Information
-
Site conducted
RBPS 18 Requirements
-
Conducted on
-
Prepared by- "I certify that this facility was audited per DHS Risk Based Performance Standards 18, dated May 2009"
-
Certifying Signature
-
Personnel (other than Preparer)
DHS Correspondence (at least 3 years)
-
Does site have copy of letter of authorization and approval from DHS?
-
Date of Letter
CSAT Documentation (Greater than 6 years)
-
Does site have records of submitted Top Screen?
-
Is current chemical inventory reflective of submitted Top-Screen?
-
Does site have records of submitted Security Vulnerability Assessments
-
Does site have records of submitted Site Security Plans?
-
Have all “Planned” measures been implemented by required date (if any)?
-
Does site maintain all related correspondence (records of DHS inspections)?
Access Controls
-
Does site conduct audit of access control system?
-
Does site maintain records of all individuals authorized access to the facility?
-
Does site maintain log of all visitors, vendors, etc. to the facility?
-
Are all employees and security guards added to the Terrorist Screening Database (TSDB)?
DHS Security Awareness training records
-
Does site retain training records for at least 3 years?
-
Do training records include duration of training?
-
Do training records include date and time of training?
-
Do training records include results of training (Pass/Fail)?
-
Does site provide initial training to all employees?
-
Does site conduct refresher training at least every 3 years?
Drills
-
Does site maintain drill records for at least 3 years?
-
Do drill records include the date of the drill?
-
Do drill records include the name(s) and qualifications of the exercise director?
-
Do drill records include the description of the drill or exercise?
-
Do drill records include the list of equipment (other than personal equipment) tested or employed in the exercise?
-
Do drill records include the list of personnel who participated in the drill?
-
Do drill records document best practices or lessons learned which may improve the Site Security Plan?
Incidents and Breaches
-
Are incident and breach reports maintained for at least 3 years?
-
Do incident and breach reports include the date and time of occurrence?
-
Do incident and breach reports include the location of the incident or breach?
-
Do incident and breach reports include the description of the incident or breach?
-
Do incident and breach reports identify the individual(s) to whom the occurrence was reported?
-
Do incident and breach reports include a description of the response?
Security Threats
-
Are security threat reports maintained for at least 3 years?
-
Do security threat reports include the date and time of occurrence?
-
Do security threat reports describe how the threat was communicated?
-
Do security threat reports identify who received or identified the threat?
-
Do security threat reports include a description of the threat?
-
Do security threat reports identify to whom the threat was reported?
-
Do security threat reports include a description of the response?
Maintenance/Testing of security equipment
-
Are maintenance and testing records maintained for at least 3 years?
-
Do maintenance and testing records include the date and time of the maintenance or test?
-
Do maintenance and testing records include the name(s) and qualification(s) of the technician(s) doing the work?
-
Do maintenance and testing records include the specific security equipment involved for each occurrence of maintenance, calibration, and/or testing?
