by Richard D. Sem, CPP CSC


Ever since 9/11 the chemical industry, both fairly and unfairly, has been under the close scrutiny of the media, public and politicians. Some believe that the chemical industry has neglected its responsibility to secure its facilities and poses a substantial risk to our communities. Many chemical companies, particularly those that belong to the American Chemistry Council (ACC) and other industry groups, have done much to assess, plan and implement protection for their facilities. On the other hand, chemical facilities remain that have done relatively little or don't know where to turn or what to do.

In recent years I have assessed more than 40 chemical facilities throughout the U.S., Europe and the Caribbean. While all managers I encountered were concerned about protecting their people and communities, some understood the risks and vulnerabilities, as well as how to reasonably and cost effectively secure their facilities, better than others.

The Threat
While a large part of security planning for chemical facilities is based on counter-terrorism, the most significant risk of harm arises from domestic and local threats such as internal sabotage, workplace violence, activist opposition, labor disruption, and civil strife, So, consider and plan for the foreign threat, but don't forget those that are closer to home.

Awareness
The most powerful, cost effective and neglected of all security measures is security awareness, or eliciting a sense of ownership and protectiveness of one's workplace by all employees.

I have walked into many unlocked control rooms late at night, without identification, and, more often than not, no one questioned or reported the intrusion. Typically staff openly explained how controls functioned without knowing with whom they were talking. I have walked around otherwise secured buildings and gained entry by means of doors propped open or unsecured loading docks ,and have walked unescorted and unknown into critical areas such as server rooms, R&D areas, hazardous chemical storage, and control rooms without anyone challenging or reporting me.

Employees should not assume security is someone else's responsibility, such as management and security personnel. All employees should understand that they have the duty to report strangers and suspicious situations, to not violate the facility's security regulations by propping open doors or allowing tailgating (more than one person entering on one swipe of a key card), knowing the early warning indicators of potential workplace violence, and understanding the functioning and purpose of the security program. Most firms have a relatively high level of safety and environmental awareness, and that can be leveraged to build a higher level of security awareness.

That higher level of security awareness can be achieved by training and communications including new employee orientations, workshops, Web and Intranet programs, newsletters, articles, posters and even contests. Awareness should be periodically tested and those who demonstrate a positive level of concern should recognized.

Access Control
The lack of access control is the issue that most often drives the perception that chemical plants are a threat to their communities. It is useful to look at any facility from the perspective of the Rings of Protection (see below). The outer ring is the perimeter of the active site (secured by fences or other barriers, gates, lighting, CCTV, guardhouses, etc.), the middle ring is the perimeter of the buildings (secured by doors, locks, windows, card readers, turnstiles, etc.), and the inner ring involves interior controls around the asset or target of concern.

You lack a proper level of access control if unauthorized people, including the press, can freely walk onto your property, enter your buildings and/or approach your chemical storage without adequate restrictions.

In most cases the first line of defense is the property perimeter or at least the perimeter of the active portion of the site. Ideally, no person or vehicle should be able to enter the site unless they have been somehow screened and approved and there is some mechanism for detecting and delaying unauthorized persons or vehicles who may attempt to enter. The protection of critical utilities entering the site and of transportation assets are also usually considerations at this level.

On the other hand, sometimes there are good reasons why fencing and restricting the perimeter may not be feasible or would be prohibitively costly, especially for low risk facilities. For example, fencing may not be allowed due to local building codes or might unduly hinder the ability of trucks to maneuver. In such cases the focus of security falls back onto the middle ring, or the building and storage/processing area perimeters. No door, whether pedestrian or overhead, should ever be opened unless it is supervised or otherwise controlled and monitored and every person attempting entry will be screened and controlled. Outside chemical storage and processes, such as tank farms, must also be restricted, usually by fencing, and any attempted intrusion should be detected and met with a proper response.

Additional controls should be considered for internal areas in which there are critical assets or targets of concern, such as high risk chemical storage or processing, mixing or reaction areas, control rooms, process control equipment, server rooms, R&D areas, etc.

Contractors

Since 9/11 companies have realized that, while they may know and trust their workforce to some degree, there is an assortment of virtual strangers within the facility who may have as much access as the employees, and probably don't have the same level of loyalty to the organization. These are contractors who may be custodial staff, contract security officers, temps, consultants, construction and maintenance people, as well as a variety of others. My experience tells me that firms now are requiring that contractors adhere to a higher standard for employee background checks and supervision of those who will be assigned to the site.

Assessments

As a starting point, it is essential to stand back to consider what your risks and vulnerabilities are and how well your procedural and physical security measures address them. That process is typically called a security or vulnerability assessment. Various assessment methodologies have been developed to aid facilities in considering their threats, risks, vulnerabilities and countermeasures. One of the more commonly used processes was developed by the Center for Chemical Process Safety (CCPS - http://www.aiche.org/ccps/).

An in-house or contract expert, or a team of key staff members can conduct the assessment. The conventional assessment involves interviewing key personnel (e.g. HR, Security, Safety, EHS, Legal, Operations, Shipping and Receiving, Transportation,), observations of the site functioning at all hours, and a review of related materials (e.g. policies and procedures, incident reports, investigation records, post orders, contracts, emergency and crisis plans, and training materials). A useful related tool is the Team Assessment Workshop in which key staff get together to consider the facility's risks and vulnerabilities and, in light of those, the worth of the existing and planned security countermeasures. This brainstorming process goes far toward eliciting understanding and buy-in for the security program by all departments and provides a rare opportunity to stand back and look at the workplace through the eyes of one who wishes to do harm.

The issues to be considered in the workshop include: