The Specific Roles and Responsibilities of Owners & Operators of Regulated Maritime Transportation Security Act for 33 CFR Part 105 Facilities

 

What are the specific duties and responsibilities of MTSA 33 CFR Part 105 Facility Owners and Operators?

33 CFR Part 105 Subpart B – Facility Security Requirements, outlines and describes the roles and responsibilities of owners and operators of 33 CFR Part 105 Facilities. 

As mentioned in the previous blog, the absolute responsibility for a regulated facility’s security management regime starts and ends with the owners and operators.  While 33 CFR Part 105 Subparts B, C and D sections are most familiar to Facility Security Officers (FSO), 33 CFR Part 105 Subpart B – Facility Security Requirements, identifies more specific requirements that owners and operators are responsible for.  Subpart B also addresses the knowledge, training and experience requirements for Facility Security Officers, Maritime Personnel with Security Duties and All Other persons who work at the facility.  For this blog we are focused on owners and operators of 33 CFR Part 105 Facilities and the specific roles and responsibilities of owners and operators are listed below:

  • Each facility owner or operator must ensure that the facility operates in compliance with the requirements of Subpart B.
  • For each facility, the facility owner or operator must:
    1. Define the security organizational structure and provide each person exercising security duties and responsibilities within that structure the support needed to fulfill those obligations;
    2. Designate, in writing, by name or by title, a Facility Security Officer (FSO) and identify how the officer can be contacted at any time;
    3. Ensure that a Facility Security Assessment (FSA) is conducted;
    4. Ensure the development and submission for approval of an FSP;
    5. Ensure that the facility operates in compliance with the approved FSP;
    6. Ensure that the TWIC program is properly implemented as set forth in Subpart B, including:
      • Ensuring that only individuals who hold a TWIC and are authorized to be in the secure area in accordance with the FSP are permitted to escort;
      • Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and
      • Notifying facility employees, and passengers if applicable, of what parts of the facility are secure areas
      • Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and
      • Notifying facility employees, and passengers if applicable, of what parts of the facility are secure areas and public access areas, as applicable, and ensuring such areas are clearly marked.
    7. Ensure that restricted areas are controlled, and TWIC provisions are coordinated, if applied to such restricted areas;
    8. Ensure that adequate coordination of security issues takes place between the facility and vessels that call on it, including the execution of a Declaration of Security (DoS) as required by Subpart B;
    9. Ensure coordination of shore leave for vessel personnel or crew change- out, as well as access through the facility for visitors to the vessel (including representatives of seafarers’ welfare and labor organizations), with vessel operators in advance of a vessel’s arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;
    10. Ensure, within 12 hours of notification of an increase in MARSEC Level, implementation of the additional security measures required for the new MARSEC Level;
    11. Ensure security for unattended vessels moored at the facility;
    12. Ensure the report of all breaches of security and transportation security incidents to the National Response Center in accordance with Part 101 of Subchapter H;
    13. Ensure consistency between security requirements and safety requirements;
    14. Inform facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC;
    15. Ensure that protocols consistent with section 105.255(c) of Subpart B, for dealing with individuals requiring access who report a lost, damaged, or stolen TWIC, or who have applied for and not yet received a TWIC, are in place; and
    16. If applicable, ensure that protocols consistent with 105.257 of Subpart B, for dealing with newly hired employees who have applied for and not yet received a TWIC, are in place.

FSOs of CFR Parts 105, knowing the roles and responsibilities of your owners and operators will help you help them, especially when new persons come on board your facilities in leadership or management roles of your maritime security regime and have no prior experience with MTSA requirements.  Remember any violation issued by U.S. Coast Guard security compliance inspectors is permanently recorded in a database that is shared across the Coast Guard.

Owners and operators, security directors and managers, to ensure your plan renewals and announced and unannounced U.S. Coast Guard compliance inspections will pass training standards, register yourself, FSOs and Alternates to attend a U.S. Coast Guard approved Seebald & Associates CSO/FSO training course.  To view a list of current and upcoming courses and for more information on how to register for a course visit www.seebald.com .

The General Roles and Responsibilities of Owners & Operators of Regulated Maritime Transportation Security Act for 33 CFR Facilities and Outer Continental Shelf Facilities.

What are the roles and responsibilities of owners and operators of 33 CFR Maritime Transportation Security Act (MTSA) Facilities and Outer Continental Shelf (OCS) Facilities?

Many of our Seebald & Associates International blogs over the past several years have focused on 33 CFR Part 105 Facility Security Officers (FSOs), Maritime Personnel with Security Duties (PSD) and more recently Part 106 OCS Company Security Officers (CSO)/OCS FSOs.  In this month of May 2019, we will bring you some important information about maritime security management and organization roles and responsibilities for 33 CFR Part 105 & 106 facilities.  

The absolute responsibility for a regulated facility’s security management regime starts and ends with the owners and operators.  While 33 CFR Parts 105 & 106 Subparts B, C and D sections are most familiar to CSOs and FSOs, Subpart Part A – General, identifies several mandatory requirements that owners and operators are responsible for. 

Why is this important for CSOs/FSOs to know?  In a successful maritime security regime, it makes strong operational sense for CSOs/FSOs to know and fully understand all the requirements below their positions and above.  The regulations permit owners and operators of facilities to designate personnel with the CSO and FSO duties in a relegated fashion, but regardless of designation, owners and operators are ultimately responsible in the eyes of the regulator, the U. S. Coast Guard.  Any security non-compliance issues may result in a citation to the owner and operator, CSO or FSO, and any critical citations may impact the facility’s ability to conduct its normal operations.  These mandatory requirements can result in loss of profits, productivity and services, and can impact shareholder opinion of how their investments are being managed.

Areas of 33 CFR Parts 105 & 106 Subpart A of significance are Applicability, Exemptions, Compliance dates, Compliance documentation, Non-compliance, Maritime Security (MARSEC) Directives and Rights of Appeal. 

  • Applicability - describes to owners and operators all the types of facilities and OCS facilities that are regulated under 33 CFR and required to have maritime security regimes in order to operate.
  • Exemptions - describe circumstances that owners and operators can expect to not comply with as long as they follow the local U.S. Coast Guard Captain of the Port (COTP) conditions. Failure to follow the COTP conditions may result in an exemption being withdrawn and the owners and operators must then comply with all the 33 CFR maritime security regime requirements.
  • Compliance dates – establishes mandatory dates the owners and operators must have their facility’s maritime security regime in place in order to operate. In some cases, interim FSPs and security operations are approved pending final submissions. For example, during the construction, drilling and production phases of OCS facility operations, owners and operators must demonstrate to the COTP/Officer in Charge Marine Inspection for the Gulf of Mexico (U.S. Coast Guard District 8 OCS Division), they incorporate appropriate security measures throughout each phase and give advanced notice as to when they are shifting from one phase to another.  Following the initial facility security assessment and FSP, there are set compliance dates going forward for renewals of the facility’s security regime requirements. 
  • Compliance documentation – directs owners and operators which security regime records are to be kept and the duration of required maintenance. Also directs the five-year resubmission and approval cycle for the FSP.
  • Non-compliance – defines actions taken by the owner or operator when the facility must temporarily deviate from Subpart A requirements.
  • MARSEC Directives – specify each owner or operator subject to Subpart A must comply with instructions contained in a MARSEC Directive issued under 33 CFR Part 101.405.
  • Rights of Appeal – states any person directly affected by a decision or action taken under Subpart A, by or on behalf of the U.S. Coast Guard may appeal as described in Part 101.420.

CSOs and FSOs of CFR Parts 105 & 106, knowing the roles and responsibilities of your owners and operators will help you help them, especially when new persons come on board your facilities in leadership or management roles of your maritime security regime and have no prior experience with MTSA requirements.  Remember any violation issued by U.S. Coast Guard security compliance inspectors is permanently recorded in a database that is shared across the Coast Guard.

Owners and operators, security directors and managers, to ensure your plan renewals and announced and unannounced U.S. Coast Guard compliance inspections will pass training standards, register your CSOs, FSOs/Alternates to attend a U.S. Coast Guard approved Seebald & Associates CSO/FSO training course.  To view a list of current and upcoming courses and for more information on how to register for a course visit www.seebald.com.

The United States Coast Guard formally approved Seebald & Associates’ Outer Continental Shelf Facility Security Officer Course confirming that this course adheres to the rigorous standards specified in Coast Guard regulations and policies.  This course meets the Maritime Transportation Security Act of 2002 professional competencies of Outer Continental Shelf Facility Security Officers and Company Security Officers, and joins Seebald & Associates’ Facility Security Officer and Personnel with Security Duties courses that have also been approved by the Coast Guard.  The newly approved course has two near-term convenings, April 16-18 in Houston, TX and July 16-18 in New Orleans, LA.  Visit www.seebald.com to register today, courses fill up quickly.

This is the first Coast Guard approved course specifically for 33 CFR Part 106 OCS facilities. This approved course is a milestone for the marine industry and maritime security training and consulting community.  Coast Guard regulations ensure that approved training courses cover all required topics for the complex marine industry.  Course approval also indicates that the instructors are themselves experienced and knowledgeable, and the course employs professional training and evaluation techniques to ensure the students learn and retain the required knowledge.

The offshore industry is a cornerstone component of our nation’s energy infrastructure and the marine transportation system.  With the United States now being a major exporter and the world’s leading producer of oil and gas, security in the offshore energy sector is more important than ever.  Economic terrorism, piracy, internal threats, inter-state conflicts, transnational organized crime, civil protests, and cyber-attacks are all global security threats that the industry must prepare for. 

Seebald and Associates is proud to contribute to the security of the industry through this newly approved training course, and through our other services.  Seebald and Associates strongly believes that professional training is the foundation of any security program.  Well trained personnel keep their facilities in compliance – and their fellow workers secure.

Seebald and Associates is an active supporting member of the Gulf of Mexico Area Maritime Security Committee. Coast Guard inspectors are coming so be sure to remain in compliance by having your personnel properly trained, your annual compliance audits up to date and your facility security assessments and facility security plans inspection ready.  The cost for losing any production time is extremely high at a time when the nation’s dependency on oil and gas production is at its peak. 

As mentioned above, our first approved course is scheduled for April 16-18, 2019 in Houston, TX, with our business associate J Conner Consulting Inc, a leader in offshore safety and risk management, providing the venue.  The second course is scheduled for July 16-18, 2019 in New Orleans, LA.  Registration is currently open for both courses.

“Approved and Certified?” - Not All Maritime Security Training Is the Same - How do you choose the right Course?

Will you choose a U.S. Coast Guard “approved” maritime security training course or not?  If you own or operate a Maritime Transportation Security Act of 2002 & 2010 (MTSA), 33 CFR Part 105 or 106 regulated port facility or outer continental shelf (OCS) facility your Facility Security Officer, Personnel with Security Duties and All Others are required by regulation to be trained.  Seebald & Associates International is your go-to U.S. Coast Guard “approved” training course.  Each regulated entity must have designated security officers and personnel whose duties are to conduct security activities.  MTSA 2002 & 2010 mandate that security personnel must be trained and certified.  While maritime security training courses and classes have been offered the past 16 years stemming from the MTSA requirements, “Not All Maritime Security Training Is the Same”.

To choose a fully qualified and Coast Guard approved security training course provider, the process is very simple,  click on this link https://www.dco.uscg.mil/Portals/9/NMC/pdfs/courses/courses.pdf for the National Maritime Center (NMC) and it should take  you to the NMC’s approved courses list and it will offer you a search function which will confirm whether the course you want is U.S. Coast Guard approved/accepted.  While conducting MTSA compliance inspections U.S. Coast Guard security inspectors must review training records of your security personnel, having them attend, complete and graduate with a certificate from a Coast Guard approved Seebald & Associates course will attest that your personnel have met the U.S. Coast Guard’s rigorous standards. 

In conversations with U.S. Coast Guard security inspectors, they can tell which companies’ security personnel have attended Seebald & Associates MTSA security training.  They can also tell which companies have engaged Seebald & Associates for their annual compliance audits, facility security assessments and facility security plans.  If you need maritime security training, annual compliance audits, facility security assessments or facility security plan development please contact us at www.seebald.com.   Our courses fill rapidly so check our website often for a course that fits your schedule.   

