TWIC Update - Emergency SSIGram
- Posted by Edward Seebald
The TWIC Reader Final Rule, scheduled to go into effect August 23, 2018, has been delayed. A court order from the United States District Court for the Eastern District of Virginia has delayed the enforcement of TWIC Reader Final Rule for facilities that transfer and non-transfer facilities handling bulk cargoes of certain dangerous cargo (CDC). This court order is a result of a lawsuit against the Department of Homeland Security. The timeframe for completing this litigation is unknown.
The court ruling ordered that the TWIC Reader Final Rule will go into effect on August 23, 2018, for facilities that receive vessels certified to carry 1,000 or more passengers.
Pending legislation on TWIC Reader Final Rule
I am going to provide a rudimentary “School House Rock” lesson and explain why this bill came to be. The House of Representatives last week passed a bill and the Senate passed it today, July 26, which now goes to the President’s desk to be signed into law. The bill was introduced to delay the August 23, 2018, TWIC Reader Final Rule until after an assessment study on the effectiveness of the transportation security card program can been completed and submitted to Congress for review.
If the President signs this bill and it becomes a law, it will now depend on how long the study takes, which has period of performance ending in the spring of 2019. If the study determines the transportation security card program to be an effective security strategy for CDC facilities, it may take several more months to implement the TWIC Reader Final Rule, which puts us into the late summer of 2019, but that could easily change to be sooner or later.
The bottom line is we are looking at a potential six-month to one-year delay that is being driven by a court order and a bill going through the legislation process. As soon as we learn more, we will put out an updated blog. If you have any questions, please do not hesitate to contact me or any of my Associates.
The Good, The Bad & The Ugly – “The Good” continued
- Posted by Richard Sundland
This week we’ll provide more examples of “The Good” highlighting what it takes to better your facility security.
- Security Measures for Restricted Areas – How is access to certain restricted areas for employees and visitors determined and who authorizes it? The FSO is ultimately responsible and should be the person making this decision. FSOs authorizing access based on a person’s duties and responsibilities and not delegating that authority can greatly reduce unauthorized access and potentially other security violations. FSOs need to make the time to exercise this authority and not delegate it to facility supervisors because the FSO is too busy. When this authority is delegated, it increases your risk of an employee or visitors being given access to restricted areas where those individuals have no business being.
- Gates – Whether it is the main vehicle gate, the rail gate or the pedestrian gate to the parking lot, they should be kept secured and not left opened for convenience. In addition to keeping gates closed, make sure there are no gaps between or underneath them for personnel to easily gain access. Leaving gates opened for convenience and not closing gaps enables a breach of security to take place, which may lead to worse things.
- Linking company proximity & TWIC cards – Greatly reduce the chance of a breach of security of an expired TWIC card. A lot of facilities integrate their company proximity card, used to gain access to the facility and other areas to include restricted areas, with a person’s TWIC card. When the TWIC card expires, the connected proximity card’s access is denied. Some facility’s Physical Access Control System (PACS) also alert the person at least a month prior to the TWIC card expiring. A way to use technology to reduce human error.
- Training – An established security training program provides PSDs and All Others with the necessary knowledge required by 33 CFR 105.210 and 105.215 respectively. Since the Maritime Transportation Security Act is a performance based law, some FSOs want to guarantee their PSDs and All Others know their security knowledge by requiring annual training. The “best of the best” shun computer-based training and use classroom training. Using technology to ensure everyone completes it annually, the company proximity card is used to document attendance or is associated to the person’s online training account and when annual training is not completed, ACCESS DENIED. This saves the FSO a lot of time trying to figure out who has and who hasn’t had training, plus everyone stays knowledgeable in their security duties.
Again, how did we find all these best practices? By getting out and physically checking, confirming and testing all aspects of the Coast Guard’s facility compliance inspection checklist – NVIC 03-03 change 2 during our audits.
The Good, The Bad, & The Ugly
- Posted by Richard Sundland
The Good, The Bad, & The Ugly will be broken down into three security categories with this week’s blog focusing on “The Good”
- 100% TWIC Credentialing - is required by law and facilities properly carrying this out significantly reduce their risk for a potential security breach. That means each TWIC card is physically inspected to verify TWIC picture matches the person entering, the TWIC card has not expired and it is not a fake by using an ultra violet flashlight.
