Under the TWIC Final Rule, electronic TWIC inspection is required each time a person is granted unescorted access to a secure area for facilities in Risk Group A.  TWIC readers or a Risk Group A facility’s Physical Access Control System (PACS) must perform three functions:

1.  Card Authentication – The TWIC reader or PACS determines that the TWIC is authentic via the Card Holder Unique Identification (CHUID) and validates the Federal Agency Smart Credential – Number (FASC-N)

2.  Card Validity – Checks the TWIC against the Cancelled Card List (CCL), which determines whether a TWIC is valid (i.e., not revoked or expired.)  Learn more about the TSA CCL at https://universalenroll.dhs.gov/

The TWIC reader or PACS must stay current with the CCL, with the following update requirements: 

• MARSEC 1 – update CCL every 7 days

• MARSEC 2 & 3 – update CCL daily

3.  Identity Verification  The TWIC reader or PACS verifies the card holder’s identity, which is confirmed with accepted biometrics templates: 

• Fingerprints

• Digital facial image with PIN (Do you remember your TWIC's PIN?)

• Alternate biometrics (vascular) are authorized if this biometric temnplate is tied to the TWIC holder & approved with your FSP

This month’s Seebald & Associates blogs focus on the TWIC Final Rule impacts of Who needs it? What is needed? How you can meet the requirements? What are your Next Steps? When you need to submit your amendments or new FSP to be compliant

The TWIC Final Rule defines Risk Group A as facilities that handle Certain Dangerous Cargo (CDC) in bulk or receive vessels carrying CDC in bulk, as well as facilities that receive vessels certificated to carry more than 1,000 passengers. 

Bulk or in bulk means a commodity that is loaded or carried on board a vessel without containers or labels, and that is received and handled without mark or count.  This includes cargo transferred using hoses, conveyors, or vacuum systems. 

There seems to be a level of confusion in industry as to what determines whether a facility is a CDC facility or not regarding the TWIC Final Rule, especially facilities that receive CDCs by truck or rail.  Because of this confusion, the Coast Guard is considering additional guidance, policy determinations, and/or regulatory updates.  Seebald & Associates will stay tuned for guidance the Coast Guard provides and we’ll keep you up to date on Coast Guard policy decisions.  

Still, lack of guidance does NOT relieve you of being compliant with the TWIC Final Rule - because it is the law.

33 CFR 105 requires the Owner/Operator (read as ‘FSO,’ that’s YOU!), to conduct an Audit annually.  This is the FSO’s opportunity to show the Auditor, your ‘critical best friend,’ how well you know your duties and are doing your job; nearly instantaneous feedback on how you’re doing as an FSO, now that’s job satisfaction!  (Assuming you know the regulations and what the facility’s FSP says; and are routinely conducting drills and applying best practices and lessons learned.)

If the Owner/Operator/FSO are not gaining security perspective and insights from your Auditor every year, it’s time to bring on the regulatory and practical experience that comes with each Seebald Associate; we pride ourselves in being your expert ‘critical best friend.’

Have you and your alternates attended a certified FSO Course or FSO Refresher Course?  The FSO Course is recommended every 5 years, the FSO Refresher Course every 2-3 years.  See Seebald.com for a location and date that works for you; or give Ed a call and arrange a private course tailored for you, your facility and personnel.

As the Owner/Operator’s representative, the FSO must sort through the regulations and know the applicable parts that govern their facility.

TWIC - do you know if and how the upcoming TWIC Reader requirement applies to your facility?

Seafarer Access - as FSO, do you know if the Owner/Operator must facilitate Merchant Mariner access, and if so, when and how?

Does the Owner/Operator have responsibilities when a vessel calls on the facility with an elevated security (ISPS or MARSEC) level?  What are the requirements associated with Declarations of Security?

It’s all in the regulations, supplementary guidance and advice documents.  Need a Certified FSO Course or FSO Refresher?  See Seebald.com for a location and date that works for you; or give Ed a call and arrange a private course tailored for you, your facility and personnel.

The Owner/Operator is referred to 31 times in 33 CFR 101; 106 times in 33 CFR 105; and 36 times in NVIC 03-03 (and we haven’t even mentioned the SAFE Port Act!)  As the facility’s security point-person, the FSO should equate the regulatory requirements as their to-do list and responsibility to comply with all applicable laws, regulations, and agency policies.

33 CFR 101 explains notification requirements to NRC and the local COTP; to include changes in MARSEC level, suspicious activity, breaches of security, and TSIs.  It details how the facility’s security organization must interact with government authorities in the performance of their duties.

33 CFR 105 requires the Owner/Operator to effectively establish the physical boundaries of the MTSA regulated area(s).  There are also provisions for equivalency, waivers, and alternate security plans.  As well as requirements for maintaining documents, to include those associated with explosive detection dog teams.