Keeping Business Moving While Stopping Threats 

Last week we defined and explained credentialing and screening.  These activities are vital components of any security program, but we know that they can be tedious, time consuming, and prone to error.  How can we keep business moving while stopping threats?

The TWIC checks that are at the heart of credentialing are problematic, especially for facilities with a high volume of TWIC holders.  Pull out your TWIC and check the photo against that handsome face in the mirror, then check the expiration date against today’s date – what year is it anyway?  Then check the holograms, the condition of the laminate, and the other security features.  Now repeat the process with other TWICs a few dozen times in the next half hour.    Eyes looking down and glazing over, or up and alert to your surroundings?  By the way, the line is growing.  Feeling secure? 

Human beings just aren’t good at this kind of task.  Fortunately, TWICs are designed to be read by machines.  That gold square at the bottom isn’t there for decoration, it has an antenna for contactless reading, and a chip packed with information.  An electronic reader can validate the TWIC and compare it to the CCL, or Canceled Credential List.  If an individual is convicted of certain serious crimes, or is placed on a terrorist watch list, their name is placed on the CCL, effectively canceling their TWIC if they hold one, and preventing them from obtaining a new or replacement TWIC.  This CCL check is only possible with an electronic reader.

Like all electronics, TWIC readers have dropped in price and increased their capability and reliability since they were first introduced.  Most electronic readers I’ve seen work in a few seconds – less time than it takes to conduct even a cursory manual check.  Some work in non-biometric mode, which still require a visual comparison of the individual to the photo, but electronically validate the TWIC and compare it to the CCL.  For Group B facilities, which aren’t required to do a biometric check, this may be an ideal and affordable option. 

While improving speed and reliability, electronic TWIC readers also allow human beings to do what human beings do better than machines – evaluating the individual for suspicious behavior while remaining alert to the general surroundings for other security concerns.  This combination of increased speed and reliability, while allowing your PSD to observe human behavior, makes electronic readers a good choice, especially for high volume facilities. 

Once your PSD have validated the TWIC, how do they then select individuals for screening?  At MARSEC 1, your FSP or VSP probably specifies some percentage of all arrivals for screening.  A common but poor practice is to screen on a steady, rotational basis, such as every 5th arrival to achieve a 20% screening rate.  This creates an easily observable and avoidable pattern.  I’d bet you dollars to donuts that regular employees (also known as insider threats) are quite aware of any existing pattern.  External threats need only the ability to watch your main gate for a few hours and count to arrive at the same information.  Arrive in between the pre-determined screening points and you in the clear. 

A much better approach is to select persons and vehicles for screening on a random basis.  Unpredictability is the relevant security principle in this case.  If threat actors can’t predict when they might be subject to screening, they can’t predict when they might get caught. 

So how do you make that random determination?  Any way that works.  We recommend the “marble method”, where your security guards pull a marble out of a jar when someone arrives.  A given percentage of the marbles are a certain color, and those lucky individuals get screened.  Gumballs in a machine, a roll of the dice, a spinner from a game board, there are many ways to do this.  There are also electronic devices that will randomly generate a “screen or not screen” decision for you.  Whatever method you use, your PSD should have the discretion to select additional arrivals for screening if they have any concerns. 

A description of actual screening techniques is better suited to a classroom than a blog, but I’ll mention that if screening an individual with a vehicle, it is best to ask the person to exit the vehicle, screen the person first, and then the vehicle, all the while keeping the individual in sight.  Hand held metal detectors, mirrors, cameras, and lighting can make the process speedy and effective.  Be sure you have sufficient space for your PSD to conduct screening without stepping into traffic or other safety hazards.  Designing your gate area to allow other traffic to continue while screening promotes security, safety, and keeps business moving. 

While improving your credentialing and screening practices can’t guarantee security for all possible scenarios, they can make your facility or vessel a less attractive target for both insider and external threats.  By focusing on an area that all crew, workers, visitors, and Coast Guard inspectors experience, you will minimize compliance and operational risk, and promote a strong security culture.