Form TSA Form 1603 TSA Form 1603 Corporate Security Review Interview Form
Corporate Security Review (CSR)
CSR Form1603.xlsx
CSRs
OMB: 1652-0036
Document [xlsx]
Download: xlsx | pdf
CSR
Overview
Form InstructionsCSR
Sheet 1: Form Instructions
| Instructions for Completion of TSA Form 1603, Highway and Motor Carrier CSR |
| Complete all information on the front of the CSR Form. Be sure to include the names and contact information for those who participate in the review as well as the names and contact information for those conducting the review. If additional space is needed, utilize the Continuation Sheet at the end of the document. |
| All stakeholder responses to each protocol question must receive a “YES” or “NO”. Any questions that are not applicable to the entity, mark the box with a “NO” response. Add any supporting information in the Comment boxes. |
| NOTE: The CSR Form is to be completed by the individual(s) conducting the review. This form is not to be given to the stakeholder and/or completed as a self-assessment, unless directed otherwise by HMC management. Please note: When filled in, this form contains Sensitive Security Information (SSI). |
| All forms must be password-protected upon completion. Standard passwords will be assigned during each training session. |
| Instructions For Forwarding CSR Form to TSA HQ |
| TSA HQ Transportation Security Specialists |
| Completed forms are to be saved on the S-Drive under the Corporate Security Review folder. Create a new folder for each company along with any electronic files supplied by the stakeholder. |
| TSA TSI-S Field Personnel |
| Forms are to be completed on the Alion System and submitted to the AFSD-I who will then forward the CSRs to the STSIP Office. Once the reports have been reviewed for quality control, completed reports will be sent to the TSA HMC Office via [email protected]. HMC will then save reports to the S-Drive. Any electronic files, such as security plans, supplied by the stakeholder should be included with the submission of the CSR Protocol Form. Any hard-copied documents provided to the TSI-S should be kept at the local field office and protected under SSI guidelines. |
| State Departments of Transportation Auditors and Compliance Officers |
| Completed CSR forms are to be emailed to [email protected]. In the subject line of the email, list the state where the CSR was performed. Include any electronic files, such as security plans, supplied by the stakeholder. Any hard-copied documents provided to the auditor/officer should be kept at the local office and protected under SSI guidelines (see SSI Basic Training in curriculum binder). If for any reason, a CSR Protocol Form cannot be sent electronically to the above email address, mail the form to: TSA-28, HMC Division, 601 South 12th Street, Arlington, VA 20598-6028. Include an SSI coversheet over the document. |
| Paperwork Reduction Act Statement: |
| This form is designed to gather information to establish the current state of security practices for highway modes of transportation. The results will be used to assist the Transportation Security Administration in making policy and programmatic decisions to improve overall security within the surface transportation community. It is estimated that the total average burden per response associated with this questionnaire is approximately 2 to 3 hours. Please send comments regarding this burden estimate or any other aspect of this collection |
| to: TSA-11, Attention: PRA 1652-0036, 601 South 12th Street, Arlington, VA 20598. An agency may not conduct or sponsor, and persons are not required to respond to, a collection of information unless it displays a currently valid OMB control number. The OMB control number assigned to this collection is 1652-0036 which expires 31/07/2011. |
Sheet 2: CSR
| General Information |
1. Interviewee USDOT# | 2. CSR Date Performed | ||||||||||
| 3. Organization Name | Site
|
Corporate
|
||||||||||
| 4. Transportation Mode | 5. Type of Organization | |||||||||||
|
Motor Carrier |
|
Private | |||||||||
|
|
Motorcoach |
|
Public | |||||||||
|
|
School Bus | |||||||||||
|
|
HAZMAT Carrier | |||||||||||
| 6. Number Of Employees (Including Drivers) | ||||||||||||
| Address | Physical | Mailing | 
|
Same as Physical | ||||||||
| 7. Address 1 | 12. Address 1 | |||||||||||
| 8. Address 2 | 13. Address 2 | |||||||||||
| 9. City | 10. State | 11. Zip Code | 14. City | 15. State | 16. Zip Code | |||||||
| Security Coordinator Contact Information | 17. Primary Security Coordinator Name | |||||||||||
| 18. Office | 19. Cell | 20. Fax | 21. Email | |||||||||
| 22. Alternate Security Coordinator Name | ||||||||||||
| 23. Office | 24. Cell | 25. Fax | 26. Email | |||||||||
| 27. 24/7 Emergency Operations Number | ||||||||||||
| Interview Participants | 28. Name | 29. Title | ||||||||||
| 30. Phone | 31. Email | |||||||||||
| 32. Name | 33. Title | |||||||||||
| 34. Phone | 35. Email | |||||||||||
| 36. Name | 37. Title | |||||||||||
| 38. Phone | 39. Email | |||||||||||
| Interview Team | 40. Name | 41. Role | 
|
Report Author | ||||||||
| 42. Organization | 43. E-mail | |||||||||||
| 44. Name | 45. Role |
|
Report Author | |||||||||
| 46. Organization | 47. E-mail | |||||||||||
| 48. Name | 49. Role |
|
Report Author | |||||||||
| 50. Organization | 51. E-mail | |||||||||||
| WARNING: When filled in, this record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 2 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| Range of Operations & Critical Assets | ||||||||||||
|
||||||||||||
| 52. Range of Operations | 53. Motor Carrier Critical Assets | |||||||||||
|
|
Northeast | Vehicles (Owned) | ||||||||||
| Southeast | Vehicles (Contracted) | |||||||||||
| Midwest | Employee Drivers | |||||||||||
| Southwest | Contracted Drivers | |||||||||||
| West | Transfer facilities | |||||||||||
| Canada | Yards | |||||||||||
| Mexico | Maintenance facilities | |||||||||||
| Other (please specify): | Data centers | |||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 3 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 1 - MANAGEMENT AND OVERSIGHT OF THE SECURITY PLAN | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization have a written security plan? | |||||||||||
| A) | What elements does your security plan encompass? | |||||||||||
|
Response Plan | |||||||||||
|
Emergency Plan | |||||||||||
|
|
Disaster Recovery Plan | |||||||||||
|
|
Other: | |||||||||||
| B) | At what organizational level? | |||||||||||
|
|
Corporate | |||||||||||
|
|
Site | |||||||||||
| C) | Does your organization review and update its security plan? | |||||||||||
| If so, how often? | ||||||||||||
|
Monthly | |||||||||||
|
|
Quarterly | |||||||||||
| Annually | ||||||||||||
|
|
Every 3 Years | |||||||||||
|
|
Every 5 Years | |||||||||||
|
|
As needed | |||||||||||
|
|
Other: | |||||||||||
| D) | Does your organization/site limit access to the security plan to employees with a need-to-know? | |||||||||||
| E) | Does your organization require employees with access to the security plan to sign a non-disclosure agreement? | |||||||||||
| Comments: | ||||||||||||
|
||||||||||||
| 2 | Does your organization designate a security coordinator? | |||||||||||
| A) | Are the security coordinator's duties documented? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization maintain an up to date list of key company security personnel contact information? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 4 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 1 - MANAGEMENT AND OVERSIGHT OF THE SECURITY PLAN (CONT'D) | ||||||||||||
| Yes/No | ||||||||||||
| 4 | Does your organization have a 24/7 emergency response/operations number? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 5 | Does your organization have federal points of contact to notify in the event of a security incident? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 6 | Does your organization exchange unclassified security-related information with industry peers? | |||||||||||
| Comments: | ||||||||||||
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 5 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 2 - THREAT ASSESSMENT | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization monitor external sources for threat information? | |||||||||||
| A) | If so, what sources? | |||||||||||
|
|
Federal Bureau of Investigation (FBI ) | |||||||||||
|
|
National Terrorism Advisory System (NTAS) | |||||||||||
|
|
Law Enforcement Officer (LEO) | |||||||||||
|
|
News | |||||||||||
|
|
TSA/DHS threat-specific information | |||||||||||
|
|
Other: | |||||||||||
| B) | Does your organization require employees with access to threat information to sign a non-disclosure agreement? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization have a procedure for distributing threat information? | |||||||||||
| A) | If so, is the procedure is documented? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization have plans in place to respond to a NTAS Alert? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 6 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 3 - CRITICALITY ASSESSMENT | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization define and list critical assets? | |||||||||||
| A) | If so, where? | |||||||||||
|
|
In the security plan | |||||||||||
|
|
Other: | |||||||||||
| B) | Does your organization require employees with access to the list of critical assets to sign a non-disclosure agreement? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization use a standard for determining criticality? | |||||||||||
| A) | If so, which standard: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does the criticality assessment affect the allocation of security resources? | |||||||||||
| A) | Is the allocation of security resources specified in the security plan? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 7 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 4 - VULNERABILITY ASSESSMENT | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization conduct vulnerability assessments? | |||||||||||
| A) | If so, where is the process documented? | |||||||||||
|
|
In the security plan | |||||||||||
|
|
Other: | |||||||||||
| B) | Does your organization require employees with access to the results of vulnerability assessments to sign a non-disclosure agreement? | |||||||||||
| C) | Are these assessments conducted with the help of outside sources? | |||||||||||
|
|
Federal/state officials | |||||||||||
|
|
Facility owner/operator | |||||||||||
|
|
Contractors | |||||||||||
|
|
Industry experts | |||||||||||
|
|
Other: | |||||||||||
| D) | Does your organization use a standard to assess vulnerability? | |||||||||||
| E) | Do your organization's vulnerability assessments recommend corrective actions? | |||||||||||
| F) | Does your organization implement the security measures recommended by its vulnerability assessments? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: When filled in this record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 8 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 5 - PERSONNEL SECURITY | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization conduct background checks? | |||||||||||
| Drivers | Non-Drivers | Management | Contractors | |||||||||
| Driving Records |
|
|
|
|
||||||||
| Criminal Records | ||||||||||||
| Credit History | ||||||||||||
| Employment History | ||||||||||||
| Employment Eligibility | ||||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization have criteria for disqualification for employment based on driving/criminal/employment history checks? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization have a redress process for applicants disqualified for employment based on driving/criminal/employment history checks? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 4 | Does your organization provide identification cards to employees? What type? | |||||||||||
| A) | If so, what technologies do the identification cards incorporate? | |||||||||||
|
|
Photo | |||||||||||
|
|
RFID/Proximity | |||||||||||
|
|
Biometric | |||||||||||
|
|
Other: | |||||||||||
| B) | Does your organization require employees to display identification cards while on duty? | |||||||||||
| C) | Does your organization issue identification cards to contractor personnel? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 9 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 6 - TRAINING | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization conduct security training for new employees? | |||||||||||
| A) | If so, what type? | |||||||||||
|
|
Security awareness training | |||||||||||
|
|
Security plan training | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization conduct security training for current employees? | |||||||||||
| A) | If so, when? | |||||||||||
|
|
Annually | |||||||||||
|
|
Every 1-3 Years | |||||||||||
|
|
More than 3 years | |||||||||||
|
|
Change of job | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization conduct security training based on a formal curriculum? | |||||||||||
| A) | If so, which? | |||||||||||
|
|
Security Awareness Training CD (DoT) | |||||||||||
|
|
Domain Awareness Training | |||||||||||
|
|
School Transportation Security Awareness (TSA) | |||||||||||
|
|
Secure Transport (TSA) | |||||||||||
|
|
Security Self Assessment CD (TSA) | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 4 | Are your organization's drivers members of a domain awareness program? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 5 | Does your organization maintain employee security training records? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 10 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 7 - PHYSICAL SECURITY COUNTER-MEASURES | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Do your organization's facilities have physical security barriers? | |||||||||||
| A) | If so, what type? | |||||||||||
|
|
Fencing | |||||||||||
|
|
Locking Gates | |||||||||||
|
|
Keypad/PIN | |||||||||||
|
|
Jersey Wall | |||||||||||
|
|
Bollards | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Do your organization's facilities have intrusion detection systems? What type? | |||||||||||
| A) | If so, what type? | |||||||||||
|
|
Door/Window Detectors | |||||||||||
|
|
Motion Detectors | |||||||||||
|
|
Siren | |||||||||||
|
|
Silent Alarm | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | ||||||||||||
| A) | Do the security cameras pan/tilt/zoom? | |||||||||||
| B) | How are the security camera feeds monitored? | |||||||||||
|
|
24/7 | |||||||||||
|
|
During business hours | |||||||||||
|
|
Cameras are not monitored | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 4 | Does your organization have a key control program? | |||||||||||
| A) | If so, what kind? | |||||||||||
|
|
Facility key control program | |||||||||||
|
|
Vehicle key control program | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 11 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 7 - PHYSICAL SECURITY COUNTER-MEASURES (CONT'D) | ||||||||||||
| Yes/No | ||||||||||||
| 5 | Do your organization's facilities have security guards? | |||||||||||
| A) | Are the security guards armed? | |||||||||||
| B) | Do the security guards patrol the facility? | |||||||||||
| C) | Does local law enforcement patrol your organizations facility? | |||||||||||
| D) | When are the security guards on duty? | |||||||||||
|
|
24/7 | |||||||||||
|
|
Business hours | |||||||||||
|
|
Non-business hours | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 6 | Do your organization's facilities have designated secure areas? | |||||||||||
| A) | If so, what kind? | |||||||||||
|
|
Dispatch | 
|
Financial | |||||||||
|
|
IT/computer room | 
|
Loading dock | |||||||||
|
|
Admin offices |
|
Warehouse | |||||||||
|
|
Maintenance |
|
Storage tanks | |||||||||
|
|
Other: | |||||||||||
| B) | What security measures does your organization use to protect secure areas? | |||||||||||
|
|
Keys |
|
Keypad/PIN | |||||||||
|
|
ID cards |
|
Guards | |||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 7 | Does your organization record access to secure areas? | |||||||||||
| A) | If so, whose access to secure areas is recorded? | |||||||||||
|
|
Employee access | |||||||||||
|
|
Contractor access | |||||||||||
| B) | Are the access records to secure areas periodically reviewed? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 12 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 8 - EN ROUTE SECURITY | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization require drivers to conduct pre- and post-trip security inspections? | |||||||||||
| A) | If so, what type(s)? | |||||||||||
|
|
Vehicle | |||||||||||
|
|
Cargo | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization use vehicle or trailer tracking technology? | |||||||||||
| A) | If so, what vendor's? | |||||||||||
| B) | What type of tracking system(s) does your organization use? | |||||||||||
|
|
Vehicle tracking | 
|
Satellite tracking | |||||||||
|
|
Trailer tracking |
|
Terrestrial tracking | |||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization require that drivers verify that their loads match the cargo manifest? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 13 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 9 - INFORMATION TECHNOLOGY SECURITY | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization have a written IT security plan? | |||||||||||
| A) | If so, where is it located? | |||||||||||
|
|
Included in the overall security plan | |||||||||||
|
|
Separate document from overall security plan | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 2 | Does your organization identify an information technology security officer? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization take measures to prevent unauthorized access to IT systems (e.g., routing, cargo manifest data, tracking systems)? | |||||||||||
| A) | If so, what measures? | |||||||||||
|
|
Username and password required for log in | |||||||||||
|
|
Multiple levels of user permission | |||||||||||
|
|
Firewall or other IT security hardware | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 4 | Does your organization conduct system penetration tests? | |||||||||||
| A) | If so, what type? | |||||||||||
|
|
External penetration of network/servers | |||||||||||
|
|
Internal access to unauthorized data | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 14of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| SECTION 9 - INFORMATION TECHNOLOGY SECURITY (CONT'D) | ||||||||||||
| 5 | Does your organization have measures in place to ensure continuity of operations (including security) during a power/connectivity/facility outage? | |||||||||||
| A) | If so, what measures? | |||||||||||
|
|
Data back-up |
|
Uninterruptible power supply | |||||||||
|
|
Back-up control center |
|
Remote access | |||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
||||||||||||
| SECTION 10 - SECURITY EXERCISES/DRILLS | ||||||||||||
| Yes/No | ||||||||||||
| 1 | Does your organization conduct security exercises/drills? | |||||||||||
| A) | If so, how often? | |||||||||||
|
|
Monthly | |||||||||||
|
|
Quarterly | |||||||||||
|
|
Every 6 months | |||||||||||
|
|
Annually | |||||||||||
|
|
Other: | |||||||||||
| Comments: | ||||||||||||
|
||||||||||||
| 2 | Does your organization include external personnel or agencies (e.g., law enforcement/first responders) when conducting security exercises/drills? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| 3 | Does your organization maintain written documentation of the results/lessons learned from security exercises/drills? | |||||||||||
| Comments: | ||||||||||||
|
|
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 15 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| CONTINUATION SHEET | ||||||||||||
| COMMENTS: (To begin a new line of text press ALT & Enter keys at the same time.) |
||||||||||||
| Where do you, as an industry feel vulnerable? What concerns do you have? |
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| CSR Version # | Page 16 of 16 | |||||||||||
| Organization Name | Date of CSR | |||||||||||
| 0 | 12/30/1899 | |||||||||||
| DOCUMENTS SECURED | ||||||||||||
| (Security Sensitive Materials) * Should be marked as such | ||||||||||||
| COMMENTS: (To begin a new line of text press ALT & Enter keys at the same time.) |
||||||||||||
| Date | Initials | |||||||||||
| Security Plan | ||||||||||||
|
|
Vulnerability Assessments | |||||||||||
| Critical Asset List | ||||||||||||
| Emergency Operations Plan | ||||||||||||
| Disaster Recovery Plan | ||||||||||||
|
|
System Maps | |||||||||||
| Organizational Chart | ||||||||||||
| Training Curriculum | ||||||||||||
| Track Charts | ||||||||||||
| Paperwork Reduction Act Statement: This form is designed to gather information to establish the current state of security practices for highway modes of transportation. The results will be used to assist the Transportation Security Administration in making policy and programmatic decisions to improve overall security within the surface transportation community. It is estimated that the total average burden per response associated with this questionnaire is approximately 2 to 3 hours. Please send comments regarding this burden estimate or any other aspect of this collection to: TSA-11, Attention: PRA 1652-0036, 601 South 12th Street, Arlington, VA 20598. An agency may not conduct or sponsor, and persons are not required to respond to, a collection of information unless it displays a currently valid OMB control number. The OMB control number assigned to this collection is 1652-0036 which expires 07/31/2011. |
||||||||||||
| WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know”, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. | ||||||||||||
| File Type | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |
© 2024 OMB.report | Privacy Policy