Download:
pdf |
pdfPIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Report Date:
Visit Date:
1
NAME OF COMPANY/ORGANIZATION
2
ONSITE STREET ADDRESS/P.O BOX
7
MAILING STREET ADDRESS/P.O BOX
12
3
CITY
8
CITY
4
COUNTY
9
COUNTY
5
STATE 6
ZIP
10 STATE 11 ZIP
NAME OF PRIMARY SECURITY COORDINATOR
PRIMARY SECURITY COORDINATOR CONTACT INFORMATION
13
OFFICE PHONE
16
MOBILE PHONE
18
EMAIL
19
NAME OF ALTERNATE SECURITY COORDINATOR
14
EXT
15
PAGER
22
PAGER
17
FAX
ALTERNATE SECURITY COORDINATOR CONTACT INFORMATION
20
OFFICE PHONE
23
MOBILE PHONE
25
EMAIL
21
EXT
24
FAX
26 24-HOUR EMERGENCY CONTACT PHONE NUMBER
TSA Form 1604, MM/YY
OMB Control Number 1652-XXXX; Expiration Date MM/DD/YYYY
PAGE 1 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Company Profile:
Company-Wide Description:
27
List the states in which you are operating?
Number of pipelines on bridges
41
Number of standalone pipeline bridges
42
Number of storage facilities
43
Number of breakout tank facilities
44
Number of pumping stations
45
Number of compressor stations
46
Number of LNG facilities
47
Number of NGL facilities
48
Number of marine terminals
49
Number of SCADA control rooms
50
Number of backup SCADA control rooms
51
Number of emergency operation centers
52
Number of city gate stations
53
COMPANY PROFILE COMMENTS
28
Total pipeline mileage
29
Cross-border operation
30
Products carried:
YES
NO
Refined product
Crude oil
Natural Gas
Liquefied Natural Gases
31
Chemicals (List below)
Number of pipeline systems operated
Pipeline size(s)
33
Maximum daily flow capacity
34
Average daily flow capacity
35
Annual deliveries
36
Storage capacity
37
Number of customers or delivery facilities
38
Total number of corporate employees
39
Total number of pipeline operations employees
54
LIST MEETING ATTENDEES
55
FILLED OUT BY
32
40
PAGE 2 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
1
Have you established a Corporate Security Program?
2
Does your corporation have a written corporate security plan (or other documented security
procedures or policies)?
YES
NO
3
Which of the following corporate plans are directly included or incorporated by reference in the
corporate security plan?
Business continuity plan
Emergency recovery plan
SCADA plan
Site-specific security measures for each critical facility
Emergency response plan
Other (if checked, elaborate in comment field)
4
Is the corporate security plan reviewed on an annual basis?
5
Is the corporate security plan updated as required?
6
Does the corporate security plan describe the responsibilities and duties of personnel assigned to
security functions?
7
Is the corporate security plan readily available for those persons responsible for security actions?
PAGE 3 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
8
Does your corporation provide all employees with a redacted version of your corporate security plan?
9
Which of the following elements are addressed in the corporate security plan?
YES
NO
System Description
Security Threat and Incident Response Procedures
Security Administration and Management Structure
HSAS Response Procedures
Risk Analysis and Assessments
Security Plan Reviews and Update
Physical Security and Access Control
Recordkeeping
Equipment Maintenance and Testing
SCADA System Security
Design and Construction Security Measures
Essential Security Contacts
Personnel Screening
Security Testing and Audits
Communications
Resilience or business continuity
Personnel Training
Other (if checked, elaborate in comment field)
Drills and Exercises
10
Do you have sufficient resources, including trained staff and equipment, to effectively execute your
corporate security program?
11
Have you designated one primary individual, by position or name, to manage the corporate
security program?
12
Have you designated one alternate individual, by position or name to manage the corporate security
program in the absence of the primary individual?
PAGE 4 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
13
YES
NO
Does your corporate security manager work 100% on security (as opposed to being tasked with safety,
environmental health and safety, compliance, etc.)?
14
Does your corporation’s security manager (or equivalent position) have a direct reporting relationship to
the senior leadership in the corporation?
15
Does the corporation have a cross-department security committee?
16
Which of the following departments are represented on the security committee?
Corporate management
Engineering
Human resources
Operations
Security
Information Technology
Legal
Other (if checked, elaborate in comment field)
17
Do you have executive level support for implementing security enhancements?
