SSP Authorization Backlog

One of the problems that is currently facing the CFATS program is the problem of the backlog of authorizations and approvals of site security plans for covered facilities. The latest data that I have seen shows a total of 4298 CFATS covered facilities with 598 authorized site security plans and 182 approved plans. At the current rate of approvals, it is going to take from 7 to 10 years to clear that backlog and that is assuming that there is no significant increase in the number of covered facilities.

There are probably some increases in efficiency to be expected as ISCD gets more and more of these processes under their belt. But there is still a limit to the number of facilities that the current inspection force can reasonably and effectively visit in any given amount of time. Additionally, these same inspectors are going to be expected to start compliance inspections later this year and at some point in time ISCD is going to start implementing the Ammonium Nitrate Security Program (ANSP). That is going to decrease the staff support available for completing the site security plan reviews.

It is clear that some sort of radical game changing plan is going to have to be put into place. Doubling or tripling the number of Chemical Security Inspectors (NOTE: I really wish that ISCD would change that job title to ‘Chemical Facility Security Inspectors’ so that we don’t have to use the ‘CSI’ acronym) is clearly not an option. So we are going to have to reduce the number of site security plans reviewed or at least the level of review applied.

We already have a risk tiering system that divides the covered high-risk chemical facilities into for risk tiers. The folks at ISCD have concentrated their work on the highest risk tiers first, essentially having completed the authorization of all Tier 1 facility site security plans and most of the SSP approvals for that Tier. A great deal of work has already been done on the Tier 2 facilities. What if we reduce the level of review necessary for the Tier 3 and Tier 4 facilities?

Actually, I would prefer to suggest that we adopt the EPA and OSHA regulatory model (the first time that those response/safety plans are reviewed is when an inspector shows up at the facility) for those facilities, but the §550 authorization for the CFATS program specifically requires the Secretary to “review and approve each vulnerability assessment and site security plan”.

I think that for the Tier 3 and 4 facilities, the process would be better served if the review and approval process were conducted along the same lines as those used for the review and approval of the security vulnerability assessments. These are currently done as a mostly automated review of the submissions with some expert review but no visits conducted by the CSI staff. This would certainly speed up the authorization and approval process.

This would also have the added benefit of freeing up the CSI for the even more arduous task of conducting facility inspections to ensure that facilities are adequately complying with their site security plans. Properly done, this will be a much more time consuming task than checking to see if site security plans cover the necessary requirements.