Security Vulnerability Assessments (SVA)

The U.S. Department of Homeland Security (DHS) published a Final Rule (see the Risk Management Professionals Regulatory Updates Page) that imposes comprehensive federal security regulations for high risk chemical facilities. This rule establishes risk-based performance standards for chemical facility security, by requiring facilities above threshold quantities of Chemicals of Interest (COI) to first submit a Chemical Security Assessment Tool (CSAT) Top-Screen and, as requested by DHS, prepare Security Vulnerability Assessments (SVA), which identify facility security vulnerabilities, and to develop and implement Site Security Plans (SSP), which include measures that satisfy the identified risk-based performance standards.

In order to comply with the regulations, DHS developed the CSAT to collect and analyze key data from chemical facilities. The CSAT is comprised of three secure, web-based tools.

  • Consequence Screening Questionnaire (Top-Screen)
  • Security Vulnerability Assessment (SVA)
  • Site Security Plan (SSP)

In early 2016, the DHS temporarily suspended the requirement to submit Chemical Facility Anti-Terrorism Standards Top-Screens and Security Vulnerability Assessments in order to allow for a phased roll-out of the new Chemical Security Assessment Tool (CSAT 2.0) surveys and enhanced risk-tiering methodology. On October 1, 2016, the DHS reinstated the requirement to submit Top-Screens. Chemical facilities of interest that have not previously submitted a Top-Screen, but which have come into possession of reportable amounts of any COI, must submit a Top-Screen within 60 days. In addition, any facility that manufactures, uses, stores, or distributes chemicals listed in CFATS’ “Appendix A: Chemicals of Interest” at or above the Screening Threshold Quantity (STQ) must complete (or have completed) and submit(ted) a CSAT Top-Screen within 60 days of having received a COI above the STQ. Also, if a facility has made material modification to its operations or site since submitting its Top-Screen, an update to its Top-Screen submittal (and SVA, if already completed) is required within 60 days.

Some common chemicals such as chlorine and ammonia have threshold quantities that are identical to the EPA Risk Management Program Requirements (2,500 pounds and 10,000 pounds, respectively). Many chemicals also have different thresholds for different types of threat scenarios (e.g., 500 pounds for chlorine if there is a theft threat potential).

After the Richmond Refinery incident in 2012, Contra Costa County California developed a series of more stringent guidelines to enforce process safety. One of the actions taken by Contra Costa County is requiring all California Accidental Release Prevention (CalARP) Program 2 and Program 3 facilities to perform an SVA.

Risk Management Professionals has incorporated a chemical facility security element as part of Process Hazard Analyses (PHAs) for a spectrum of chemical facility types since 1995. In addition, while completing Security Vulnerability Assessments (SVAs) for water facilities, our professionals have pioneered the implementation of comprehensive security assessment methodologies. Risk Management Professionals provides robust Security Vulnerability Assessment services utilizing industry standards and best practices, including the DHS CSAT SVA Methodology, AIChE CCPS Security Vulnerability Analysis Methodology, Sandia National Laboratories (VAM-CF SM), and API’s Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries.

In addition to the Risk Management Professionals Regulatory Updates Page, please see the following links for additional resources and useful information.