§ 105.305 Facility Security Assessment (FSA) requirements.
(a) Background. The facility owner or operator must ensure that the following background information, if applicable, is provided to the person or persons who will conduct the assessment:
(1) The general layout of the facility, including:
(i) The location of each active and inactive access point to the facility;
(ii) The number, reliability, and security duties of facility personnel;
(iii) Security doors, barriers, and lighting;
(iv) The location of restricted areas;
(v) The emergency and stand-by equipment available to maintain essential services;
(vi) The maintenance equipment, cargo spaces, storage areas, and unaccompanied baggage storage;
(vii) Location of escape and evacuation routes and assembly stations; and
(viii) Existing security and safety equipment for protection of personnel and visitors;
(2) Response procedures for fire or other emergency conditions;
(3) Procedures for monitoring facility and vessel personnel, vendors, repair technicians, and dock workers;
(4) Existing contracts with private security companies and existing agreements with local or municipal agencies;
(5) Procedures for controlling keys and other access prevention systems;
(6) Procedures for cargo and vessel stores operations;
(7) Response capability to security incidents;
(8) Threat assessments, including the purpose and methodology of the assessment, for the port in which the facility is located or at which passengers embark or disembark;
(9) Previous reports on security needs; and
(10) Any other existing security procedures and systems, equipment, communications, and facility personnel.
(b) On-scene survey. The facility owner or operator must ensure that an on-scene survey of each facility is conducted. The on-scene survey examines and evaluates existing facility protective measures, procedures, and operations to verify or collect the information required in paragraph (a) of this section.
(c) Analysis and recommendations. In conducting the FSA, the facility owner or operator must ensure that the FSO analyzes the facility background information and the on-scene survey, and considering the requirements of this part, provides recommendations to establish and prioritize the security measures that should be included in the FSP. The analysis must consider:
(1) Each vulnerability found during the on-scene survey including but not limited to:
(i) Waterside and shore-side access to the facility and vessel berthing at the facility;
(ii) Structural integrity of the piers, facilities, and associated structures;
(iii) Existing security measures and procedures, including identification systems;
(iv) Existing security measures and procedures relating to services and utilities;
(v) Measures to protect radio and telecommunication equipment, including computer systems and networks;
(vi) Adjacent areas that may be exploited during or for an attack;
(vii) Areas that may, if damaged or used for illicit observation, pose a risk to people, property, or operations within the facility;
(viii) Existing agreements with private security companies providing waterside and shore-side security services;
(ix) Any conflicting policies between safety and security measures and procedures;
(x) Any conflicting facility operations and security duty assignments;
(xi) Any enforcement and personnel constraints;
(xii) Any deficiencies identified during daily operations or training and drills; and
(xiii) Any deficiencies identified following security incidents or alerts, the report of security concerns, the exercise of control measures, or audits;
(2) Possible security threats, including but not limited to:
(i) Damage to or destruction of the facility or of a vessel moored at the facility;
(ii) Hijacking or seizure of a vessel moored at the facility or of persons on board;
(iii) Tampering with cargo, essential equipment or systems, or stores of a vessel moored at the facility;
(iv) Unauthorized access or use including the presence of stowaways;
(v) Smuggling dangerous substances and devices to the facility;
(vi) Use of a vessel moored at the facility to carry those intending to cause a security incident and their equipment;
(vii) Use of a vessel moored at the facility as a weapon or as a means to cause damage or destruction;
(viii) Impact on the facility and its operations due to a blockage of entrances, locks, and approaches; and
(ix) Use of the facility as a transfer point for nuclear, biological, radiological, explosive, or chemical weapons;
(3) Threat assessments by Government agencies;
(4) Vulnerabilities, including human factors, in the facility's infrastructure, policies and procedures;
(5) Any particular aspects of the facility, including the vessels using the facility, which make it likely to be the target of an attack;
(6) Likely consequences in terms of loss of life, damage to property, and economic disruption, including disruption to transportation systems, of an attack on or at the facility; and
(7) Locations where access restrictions or prohibitions will be applied for each MARSEC Level.
(d) FSA report.
(1) The facility owner or operator must ensure that a written FSA report is prepared and included as part of the FSP. The report must contain:
(i) A summary of how the on-scene survey was conducted;
(ii) A description of existing security measures, including inspection, control and monitoring equipment, personnel identification documents and communication, alarm, lighting, access control, and similar systems;
(iii) A description of each vulnerability found during the on-scene survey;
(iv) A description of security measures that could be used to address each vulnerability;
(v) A list of the key facility operations that are important to protect; and
(vi) A list of identified weaknesses, including human factors, in the infrastructure, policies, and procedures of the facility.
(2) A FSA report must describe the following elements within the facility:
(i) Physical security;
(ii) Structural integrity;
(iii) Personnel protection systems;
(iv) Procedural policies;
(v) Radio and telecommunication systems, including computer systems and networks;
(vi) Relevant transportation infrastructure; and
(vii) Utilities.
(3) The FSA report must list the persons, activities, services, and operations that are important to protect, in each of the following categories:
(i) Facility personnel;
(ii) Passengers, visitors, vendors, repair technicians, vessel personnel, etc.;
(iii) Capacity to maintain emergency response;
(iv) Cargo, particularly dangerous goods and hazardous substances;
(v) Delivery of vessel stores;
(vi) Any facility security communication and surveillance systems; and
(vii) Any other facility security systems, if any.
(4) The FSA report must account for any vulnerabilities in the following areas:
(i) Conflicts between safety and security measures;
(ii) Conflicts between duties and security assignments;
(iii) The impact of watch-keeping duties and risk of fatigue on facility personnel alertness and performance;
(iv) Security training deficiencies; and
(v) Security equipment and systems, including communication systems.
(5) The FSA report must discuss and evaluate key facility measures and operations, including:
(i) Ensuring performance of all security duties;
(ii) Controlling access to the facility, through the use of identification systems or otherwise;
(iii) Controlling the embarkation of vessel personnel and other persons and their effects (including personal effects and baggage whether accompanied or unaccompanied);
(iv) Procedures for the handling of cargo and the delivery of vessel stores;
(v) Monitoring restricted areas to ensure that only authorized persons have access;
(vi) Monitoring the facility and areas adjacent to the pier; and
(vii) The ready availability of security communications, information, and equipment.
(e) The FSA, FSA report, and FSP must be protected from unauthorized access or disclosure.
[USCG–2003–14732, 68 FR 39322, July 1, 2003, as amended at 68 FR 60542, Oct. 22, 2003]