TWIC or TWEAK The Transportation Worker Identification Credential:

Similar documents
Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

June 17, The NPRM does not satisfy Congressional intent

NMSAC. Industry update. AAPA Security & Safety Seminar Wade Battles Managing Director Port of Houston Authority

Marine Security Overview

National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

Compliance with ISPS and The Maritime Transportation Security Act of 2002

TWIC Program Overview for the Smart Cards in Government Conference March 10, 2004

Data Centers and Mission Critical Facilities Access and Physical Security Procedures

TWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011

Chemical Facility Anti- Terrorism Standards

Cybersecurity Risk and Options Considered by IMO

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

Select Agents and Toxins Security Plan Template

Marine Engineer Class 2

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Gatekeeper and Notice Requirements For Direct Electronic Access and Routing Arrangements

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

IDENTITY THEFT PREVENTION Policy Statement

uanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Red Flags/Identity Theft Prevention Policy: Purpose

TWIC Transportation Worker Identification Credential. Overview

Standard CIP 004 3a Cyber Security Personnel and Training

The Office of Infrastructure Protection

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-4c Cyber Security Physical Security

SECURITY & PRIVACY DOCUMENTATION

AGENDA Regular Commission Meeting Port of Portland Headquarters 7200 N.E. Airport Way, 8 th Floor August 13, :30 a.m.

STORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)

RÉPUBLIQUE D HAÏTI Liberté Egalité - Fraternité

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Information Bulletin

Prevention of Identity Theft in Student Financial Transactions AP 5800

Schedule Identity Services

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

ALABAMA STATE BOARD OF PUBLIC ACCOUNTANCY ADMINISTRATIVE CODE

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department

ALABAMA SURFACE MINING COMMISSION ADMINISTRATIVE CODE

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Sparta Systems TrackWise Digital Solution

September 11, Dear Captain Manning:

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

ACEDS. Certified E-Discovery Specialist RECERTIFICATION APPLICATION ACEDS.ORG. A BARBRI Professional Association

TransLink Video Surveillance & Audio Recording Privacy Statement

TWIC Update to Sector Delaware Bay AMSC 8 June 2018

Centeris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information

INFORMATION ASSURANCE DIRECTORATE

The Office of Infrastructure Protection

Wireless Communication Device Use Policy

Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors

REVISION HISTORY DATE AMENDMENT DESCRIPTION OF AMENDMENT

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Donor Credit Card Security Policy

APPROVAL FCA103 ISSUED BY THE COMPETENT AUTHORITY OF THE UNITED STATES EXPIRATION DATE: March 31, 2019

IMO MEASURES TO ENHANCE MARITIME SECURITY. Outcome of the 2002 SOLAS conference. Information on the current work of the ILO

Palo Alto Unified School District OCR Reference No

Enterprise Income Verification (EIV) System User Access Authorization Form

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Standard CIP Cyber Security Critical Cyber Asset Identification

TWIC Next Generation Card Design

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Standard CIP Cyber Security Critical Cyber Asset Identification

Cyber Security Standards Drafting Team Update

TWIC Readers What to Expect

Employee Security Awareness Training Program

The Southern Baptist Theological Seminary IDENTITY THEFT RED FLAGS AND RESPONSE INSTRUCTIONS IDENTITY THEFT AND PREVENTION PROGRAM As of June 2010

IT Security Evaluation and Certification Scheme Document

Critical Cyber Asset Identification Security Management Controls

MEMORANDUM. Robert Kreszswick, Director, Membership Services Department. Web CRD Electronic Procedures for Forms U4 and U5

Financial Adviser Standards and Ethics Authority Ltd

International Port Security Program

Timber Products Inspection, Inc.

