Friday, April 12, 2013

CFATS PSP – TWIC Readers


This is part of a continuing series of blog posts about the CFATS Personnel Surety Program that was described in a 60-day information collection request (ICR) notice in Friday’s Federal Register. This post will look at how TWIC Readers could be used in PSP. The earlier posts in the series are listed below.


Many high-risk chemical facilities covered by CFATS share a significant work force, corporate and contract, with MTSA covered facilities. Additionally transportation workers (truck drivers and railroad personnel) may make up a significant number of the ‘visitors’ that a site might expect to extend some level of unescorted access to critical areas of the facility. As a result there was a major level of vocal concern with the original CFATS PSP proposal because it did not provide an easy option for facilities to take advantage of the fact that TWIC holders had already been vetted against the Terrorist Screening Database (TSDB). The new ICR notice specifically addresses this concern providing for the use of TWIC Readers as one of the vetting alternatives specifically available to facility security managers.

TWIC Reader Requirements

The ICR notice does not provide any specific guidance on how the TWIC Readers would be used at a high-risk chemical facility. This is not surprising given the §550 prohibition against requiring any specific security measure for the approval of a facility’s SSP. The notice provides the following guidance:

“High-risk chemical facilities could propose, in their SSPs or ASPs, to share the costs of TWIC readers and any associated infrastructure at central locations, or high-risk chemical facilities could propose to purchase and install TWIC readers for their own use. The Department will assess the adequacy of such proposals on a facility-by-facility basis, in the course of evaluating each facility's SSP or ASP.”

TWIC Reader at the Gates

The classic implementation of the TWIC Reader would be to install readers at a gate to allow security personnel to automate the verification of identity and appropriate vetting against the TSDB. This is the type of use expected to be employed at high-risk MTSA facilities where all personnel with unescorted access to the covered facilities or vessels are required to have a TWIC.

If TWIC Readers were to be used for vetting all personnel entering a facility for unescorted access each time they entered the facility, this would be a significant extension of the vetting requirements outline in the other two vetting options provided in this ICR notice as personnel would effectively be vetted against the TSDB every time the TWIC Reader updated its access to the Canceled Card List (CCL).

For facilities that have a large number of recurring visitors that are to be given even some limited amount of unescorted access to the facility, truck drivers and delivery personnel for instance, this could simplify the vetting requirements for these personnel by simply requiring that they possess a TWIC and then validating that TWIC with a TWIC Reader each time they access the facility.

TWIC Reader at Personnel Processing Center

The other option suggested in this ICR notice is the use of the TWIC Reader at a shared central location. The most obvious example of this would be to have a TWIC Reader at the Corporate Human Resources Department where an individual’s TWIC would be validated as part of the corporate hiring process. One would suppose that ISCD would prefer to see some sort of periodic revalidation of the TWIC outlined in the SSP since they intend to do periodic rechecks against the TSDB for personnel whom facilities submit information under the PSP.

Because of the high-cost of TWIC Readers (this notice suggests that the annualized three year cost of a TWIC reader and its upkeep at $99,953.33 per reader) smaller facilities, or facilities separated from corporate HR might wish to contract out the TWIC Reader validation to a third-party such as a back-ground check vendor or security contractor. Again one would suppose that there should be some sort of periodic revalidation of those checks outlined in the facility SSP.

ISCD TWIC Expectations

ISCD clearly does not expect very many facilities to avail themselves of the TWIC Reader option for personnel vetting. According to Table 22 in the notice they only expect that four facilities will install TWIC Readers as part of their PSP, three at Tier 2 theft/diversion facilities and one at a Tier 2 Group C (distribution type facility) facility. They base that on the number of facilities that share MTSA and CFATS status. This would be the type facility that would already be intending to use the TWIC Reader because of the impending requirements under the recently published TWIC Reader NPRM.

Does this mean that only those facilities will be allowed to use TWIC Readers as part of their PSP? I don’t think so. These are clearly facilities that would be expected to find the use of TWIC Readers to be most valuable since they will already be in use at certain entrances (MTSA covered areas of the facility) and virtually all personnel will already be required to possess a TWIC. But, ISCD clearly expects that the cost of the TWIC Reader will be a disincentive for its general use at facilities that are not already required to implement use of the TWIC for facility access.

No comments:

 
/* Use this with templates/template-twocol.html */