Information
-
Document No.
-
Audit Title
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
Facility Information
-
Facility Name
-
Facility Address
-
Facility Point of Contact
-
Point of Contact Phone Number and Email Address
Onsite Chemicals
-
Are there DHS Chemicals of Interest and/or DEA Watch List chemicals on site? If yes, provide a list of all with quantities, CAS, and how they are stored (storage medium).
-
Are there any other Toxic Industrial Chemicals or Toxic Industrial Materials that pose public health/environmental hazard concerns? If yes, provide a list of all with quantities, CAS, and how they are stored (storage medium).
Critical Assets
-
If there are any YES answers in this category, describe the characteristics of the critical asset the consequence of the asset loss, and the location of the asset.
-
List and describe any emergency equipment/systems, e.g., fire stations, firetrucks, cleanup equipment, etc. that may be critical to the facility.
-
Does the facility have key buildings or process areas?
-
Does the facility have critical communications equipment, e.g., radio relay stations, antenna, intercom systems, hand-held radios, etc.?
-
Does the facility have critical computer hardware, e.g., servers, mainframes, racks, network switches, etc.?
-
Are there critical/key personnel at the facility?
-
Are there other critical assets?
-
Remarks regarding Critical Assets
Operational Information
-
Describe the facility and its operations, i.e., what is the facility's function?
-
What are the operating hours at the facility?
-
What are the key products and services at the facility?
-
Who are the key customers supported by the facility?
-
How many personnel are at the facility including employees, vendors, contractors, etc.
-
Is the facility on a navigable waterway?
-
How much has the facility spent on implementing security countermeasures in the past year?
-
Has the facility had any security incidents within the last two years?
Impact Assessment
-
What is the estimated cost of a 24-hour loss of operations at the facility?
- $100,00+
- $50,000-$99,999
- $25,000-$49,999
- $10,000-$24,999
- Less than $10,000
-
What is the estimated cost to completely replace the facility?
- $2,000,000+
- $1,000,000-$2,000,000
- $500,000-$999,999
- $100,000-$499,000
- Less than $100,000
-
What is the expected loss impact to Champion as an enterprise if the facility is lost?
- Catastrophic
- Major
- Significant
- Minor
-
What are the expected Health, Environmental, and Safety impacts of a significant COI release incident at the facility?
- Extend offsite with population impacts greater than 100,000
- Extend offsite with population impacts of 50,000 to 99,999
- Extend offsite with population impacts of 10,000 to 49,999
- Extend offsite with population impacts of less than 10,000
- Extend offsite with no population impacts
- Limited to on-site
Site Security Plan
-
Has the facility identified a Site Security Coordinator in writing?
-
Does the facility have a written security plan?
-
Does the facility retain records of security risk management assessments, in paper or electronic format, for at least three years?
-
Does the facility retain records of security incidents, in paper or electronic format, for at least three years?
-
Does the facility have a defined security organizational structure in writing that identifies specific duties and responsibilities?
-
Does the facility have written procedures, including responsibilities, tasks, and frequencies, to regularly inspect, test, calibrate, repair, and maintain security systems and related equipment such as communications and emergency notification equipment according to manufacturer's standards?
-
Does the facility have written procedures and qualified personnel for conducting thorough investigations of significant security incidents, and thoroughly investigate security breaches and incidents?
-
Does the facility implement appropriate temporary security measures in response to security incidents, nonroutine outages, equipment failures and malfunctions, and are such incidents documented and promptly reported to the Site Security Manager?
-
Does the facility have a written plan to record and repair deficiencies in security related equipment?
-
Does the facility retain records of maintenance, calibration, and testing of security equipment, in paper or electronic format, or at least three years?
-
Does the facility have a written process and procedures for implementing security measures and increasing their security posture during periods of elevated threat levels?
-
Does the facility maintained a standardized security system procurement and construction requirements document?
-
Are security system manuals available?
-
Does the facility have an active outreach program to the community and local law enforcement and emergency responders?
-
Does the facility have as-built drawings for the security system?
Personnel Security
-
Are background checks completed on all employees and contractors who have unescorted access to critical or restricted areas?
Visitors/Contractors
-
Does the facility have strict visitor identification, escort, and access control procedures?
-
Does the facility have one or more separate access points for contractor personnel?
-
Are all visitors and non-badged contractors documented, issued a temporary badge, and escorted while in restricted areas, and escorted or continuously monitored elsewhere?
-
Are visitors restricted from access to locations where critical assets are located?
Chemical Security
-
Does the facility have an active, documented "know your customer" program?
-
Does the facility use tamper evident devices to secure transportation containers?
-
Does the facility receive unannounced shipments of hazardous materials?
-
Does the facility have an inventory control system for dangerous chemicals?
-
Do facility personnel actively monitor critical process equipment containing dangerous chemicals?
-
Have all employees and contractors involved with dangerous chemicals undergone background surety investigations?
-
Have all employees and contractors involved with dangerous chemicals been trained to identify and report suspicious behaviors/activity?
-
Does the facility adequately secure all transportation containers of hazardous materials on site?
-
Does the facility perform identification checks and verification prior to customer pick up of packaged chemicals on site?
-
Does the facility have a review procedure with appropriate redundancies in place for all shipping, receiving, and delivery of hazardous materials?
-
Does the facility use a locked rack or other physical means of securing man portable containers of dangerous chemicals?
-
Does the facility use tamper evident seals for vehicle valves and other appurtenances that can indicate if a shipment has been tampered with?
Guard Force
-
Does the facility have a guard force in place? If yes, describe, e.g., cite when guards are on-site, number of guards, etc.
Security Control Room
-
Does the facility have a dedicated control room and console in place to monitor security, fire alarms, and other facility systems?
Communications
-
Does the facility have a communications and emergency notification system?
-
Are intercom call boxes or a facility intercom system installed throughout the facility?
Perimeter
-
Is there a natural or man-made barrier (or combination thereof) that encloses the facility perimeter?
-
Is there a 5-foot minimum clear-zone on either side of the fence that allows persons to be detected at the boundary?
-
Are utility paths or a water runoff channels providing access to the facility secured?
-
Are there appropriate vehicular and pedestrian access controls at the facility perimeter?
-
Are there at least two vehicular perimeter access points to the facility?
-
Is lighting adequate from a security perspective in roadway access and parking areas?
Access Control
-
Are access control points configured to avoid significant queuing?
-
Does the facility differentiate for different levels of access?
-
Does the facility have a functional security access control system in place?
-
Do appropriate access control devices cover every entrance/exit from the facility?
-
Does the facility access control system require authorization for access by a photo identification card, proximity card, or biometrics?
-
Are access points manned by security personnel when open for use and either manned or continuously monitored at all other times?
-
Are appropriate types of locking hardware used throughout the facility?
Vehicles
-
Does the facility inspect all vehicles and all of the items carried by individuals entering the facility?
-
Do unknown vehicles remained outside the facility perimeter or in a secured area while they and their occupants are being vetted?
-
Is on site parking minimized and vehicular access to restricted areas restricted?
-
Does vehicular inspection occur at the curb lane or outside the facility's protected perimeter?
-
Are vehicular entrances offset from the direction of vehicular approach, i.e., are there traffic calming measures?
-
Is there a minimum setback distance between the facility and parked vehicles? If yes, describe the distance and how it is enforced, e.g., barriers, etc.
-
Is vehicular and pedestrian access to the facility separated?
-
Do facility vehicular circulation patterns prevent high-speed approach to critical assets by vehicles?
-
Are there passive or active anti-ram devices at vehicular access points?
-
Do standalone, above ground parking garages provide adequate visibility across, as well as into and out of, the parking garage?
-
Are garage or service area entrances for employee-permitted vehicles protected by suitable anti-ram devices?
Intrusion Detection System
-
Does the facility have an intrusion detection system that is monitored remotely 24 hours a day?
-
Does the facility use a functional exterior intrusion detection system?
-
Is the intrusion detection system wiring located separately from electrical and other service systems?
-
Does the facility use a functional interior intrusion detection system?
Video Surveillance Systems/Closed Circuit Television
-
Does the facility have a CCTV perimeter monitoring system?
-
Does the facility have a CCTV system covering critical assets and chemicals?
-
Are appropriate CCTV cameras used at primary interior entrances and exits?
Exterior Physical Security
-
Does the facility have perimeter barriers, i.e., fencing or walls?
-
Does the facility's architectural design employ Crime Prevention through Environmental Design (CPTED)?
-
Is facility lighting adequate from a security perspective?
-
Are trash receptacles and mailboxes in close proximity to buildings modified to prevent the hiding of explosive devices?
-
Have the number of trash receptacles or mailboxes in close proximity to buildings been reduced or eliminated?
-
Do building windows contain security glazing?
-
Do windows and openings cover less than 40% of structural bays?
