SEVERAL years ago, the American Chemistry Council (ACC) expressed concern about the prospect that terrorists might target chemical facilities and initiated guidelines on site and transportation security. After the terrorists attacks September 11, 2001, ACC began to meet with industry and government representatives to enhance those security measures.
Recently, the ACC board voted to require its members to implement a newly developed security code, said Heather Rhoderick of the ACC.
The code requires each company to implement a risk-based security management system for people, property, products, processes, information, and information systems throughout the chemical industry value chain. The system must address leadership commitment and execute an analysis of threats, vulnerabilities, and consequences.
Companies must develop and implement security measures commensurate with the risks that are determined, taking into account inherently safer approaches to process design, engineering, and administrative controls, and prevention and mitigation measures.
Another important aspect of the security system is to recognize that protecting information and information systems is a critical component of a sound security management system. Human communication is as important as technical communication. ACC requires its members to provide appropriate dialogue and information exchange on appropriate security issues with stakeholders such as employees, contractors, local communities, customers, suppliers, service providers, and government officials and agencies.
Should a security threat or incident occur, companies must activate a process for evaluation, response, reporting, and communication of security threats as appropriate. If an incident does occur, companies must evaluate the cause and take corrective action.
The ACC security code requires companies to continually update their security programs with the intent to build in improvement. As any changes are considered, companies will evaluate and address related security issues that may arise. This can include changes such as new personnel assignments to installation of new process equipment or computer software or hardware.
As the program progresses, companies are to document security management programs, processes, and procedures. To enhance awareness and capability, the code calls for training, drills, and guidance for employees, contractors, service providers, value chain partners, and others.
Additionally, companies are required to conduct audits to assess their security programs, processes, and implementation of corrective actions. A second audit must be performed by a third-party.
The association also is calling for Congress to pass legislation that would allow facility operators to share security information with the Federal Bureau of Investigation and other companies without triggering various regulations, including anti-trust measures. Rail security is another problem ACC seeks to improve by supporting a federal rail security fund. ACC also is asking Congress to provide funding for the Sandia National Laboratories that would be used to develop training materials and workshops for chemical facilities security assessment.
On the industry front, many chemical companies have beefed up security and begun vulnerability assessments, she said.
The ACC code can be found on the association's Web site at www.americanchemistry.com.