The Coast Guard has recently put out enforcement guidance regarding the TWIC Reader Requirements Final Rule, which was in last week’s blog.  This week we will recap WHO is expected to comply, WHAT is required during an Electronic TWIC Inspection, and WHY this is a requirement. 

WHO IS REQUIRED:  The following facility types will be expected to comply starting August 23, 2018:

  1. Facilities that receive vessels certified to carry more than 1,000 passengers; and
  2. Facilities subject to 33 CFR 105.295 - Certain Dangerous Cargo (CDC) facilities.
    (Guidance regarding how 33 CFR 105.295 is applied can be found in Policy Advisory Council Decision 20-04 – Certain Dangerous Cargo Facilities.)

WHAT IS REQUIREDElectronic TWIC inspection –  conducted by TWIC Readers or Physical Access Control Systems (PACS) and required each time a person is granted unescorted access to a secure area and must be in place by August 23, 2018.

What is an Electronic TWIC Inspection? – Three things must happen in order to fulfill the requirements:

  1. Card Authentication – validates Card Holder Unique Identification (CHUID) and Federal Agency Smart Credential – Number (FASC-N)
  1. Card Validity – TWIC card is checked against Cancelled Card List (CCL) - is TWICrevoked or expired?   TSA CCL: https://universalenroll.dhs.gov/

           How Often must the CCL be checked?

                  MARSEC 1 – CCL is updated and checked every 7 days

                  MARSEC 2 & 3 – CCL is updated and checked daily

  1. Identity Verification – cardholder’s identity confirmed with biometrics

           Biometrics – accepted templates:

fingerprints

digital facial image with PIN

Alternative biometrics (vascular) are authorized if this biometric template is tied to TWIC holder & approved in FSP

If you have any questions on whether your facility will be expected to comply or what is required, we recommend you contact your local Captain of the Port.  Also, you are always welcomed to contact Ed Seebald or any of our Associates.

Remember - Everyone presenting a TWIC, along with a reason to access the secure or secure-restricted portion of a maritime facility, is also subject to random screening.  

WHYIT’S THE LAW!!! 

Next week’s blog will discuss WHEN, WHERE, and HOW regarding TWIC Reader implementation options and administrative requirements. 

NOTE:  Join us for our WEBINAR on Thursday February 22 that will explain all this and provide you an opportunity to ask questions.  Details will be sent out separately on the Webinar.

The Coast Guard has put out enforcement guidance regarding TWIC Reader Requirements Final Rule.

The following facilities will be expected to comply with the TWIC Reader Requirements Final Rule commencing August 23, 2018:

  1. Facilities that receive vessels certified to carry more than 1,000 passengers; and
  2. Facilities subject to 33 CFR 105.295 - Additional requirements for Certain Dangerous Cargo (CDC) facilities. (Guidance regarding how 33 CFR 105.295 is applied can be found in Policy Advisory Council Decision 20-04 – Certain Dangerous Cargo Facilities.)

I recommend facilities with any further questions reach out to their local Captain of the Port.

NOTE – This month’s blogs and Webinar will address TWIC Reader Requirements Final Rule.

For those attending the 5th Seebald & Associates International Facility Security Symposium in New Orleans, June 6-8, 2018, a senior representative from Coast Guard Office of Port and Facility Compliance will be speaking about TWIC Reader Requirements and other pertinent policies.

 

We’ve covered the main layers of the facility security organization (FSA, FSP, FSO, PSD, AO) in previous blogs.  This week we’ll look at what’s in the pyramid’s capstone.

Now that the FSA, FSP are completed and the training program is established, the FSO must not become complacent.  The Capstone to the Seebald Security Pyramid consists of regularly conducted Drills, Exercises, Audits and Reviews. 

DRILLS - How often do you conduct drills?  We know a security drill is required to be conducted every 90 days, testing one element of the FSP.  There are many elements to your FSP.  If you meet the minimal drill requirements, then you will test at only four elements of your plan.  That’s NOT how you become proficient! 

We recommend you conduct drills at least monthly, and, for all the Seebald Platinum Members, use the drills sent out every month to improve your security awareness.  Drills are meant to test at least one element of your plan, so remember to document observations and do not conduct training during the drill or you will never achieve an accurate assessment.  Drills do not need to be complicated, nor time-consuming.  You can get better at conducting drills by conducting more drills!  And remember, you are required to document best practices and lessons learned.