-
Do non-window openings such as mechanical vents and exposed plenums provide the same level of protection required for the exterior wall?
-
Is roof access limited to authorized personnel by means of appropriate locking mechanisms?
Critical Assets
-
Are high-value or critical assets located as far into the interior of the facility as possible and separated from the public areas of the building?
-
Are critical assets located in locations that are occupied 24 hours per day?
-
Are critical assets located in locations where they are visible to more than one person?
-
Are critical assets located away from entrances, vehicle circulation, parking, maintenance areas, or loading docks?
Theft/Diversion
-
Are high-theft risk or targeted items secured in separate secured storage areas?
-
Does the secure storage area have access controls and restricted access?
-
Does the secured storage area have a secondary (redundant) security system?
-
Is the secured storage area covered by CCTV and/or electronic controls?
-
Are inventory controls maintained for all high-risk containers?
-
Are inventory controls reviewed by management and discrepancies addressed or immediately reported as an incident?
Mail, Shipping, and Receiving
-
Are loading docks and shipping/receiving areas located away from critical equipment/functions?
-
Is the mail room located away from main entrances, areas containing critical services, utilities, distribution systems, and other important assets?
Fire Detection and Suppression
-
Is there a code-compliant facility fire alarm system, either centralized or localized?
-
Does the facility have reliable supplies of water for the fire suppression system?
-
Are fire hydrants accessible by emergency responders?
-
Is stairway and exit sign lighting operational and is there a written testing process?
-
Are there smoke evacuation systems with purge capability in the facility?
Infrastructure
-
Does the facility have a policy or procedure for periodic recommissioning of major mechanical/electrical/plumbing systems?
-
Is access to building information restricted?
-
Are utility lifelines underground or direct buried?
-
Is mechanical room access limited to authorized personnel only?
-
Are facility automation control centers located in secure areas?
Electrical System
-
Are there multiple service entry points for the facility?
-
Does emergency backup power exist for all critical areas within the facility?
-
Are transformers and switchgears located outside the facility, or accessible from the facility exterior, secured?
-
Is the incoming electric service to the facility in a secure location?
-
Are facility Alexco rooms secured with appropriate locks as part of the access control system?
-
Is the facility primary electrical system wiring not collocated with other major utilities?
Water
-
Are sewer systems protected from unauthorized access?
-
Is the facility's supply of domestic water protected from unauthorized persons?
-
Are there multiple entry points for the water supply?
-
Is there more than one method of water distribution?
HVAC
-
Are there redundancies for the facility's air handling system?
-
Is a air pressurization monitored regularly?
-
Are air intakes and exhausts closed when not operational?
-
Is the air supply to critical areas compartmentalized?
-
Is return air NOT ducted?
-
Is there a means to control facility temperature and humidity levels?
-
Is there protection for chemical, biological, and radiological contamination designed into the HVAC!
-
Are there multiple air intake locations?
-
Are critical areas for supply, return, and exhaust air systems secure?
-
Are appropriate filters used on critical air handling units?
-
Are intakes and exhaust louvers located on the roof or as high as possible?
-
Is access to HVAC units limited to authorized personnel only?
Fuel
-
Is there more than one method of gas distribution at the facility?
-
Is fuel for the facility's critical operations secured from a reliable supplier?
-
Is there a reserve of critical fields?
-
Are gas storage tanks located away from other high-value target areas?
-
Is fuel for the facility's critical operations protected by physical security measures? If yes, describe the measures.
Response Plan
-
Does the facility have a comprehensive Incident Management Plan?
-
Does control of air handling systems support plans for sheltering in place or other protective approaches?
-
Have areas of refuge been identified with special consideration to egress?
-
Have systems that receive emergency power been capacity tested?
-
Does the facility have a 72-hour storage capacity for domestic water?
-
Does the facility have a 72-hour supply of fuel for critical operations?
-
Does the facility have an emergency lighting system for incidents?
Security Awareness and Training
-
Does the facility have a documented security awareness and training program for employees and resident contractors without direct security responsibilities?
-
Does the facility have a documented security awareness and training program for security personnel and a corresponding set of minimum skills and. competencies for security personnel?
-
Does the facility retain training records, in paper or electronic format, for at least three years?
-
Are applicable employees trained on the measures implemented to address the specific threats, vulnerabilities, or risks in accordance with the facility security awareness and training program?
-
Are lessons learned from security incidents disseminated to appropriate facility personnel in a timely manner in meetings, by email, or as part of an ongoing security awareness program depending upon the nature of the incident?