Writing Diploma Exams Using Computers Humanities Part(ie) A, Mathematics 30-2 and Science 30

PRIVACY 102 TRAINING FOR SUPERVISORS. PRIVACY ACT OF U.S.C.552a

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

PORT OF TAURANGA VISITOR REGISTER USER GUIDE

OPERATIONS SEAFARER CERTIFICATION STANDARD OF TRAINING & ASSESSMENT. Security Awareness STCW A-VI/6-1

Situational Crime Prevention in Anti-Terrorism Efforts

Google Cloud & the General Data Protection Regulation (GDPR)

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Request for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning

Rules for LNE Certification of Management Systems

Data Use and Reciprocal Support Agreement (DURSA) Overview

Virginia Commonwealth University School of Medicine Information Security Standard

MARPA DOCUMENT MARPA Revision 1.1

Asian Institute of Chartered Bankers. Admission, Resignation, Cessation, and Re-admission of Individual Members. 1. Commencement and Application 02

The Office of Infrastructure Protection

ECA Trusted Agent Handbook

Identity Theft Prevention Policy

3.37 SECURITY FENCING GERALDTON PORT

A. INTRODUCTION B. PRINCIPAL CONCLUSIONS AND IMPACTS C. METHODOLOGY

The University of British Columbia Board of Governors

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Transcription:

TWIC or TWEAK The Transportation Worker Identification Credential: Issues and Challenges for MTSA-Regulated Facility Owner/Operators

THE USUAL DISCLAIMER By: Presentation at AAPA Administrative & Legal Conference Miami, Florida February 13, 2007 Thomas G. Schroeter Associate General Counsel Port of Houston Authority This presentation and all factual assertions, opinions and interpretations, legal and otherwise, are those solely of the author and not of the Port of Houston Authority, the American Association of Port Authorities or other person or organization. This presentation is intended to be introductory only and is not guaranteed to be free of error. The TWIC Rule is pending further regulations, directives and guidance from the USCG and TSA. Ports implementing a TWIC Program should not base their reliance on this presentation but should rather study and consider directly the TWIC Final Rule, the draft and final TWIC Navigation and Vessel Circular (NVIC), and recommendations and directives of their COTP and other regulatory authorities.

TWIC Some Issues & Challenges 1. Deadlines; What to Do Now 2. Escort Requirements & Consequences, including Re-definition of Port Secured/Public Access Areas and New Hire Rules 3. Who Needs a TWIC; Who Does Not? 4. Responsibilities/Liabilities of Owners/Operators of Facilities

Challenge/Issue No. 1: DEADLINES WHAT TO DO NOW February 13, 2007: Today February 28, 2007 (15 days): Draft Specifications for Card Readers: (NOT PART OF TWIC FINAL RULE) March 6, 2007 (21 days): PSGP Round 7 Deadline TWIC expenses March 26, 2007 (41 days): TWIC Final Rule Effective Date and TWIC Compliance Start Date for TSA/Lockheed Martin April 2, 2007 (48 days) this is the date by which Notice must be given to those determined by DHS to be in the first tier compliance group (top 10 priority ports) By April 21, 2007 (67 days): Five (5) Pilot Programs to Commence, per the SAFE Port Act of 2006 (180 days after passage of Act - Oct. 13, 2006) July 1, 2007 (137 days): TWIC Compliance Deadline for Top 10 Priority (Riskiest) Ports (what ports are in this group no notice yet notice must be provided by Coast Guard COPT 90 days or more prior to compliance date) July 25, 2007 (33 CFR 105.115 and 105.415): Deadline for Submission of Amendments to FSPs for Ports Desiring to Change Secure Areas into Public Areas, etc. (Is this a real deadline? Does this present an opportunity to get USCG approval of your TWIC program?) January 1, 2008 (9 ½ months): TWIC Compliance Deadline for Next 40 Priority Ports September 25, 2008: TWIC Compliance Deadline for credentialed Merchant Mariners January 1, 2009: All Other Facility Owner/Operators (22 CFR 105.115(e).

WHAT TO DO NOW (CONTINUED) Review carefully: (1) Final TWIC Rule, and (2) TWIC NVIC (presently in draft form) Include in your early review: Senior Management, Port Police and Security Department, Legal, Human Resources (e.g. new hire rules) Find out if you are a Top 10, Top 40 or Other Port contact your COTP; watch for Notice (must be given 90 days or more before Compliance Date for your Port)

WHAT TO DO NOW (CONTINUED) Decide who will pay the $137.25 TWIC fee Port Employer or Port Employees (per regulations, Employees must pay themselves if no decision made otherwise) Give Notice to your Employees ASAP (no later, in any event, as soon as you receive Notice of your Compliance Date) Plan and give Educational Program to your Employees & Security Force (and others as necessary or appropriate)

WHAT TO DO NOW (CONTINUED) Decide whether to request from USCG a modification of your Port Security Plan (deadline for this, per 33 CFR 105.115 is July 25, 2007) pay close attention to Escort Requirements and their cost in making this decision Remember, you need USCG approval and you can not make an area with a maritime security risk a non-secure area in order to lessen your escort/monitoring requirements; the standard, per the CFR, is whether the areas in question are directly connected to maritime transportation or are at risk of being in a transportation security incident.

