Seebald LinkedIn

We audit a lot of Facility Security Plans, so we get to see many Facility Security Assessments. This week we'll look at the good ones, the bad ones, and the "how the heck did this ever get approved?" ugly ones. 

It's easy to find the good FSAs - they comply with Subpart C of 33 CFR 105 and have all the "Satisfactory" blocks checked in Enclosure 3 to NVIC 03-03 Change 2. The FSA is contemporary (no more than five years old) and it includes a quality Risk Based Analysis. Many facility respresentatives participated and their viewpoints are reflected in the FSA. 

Bad FSAs miss key elements we discussed in previous blogs - they don't include a wide represtation of the many aspects of a facility (Managment, Human Resources, Operations, Engineering, Maintenance, Security, IT/Cyber, Legal, Safety), they don't reflect current threats (Does your FSA consider Cyber & Active Shooter threats>), and they don't fulfill the many regulatory requirements (Check the checklist!)

It's not rare to find ugly FSAs. Heck, even, sometimes we see FSPs that don't contain an FSA at all! Incredible as it seems, there are Coast Guard approved FSPs that don't have an FSA - thats ugly on the facility and the Coast Guard. Also, there are far too many FSAs that do not contain a Risk Based Analysis (RBA). That's "low-hanging fruit" for your Coast Guard Inspector's deficiency list. If you don't have an RBA, then your FSA is incomplete. Lastly, if your FSA contains the same typos as its predecessor, then you probabley have yourself a gun-decked FSA. That's not only lazy, it's a set-up for failure. 

Remember, you can and should have an FSA that services as the foundation for your facility security organization. It takes expertise, energy, and time to build your reliable foundation, but it's worth it in the long run.