnell stands ready to assist you in meeting these key standards. We can help you navigate the massive amounts of data required for submitting your site security plan (SSP), including the challenges of interim, planned and proposed security measures.

Security Assistance from SSP to Implementation

Once security measures are included in your SSP, DHS will expect to see them implemented. Our team of consultants can assess your facility, recommend appropriate security components — based on the security principles of deter, detect, deny and defend — and write requests for qualifications (RFQs) for the integrator of your choice to bid. Our priority is to determine what will make your facility safe and obtain compliance.

When your SSP is accepted, our team can assist with implementation and construction project management.

DHS developed the CFATS in an initiative to identify and help protect high-risk chemical facilities from potential terrorism. More than 29,000 facilities submitted Top-Screens, the initial screening process through which chemical facilities provided information to DHS. An estimated 7,500 of those were required to comply with CFATS.

These designated facilities provided DHS with security vulnerability assessments (SVAs) and most have received their final tier ratings, signifying the level of risk a theft, diversion or sabotage would present to the community and the nation. This determination is based on many factors, including the facilities’ proximity to urban areas and the possession of chemicals of interest in quantities exceeding the stipulated threshold, known as the screening threshold quantity.

The SSP or ASP is the core of CFATS compliance. With more than 1,000 questions for evaluation, the creation, approval and implementation of the SSP is the most challenging step. The SSP must describe which security measures will address which vulnerabilities identified in the facility’s submitted SVA. The SSP must also describe how those measures will meet or exceed each applicable performance standard for the appropriate risk-based tier.

DHS established 18 CFATS risk-based performance standards that identify the areas for which a facility’s security posture will be examined and compliance evaluated. Through these 18 standards, DHS mandates a defined security outcome. Covered facilities may implement the security processes and/or programs of their choice, as long as each facility achieves the requisite level of performance in each applicable area.

Once the SSP is submitted, the two-step approval process consists of a DHS representative plan review and a DHS representative site visit. Only after DHS approves the plan does the facility implement the physical, cyber, process and personnel security enhancements stipulated in the SSP.

An ASP may be submitted in place of the SSP, although this option is not as clearly defined and can face more inspector scrutiny. Companies with active security programs may consider this a viable alternative for meeting CFATS requirements. An ASP can result in a functioning corporate security plan or program for daily operations, while an SSP will not.

CFATS regulations are estimated to cost the chemical industry $3.6 billion over the first three years of implementation. Although there is a significant amount of work to be done by the industry to adhere to these new standards, the potential consequences of inadequate security proves the importance of better protecting our nation’s chemical facilities.

  • SSP or alternate security plan (ASP) preparation
  • Planned and/or proposed security measure RFQ creation
  • Security training: terrorism identification and prevention, bomb identification, suspicious person/behavior identification
  • Development and implementation of security process and procedures
  • Corporate security plan development and implementation
  • Emergency response, crisis management and business continuity planning
  • Computer network penetration testing and validation
  • Client assistance during DHS inspections
  • Security design