18
Does your corporation have a dedicated funding mechanism (e.g. capital, operating, and maintenance
budget) for security?
PAGE 5 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
19
20
YES
NO
How much operating and maintenance money did your corporation spend on security in the previous
fiscal year?
< $99,999
$500,000 - $999,999
$100,000 - $249,999
$1,000,000 - $4,999,999
$250,000 - $499,999
>$5,000,000
How much capital money did your corporation spend on security in the previous fiscal year?
< $99,999
$500,000 - $999,999
$100,000 - $249,999
$1,000,000 - $4,999,999
$250,000 - $499,999
>$5,000,000
Record the total corporate and corporate security budgets in the comment field
21
Does your corporation integrate security measures during the design, construction, renovation, or retrofit
of a facility?
22
Does your corporation have an ongoing relationship with the following entities/departments/agencies/
organizations?
Local emergency responders
Local homeowners
Tribal emergency responders
Neighboring corporations
State emergency responders
Trade association security committees
Federal emergency responders
Sector coordinating councils
Federal Bureau of Investigation (FBI)
American Society of Industrial Security (ASIS)
Department of Homeland Security (DHS)
Other (if checked, elaborate in comment field)
Transportation Security Administration (TSA)
23
Does your corporation actively verify and update external contact lists annually?
PAGE 6 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
24
YES
NO
Does your corporation utilize any of the following security standards or methodologies?
National Fire Protection Association (NFPA)
International Standards Organization (ISO)
American Society of Industrial Security (ASIS)
American Petroleum Institute/National Petroleum Refiners Association (API/NPRA)
Interstate Natural Gas Association of America (INGAA)
American Gas Association (AGA)
Other (if checked, elaborate in comment field)
25
Has your corporation established security metrics and/or internal reporting?
26
Does your corporation employ a centralized security operations center?
27
Are security incidents at your corporation managed centrally?
PAGE 7 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Corporate Security Program Management:
Corporate Security Program Management general comments:
PAGE 8 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
RISK ANALYSIS - Critical Facility Determination:
1
YES
NO
Does your corporation utilize a documented process to determine which facilities are critical within your
pipeline systems, not exceeding eighteen months?
2
Does your corporation protect and limit access to criticality assessments and critical facility lists?
3
Who has access to the list of critical facilities?
Corporate management
Security Manager
Assistant Security Manager
Security Staff
Critical facility managers
Other facility managers
All employees
Outside entity who assisted in criticality assessment
Other (if checked, elaborate in comment field)
4
Did you utilize the criteria from TSA’s Pipeline Security Guidelines to determine your list of
critical facilities?
RISK ANALYSIS - Security Vulnerability Assessment (SVA):
5
Does your corporation conduct documented Threat Assessments?
PAGE 9 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
RISK ANALYSIS
6
7
YES
NO
Does your corporate threat-assessment process assess the following potential threats?
Trespassing
Terrorism
Bomb threat
Active shooter
Arson
Chemical, biological, radiological or nuclear incident
Riot
Cyber incident
Suspicious incident
Insider threat
Crime or vandalism
Hostage
Surveillance
Other (if checked, elaborate in the comment field)
From whom does your corporation receive threat information to assist in your SVA?
Transportation Security Operations Center (TSOC)
Local law enforcement
Protective Security Advisory (PSA)
Coast Guard
Joint Terrorism Task Force (JTTF)
Broadcast news media
Federal Bureau of Investigation (FBI)
Corporate
Homeland Security Information Network (HSIN)
Other (if checked, elaborate in comment field)
State fusion center(s)
8
Does your corporation conduct an SVA of your critical facilities periodically, not exceeding 36 months?
9
When conducting an SVA, which of the following documented methodologies are you using?
Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability (CARVER)
American Petroleum Institute/ National Petroleum Refiners Association (API/NPRA)
Mission, Symbolism, History, Accessibility, Recognizability, Population, Proximity (MSHARRPP)
Third-party or corporate proprietary
Other (if checked, elaborate in comment field)
PAGE 10 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
RISK ANALYSIS
10
Does your corporation conduct an SVA of your critical facilities after completing any significant
enhancement or modification, not exceeding twelve months?
11
Does your corporation conduct SVAs on your non-critical facilities?
12
Are facility support infrastructure (i.e. water, electrical power, and telecommunications) considered
during the SVA?