WHAT TO DO NOW (CONTINUED) Decide what Procurements are necessary for TWIC Compliance Cost of TWIC cards: $137.25 x No. of Employees (not legally required) Fencing; Cameras (for Escort Monitoring requirements; for re-definition of your Secure/Restricted/Public Areas Card Readers: The TWIC Final Rule does NOT require them. A NEW RULE to be issued in the future (2008 or 2009?) will cover Card Reader requirements. But if you are in a Pilot Program, or if you are incorporating TWIC into existing badge programs, you may find yourself considering whether a current card reader investment is worth the risk of non-compatibility with future card reader requirements. Decide whether to submit a proposal for TWIC-related expenses as part of PSGP Round 7 (March 7) Not clear what expenses may be approved Note that Round 7 grant officials are saying that all or none of a project request will be granted

Challenge/Issue No. 2: Escort Requirements and Consequences

Escort Requirements Without a TWIC card, no access will be permitted to secure areas of MTSA-regulated facilities unless a person is escorted (and there is compliance with certain other rules). TWIC escorts must be TWIC cardholders themselves

Escort Requirements (continued) Port facilities may have: Secure areas side-by-side escort not required as long as the method of surveillance or monitoring is sufficient is sufficient to allow for a quick response should an individual under escort be found where he or she has not been authorized or if engaging in activities other than those for which escorted access was granted; up to 10 persons can be escorted by a TWIC escort Restricted areas side-by-side escort required for non-twic holders and up to 5 persons can be escorted by a TWIC escort Public (non-secure) areas

Escort Requirements (continued) Secure Areas The area over which an owner/operator has implemented security measures for access control to reduce the risk of a TSI. It is the entire area within the outer-most access control perimeter of a facility, with the exception of public access areas, and it encompasses all restricted areas. It is bound by the fence line or other barrier, waterfront, and the gates which provide access to the secure area.

Escort Requirements (continued) Restricted areas Fall within the secure areas; they are the infrastructure or locations identified in an area, vessel or facility security assessment or by the operator that require limited access and a higher degree of security protection. 33 CFR 101.105.

Escort Requirements (continued) Public access areas Non-secure areas; a port may apply for a redefinition of their secure and non-secure areas so that the secure areas include only the maritime-related transportation section of the facility. BUT USCG advises that the FSP must still cover the facility as originally submitted the only difference is that the TWIC Rules will not apply to that part of the facility that has been approved as a public access area rather than a secure area. Other security requirements remain the same (e.g. access control other than through TWIC rules). In applying for a redefinition, there may be an opportunity here to revise your plan to not only re-define secure and non-secure areas, but also to include your TWIC Program procedures and get an approval of them from the USCG. A public access area is a defined space within a facility that is open to all persons and provides pedestrian access through the facility from public thoroughfares to the vessel. Any facility serving ferries or passenger vessels certificated to carry more than 150 passengers, other than cruise ships, may designate an area within the facility as a public access area. (From TSA TWIC FAQS, page 4.) This is a somewhat narrow definition that would not appear to include all types of public access areas. Facilities may NOT exclude from secure areas container yards, tank farms, storage areas with material intended for trans-shipment by all modes of transportation including pipelines and passenger terminals.

Escort Requirements (continued) Monitoring Must enable sufficient observation of the individual with a means to respond if they are observed to be engaged in an unauthorized activity or in an unauthorized area. Can be accomplished in a number of ways, for example: Close circuit television (CCTV) as long as the CCTV is monitored by a TWIC holder and would allow an operator to see in sufficient detail if the non-twic holder was moving to an unauthorized area or was engaged in unauthorized activities. Intelligent video systems if the operator can demonstrate equivalency of coverage to the monitored CCTV system. Owners/operators must ensure that adequate measures such as security patrols are in place to respond to unauthorized activities. Other arrangements, using a combination of security patrols or roving watches, automatic intrusion-detection devices or surveillance equipment may be acceptable if they provide reasonable assurance that a non-twic holder is not engaging in activities other than those for which the access was granted.

