DHS Form 9019 Site Securtiy Plan

OMB Number 1670-0007
Expiration Date 2/29/08
The public reporting burden for this form is estimated to be 200 hours. The burden estimate includes time
for reviewing instructions, researching existing data sources, gathering and maintaining the needed data,
and completing and submitting the form. Send comments regarding th accuracy of the burden estimate and
any suggestions for reducing the burden to: NPPD/OIP/Chemical Security Compliance Division, Attention:
Matthew Bettridge, Project Manager, U.S. Department of Homeland Security, Mail Stop 8100,
Washington, DC 20528-8100.
(Paperwork Reduction Project (1670-0007)). Your response is mandatory according to Public Law 109295 Section 550. You are not required to respond to this collection of information unless a valid OMB
control number is displayed in the upper right corner of this form. NOTE: DO NOT send your completed
form to this address.

Site Security Plan

A Site Security Plan (SSP) will be submitted by chemical facilities designated as highrisk by The Department of Homeland Security. The format of an SSP may vary, but
each SSP must contain the following information:
1.

2.

3.

4.

Address each vulnerability identified in the facility’s Security Vulnerability
Assessment, and identify and describe the security measures to address each
such vulnerability.
Identify and describe how security measures selected by the facility will
address the applicable risk-based performance standards (see below) and
potential modes of terrorist attack including, as applicable, vehicle-borne
explosive devices, water-borne explosive devices, ground assault, or other
modes or potential modes identified by the Department.
Identify and describe how security measures selected and utilized by the
facility will meet or exceed each applicable performance standard listed at 6
CFR § 27.230 for the appropriate risk-based tier for the facility.
Specify other information the Assistant Secretary deems necessary regarding
chemical facility security.

Risk-based Performance Standards
6 CFR § 27.230
1.
2.
3.

4.

Restrict Area Perimeter: Secure and monitor the perimeter of the facility.
Secure Site Assets: Secure and monitor restricted areas or potentially critical
targets within the facility.
Screen and Control Access: Control access to the facility and to restricted
areas within the facility by screening and/or inspecting individuals and
vehicles as they enter
Deter, Detect, and Delay: Create sufficient time between detection of an
attack and the point at which the attack becomes successful.

DHS Form 9019 (2/08)

5.
6.
7.
8.

9.

10.
11.
12.

13.
14.

15.
16.

17.
18.
19.

Shipping, Receipt, and Storage: Secure and monitor the shipping, receipt,
and storage of hazardous materials for the facility.
Theft and Diversion: Deter theft or diversion of potentially dangerous
chemicals.
Sabotage: Deter insider sabotage.
Cyber: Prevent unauthorized onsite or remote access to critical process
controls, such as Supervisory Control and Access Acquisition (SCADA)
systems, Distributed Control Systems (DCS), Process Control Systems (ICS),
critical business system, and other sensitive computerized systems.
Response: Develop and exercise an emergency plan to respond to security
incidents internally and with assistance of local law enforcement and first
responders.
Monitoring: Maintain effective monitoring, communications and warning
systems.
Training: Ensure proper security training, exercises, and drills of facility
personnel.
Personnel Surety: Perform appropriate background checks on ensure
appropriate credentials for facility personnel, and as appropriate, for
unescorted visitors with access to restricted areas or critical assets.
Elevated Threats: Escalate the level of protective measures for periods of
elevated threat.
Specific Threats, Vulnerabilities, or Risks: Address specific threats,
vulnerabilities or risks identified by the Assistant Secretary for the particular
facility at issue.
Reporting of Significant Security Incidents: To the Department and to local
law enforcement officials.
Significant Security Incidents and Suspicious Activities: Identify,
investigate, report, and maintain records of significant security incidents and
suspicious activities in or near the site.
Officials and Organization: Establish official(s) and an organization
responsible for security and for compliance with these standards.
Records: Maintain appropriate records.
Address any additional performance standards the Assistant Secretary may
specify.

DHS Form 9019 (2/08)