Posted by John Bingaman

October 8, 2017

As the FSO, you get this!  After all, your job depends on it.  The company is depending on you.  The local community and beyond is depending on the company.  Trade secrets, competitive advantage, threats, vulnerabilities… the list goes on.  Oh, and Coast Guard Inspectors do make unannounced visits to ensure you’re in compliance with MTSA, 33 CFR 105, NVIC 03-03 Change 2, and NVIC 03-07 along with other applicable regulations.

Remember the 3 P’s of access control –

• Physical – security infrastructure and systems
• Presence – bearing and attitude of security force personnel
• Performance – security training, experience and application

The first of the 3 P’s, Physical security, forms the first impression – for compliance with the regulations, as well as target desirability for the would-be attacker.  Is the physical security well maintained, shiny and new looking, or not so much?

We’re talking about things like fencing, vehicle/rail/pedestrian gates, emergency egress points, sensor detection systems, lighting, and operational and/or security camera systems.  Much of this is not specifically spelled out in the CFR.  Look to security Best Practices and Industry Standards; and/or look to Seebald & Associates for their expertise by giving us a call.

The more sensitive the facility/product/location, the more formidable the physical infrastructure should be.  Ask yourself, is your facility a hard or soft target?

Posted by Edward Seebald

October 4, 2017

S&A Blog Title:  It's National Cyber Security Awareness Month!

Fellow Maritime Security Professionals - 

In case you missed it, the latest Coast Guard's Maritime Commons  http://mariners.coastguard.dodlive.mil/2017/10/02/1022017-october-national-cyber-security-awareness-month/utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+MaritimeCommons+%28Maritime+Commons%29) blog notes that October is National Cyber Security Awareness Month.  The Coast Guard's weekly blogs this month will contain important information on cybersecurity risk management.  And for a refresher, visit our web site, where we offer cyber security presentations from our Facility Security Symposium and webinars:

Cyber Security and the Maritime Transportation System

(https://seebald.com/fso-symposium-ppt-decks/60-cyber-security-the-maritimetransportation-system)

Building a Winning Cyber Security Program

(https://seebald.com/webinars/34-building-a-winning-cyber-security-program)

Stay sharp - be secure & safe - train, drill, and exercise your facility personnel!

Posted by John Bingaman

October 1, 2017

We’ve listened to your feedback!  The blogs this month are designed to you assist you in controlling facility access points and remaining compliant with random screening requirements.  Topics include:

3 P’s of access control –

• Physical – security infrastructure and systems
• Presence – bearing and attitude of security force personnel
• Performance – security training, experience and application

Just what does random screening mean?

Random screening is just that – screening that occurs without definite aim, reason, or pattern.  Random is NOT every 10^th person or vehicle.  You are required to develop a protocol for randomizing your screening.  A best practice in random selection is the “Marble Method,” which is recognized and approved by the Coast Guard.  Other randomizing techniques may include a software program that randomly selects a person or vehicle to screen.  DO NOT rely on individuals determining off the top of their head when to screen – their choices are NOT random.

Randomizing your screening makes your access control effective by eliminating predictability, and will deter folks entering your facility from trying to bring on prohibited items.  A random screening protocol will increase your facility’s security reliability!

Join us this month while we review the regulatory requirements for the sake of building your security awareness.  Suggested Reading - 33 CFR 105.255.

September 25, 2017

An FSP is required to be resubmitted every five years to include a new FSA.  You are required to submit one copy of the FSP for review and approval to the cognizant COTP and a letter certifying that the FSP meets applicable requirements of Subpart D - Facility Security Plan.  The FSP must be submitted 60 days prior to allow the COTP enough time to review, and if your FSP consists of new operations, then you cannot start operations until your FSP is approved.  The COTP will examine each submission for compliance and either:

• Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions;
• Return it for revision, returning a copy to the submitter with brief description of the required revisions
• Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval

Remember, completing a thorough and proper FSP, which is based on your FSA, is a lengthy process and you should not wait until the last minute.  When Seebald & Associates conducts an FSA, and writes an FSP we start the process at least 6 months before your FSP is due for submission.

September 18, 2017

There is often confusion on when an amendment to your FSP is only needed or when an audit in addition to an amendment is required.  Essentially, an amendment documents a change to your FSP and maybe initiated by the owner or operator or the cognizant COTP to maintain the facility’s security.  If the facility owner or operator initiates the amendment, the proposed amendment must be submitted at least 30 days before the amendment is to take effect unless the cognizant COTP allows a shorter period. 

If the COTP gives the facility written notice an amendment is required, the facility owner or operator will have at least 60 days to submit its proposed amendments.  Until the amendments are approved, the facility owner or operator shall ensure temporary security measures are implemented to the satisfaction of the COTP.

You amend your plan when there is a change to your FSP such as a new FSO or Alternate FSO is assigned.  Where the confusion lies is when an audit is required to be conducted along with an amendment.  Such as the case when the owner or operator at the Facility changes, the FSO must amend the FSP to include the name and contact information of the new facility Owner or Operator and submit the affected portion of the FSP for review and approval to the COTP as well as conduct an audit for submission to the new Owner or Operator.  Other examples where the FSP must be audited along with amendments are if there have been modifications to the facility including but not limited to physical structure, emergency response procedures, security measures or operations.  There is an inclination to only submit an amendment on these changes when actually an audit is required as well.   Auditing the FSP as a result of modifications to the facility may be limited to those sections of the FSP affected by the facility modifications.  If the change in operations and modifications to the facility are significant enough, the audit will determine if you need to complete a new FSA and rewrite of the FSP.  This is laid out in 33 CFR 105.415.  Visit our February blogs for more information on your FSP audit.

Remember - before you draft an amendment or conduct an audit, be sure to check with Seebald & Associates or your local COTP to provide you with the proper way ahead.