(24b) Chemical Process Security Performance Standards
AIChE Spring Meeting and Global Congress on Process Safety
2007
2007 Spring Meeting & 3rd Global Congress on Process Safety
2007 Process Plant Safety Symposium
Security, Vulnerability Assessments and Mitigation
Monday, April 23, 2007 - 2:00pm to 2:30pm
Key relevant provisions of the appropriations bill rider that gave DHS the order to ?issue interim final regulations within 6 months? of October 4, 2006, included:
? establishing risk-based performance standards for security of chemical facilities?
? and requiring vulnerability assessments?
? and the development and implementation of site security plans.
for chemical facilities.?
Pursuant to the outcome of the SVA all chemical sites will need to prepare a Site Security Plan. The SSP and SVA will need to explain how the site met the risk-based performance standards set by DHS. This is a new realm in the world of chemical industry security, so a key aspect of meeting the regulatory requirements will be interpreting these standards and determining the best path to achieving them.
This paper will explain the requirements and give advice on how to achieve them and how to document them in the SVA and SSP. The timing of this paper will be particularly important as the interim final regulation is due April 4, 2006.
DHS will publish requirements for:
1. Risk-Based Performance Standards 2. Security Vulnerability Analysis (SVAs) 3. Site Security Plans
Based the expected use of tier levels, facilities will be subject to the application of Risk Based Performance Standards (RBPS) at each level, and a range of protective security measures will follow. The sites will have the flexibility to select layered security measures that, in combination appropriately address the vulnerability assessment and the risk-based performance standards for security for the facility. ?
The risk-based performance standards will allow the regulated facilities flexibility in meeting the RBPS intent, and the ability to select a set of security measures that, when applied in sufficient layers, meet the intent of the standards.
It is assumed that DHS is able to be specific in the standards but not in the particular set of security measures for any given facility, for example, ?only authorized person shall be allowed onsite'.
If no specificity is allowed, then the standards must be detailed enough to be measurable, but not specific to any given security measure, while providing a credible level of security against a specified threat. Past industry efforts and rules did not require any particular standard if access control or fencing was concerned, for example.