- Random screening techniques - properly carried out to the prescribed screening rate per your facility’s security plan deters personnel from trying to enter the facility with prohibited items especially weapons or explosive devices. Randomly screening personnel leaving the facility will greatly reduce tool theft.
- Perimeter fencing – fencing that meets industry standards (chain link fence, minimum height – 7ft, taut wire or cable at top, bottom rail, outriggers facing the proper direction with barbed wire or razor wire) with proper signage informs outsiders the facility is a restricted area and deters unauthorized access. Some areas commonly overlooked are pipelines entering the facility and around piers or shoreline. These areas can be an easy access for unauthorized personnel.
- Drills and Exercises – drills are required to be conducted once every three months and they cover at least one element of the facility security plan (FSP). Facility security officers that regularly use drills to test themselves, their Alternate FSOs, Personnel with Security Duties (PSD) and All Others stay proficient in their security duties. Do not simulate during drills and exercises unless it’s a necessity because too often procedures, information (e.g., phone numbers), knowledge, or policy is found to be outdated, in error or not being carried out. Remember, we do not master anything by only completing the minimums. Exercises are a full test of the security program and is an excellent barometer on identifying areas of improvement or that your training program and security procedures are working.
How does Seebald & Associates discover all “The Good” or best practices? Our audits, security assessments and plan developments are not just a paper drill. It requires getting out and physically inspecting the facility, questioning PSDs and All Others, and observing security procedures not to assume someone knows something or that a procedure is being carried out properly per their FSP.
New TWIC Card issued by Transportation Security Administration
- Posted by Richard Sundland
Current TWIC card holders do not need to replace a valid TWIC card with the new TWIC card design.
- Regulated entities that require TWIC for access will accept and recognize both the current and new TWIC designs until the card’s expiration.
- The new card design is compatible with qualified TWIC readers.
- To deter alteration of the card’s expiration date, the new card includes a color-coded expiration date box that will update on an annual basis.
- The fee for the newly re-designed TWIC card remains unchanged ($125.25) and the credential is valid for five years.
Make Sure Electronic TWIC Reader Amendment Complies with the Final Rule Requirements
- Posted by Richard Sundland
In case you missed last week’s blog because you were being a patriot and enjoying the 4th of July holiday, here is a recap and what additional information that needs to be in the amendment. With the TWIC Reader Final Rule going into effect on August 23, 2018, means Risk Group A facilities that are expected to comply and submit an amendment by July 24, 2018 are:
- CDC Facilities – facilities that receive vessels and engage in vessel to facility interface that involves the transfer of CDCs, in bulk, to or from the vessel they receive
- Facilities that receive vessels certificated to carry more than 1,000 passengers
TWIC Reader amendment – What needs to be in the amendment? It is not as simple as stating that we are in compliance with the TWIC Reader Final Rule because we bought TWIC readers.
You need to first review all the additional 33 CFR 105 requirements for TWIC Reader Final Rule. In short, it explains in detail what electronic TWIC inspection requirements are (card authentication, card validity check, & identity verification), Cancelled Card List (CCL) frequency updates, facility recordkeeping requirements, Physical Access Control System (PACS) requirements, and what is required content for outlining your TWIC program.
If your facility is using or plans to use a TWIC reader on the Transportation Security Administration’s Qualified Technology List (QTL), then your amendment process just got a little easier because these readers meet the electronic TWIC inspection requirements. You are still required to document in your amendment CCL updates, recordkeeping and the security measures for access control using your TWIC readers.
With that said, those facilities using a PACS must outline in your amendment that an electronic TWIC inspection is being completed along with all the other security measure requirements that are being changed with the enhancement of the PACS. Since a lot of these requirements are all done electronically, how do you show the Coast Guard during a compliance inspection you meet all the requirements? You need to work closely with your information technology department to figure this out and remember this data is Sensitive Security Information (SSI) and must be protected in accordance with 49 CFR 1520.
Again, please do not hesitate to contact us if you have any questions or need assistance in becoming compliant with the TWIC Reader Final Rule.