EXERCISES - Exercises are a full test of your security program and must include substantial and active participation from the FSO.  They’re required once each calendar year, not to exceed 18 months.  Exercises maybe full scale or live; tabletop simulation or seminar; or combined with other appropriate exercises.  Each exercise must test communication, notification procedures, elements of coordination, resource availability, and response.  As the same with drills, you must capture best practices and lessons learned.  To ensure you meet the frequency of required exercises, we at Seebald & Associates will conduct and document and exercise at your facility during your annual audit.

AUDITS - The FSP is required to be audited annually by a subject matter expert outside of your security organization.  The FSO should choose someone who will be critical and honest, so you get an accurate assessment in how the FSP is being executed.  After the audit, the FSO is required to address the discrepancies.  Remember, the audit report is Sensitive Security Information for the FSO only, do NOT show your audit report to the Coast Guard.  The FSO must sign an audit record that documents when and who conducted the audit.  Place the audit record with your security documentation – this is what substantiates your audit for the Coast Guard during your annual inspection. 

REVIEWS - FSO Reviews are crucial to building and maintaining a security culture and requires dedication from the FSO in making security a priority.  Reviews should be part of the FSO’s regular routine – this is security management by walking around.  The FSO should be reviewing the FSP on a regular basis and not once a year two weeks prior to the annual Coast Guard inspection.  The FSO should use the FSP to develop and use checklists during these walk around reviews.  These checklists can include but not limited to:  perimeter fencing, lights, security gates & guard posts, technical systems, communication systems, and information technology/cyber systems.  During walk arounds, the FSO can review items on their checklist, conduct security training by stopping and asking PSDs and AOs security awareness questions, or conduct drills.  Taking the time and making these walk around reviews part of your routine will improve the security posture and awareness on the facility.

Overall – remember, the Seebald Facility Security Pyramid provides you with the organization to secure your facility - the rest is up to you.

Seebald Security Pyramid.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This week’s blog looks at Personnel with Security Duties and All Other facility personnel, with an emphasis on their roles in the facility’s security organization.

33 CFR 105 is a performance-based law, which requires that personnel not only know their responsibilities, but also demonstrate that they are capable of performing their roles.  The FSO is responsible to ensure Personnel with Security Duties (PSD) and All Others (AO) have this required knowledge through training or job experience.  This is where a lot of facilities receive discrepancies during their annual Coast Guard inspection, because employees do not receive regular training outside of their initial security training during orientation when first hired. 

Building a security culture needs a security training program that is executed regularly and this falls on the FSO.  PSDs are required to know 14 elements outlined in 33 CFR 105.210, and AOs are responsible for six elements outlined 33 CFR 105.215.  This is where a thorough training program is needed and a dedicated FSO makes the time to ensure all the employees receive regular training. 

An industry best practice known as a “Security Moment,” is similar to a Safety Briefing that occurs prior to many meetings at facilities whose culture focuses on safety.  In the case of a Security Moment, a security awareness building requirement can be re-emphasized.  The FSO can also take 10-15 minutes during All-Hands meetings and provide brief training on one or two of the required security elements.  Another best practice is “Just in Time” training, such as sending reminder emails with required security information that will enhance security awareness prior to a scheduled Coast Guard inspection. 

Seebald Security Pyramid.png

This week’s blog will explain the Facility Security Officer’s (FSO) role and build on the first two levels of the Seebald Facility Security Pyramid in which the FSO must ensure the FSA is conducted and the FSP is developed.

33 CFR 105.400 requires the FSO to be identified by name with 24-hour contact information because they are the primary custodian of the FSP and responsible for ensuring the plan’s security measures are carried out.  The FSO is also required to have general knowledge, through training or equivalent job experience in 21 elements outlined in 33 CFR 105.205. 

The FSO is also responsible for security awareness and vigilance of the facility personnel, ensure security training to personnel with security duties, ensure occurrences that threaten the facility security is documented and reported to the owner or operator, ensure maintenance of records, preparation and submission of required reports plus a lot more that will be covered in coming weeks.  

The FSO’s security responsibilities are abundant and time-consuming, requiring dedication and security to be a priority.  Creating a solid security culture starts with the FSO.

Seebald Security Pyramid.png