With the development of Department of Homeland Security (DHS) Chemical Facility Anti-terrorism Standards (CFATS), the federal government is pushing security expectations to certain aspects of the private sector that was previously unregulated from a security perspective. In addition, the approach that the DHS is using to secure CFATS facilities is performance based rather than the more frequently applied approach of prescriptive compliance. The performance-based approach is forward thinking on the part of DHS. It also allows for a high degree of flexibility on a site- by- site basis; however this flexibility creates uncertainty with regard to compliance with CFATS, and more specifically the Site Security Plans (SSPs) that many facilities are currently developing.
Defining a site- specific security strategy is a crucial component to managing both future security costs as well as meeting the Risk Based Performance Standards (RBPS) so that your SSP submissions will likely be accepted or approved by DHS. Balancing the cost - effective aspects of a security program against performance based expectations of regulators and overall regulatory compliance requires a solid foundation in various security concepts such as balanced protection, span of control, and protection- in- depth, and a concept referred to as Layers of Protection (LOP).