13
Are the findings and recommendations from SVAs reviewed at the executive level?
14
Upon completion of an SVA, are corrective actions implemented within eighteen months?
15
Does your corporation protect and limit access to SVAs?
YES
NO
PAGE 11 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
RISK ANALYSIS
16
Who in your corporation has access to completed SVAs?
Corporate management
Other facility managers
Security Manager
All employees
Assistant Security Manager
Outside entity who assisted in the SVAs
Other Security Personnel
Other (if checked, elaborate in comment field)
Critical facility managers
Risk Analysis general comments:
PAGE 12 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Operational Security:
1
Is there at least one individual within your corporation who holds a current federal security clearance?
2
What is the highest level of clearance that is held within your corporation?
NO
3
YES
Top Secret
Confidential
Secret
Other (if checked elaborate in comment field)
Does your corporation have a process to receive, store, and disseminate restricted or
classified information?
4
Does your corporate policy stipulate that external communications such as press releases, marketing
information, and other publicly available information be reviewed for security concerns prior to release?
5
Does your corporation regularly review your corporate website to ensure potentially sensitive,
excessive detail, or confidential information is not publicly available that could pose a security risk ?
6
Does your corporation have a process to control documents that, taken together, may provide an
adversary with operational or security information that could harm the company?
7
Does your corporation have a document marking policy or procedure?
PAGE 13 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Operational Security:
8
YES
NO
Has your corporation taken any of the following steps to apply operational security (“OPSEC”) in daily
activities?
Mark documents
Dispose of computer equipment and associated media securely
Hold conversations in appropriate locations
Create strong passwords
Report undue interest in pipeline security or operations
Change passwords periodically
Secure sensitive documents outside of offices areas
(such as in vehicles or in transport)
Vary patterns of behavior
Dispose of documents properly
Other (if checked, elaborate in comment field)
Remove badges in public
Operational Security general comments:
PAGE 14 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Personnel and Contractor Security:
1
Does your corporation conduct pre-employment background checks on all your potential employees?
2
Does your corporation conduct different levels of pre-employment background checks based on the
nature of the position?
YES
NO
3
Which of the following types of pre-employment background checks does your corporation conduct?
4
Criminal
Alcohol/drug screen
DMV
Employment verification
Credit
Other (if checked elaborate in comment field)
Does your corporation conduct recurring background checks every ten years (or less) for employees
occupying security positions or who have access to sensitive information or areas?
5
Do your corporate contracts require background checks for all contractor personnel who have unescorted
or unsupervised access to company critical facilities?
6
Does your corporation verify that background checks, of at least the same degree of rigor as corporate
checks, are performed for the following persons who have unescorted or unsupervised access to company
critical facilities?
Contractors
Tenants
Vendors
Other (if checked, elaborate in comment field)
Other co-located facility personnel
PAGE 15 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Personnel and Contractor Security:
YES
7
Does your corporation have a policy and/or procedure in place for secure employee termination?
8
Which of the following are conducted during termination activities?
NO
Retrieve badge or identification card or badge
Block computer-system access
Disable passwords
Discharged employee signs nondisclosure agreement
Retrieve keys
Other (if checked elaborate in comment field)
Retrieve operational and/or security manuals
Personnel and Contractor Security general comments:
PAGE 16 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Physical Asset Protection - Physical Security Measures:
1
Does your corporation use a layered, defense-in-depth, system of physical security measures?
2
Which of the following features or processes are in use at your critical facilities?
Fences
Patrols
Gates
Lighting
Signage (i.e. No trespassing, Do Not Enter,
Authorized Personnel Only, CCTV in use, etc.)
Crime prevention through environmental design (CPTED)
Intrusion sensors
Alarms
Cleared zones around fence lines
Locks
Barriers (i.e. bollards, planters or jersey barriers)
Unarmed guards
Armed guards
Video analytic systems
Video recording
Intrusion detection systems
Other (if checked, elaborate in comment field)
Tamper devices
Which of the following features are in use at your non-critical facilities?
Fences
Patrols
Gates
Lighting
Signage (i.e. No trespassing, Do Not Enter,
Authorized Personnel Only, CCTV in use, etc.)
