Identifying Chemical Risk at Minesites

The U.S. Department of Homeland Security and the Mining Industry

While the U.S. mining industry is more than familiar with the rules and regulations of The Mine Safety & Health Administration (MSHA), few in the industry are aware of the role that the Department of HomelandSecurity (DHS) plays. Through its Chemical Facility Anti-Terrorism Standards (CFATS), the DHS has the authority to regulate the security of “high-risk” chemical facilities, which are, as defined in 27.105, “any establishment that possesses or plans to possess, at any relevant point in time, a quantity of a chemical substance determined to be potentially dangerous or that meets other risk-related criteriaidentified by the department.”

The U.S. mining industry has made significant strides in identifying safety as a priority value in its operations, which in turn creates greater valuefor all those entities that are linked to it. It would be understandable if most mine operators felt  that they were in compliance with CFATS if they were meeting the well- known requirements established by the Bureau of Alcohol Tobacco Firearms and Explosives (ATF) in order to secure their explosives and other chemicals. Unfortunately, that assumption is not going to place their operations in a position to be CFATS-compliant. It should be noted that non-compliance with CFATS can bring penalties of up to $25,000 as well as a shutdown of mine operations.

Another critical  consideration of CFATS compliance is the damage that could be sustained to a mining interest’s public image if the explosives or chemicals in their care were used to commit a terrorist act. The head-in-the-sand notion that terrorists, either domestic or foreign, would not view mine operations as targets of opportunity to gain access to the tools of their trade or as a target to unleash an environmental disaster, is a dangerous if not negligent opinion The U.S. Department of Homeland Security and the Mining Industry Identifying Chemical Risk at Mine sites to hold. CFATS compliance provides a readily measurable standard of care that would be difficult for anyone to challenge.

Within the past two years, a leader in the international mining industry, AngloGold Ashanti (AGA), recognized the need to review and potentially address CFATS requirements at its USA Cripple Creek and Victor Gold Mining Company (CC&V) operations in Colorado. CC&V assessed the need to be DHS/CFATS compliant at the appropriate level and immediately began implementing a plan of action to address the demands that were placed on the mine. CC&V sought out the resources of a trusted security provider who had experts with proven past performance in providing CFATS- related support services.

After closely reviewing Appendix A of the CFATS document, which contains a list of around 300 Chemicals of Interest (COI), and their individual Screening Threshold Quantities (STQ), CC&V determined that it may possess at some point one or more of the regulated items. CC&V was therefore required to register with the DHS and complete the subsequent “Top Screen,” which the DHS uses to rank the threat/compliance levels at mining facilities.  This ranking comes in the form of “Tiers.” There are tiers 1-4, with Tier 1 being the most severe, down to Tier 4, which is least severe.

CFATS allows facilities to develop their own very comprehensive Site Security Plan (SSP) which will be based on their own Security Vulnerability Assessment (SVA). Each SSP will be unique to that facility’s particular security vulnerabilities and tier ranking. Although each facility will be able to create its own SSP, it must do so by addressing site vulnerabilities using risk-based performance standards (RBPS) developed by the DHS. Congress directed the DHS to issue regulations “establishing risk-based performance standards for security chemical facilities.”

These performance standards provide each facility withthe flexibility needed to address its own unique security vulnerabilities as well as give it a roadmap to aid in guiding it in the development of its SSP. Once the facility has submitted its SSP to  the DHS and it has been approved, the facility will be held to the provisions of the SSP and its compliance with the RBPSs.

There are steps that a facility must take and tools that it must utilize to meet the complete intent of CFATS. A brief overview of these steps is listed below:

Chemical Security Assessment Tools

Chemical Security Assessment Tools (CSAT) are defined as “a suite of four applications, including User Registration, Top-Screen, Security Vulnerability Assessment (SVA) and Site Security Plan (SSP) throughwhich the DHS will collect and  analyze key data from chemical facilities.”

User Registration

The initial step in the CSAT process is User Registration. The DHS strongly recommends not delaying registration pending the final publication of Appendix A. Facilities that delay in doing this will lose time from the full 60-day window to complete the Top-Screen.


The second part of the CSAT process is the completion of the Top-Screen. Once the facility Point of Contact (POC) for security concerns completes the registration process, secure entry into the Top-Screen key data gathering process will be permitted. This permission will come from the DHS in the form of a security access code (user name and password). One keynote to remember is that there is a maximum of 60 calendar days from the published date of the Final Appendix A (COI List) to complete and submit the Top-Screen. However, this does not exempt any companies that were not initially contacted by the DHS through the Federal Register. Any companies (existing or planned) that have or plan to have a COI-listed in Appendix A have a responsibility to complete the User Registration. They will then have 60 calendar days from that point to complete their Top-Screen.The DHSwill use the data populated in the Top-Screen either to eliminate a facility from being regulated by CFATS or to make a determination as to the tiering of that facility. The DHS will send notification to that facility as to what decision has been made. This notification is also Chemical-Terrorism Vulnerability Information (CVI).

Security Vulnerability Assessment (SVA)

The third part of the CSAT process is the SVA. “Unless otherwise notified, a tier ranked chemical facilitywill have a maximum of 90 calendar days to submit the SVA based on written notification by the DHS, or within the timeframe specified in any subsequent Federal Register.”

Site Security Plan (SSP)

The SSP is the fourth and final part of the CSAT process. After the chemical facility submits the SVA to the DHS, it will be reviewed and subsequently accepted by the DHS. This acceptance starts the clock for completion of the SSP. Unless otherwise notified by the DHS, high-risk  facilities will have 120 calendar days from the time of written notification to complete and submit their SSP to the DHS for “authorization.”

The SSP is an in-depth documentation  that identifies/describes the security measures that a chemical facility will perform to address vulnerabilities identified in the SVA. The DHSwill forward a Letter of “Authorization” to the submitting  chemical facility only after it reviews the SSP and is satisfied that the facility has successfully met the requirements of the  SSP. Only once a facility has been physically inspected by the DHS will there be “certification” and “approval.” However, this “certification” and “approval” does not signify the end of the facility’s responsibilities in the CSAT process. Any changes that occur as a result of security  upgrades or COI changes will have to be documented through the use of the Top-Screen. However, in the event that no changes occur, facilities willstill have a responsibility to update the Top-Screen, SVA and SSP periodically. The frequency of this update is based on the Tier ranking of the facility. Top Screen, SVA and SSP must be updated every 2 years for facilities that have been ranked Tier 1 and 2, while Tier 3 and 4 ranked facilities must update Top Screen, SVA and SSP every 3 years.

AbilaSecurity and Investigations, Inc. (ASI) offers CFATS training programs that are fully customizable. They feature interactive, participative learning with measurable outcomes and are designed to meet the specific needs of each location. ASI has designed its CFATS training program to be inclusive of DHS requirements as well as police officer standardized training (POST) concepts for employees. Training can be conducted on site as “train the trainer” sessions with a flexible number of days, hours, attendees and topics. Trainingincludes plan reviews, classroom training, tabletop exercises and scenario-based training.

Daniel Guzman is the Emergency Services/DHS CFATS Program Manager at Abila Security & Investigations

Click here for full list of links: