Posted by Edward Seebald

June 12, 2017

Physical Access Control System - PACS can satisfy the requirement for electronic TWIC inspection on Risk Group A facilities in one of two ways: 

     -     PACS (with facility access card) registered to an individual whose TWIC and biometric data is stored in the facility's access control system. The facility access card holder presents access card, submits biometric at entry point and the system validates the TWIC card has not been canceled or expired against the TSA Canceled Card List (CCL).

     -     PACS (with biometric only) registered individual whose TWIC and biometric data is stored in the facility's access control system. The indiviual submits biometric at entry point and the PACS validates the TWIC card has not been canceled or expired against the CCL. 

Remember - Everyone in a PACS authorized to access the secure or secure-restricted portion of a maritime facility is also subject to random screening. 

Posted by Edward Seebald

June 5, 2017

During the month of May, we covered the TWIC Final Rule that requires Risk Group A maritime facilities to incorporate TWIC readers into their maritime security regime no later than August 23, 2018. This month we'll continue that discussion as it relates to TWIC reader technology. Additionally, given the recent Ransomware cyber attack, we'll review ways to enhance your cyber security to help prevent becoming a cyber statistic. 

TWIC reader technology is continually evolving. TSA and the Coast Guard recognize this reality; there are three options for facilities to comply:

• Purchase a TWIC reader from TSA's Qualified Technology List, or

• A TWIC reader thata adequately performs and electronic TWIC inspection:
     - Card Authentication
     - Validity
     - Holder Identity

• Use a Transparent reader, which sends the TWIC information with biometric to a back-end system that performs card authentication, validity, and holder identity authentication. 

Remember - Everyone presenting a TWIC, along with a reason to access the secure or secure-restricted portion of a maritime facility is also subject to a random screening. 

But wait! There is another TWIC reader option that we'll cover next week. 

Posted by Edward Seebald

May 29, 2017

How August 23, 2018, or 448 days and a wake up. That's when your Risk Group A facility must be read to go, which includes:

• Having the required electronic TWIC readers or PACS operational.

• Having a Coast Guard COTP approved FSP or FSP amendment that includes electronic TWIC inspection.

Remember, you should plan to submit your new FSP (that will require a new/updated FSA) or FSP amendment in ample time to obtain Coast Guard approval. That means at least 60 days prior to August 23, 2018. Trust us, it'll take you at least 60 days to adequately prepare/amend your FSP to meet the TWIC Final Rule requirements. All considered, that's 120 days before August 23, 2018. 

Are you paying attention? August 2018 just became April 2018 on your TWIC Final Rule planning calendar. That's the latest when you should be underway and making way in preparing to comply with the TWIC Final Rule. 

Posted by Edward Seebald

May 22, 2017

Thoroughly review the TWIC Final Rule requirements and research wisely in what system will meet your needs.  Be wary of vendors trying to sell you more than what is needed!  Develop contingency plans for when your TWIC readers or PACS malfunction.  Remember your documentation requirements - how will you record the information, which is Sensitive Security Information and where will you maintain the entry records in a restricted area for two years?  

Posted by Edward Seebald

May 15, 2017

How can Risk Group A facilities comply with TWIC Final Rule requirements? These are some of the capabilities and capacities to bring you into compliance:

• TWIC Readers & Physical Access Control Systems (PACS) - Not required to be stationary/fixed - portables are acceptable

• TWIC Reader - If not on TSA's Qualified Technology List (QTL), it must meet electronic TWIC inspection requirements. You can verify if your TWIC reader is approved by check the TSA QTL at: https://homeport.uscg.mil/mycg/portal/ep/contentView.do?contentTypeId=2&channelId=-24886&contentId=544123&programId=50398&pr

• PACS - facilities are authorized to enhance their current PACS to meet electronic TWIC inspection requirements. 

• TWIC Reader or PACS malfuntions - Must have a back-up system or portables that perform Electronic TWIC inspection requirements (Note: A visiual inspection is NOT authroized.)

• If your electronic TWIC reader fails and you do not have an operable back-up, you MUST report it to COTP and obtain permission to operate. The Coast Guard will require suitable risk mitigation before granting permission to operate.

• TWIC Reader or PACS - must record/document ENTRY into a secure area and Risk Group A facilities are required to maintain these records for two years. 

Remember: 

The TWIC Final Rule is a credentialing law, it does NOT replace screening.