Crime prevention through environmental design (CPTED)
Closed circuit television (CCTV)
Intrusion sensors
Alarms
Cleared zones around fence lines
Locks
Barriers (i.e. bollards, planters or jersey barriers)
4
NO
Closed circuit television (CCTV)
3
YES
Unarmed guards
Armed guards
Video analytic systems
Video recording
Intrusion detection systems
Other (if checked, elaborate in comment field)
Tamper devices
Does your corporate policy stipulate that doors, gates, windows, or entrances be closed and locked when
not in use?
PAGE 17 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Physical Asset Protection - Physical Security Measures:
5
YES
NO
Does your corporation have 24/7 security monitoring at your critical facilities to detect and assess
unauthorized access?
6
Does your corporate policy stipulate that any facility lighting must provide sufficient illumination for
human or technological recognition of an intrusion?
Physical Asset Protection - Physical Security Measures general comments:
PAGE 18 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Physical Asset Protection - Access:
YES
1
Does your corporation have an access control policy?
2
To what areas does your corporation’s access control policy apply?
3
Critical field facilities
Security offices
Non-critical field facilities
Server rooms
Headquarters facility
Specific operational areas
SCADA Control Center
Other (If checked, elaborate in comment field)
How is your corporation physically controlling normal access to restricted areas?
4
NO
Lock and key
Proximity card
Biometric reader
Radio remote control
Digital key card
Other (if checked elaborate in comment field)
Does your corporate access control policy address access to restricted areas for visitors, transient visitors,
and emergency responders?
5
Do corporate personnel escort visitors while at restricted areas or critical facilities?
6
To whom does your corporation allow unescorted access to restricted areas?
Company employees not assigned to the facility
Visitors
Contractors assigned to the facility
Emergency responders in emergency situations
Contractors not assigned to the facility
Other (if checked, elaborate in comment field)
Transient visitors (UPS, Fed-Ex, USPS workers, vending machine suppliers, landscapers, etc.)
PAGE 19 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Physical Asset Protection - ACCESS:
7
YES
NO
Does your corporation track, document, or digitally record access to restricted areas?
8
Does your corporation have a badging or identification card policy?
9
To whom does your corporation issue badges or identification cards?
All employees
Contractors not assigned to the facility
Company employees assigned to the facility
Visitors
Company employees not assigned to the facility
Other (If checked, elaborate in comment field)
Contractors assigned to the facility
10
Does your corporation have policies and procedures to address lost or stolen badges or identification cards?
11
Does your corporation have a corporate key-control program?
12
Does your corporation use patent keys to prevent unauthorized duplication?
PAGE 20 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Physical Asset Protection - ACCESS:
Risk Analysis - Threat Assessment general comments:
PAGE 21 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
SCADA Security:
1
YES
NO
Does your corporation have a written SCADA security plan or other documented security procedures
or policies?
2
Does your corporation have policies and/or procedures in place to track changes made to the
SCADA systems?
3
Does your corporation review and assess all its SCADA security procedures annually?
4
Does your corporation have procedures in place to prevent unauthorized access to your SCADA
system(s)?
5
Does your corporation conduct penetration testing on your SCADA network?
6
Does your corporation have a designated individual responsible for SCADA security?
7
Can your corporation’s SCADA system be controlled remotely?
PAGE 22 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
SCADA Security:
8
Does your corporation perform a SCADA system(s) criticality assessment at least every eighteen months?
9
Does your corporation perform a vulnerability assessment on your SCADA system(s) at least every
36 months?
YES
NO
10
Does your corporation utilize a layered, defense-in-depth, approach to SCADA system(s) access?
11
Is your corporation’s SCADA system(s) housed on a isolated/segregated secure network?
12
Does your corporation monitor and periodically review SCADA system(s) network connections, including
remote and third-party connections?
13
Prior to deployment, does your corporation evaluate the security risks of using wireless networking in
your environment?
PAGE 23 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
SCADA Security:
14
YES
NO
Which of the following features does your corporation use to secure your SCADA system(s)?
Locked facilities
Access lists
Strong passwords
Entry logs
Communication gateways
Firewalls
Access control lists
De-Militarized Zone (DMZ)
Authenticators
Intrusion detection system
Separation of duties
Intrusion prevention system
Least privilege (Able to access only information
and resources that are necessary)
Maintain patches
Key cards
Other (if checked, elaborate in comment field)
15
Has your corporation developed a cross-functional cyber security team for information security between
your SCADA systems and enterprise networks?
16
Which of the following groups are represented on your corporate cyber security team?
