Cosmetics Design connected with the US Department of Homeland Security to learn about the program; and in part 1 of this article covered the basics of CFATS. Here, part 2 is about getting started by registering to access the Department’s Chemical Security Assessment Tool and what program participation entails.
“At CFATS, our focus is security,” emphasizes Dave Wulf, infrastructure security compliance division director. “Therefore,” he tells Cosmetics Design, “we are committed to increasing awareness about our program and its reporting requirements to ensure high-risk facilities establish security measures to protect their chemicals.”
Any cosmetics or personal care venture, from ingredient production facilities and R&D labs to distribution centers and finished goods manufacturing sites that have chemicals of interest (known as COI) on hand in volumes at or above the CFATS’ screening threshold quantity (STQ) must participate in the program. As mentioned in part 1 of this article, a full list of COIs can be found here.
The first step is then to register online for access to Department’s Chemical Security Assessment Tool. Once a company completes the assessment known as a Top Screen, CFATS determines whether or not they are coved by the regulations.
If so, CFATS defines the facility’s level of risk. The risk scale runs from Tier 1 (highest risk) through Tier 4 (lowest risk). From there participating facilities have more work to do, evaluating security needs and devising a plan to manage those needs effectively. This means submitting a Security Vulnerability Assessment and Site Security Plan or Alternative Security Program to the US Department of Homeland Security for approval.
“The plan must include security measures that meet the risk-based performance standards established by DHS,” according to a statement the program shared with Cosmetics Design. “The Department performs an authorization inspection at the facility prior to granting a security plan approval. Once a facility’s plan is approved, DHS conducts regular compliance inspections to verify that a facility is implementing the agreed-upon security measures.”
“CFATS is not a voluntary program; it is a regulatory program,” the Department’s statement emphasizes. The program would rather work in conjunction with facilities that have chemicals of interest (at or above the set limits) but does have latitude to penalize those that don’t participate or that don’t comply with security regulations. “For example, a facility that does not register for the CFATS program and is found to possess COI above STQ may be subject to fines. DHS has the authority to fine facilities up to $33,333 per day for each day the violation continues,” according to the statement.
The Department is swift to note that CFATS inspectors and specialists can help identify cost-effective options for meeting security protocols and that participating facilities have a fair amount of choice in how they opt to manage any risk.
As an example, the Department explains that facilities covered by CFATS must “have detection measures in place --- measures that identify potential attacks or precursors to an attack and communications that information, as appropriate. Facilities can choose how to meet that security standard. In the past, facilities have chosen measures that include cameras, intrusion detection systems, and on-site security or personnel, amongst other methods.”
The program has been running for nearly 10 years and overall the Department considers it a success. “CFATS has matured as a program and has become an integral part of chemical security,” Wulf tells Cosmetics Design, adding that “thanks to CFATS, tens of thousands of security measures have been implemented at high-risk facilities across the country, making our communities and our Nation more secure.”
Wondering if your facility needs to participate? Contact the CFATS Help Desk by calling (866) 323-2957.
Or, visit the US Department of Homeland Security online here.