A Lesson in Compliance from the Chemical Industry

In many ways, the role of the CSO is directly tied to business profitability. By creating and enforcing policies that protect human, physical and intellectual assets, the CSO ensures the very integrity of the organization. This link to the bottom line, though, is about to become much stronger--and quite possibly much sooner than anticipated.

In many ways, the role of the CSO is directly tied to business profitability. By creating and enforcing policies that protect human, physical and intellectual assets, the CSO ensures the very integrity of the organization. This link to the bottom line, though, is about to become much stronger--and quite possibly much sooner than anticipated.

Events occurring in the U.S. chemical-manufacturing industry, specifically those relating to security guidelines being enforced by the federal government, are likely foreshadowing what's next in line for other industries.

In 2007, the Department of Homeland Security (DHS) introduced the Chemical Facility Anti-Terrorism Standards (CFATS), a rigorous program designed to protect high-risk chemical facilities from attacks. The legislation mandates that sites identified as "high-risk facilities" implement solutions, under the guidance of Risk-based Performance Standards (RBPS), to address gaps in safety and security. Under the new Congress, there will likely be additional issues addressed that may intensify the requirements, such as the need for inherently safer technologies (ISTs) and state and local interpretations related to enforcing compliance.

The penalties for non-compliance can range from hefty fines to total plant shutdowns. Under this scenario, the CSO of today's chemical plant has never had more responsibility riding on his/her shoulders.

The chemical industry is just one of the critical sectors impacted by DHS regulations. And it's very likely that CSOs across various industries - water treatment plants, port facilities, educational and banking facilities, etc.--are/will have to deal with federal compliance issues. With this in mind, it's critical for CSOs to begin evaluating their purchasing behaviors immediately and identifying technologies that create a holistic security solution under the possibility of future enforcement.

So how can a CSO truly prepare his organization for a "new normal" with stringent regulations?

What to Expect

For starters, CFATS was one of the first pieces of legislation that successfully motivated chemical facilities to develop site vulnerability assessments (SVA). The premise of an SVA is quite universal in that before a site's security systems can be bolstered, the site must first understand its existing weaknesses or gaps. SVAs are designed to find those existing gaps in everything from physical security, cyber security and life-safety systems. Additionally, the SVA also prioritizes the shortcomings by determining which gaps could cause the greatest impact to the plant and surrounding community.

An SVA can take about a month or so to complete and the next step in CFATS compliance--the creation of the actual site security plan (SSP)--can take much more time. Creating an SSP requires substantial effort, focus and organizational support and often requires the assistance of expert consultants outside the organization to help understand and meet the regulation.

While CFATS is aimed specifically at facilities that use, transport, store or produce certain chemicals and other potentially hazardous materials, there are several requirements in the legislation that could be modeled for other industries. These include screening tools developed by DHS (TOP Screens), SVAs, SSPs and implementation of solutions.

Using Today's Technology for Compliance

Technology can play a key role in easing the burden of complying with federal regulations. In the case of the chemical industry and CFATS compliance, some facilities have elected to take an integrated approach to securing their facilities. This differs greatly from the traditional model where plant operations and security personnel operated independently of one another without much transparency.

For instance, integrating video surveillance and access control systems to a plant's process control system allows operators to visually validate incidents in the command and control room. This is beneficial because the operator can be quickly alerted if an intruder has breached a critical area of the plant. The operator can then take appropriate action, such as dispatching authorities, locking down further access or shutting down a potentially hazardous process in the affected area of the plant and alerting field personnel to move to a safe location. Conversely, this approach also is beneficial to plant security personnel. If a process involving volatile and hazardous materials spirals out of control, security personnel can better coordinate with first responders.

In a manufacturing setting, integrating security with process control and business systems offers a best-in-class solution that provides the most comprehensive protection. In addition to keeping track of assets, an ideal solution, when implemented effectively, will be able to:

* Identify and control who enters and exits the plant

* Track movement of facility occupants

* Control access to restricted areas

* Track and locate equipment, products and other resources

* Track location of onsite personnel in the event of an incident

* Protect process automation networks and systems from cyber threats

* Respond proactively to alarms and events

* Share data to generate costs savings

This integrated approach has long been considered as an effective means for securing critical infrastructure. The rise of regulations such as CFATS, however, has broadened its acceptance in the chemical industry. This is due in part to DHS language that specifically points out that merging an active security system with life-safety technology may facilitate a common set of operational procedures and prove a more cost-effective approach to overall facility security and security management.

This represents another area of CFATS that could potentially be broadly adopted across various vertical industries--bringing together security and operations technology on the same platform can lead to synergies that ultimately create a stronger security shield and greater collaboration between once-disparate departments.

The CSO's Evolving Role

Probably the most important thing for CSOs to remember in a climate heavily influenced by federal mandates is that they cannot help achieve compliance alone. The CSO must have an accurate picture of all the internal resources available to establish processes, form teams and identify solutions that drive compliance and help preserve or enhance the bottom line. Externally, this means CSOs will need to investigate technologies--including video surveillance, access control, perimeter detection and command and control--that can be integrated to a common platform for better domain awareness, improved reaction time and reduced operator training.

Taking these steps can help lead to an overall reduction in the cost of compliance, especially considering that the cost of poor planning - or worse yet, inaction - will almost certainly lead to hefty fines.

Jon Harmon is Global Director of Critical Infrastructure Protection for Honeywell Process Solutions

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Compliance Managementregulatory compliance

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Harmon

CSO Online
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?