Operations
Third-party contractors or vendors
Information Technology (IT)
Other (if checked elaborate in comment field)
17
Has your corporation established security standards for evaluating the acquisition of SCADA system
devices and equipment?
18
Does your corporation only use SCADA workstations for approved control system activities?
PAGE 24 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
SCADA Security:
19
YES
NO
Does your corporation securely dispose of the hardware used to run your SCADA system(s)?
20
Does your corporation incorporate restoration and recovery of your SCADA system(s) in your resiliency
plans?
SCADA Security general comments:
PAGE 25 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Training:
1
YES
NO
Does your corporation require and conduct security-awareness training upon hire for all employees and
contractors?
2
Does your corporation require and conduct biennial refresher security-awareness training for all
employees and contractors?
3
Does your corporation require and conduct job-specific security training for all employees assigned
security duties?
4
Does your corporation require and conduct annual refresher job-specific security training for all
employees assigned security duties?
5
Does your corporation maintain security-related training records?
6
Does your corporation conduct security orientations for visitors and vendors?
7
Does your corporation conduct SCADA system(s) security training?
PAGE 26 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Training:
YES
8
Does your corporation conduct annual refresher training for SCADA system(s) security?
9
To maintain security domain awareness, do your corporation’s security personnel attend conferences,
forums, or other advanced security training?
NO
10
Which of the following training opportunities or affiliations have your corporation’s security personnel
availed themselves of?
11
Security forums or conferences
Government sector committee(s)
Pipeline forums or conferences
Industry security collaboration
Advanced security training
Other (if checked elaborate in comment field)
Participate in security committee(s)
Does your corporation use any of TSA’s security training materials?
PAGE 27 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Training:
Security Training general comments:
PAGE 28 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Drill, Exercise and Program Validation:
1
Does your corporation conduct annual security-related drills and exercises?
2
Over the past three (3) years, what types of facilities in your corporation have you exercised?
NO
3
YES
Critical facility
Security operations center
Non-critical facility
MTSA facility
SCADA center
Other (if checked elaborate in comment field)
Emergency operations center
Over the past three (3) years, with whom has your corporation exercised?
Local emergency responders
DHS
Tribal emergency responders
TSA
State emergency responders
Neighboring corporations
Federal emergency responders
Other (if checked elaborate in comment field)
FBI
4
Does your corporation conduct unannounced security-related drills or exercises?
5
Does your corporation document and maintain the results of all security-related drills and exercises?
6
Does your corporation document and complete corrective actions identified during security-related drills
and exercises?
PAGE 29 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Drill, Exercise and Program Validation:
7
Does your corporation test and evaluate communications equipment annually?
8
Does your corporation validate its security contact list periodically?
9
Does your corporation conduct periodic security audits of its facilities?
YES
NO
Drill, Exercise and Program Validation general comments:
PAGE 30 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Maintenance:
YES
1
Does your corporation have a security equipment maintenance program?
2
Which of the following methods does your corporate security maintenance program utilize?
NO
Corrective maintenance
Testing
Preventive maintenance
Inspection
3
Does your corporation conduct quarterly security equipment inspections?
4
Does your corporation conduct an annual security equipment inventory?
5
Does your corporation have alternate power sources for security equipment at critical facilities?
6
Does your corporation perform periodic operability checks on communication devices used in a
security-related incident response?
7
Does your corporation retain security equipment maintenance and testing records?
PAGE 31 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Maintenance:
Maintenance general comments:
PAGE 32 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Communications Devices and Mechanisms:
1
NO
Which of the following devices does your corporation use to accomplish emergency/security
communication or notification?
2
YES
Email
Low band radio
Telephone
High band radio
Cellular telephone
Company band radio
Satellite telephone
Pager
Video conferencing
Other (if checked elaborate in comment box)
Does your corporation have a mechanism, computer driven process or vender service for automatic
security notifications?
3
Does your corporation use Government Emergency Telephone System (GETS) cards?
Communications Devices and Mechanisms general comments:
PAGE 33 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
1
YES
NO
Does your corporation maintain a list of internal contact information for reporting and responding to a
security incident, threat, or suspicious activity?
2
Which of the following internal contacts is on the corporation security incident, threat, or suspicious
activity notification list?
3
Corporate management
All employees
Security management
Contractors
Critical facility employees
Other (if checked, elaborate in the comment field)
Which of the following external agencies/organizations is on the corporation security incident, threat or
suspicious activity notification list?
