Download:
pdf |
pdfResource Toolkit
49 CFR Part 659 -- Rail Fixed Guideway Systems;
State Safety Oversight
Resource Toolkit for
State Oversight Agencies
Implementing 49 CFR Part 659
March 2006
Federal Transit Administration
Office of Safety and Security
400 Seventh Street, S.W.
Washington, D.C 20590
-1-
�Resource Toolkit
Preface
The “Resource Toolkit for State Oversight Agencies Implementing 49 CFR Part 659” has been
developed to support states and rail transit agencies in meeting FTA’s requirements for its revised
State Safety and Security Oversight Rule (49 CFR Part 659), published in the Federal Register on
April 29, 2005. Specifically, § 659.39(a) requires “each designated oversight agency with a rail
fixed guideway system that is in passenger operations as of April 29, 2005 or will begin passenger
operations by May 1, 2006, [to] make its initial submission to FTA by May 1, 2006.” § 659.39(b)
explains that “an initial submission must include the following: (1) oversight agency program
standard and referenced procedures; and (2) certification that the System Safety Program Plan and
the System Security Plan have been developed, reviewed, and approved.”
This Resource Toolkit contains a sample “oversight agency program standard and referenced
procedures” document that can be tailored by each affected state oversight agency to develop a
compliant initial submission. The Resource Toolkit also includes sample program requirements that
can be adopted by the state oversight agency to support the development of compliant System Safety
Program Plans and System Security Plans at rail transit agencies. A sample “certification that the
system safety program plan and the system security plan have been developed, reviewed, and
approved” is also provided, as well as sample checklists for use by state oversight agencies in
reviewing and approving the rail transit agency plans and other submissions.
The Resource Toolkit begins with the sample “Program Standard and Referenced Procedures,”
which has nine sections including:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Introduction and Overview
System Safety Program Plan Standard
System Security Plan Standard
Rail Transit Agency Internal Safety and Security Audit Program
Hazard Management Process
Accident Notification, Investigation and Reporting
Three-Year On-site Safety and Security Review
Corrective Action Plans
Reporting to FTA
Additional references and procedures are provided as appendices. These include the following:
Appendix A: Authority for the State Oversight Agency
Appendix B: 49 CFR Part 659 (April 29, 2005)
Appendix C: Organization Charts
Appendix D: Rail Transit Agency Safety and Security Points-of-Contact
Appendix E: Program Requirements for Development of a Rail Transit Agency System
Safety Program Plan (SSPP)
-2-
�Resource Toolkit
Appendix F: State Oversight Agency SSPP Review Checklist
Appendix G: Program Requirements for Development of a Rail Transit Agency System
Security and Emergency Preparedness Program Plan (SEPP)
Appendix H: State Oversight Agency System Security Program Plan Checklist
Appendix I: Checklist for Reviewing Rail Transit Agency Accident Investigation Reports
and Supporting Documentation
Appendix J: Sample Three-Year Safety and Security Review Checklist
Appendix K: Sample Certification that Rail Transit Agency System Safety Program Plan
and System Security Plan Have Been Developed, Reviewed, and Approved
This Resource Toolkit is a companion document to FTA’s Implementation Guidelines for 49 CFR
Part 659. It is provided in electronic form on the CD-ROM contained with the Implementation
Guidelines for 49 CFR Part 659. References are made to this Resource Toolkit throughout the
Implementation Guidelines for 49 CFR Part 659.
Preparation of this Resource Toolkit was greatly aided by the generous contribution of materials and
advice from safety and security professionals at state oversight and rail transit agencies and industry
associations. Specifically, FTA’s State Safety and Security Oversight Team would like to thank:
David Barber, Pennsylvania Department of Transportation
Glenn Barney, Seattle Monorail Services
Rick Bukay, New Jersey Transit, Southern New Jersey Light Rail - River Line
Dan Caufield, Tri-County Metropolitan Transportation District of Oregon
Mike Conlon, Hiawatha Metro Transit Light Rail
Joe Diaz, Hillsborough Area Regional Transit Authority
Nanci Eksterowicz, Santa Clara Valley Transportation Authority
Bill Grizard, American Public Transportation Association
Len Hardy, Bay Area Rapid Transit
Henry Hartberg, Dallas Area Rapid Transit
Susan Hausmann, Texas Department of Transportation
Robert Huyck, Sound Transit
Mike Johnson, Florida Department of Transportation
Captain Tim Kelly, Metropolitan Transit Authority of Harris County, Texas
Vijay Khawani, Los Angeles County Metropolitan Transportation Authority
Robert Sedlock, New Jersey Department of Transportation
Nagel Shashidhara, New Jersey Transit, Hudson-Bergen Light Rail
Robert Strauss, California Public Utilities Commission
FTA’s State Safety and Security Oversight Team would also like to thank Mr. Mike Taborn,
Director of FTA’s Safety and Security Office, and Mr. Jerry Fisher, FTA’s State Safety Oversight
Program Manager, for their guidance and assistance in preparing the Resource Toolkit. Mr. Roy
Field, of FTA’s Office of Safety and Security, also supported preparation of these materials.
-3-
�Resource Toolkit
Disclaimer
It should be noted that the materials presented in this DRAFT Resource Toolkit are only samples,
intended for review and consideration by state oversight agencies in developing the Initial
Submissions required in 49 CFR Part 659.39. Some of the sections in the revised 49 CFR Part 659
require the oversight agency (1) to establish time-frames for review and approval of rail transit
agency materials and (2) to develop, review and approve joint processes with the rail transit agency
which ensure on-going oversight. Neither these time-frames nor the details of the joint processes are
specified in the revised 49 CFR Part 659. Instead, they are left to the discretion of the oversight
agency and, in some cases, the rail transit agency.
