***LATEST UPDATE FROM COAST GUARD ON TWIC READERS***
- Posted by Edward Seebald
The Coast Guard has put out enforcement guidance regarding TWIC Reader Requirements Final Rule.
The following facilities will be expected to comply with the TWIC Reader Requirements Final Rule commencing August 23, 2018:
- Facilities that receive vessels certified to carry more than 1,000 passengers; and
- Facilities subject to 33 CFR 105.295 - Additional requirements for Certain Dangerous Cargo (CDC) facilities. (Guidance regarding how 33 CFR 105.295 is applied can be found in Policy Advisory Council Decision 20-04 – Certain Dangerous Cargo Facilities.)
I recommend facilities with any further questions reach out to their local Captain of the Port.
NOTE – This month’s blogs and Webinar will address TWIC Reader Requirements Final Rule.
For those attending the 5th Seebald & Associates International Facility Security Symposium in New Orleans, June 6-8, 2018, a senior representative from Coast Guard Office of Port and Facility Compliance will be speaking about TWIC Reader Requirements and other pertinent policies.
THE SEEBALD FACILITY SECURITY PYRAMID - The Capstone: Drills, Exercises, Audits, and Reviews
- Posted by Richard Sundland
We’ve covered the main layers of the facility security organization (FSA, FSP, FSO, PSD, AO) in previous blogs. This week we’ll look at what’s in the pyramid’s capstone.
Now that the FSA, FSP are completed and the training program is established, the FSO must not become complacent. The Capstone to the Seebald Security Pyramid consists of regularly conducted Drills, Exercises, Audits and Reviews.
DRILLS - How often do you conduct drills? We know a security drill is required to be conducted every 90 days, testing one element of the FSP. There are many elements to your FSP. If you meet the minimal drill requirements, then you will test at only four elements of your plan. That’s NOT how you become proficient!
We recommend you conduct drills at least monthly, and, for all the Seebald Platinum Members, use the drills sent out every month to improve your security awareness. Drills are meant to test at least one element of your plan, so remember to document observations and do not conduct training during the drill or you will never achieve an accurate assessment. Drills do not need to be complicated, nor time-consuming. You can get better at conducting drills by conducting more drills! And remember, you are required to document best practices and lessons learned.
EXERCISES - Exercises are a full test of your security program and must include substantial and active participation from the FSO. They’re required once each calendar year, not to exceed 18 months. Exercises maybe full scale or live; tabletop simulation or seminar; or combined with other appropriate exercises. Each exercise must test communication, notification procedures, elements of coordination, resource availability, and response. As the same with drills, you must capture best practices and lessons learned. To ensure you meet the frequency of required exercises, we at Seebald & Associates will conduct and document and exercise at your facility during your annual audit.
AUDITS - The FSP is required to be audited annually by a subject matter expert outside of your security organization. The FSO should choose someone who will be critical and honest, so you get an accurate assessment in how the FSP is being executed. After the audit, the FSO is required to address the discrepancies. Remember, the audit report is Sensitive Security Information for the FSO only, do NOT show your audit report to the Coast Guard. The FSO must sign an audit record that documents when and who conducted the audit. Place the audit record with your security documentation – this is what substantiates your audit for the Coast Guard during your annual inspection.
REVIEWS - FSO Reviews are crucial to building and maintaining a security culture and requires dedication from the FSO in making security a priority. Reviews should be part of the FSO’s regular routine – this is security management by walking around. The FSO should be reviewing the FSP on a regular basis and not once a year two weeks prior to the annual Coast Guard inspection. The FSO should use the FSP to develop and use checklists during these walk around reviews. These checklists can include but not limited to: perimeter fencing, lights, security gates & guard posts, technical systems, communication systems, and information technology/cyber systems. During walk arounds, the FSO can review items on their checklist, conduct security training by stopping and asking PSDs and AOs security awareness questions, or conduct drills. Taking the time and making these walk around reviews part of your routine will improve the security posture and awareness on the facility.
Overall – remember, the Seebald Facility Security Pyramid provides you with the organization to secure your facility - the rest is up to you.
THE SEEBALD FACILITY SECURITY PYRAMID - Personnel with Security Duties and All Others
- Posted by Richard Sundland
This week’s blog looks at Personnel with Security Duties and All Other facility personnel, with an emphasis on their roles in the facility’s security organization.
33 CFR 105 is a performance-based law, which requires that personnel not only know their responsibilities, but also demonstrate that they are capable of performing their roles. The FSO is responsible to ensure Personnel with Security Duties (PSD) and All Others (AO) have this required knowledge through training or job experience. This is where a lot of facilities receive discrepancies during their annual Coast Guard inspection, because employees do not receive regular training outside of their initial security training during orientation when first hired.
Building a security culture needs a security training program that is executed regularly and this falls on the FSO. PSDs are required to know 14 elements outlined in 33 CFR 105.210, and AOs are responsible for six elements outlined 33 CFR 105.215. This is where a thorough training program is needed and a dedicated FSO makes the time to ensure all the employees receive regular training.
An industry best practice known as a “Security Moment,” is similar to a Safety Briefing that occurs prior to many meetings at facilities whose culture focuses on safety. In the case of a Security Moment, a security awareness building requirement can be re-emphasized. The FSO can also take 10-15 minutes during All-Hands meetings and provide brief training on one or two of the required security elements. Another best practice is “Just in Time” training, such as sending reminder emails with required security information that will enhance security awareness prior to a scheduled Coast Guard inspection.
THE SEEBALD FACILITY SECURITY PYRAMID – The Facility Security Officer’s Role
- Posted by Richard Sundland
This week’s blog will explain the Facility Security Officer’s (FSO) role and build on the first two levels of the Seebald Facility Security Pyramid in which the FSO must ensure the FSA is conducted and the FSP is developed.
33 CFR 105.400 requires the FSO to be identified by name with 24-hour contact information because they are the primary custodian of the FSP and responsible for ensuring the plan’s security measures are carried out. The FSO is also required to have general knowledge, through training or equivalent job experience in 21 elements outlined in 33 CFR 105.205.
The FSO is also responsible for security awareness and vigilance of the facility personnel, ensure security training to personnel with security duties, ensure occurrences that threaten the facility security is documented and reported to the owner or operator, ensure maintenance of records, preparation and submission of required reports plus a lot more that will be covered in coming weeks.
The FSO’s security responsibilities are abundant and time-consuming, requiring dedication and security to be a priority. Creating a solid security culture starts with the FSO.
THE SEEBALD FACILITY SECURITY PYRAMID
- Posted by Richard Sundland
This month’s S&A blog series to start out a new year focuses on using the Seebald Facility Security Pyramid to create a solid security organization. Like any structure, your organization needs a strong foundation. Our Facility Security Pyramid must be grounded by a solid Facility Security Assessment, which leads to generating an effective Facility Security Plan.
Your Facility Security Assessment (FSA) is the first step toward building your Facility Security Plan (FSP). Subpart C of 33 CFR 105 lays out requirements for your FSA. The FSA is based on a collection of facility background information, a complete facility on-scene survey, and an analysis of information collected. Part of this assessment requires you to conduct a Risk Based Analysis (RBA). The RBA is scenario-based and focuses on risk components made up of threats, vulnerabilities and consequences, which assists you in developing risk mitigating security measures.
Your FSP must address the risks identified in your FSA. Subpart D of 33 CFR 105 provides the FSP’s format, content, submission & approval, amendment and audit requirements. The FSP documents security measures required to protect your facility. Your FSP defines the roles and responsibilities of all facility employees – FSO, Personnel with Security Duties and All Others. The FSP also describes security measures to be taken for each MARSEC Level as well as defines appropriate actions in emergency situations. The FSP is required for re-submission every five years on its anniversary date. Also remember, the FSP is Sensitive Security Information and must be protected per 49 CFR part 1520.