Challenge/Issue No. 3: Who needs a TWIC? Who does not? General Rule: Those requiring unescorted access to Port facilities must get a TWIC: Port Employees Port FSOs, Police and Private Security Guards Tenants and Their Employees Longshoremen Others Frequenting Port Facilities: Contractors Truck Drivers Rail Workers Vessel Crew

Who needs a TWIC? Who does not? DOES NOT NEED A TWIC: Emergency Responders Federal, State and Local Public Officials (must present their agency credentials for visual inspection). Area Maritime Security Committee Members (name-based terrorist check) New Hires While TWIC Application Pending Merchant Marines with Proper Substitute Identification prior to September 25, 2008 (46 CFR 15.415) Escorted Persons The public TWIC holders having lost, stolen or damaged TWICs, who have reported same and re-applied (7 days) Others having authorized business at port facilities who are escorted Persons in public access areas (non-secure) areas of facilities

Who does not need a TWIC? (continued) New Hires (other than FSO s, security officers, or others with security as their primary duty): Once new hires have applied for a TWIC (and initial name-based check and other requirements are met), they may work in secure areas for 30 days if no other circumstances causing reasonable suspicion New hires, in order to fit under the new hire rules, must need access to secure areas immediately to prevent adverse impact on operation The key is accompanied access up to 25% of employees; 25 employee work unit limits

Who does not need a TWIC? (continued) Emergency respondents do not require a TWIC to have unescorted access.

Challenge/Issue No. 4: What are the duties/liabilities of Facility Owner/Operators under the TWIC Regulations? Ensure the TWIC Program is properly implemented and your security guards and others are well trained.

What are the duties/liabilities of Facility Owner/Operators under the TWIC Regulations? (continued) 33 CFR 105.200 et seq. Ensure that only individuals who hold a TWIC and are authorized to be in the secure area are permitted to escort Identify the action to be taken by an escort or other authorized individual should individuals requiring escort engage in activities other than those for which escorted access was granted Notify facility employees and passengers of what parts of the facility are secure areas and public access areas and ensure such areas are clearly marked Ensure restricted areas are controlled

What are the duties/liabilities of Facility Owner/Operators under the TWIC Regulations? (continued) Ensure adequate coordination of security issues takes place between the facility and vessels including execution of a DoS Ensure the report of breaches of security (e.g. fraudulent or expired TWIC card) and TSIs to the National Response Center Inform facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications and of their obligation to inform TSA of any event that would render them ineligible for a TWIC or would invalidate their existing IDs Ensure protocols for dealing with individuals with lost, stolen or damaged TWICs or who have applied but not yet received a TWIC (including new hires) are in place Control access to the facility and prevent unescorted individuals from entering into an area of the facility that is designated as a secure area

What are the duties/liabilities of Facility Owner/Operators under the TWIC Regulations? (continued) Ensure that the TWIC Program is implemented per 33 CFR 255.105(c); see also draft NVIC at Section 3.3): All persons seeking unescorted access to secure areas must present their TWIC for inspection before being allowed unescorted access, including: A match of the photo on the TWIC to the individual presenting the TWIC Verification that the TWIC has not expired A visual check of the various security features present on the card to determine whether the TWIC has been tampered with or forged

What are the duties/liabilities of Facility Owner/Operators under the TWIC Regulations? (continued) If owner/operator is presented with a fraudulent TWIC, owner/operator shall: - prevent unauthorized access to secure areas - ask for alternate forms of ID to verify - call COTP Situation Controller (call NRC if more than one TWIC involved or individual presents fraudulent TWIC multiple times) - ask individual to remain at access control point until Coast Guard arrives - only a federal official may confiscate a TWIC from an individual, even a fraudulent or tampered TWIC

PHA Turning Basin Terminal - 1

PHA Turning Basin Terminal - 2

PHA Turning Basin Terminal - 3

Conclusion When it comes to TWIC Rules and Their Implementation, Be Vewy, Vewy Careful

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback