Regardless of tier ranking, all regulated facilities must comply with statutory requirements for the submission and protection of information developed under CFATS. These include: vulnerability assessments, site security plans, and other security-related information, records, and documents, which will be protected from public disclosure.
CFATS defines this sensitive information as Chemical-terrorism Vulnerability Information (CVI). Regulated facilities must develop a plan and determine which information should be classified as Sensitive But Unclassified (SBU) in accordance with the DHS' document control procedures.
While regulated facilities await notification from the DHS of their tier classification and request for SVA information, those anticipating that they might be in the high-risk category should assess their existing security plans in light of the SVA requirements and begin to develop their CVI plans. This will enable them to be in compliance faster, as well as to ensure that the measures taken meet the goals of the DHS.
-- Fabrice Lebourgeois and Neal Drawas
Read this article in its entirety.
