SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

Similar documents
Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

Chemical Facility Anti- Terrorism Standards

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

Chemical Facility Anti-Terrorism Standards

HPH SCC CYBERSECURITY WORKING GROUP

The Office of Infrastructure Protection

How AlienVault ICS SIEM Supports Compliance with CFATS

Cyber Risks in the Boardroom Conference

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

The Office of Infrastructure Protection

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

The Office of Infrastructure Protection

DHS Cybersecurity: Services for State and Local Officials. February 2017

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

The J100 RAMCAP Method

Member of the County or municipal emergency management organization

Updates to the NIST Cybersecurity Framework

Department of Homeland Security Updates

G7 Bar Associations and Councils

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

Cybersecurity & Privacy Enhancements

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

Why C-TPAT? An Overview

The Office of Infrastructure Protection

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

S&T Stakeholders Conference

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

National Policy and Guiding Principles

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Why you should adopt the NIST Cybersecurity Framework

New Guidance on Privacy Controls for the Federal Government

Cyber Security Law --- Are you ready?

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Implementing Executive Order and Presidential Policy Directive 21

Statement for the Record

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

The Office of Infrastructure Protection

NCSF Foundation Certification

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

ANSI Homeland Security Standards Panel (ANSI-HSSP) Open Forum for Standards Developers

Statement for the Record. Rand Beers Under Secretary National Protection and Programs Directorate Department of Homeland Security

Department of Justice Policing and Victim Services BUSINESS PLAN

Cybersecurity and the Board of Directors

FDA & Medical Device Cybersecurity

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

SAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL. Washington, D.C

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Cybersecurity and Data Protection Developments

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

History of NERC December 2012

The Honest Advantage

Donor Countries Security. Date

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Medical Device Cybersecurity: FDA Perspective

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

Introduction to ISO/IEC 27001:2005

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

NY DFS Cybersecurity Regulations August 8, 2017

Understanding how MRA works and realizing the benefits for both Customs and Trade

The Office of Infrastructure Protection

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

PIPELINE SECURITY An Overview of TSA Programs

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Overview. Business value

Defending Our Digital Density.

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Changing the Game: An HPR Approach to Cyber CRM007

EXECUTIVE ORDER Chemical Facility Safety and Security: Providing ProtecFon Reduces Risk

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Securing the Chemical Sector:

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

Alternative Fuel Vehicles in State Energy Assurance Planning

COUNTERING IMPROVISED EXPLOSIVE DEVICES

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

The NIST Cybersecurity Framework

The value of visibility. Cybersecurity risk management examination

Standard CIP Cyber Security Critical Cyber Asset Identification

GDPR Update and ENISA guidelines

Testimony of. Beth Turner

Section One of the Order: The Cybersecurity of Federal Networks.

Transcription:

American Chemistry Council Responsible Care SECURITY CODE 7 April 2011 Debra Phillips Managing Director, Responsible Care American Chemistry Council

Why develop a Separate Security Code? Need for a clearly defined security initiative given a fast moving political debate after attacks on New York and Washington on September 11, 2001 Code development began January 2002 Board Adoption in June 2002 Code concept well understood with in the industry Security implementation timetable different than remainder of Responsible Care Full implementation by June 30, 2005 Integrates security management practices into broader Responsible Care management system

Public Concerns Addressed by Security Code Physical security of manufacturing locations Potential terrorist attacks. Other types of violence which could impact local populations. Security of product in the supply chain Diversion of products. Sabotage of products. Securing cyber assets Prevent hacking to disrupt operations. Unauthorized purchase/diversion of product.

Code Framework: Protect People, Products, Property and Information Documentation Plan Do Check Act Prioritize Assess Implement Security Measures Audit Verify Certify Correct Reassess 13 Management Practices Senior Leadership Training, Drills, and Guidance Stakeholder Communications, Dialogue, and Information Exchange Systems for Threat and Incident Responses

Site Security Requirements for Member Companies

Prioritize Facilities Into Four Tiers Based on: Attractiveness of a target Severity of an attack (off-site impacts) Difficulty in reaching target (layers of protection) Use ACC or CCPS Prioritization Tool Result: 2,000 ACC Facilities Prioritized by June 20, 2002

Assess Vulnerabilities and Implement Enhancements Understand Security-Related Risks through SVA Approved SVA methodologies: Sandia National Lab VAM- CF; Center for Chemical Process Safety (CCPS) SVA; Modified SVA for Tier 4 Facilities Implement enhancements with consideration of site conditions; consideration of inherently safer technology (IST) is mandatory

Verify Actions All facilities with potential off-site impacts (Tiers 1-3) Physical site security measures Independent, credible third-parties, e.g., Local law enforcement or first responder Security professional or consultants Insurance company Company selects appropriate verifiers

Initial Progress on Security Code SVA and Third Party Verification Status Tier 1 Tier 2 Tier 3 Tier 4 SVA Progress 112 facilities; 100% completed on schedule 376 facilities; 98.4% completed on schedule 546 facilities; 99.8% completed on schedule 1005 facilities; 99.4% completed on schedule Third-party verification Progress 99.0% completed on schedule 90.5% completed on schedule 96.3% completed on schedule Not applicable 99.3% SVAs completed on schedule 94.7% third-party verifications completed on schedule

Security Code Benefits ACC was able to proactively support national security legislation Early establishment of model for security which provided strong inputs for state and federal laws and regulations (CFATS and RBPSs) Strengthened existing supply chain relationships creating greater efficiencies ACC companies were able to get ahead of legislative curve and take advantage of provisions in state and federal laws Public concerns were addressed through proactive implementation Strengthened industry-government relationships, which continue today

Security Code Return on Investment Security Code implementation is recognized by US Customs for its Customs-Trade Partnership Against Terrorism (C-TPAT) Program Liability protection DHS SAFETY Act Designation Security Code was approved as an anti-terrorism technology by Department of Homeland Security under the SAFETY Act User of technology is not held liable in the event of a terror incident ACC members not liable for damages in case of terrorist attack Strong relationship with DHS; consideration of streamlined regulatory process for some facilities (inspection and approval of site security plans for Responsible Care companies) 11

2010 Security Survey of ACC Membership 17% apply RCSC at non-dues sites in US 20% apply RCSC globally 23% require RCSC of their commercial partners 31% of members expect to comply with CFATS with minimal difficulty. ACC Security Code has eased the transition to CFATS. ACC members comprise only 10% of CFATS facilities Conversely, within the ACC membership, the Security Code covers four times as many facilities as fall under the CFATS regulation

Future Considerations Within ongoing Responsible Care Strategic Review Process Inherently safer technology (IST): definition and consideration Connection between security and process safety Linkages between Code and regulations (new SVA methodologies) Periodic SVA re-assessment Enhanced performance measures

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback