Log in to view your state's edition
You are not logged in
State:
Date Range (optional)
RadDatePicker
Open the calendar popup.
RadDatePicker
Open the calendar popup.
 Resources: Emergency Planning and...
All resources on Emergency Planning and Response
Related Documents:
News:
Related Topics:
November 12, 2013
Tiering under CFATS

The federal Chemical Facility Anti-Terrorism Standards (CFATS) are a complicated set of regulations the Department of Homeland Security (DHS) developed on an accelerated schedule to mitigate the potential threat of terrorists using facilities with dangerous chemicals against the assets, infrastructure, and citizens of the United States. 

In simple terms, the CFATS requires that facilities with chemicals of interest (COI) above certain quantities develop and implement security measures commensurate with the risk associated with their facilities.  All facilities that have COIs in threshold quantities are considered “high risk” by the DHS.  But some high-risk facilities present a lower high risk than others. 

In an attempt to simplify matters, the DHS developed four tiers, each associated with a level of risk—Tier 1 (highest) to Tier 4 (lowest).  Each high-risk facility is entered into a tier and, in DHS’s words, the “final tier drives the facility’s selection of security measures in the site security plan [SSP],” which the facility develops and implements as required by the CFATS.

From a compliance perspective, tiering is a critical step.  While most facilities with COIs in threshold quantities have been tiered (or have reduced those quantities to be freed from CFATS compliance or moved to a lower-risk tier), a facility can become subject to CFATS if it newly acquires a threshold amount of a COI.  In such a case, which tier will the facility be entered into? 

Top Screen and SVA

Tiering occurs in two stages.  First, the facility submits an initial informational form called a Top Screen.  The DHS uses the Top Screen to determine if a facility is high risk and then places the facility in a preliminary tier.   

Facilities that are placed into a preliminary risk-based tier are then required to use DHS’s Chemical Security Assessment Tool (CSAT) to complete a security vulnerability assessment (SVA), which consolidates more in-depth information about the facility. 

The DHS uses the SVA to assign the facility to a final risk tier.  The tiered facility must then select, include in its SSP, and implement appropriate measures designed to satisfy general risk-based performance standards (RBPS) described in 6 CFR 27.230 (e.g., preventing inside theft and deterring vehicles from penetrating the facility).  Not all facilities will need to implement security measures for every RBPS; however, the DHS must agree that certain RBPSs need not be satisfied.

“Ongoing relationship”

Much information about the inner workings of the CFATS, particularly when it comes to security decisions and regulated actions at individual facilities, is not publicly available.  This is as it should be since release of such information could compromise security.

However, several important points about tiering will be useful if your facility is facing the possibility of becoming subject to CFATS for the first time.

  • The DHS, not the owner/operator, determines the tier into which the facility will be entered.  This does not appear to be a one-sided decision.  The DHS has stated that it will undertake detailed evaluations of specific security issues “as part of the ongoing relationship between the facility owner-operator and DHS.”
  • The presence of a COI is only one factor the DHS looks at when determining the tier for a facility.  The DHS also considers the varying levels of consequence, vulnerability, and threat it associates with an individual facility, all of which are contained in a tiering algorithm.  The algorithm is classified, but the DHS indicates that national security considerations are part of it. 
  • The DHS says “target attractiveness” is a factor in the final determination of tier placement.  According to the DHS, this is a “subjective element that requires considerable analysis to develop.”  For example, facilities that process or contain the same COIs without variation might be considered a more attractive target than facilities that vary their COIs based on client demand. 
  • The DHS also uses tiering to prioritize facilities for inspections, with the facilities in Tier 1 the highest priority. 

Alternatives to COIs

Clearly, facilities with COIs should have thorough and well-maintained security plans.  In fact, well-managed facilities did not have to undertake extensive changes when the CFATS was introduced, except for meeting the new administrative, documentation, and reporting responsibilities.  Nonetheless, if you operate a facility that is considering acquiring a COI, it is recommended that you try to meet your business responsibilities by keeping that chemical under the screening threshold quantity.  An even better option may be to find an alternative that is not a COI. 

DHS information about the CFATS and tiering

BLR, a division of Simplify Compliance LLC
5511 Virginia Way, Suite 150
Brentwood, TN 37027
800-727-5257
Copyright © 2024 BLR, a division of Simplify Compliance LLC.
Copyright © 2024 Business & Legal Reports. All rights reserved. 800-727-5257
This document was published on //enviro.blr.com
Document URL: //enviro.blr.com/whitepapers/Emergency-Planning-Response/industrial-facility-security/Tiering-under-CFATS