Implementation of Chemical Facility Anti-Terrorism Standards (CFATS)

The Implementation of Chemical Facility Anti-Terrorism Standards (CFATS) regulates the security at high-risk facilities that possess one or more chemicals of interest. If the facility has more than the specified amount of a chemical, it must register with the Department of Homeland Security (DHS) and preform security-related activities. The DHS identifies a subset of high-risk chemical facilities from among those who register and of those high-risk chemical facilities, each must submit a security vulnerability assessment and a site security plan. This security vulnerability assessment and site security plan are used by the DHS to confirm their high-risk designation and to review and authorize. The DHS also inspects and approves high-risk facilities for their adherence to their submitted security plans and later inspects for compliance to the plans following its approval. The DHS regulates approximately 3,900 facilities under the CFATS program.

(http://www.chemicalsecurity.com/cfats/about-cfats)

CFATS Flow Chart

In 2006, Congress authorized the DHS to regulate chemical facilities for security purposes and in 2007, the DHS issued final regulations establishing the CFATS. These regulations provided a process whereby facilities would submit information and security plans to the DHS, the DHS would review and approve these plans, facilities would implement them, and the DHS would inspect their implementation. The DHS frequently faces challenges in implementing these regulations and has not met its own expected milestones. As of October 2014, the DHS has inspected and approved 1,192 site security plans, which is approximately 32% of all regulated facilities.

(http://slideplayer.com/slide/5696142/)

CFATS Regulation Overview Explanation

Facilities processing a chemical of interest with quantities exceeding the threshold screening quantity must submit a Top Screen. This Top Screen creates results that assist CFATS in determining whether a facility presents a high-level security risk. After the Top Screen is processed, the CFATS Program assigns the facility with a preliminary tier or determines if the facility does not meet the criteria for the CFATS regulation. When a facility receives a preliminary tier assignment notification, it must prepare and submit a Security Vulnerability Assessment (SVA) to The Department of Homeland Security. After the SVA is reviewed, the CFATS program is reviewed, the CFATS Program determines if a facility's final tier assignment or if the facility is not at a high risk. When the facility receives a final tier assignment, it must develop and submit a Site Security Plan (SSP) to the DHS.

The Infrastructure Security Compliance Division (ISCD) within the DHS National Protection Programs Directorate (NPPD) reviews the SSP's to preliminary determine if it satisfies the applicable risk-based performance standards. This process typically involves discussions between the ISCD staff and the facility. This often requires the facility to submit additional information to the ISCD and revise the Site Security Plan before it can complete its initial review and issue the facility a letter of authorization for said Site Security Plan.

After the authorization is issued, the ISCD conducts a comprehensive and detailed authorization inspection. The ISCD then reviews the inspection results, as well as any further revisions that the facility may make to the SSP. It then makes its final decision whether the facility's SSP satisfies the applicable risk-based performance standards. If so, the ISCD issues a letter of approval to the facility and it must implement applicable provisions of the SSP. If the facility fails to do so, the ISCD may disapprove of the SSP. After the inspection, facilities are usually granted 45 days to make necessary modifications to the SSP. The ISCP will then review and make a final determination as to whether the SSP warrants the issuance of a letter of approval.