(24b) Chemical Process Security Performance Standards | AIChE

(24b) Chemical Process Security Performance Standards


Moore, D. A. - Presenter, AcuTech Group, Inc.
Leith, H. - Presenter, AcuTech Consulting Group
Hazzan, M. - Presenter, AcuTech Consulting Group
Fuller, B. A. - Presenter, AcuTech Consulting Group

Key relevant provisions of the appropriations bill rider that gave DHS the order to ?issue interim final regulations within 6 months? of October 4, 2006, included:

? establishing risk-based performance standards for security of chemical facilities?

? and requiring vulnerability assessments?

? and the development and implementation of site security plans.

for chemical facilities.?

Pursuant to the outcome of the SVA all chemical sites will need to prepare a Site Security Plan. The SSP and SVA will need to explain how the site met the risk-based performance standards set by DHS. This is a new realm in the world of chemical industry security, so a key aspect of meeting the regulatory requirements will be interpreting these standards and determining the best path to achieving them.

This paper will explain the requirements and give advice on how to achieve them and how to document them in the SVA and SSP. The timing of this paper will be particularly important as the interim final regulation is due April 4, 2006.

DHS will publish requirements for:

1. Risk-Based Performance Standards 2. Security Vulnerability Analysis (SVAs) 3. Site Security Plans

Based the expected use of tier levels, facilities will be subject to the application of Risk Based Performance Standards (RBPS) at each level, and a range of protective security measures will follow. The sites will have the flexibility to select layered security measures that, in combination appropriately address the vulnerability assessment and the risk-based performance standards for security for the facility. ?

The risk-based performance standards will allow the regulated facilities flexibility in meeting the RBPS intent, and the ability to select a set of security measures that, when applied in sufficient layers, meet the intent of the standards.

It is assumed that DHS is able to be specific in the standards but not in the particular set of security measures for any given facility, for example, ?only authorized person shall be allowed onsite'.

If no specificity is allowed, then the standards must be detailed enough to be measurable, but not specific to any given security measure, while providing a credible level of security against a specified threat. Past industry efforts and rules did not require any particular standard if access control or fencing was concerned, for example.