National Response Center
Other Federal agencies
Local emergency responders/911
Federal Bureau of Investigation (FBI)
Transportation Security Administration/Transportation
Security Operations Center (TSA/TSOC)
Department of Homeland Security (DHS)
Tribal emergency responders
State emergency responders
Neighboring corporations
Other (if checked, elaborate in the comment field)
4
During periods of heightened HSAS threat conditions, would your corporation implement enterprise-wide
graduated security measures that correspond to the threat level?
5
During periods of heightened HSAS threat conditions, would your corporation implement site-specific
graduated security measures that correspond to the threat level?
PAGE 34 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
6
YES
NO
Does your corporation have a policy and/or procedure for internally disseminating security threat or
incident information?
7
To whom in your corporation is security threat or incident information disseminated?
8
Corporate management
Engineering
Security management
Operations
Regional operations management
Union representative
Site management
Tenants
Internal security committee
Contractors
Human resources
Other (if checked, elaborate in the comment field)
Legal
From whom does your corporation receive current security threat information?
Transportation Security Operations Center (TSOC)
Coast Guard
Protective Security Advisory (PSA)
Broadcast news media
Joint Terrorism Task Force (JTTF)
Corporate affiliations
Federal Bureau of Investigation (FBI)
Department of Energy
Homeland Security Information Network (HSIN)
Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)
State fusion center(s)
Other (if checked, elaborate in comment field)
Local law enforcement
9
Does your corporation have a policy and/or procedure to record security threat information received?
10
Does your corporation have a policy and/or procedure to evaluate security threat information as it
is received?
PAGE 35 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
11
YES
NO
Does your corporation have adequate staffing to implement security measures in response to security
threat information?
12
Does your corporation have contracts in place with private security providers to augment existing security
staff during times of heightened alert?
13
During times of heightened alert, would your corporation limit physical access to critical facilities?
14
During times of heightened alert, would your corporation limit physical access to non-critical facilities?
15
During times of HSAS Level Orange alert, would your corporation enact the following physical access
controls at your critical facilities?
Limit facility access to essential personnel
Limit facility access to essential visitors
Limit facility access to essential vehicles
Limit facility access to essential contractors
Increase surveillance of critical areas and facilities
Restrict deliveries to those essential to continued operations
Delay or reschedule non-vital capital project work that could
affect facility security
Increase lighting of facility buffer zones
Verify operating conditions of security systems (i.e. intrusion
detection, cameras, or lighting)
Request additional police patrols around the facility
Other (if checked, elaborate in the comment field)
Conduct random inspections of vehicles
Delay or reschedule non-vital maintenance activities that could
affect facility security
PAGE 36 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
16
During times of HSAS Red alert, would your corporation enact the following physical access controls at
your critical facilities?
Cancel or delay contractor work and services
Allow deliveries by appointment only
Inspect all briefcases, bags, purses, or backpacks
Inspect all vehicles prior to entering the facility
17
Restrict vehicle parking to 150 feet from all critical areas
and assets
Inspect all deliveries including packages and cargo
Coordinate with local authorities regarding closing nearby
public roads and facilities
Close non-essential entrances and facility access points
Other (if checked, elaborate in the comment field)
Staff and monitor active facility entrances and access
points 24/7
During times of HSAS Orange alert, would your corporation enact any of the following measures on your
SCADA systems?
Increase monitoring of intrusion detection systems on your
SCADA network?
18
Erect barriers and/or obstacles to control vehicular
traffic flow
Remind personnel to be vigilant regarding suspicious electronic mail
Report any unusual SCADA system network activity
Other (If checked elaborate in comment field)
During times of HSAS Red alert, would your corporation enact any of the following measures on your
SCADA systems?
Limit network communications links to essential sites / users
Review and revoke any credentials that are not current and necessary
Other (If checked elaborate in comment field)
PAGE 37 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
19
YES
NO
During times of HSAS Orange alert, would your corporation enact any of the following
communication-related steps?
Inform all employees and on-site contractors of the increase
or decrease to HSAS level Orange
Advise local law enforcement of HSAS level Orange security
measures
Conduct security awareness briefings to all employees and
on-site contractors
Verify operational capability of intelligence and emergency
communications networks
Brief employees and contractors on indicators of suspicious
packages or mail
Monitor intelligence and emergency communications networks
Review response procedures for suspicious packages or mail
Other (if checked, elaborate in the comment field)
Inform local law enforcement of the change in HSAS level
20
During times of HSAS Red alert, would your corporation enact any of the following communication-related
steps?
Inform all employees of the increase to HSAS level Red
Conduct daily security and awareness briefings for
each shift
Participate in scheduled situational briefings (e.g. TSA,
including local law enforcement, and industry associations)
Other (If checked elaborate in comment field)
21
Does your corporation utilize an incident management system for security-related events?
22
Does your corporation use the National Incident Management System (NIMS)?
23
Does your corporation have procedures for the following types of incidents?
Incident reporting
Arson
Terrorist attack
Insider threat
Homeland Security Advisory
System (HSAS) levels
Riot
Active shooter
Hostage
Suspicious incident
Chemical, biological,
radiological or nuclear
incident
Crime scene management
Crime or vandalism
Surveillance
Cyber incident
Trespassing
Bomb threat
Pandemic
Other (if checked, elaborate
in the comment field)
PAGE 38 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Security Incident Management:
24
YES
NO
Which organizations does your corporation work with during a security incident?
Local emergency responders
Department of Homeland Security (DHS)
Tribal emergency responders
Transportation Security Administration (TSA)
State emergency responders
Department of Transportation (DOT)
Federal emergency responders
Neighboring corporations
Federal Bureau of Investigation (FBI)
Other (if checked, elaborate in the comment field)
25
Does your corporation have a corporate emergency operations center for use during security incidents?
Security Incident Management general comments:
PAGE 39 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Resilience:
1
YES
NO
Would damage to, or destruction of, a facility or a combination of facilities in your pipeline system have
the potential to significantly disrupt operations for greater than 72 hours for any of the following?
Your system
The nation
A region
Across an international border
A state
2
Has your corporation identified any of the following as critical customers?
Installations identified as critical to national defense
State or local government infrastructure
Key infrastructure (such as power plants or major airports)
Other (if checked elaborate in comment field)
3
Has your corporation established lines of delegated authority/succession of security responsibilities?
4
Has your corporation established continuity of service plans to ensure continued product availability to
critical customers during a security-related event?
5
Has your corporation procured or arranged, in advance, for any of the following to minimize response
time for repair or replacement following a security-related event?
6
Critical pipe
Essential utilities
Critical fittings
UPS/backup generators
Equipment for repair
Other (if checked, elaborate in comment field)
Does your corporation have adequate personnel to promptly repair and return systems to operation
following a security-related event?
PAGE 40 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Resilience:
7
YES
NO
Does your corporation have mutual aid agreements in place to assist in returning your systems to
operation following a security-related event?
8
Does your corporation have standing contracts for emergency pipeline repair following a security-related
event?
9
Does your corporation have alternate means of transporting your product if your systems were
compromised following a security-related event?
10
Does your corporation have adequate alternate supply to maintain the flow of product following a
security-related event?
11
Does your corporation have adequate storage (i.e. breakout tanks, caverns, or LNG tanks) to maintain
the flow of product following a security-related event?
12
Does your corporation have a dispersed pipeline system as opposed to a single long-haul transmission line?
13
Does your corporation have adequate financial reserves to redirect funds following a security-related
event?
PAGE 41 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
Resilience:
Resilience general comments:
PAGE 42 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
final Comments:
Site or Control Center Visit Notes comments:
PAGE 43 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
final Comments:
Findings and Recommendations comments:
PAGE 44 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
final Comments:
Smart Practices comments:
PAGE 45 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
final Comments:
Critical Facilities List comments:
PAGE 46 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
PIPELINE
Transportation
Security
Administration
CORPORATE
SECURITY REVIEW
SENSITIVE SECURITY INFORMATION
final Comments:
References and Other Miscellaneous Notes:
“Paperwork Reduction Act Statement:
An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a valid OMB control number.
Transportation Security Administration estimates that the average burden for collection is 8 hours per year. You may submit any comments concerning the accuracy of this burden
estimate or any suggestions for reducing the burden to: TSA-11, Attention: PRA 1652-XXXX 601 South 12th Street, Arlington, VA 20598”
PAGE 47 of 47
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a
need to know, as defined in 49 CFR 1520, except with the written permission of the Administrator of the Transportation Security Administration, Washington,
DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 552.
�
| File Type | application/pdf |
| File Modified | 2010-12-10 |
| File Created | 2009-09-30 |