The sample materials provided in this Resource Toolkit offer examples of time frames and joint
processes that could be adopted by the state oversight agency and rail transit agency to address 49
CFR Part 659 requirements. However, there are many approaches that could be taken to meeting
these requirements. In providing these sample materials FTA is not mandating their use nor implying
that the approach documented in the sample materials is the only acceptable alternative. In
evaluating Initial Submissions from state oversight agencies, FTA will focus only on the state’s
compliance with the Rule’s minimum requirements. FTA will show no favor to agencies using either
these sample materials or modified versions thereof.
Reading this Document
To support the efforts of state oversight agencies to evaluate these sample materials within the
context of the revised Rule’s requirements, each section of the sample “Program Standard and
Referenced Procedures” begins with a brief description of the section and the citation of excerpts
from the revised Rule relevant to that section. Items to be inserted, considered, or determined by the
oversight agency are highlighted in gray. Gray highlighting is also applied to those processes and
procedures which address areas of Rule implementation left to the discretion of state oversight
agencies.
-4-
�Resource Toolkit
Table of Contents
Cross-Walk Matrix ......................................................................................................................... 7
1.
Introduction and Overview ................................................................................................. 8
1.1
Purpose.......................................................................................................................... 11
1.2
Authority ....................................................................................................................... 11
1.3
SOA Point of Contact ................................................................................................... 12
1.4
Affected Rail Transit Agency(s)................................................................................... 12
1.5
Conflict of Interest ........................................................................................................ 13
1.6
Distribution of Program Standard and Procedures ....................................................... 13
1.7
Revisions and Updates.................................................................................................. 14
1.8
Definitions .................................................................................................................... 14
2.
System Safety Program Plan Standard ............................................................................. 17
2.1
Objective ....................................................................................................................... 23
2.2
SSPP Minimum Requirements ..................................................................................... 23
2.3
Initial Review and Approval of SSPP........................................................................... 26
2.4
Subsequent Reviews of RTA SSPP .............................................................................. 27
2.5
SSPP Submittals from New Starts Projects .................................................................. 29
2.6
SSPP Readiness Review ............................................................................................... 29
3.
System Security Plan Standard ......................................................................................... 30
3.1
Objective ....................................................................................................................... 32
3.2
Security Program Plan Minimum Requirements .......................................................... 32
3.3
Initial Review and Approval of System Security Plan ................................................. 34
3.4
Subsequent Reviews of RTA System Security Plan..................................................... 35
3.5
System Security Plan Submittals from New Starts Projects......................................... 37
3.6
System Security Plan Readiness Review...................................................................... 37
4.
Internal Safety and Security Audit Program..................................................................... 38
4.1
Objectives ..................................................................................................................... 40
4.2
Minimum Requirements for Audits .............................................................................. 40
4.3
Minimum Requirements for Annual Report on the Internal Safety and Security Audit
Process.......................................................................................................................... 41
5.
Hazard Management Process............................................................................................ 44
5.1
Objective ....................................................................................................................... 46
5.2
Minimum Requirements ............................................................................................... 46
5.3
Hazard Tracking Log .................................................................................................... 46
5.4
Quarterly Meetings on the Hazard Management Process............................................. 48
5.5
Notification of Unacceptable Hazards .......................................................................... 48
5.6
Investigation of Unacceptable Hazards ........................................................................ 48
6.
Accident Notification, Investigation and Reporting ......................................................... 51
6.1
Objective ....................................................................................................................... 55
6.2
Minimum Requirements ............................................................................................... 55
6.3
Investigations of Reportable Events ............................................................................. 56
-5-
�Resource Toolkit
6.3.2
Independent SOA Investigations .................................................................................. 58
Three-Year On-site Safety and Security Review.............................................................. 61
7.1
Objective ....................................................................................................................... 62
7.2
Minimum Requirements ............................................................................................... 62
7.3
Process and Procedure .................................................................................................. 62
8.
Corrective Action Plans .................................................................................................... 68
8.1
Objectives ..................................................................................................................... 70
8.2
Minimum Requirements ............................................................................................... 70
8.3
Notification ................................................................................................................... 71
8.4
Corrective Action Plan Review and Approval ............................................................. 71
8.5
Monitoring and Tracking .............................................................................................. 71
9.
Reporting to FTA.............................................................................................................. 73
9.1
Objective ....................................................................................................................... 75
9.2
Reporting Requirements to FTA................................................................................... 75
Appendix A: Authority for the State Oversight Agency
Appendix B: 49 CFR Part 659 (April 29, 2005)
Appendix C: Organization Charts
Appendix D: Rail Transit Agency Safety and Security Points-of-Contact
Appendix E: Program Requirements for Development of a Rail Transit Agency System Safety
Program Plan (SSPP)
Appendix F: State Oversight Agency SSPP Review Checklist
Appendix G: Program Requirements for Development of a Rail Transit Agency System
Security and Emergency Preparedness Program Plan (SEPP)
Appendix H: State Oversight Agency System Security Program Plan Checklist
Appendix I: Checklist for Reviewing Rail Transit Agency Accident Investigation Reports and
Supporting Documentation
Appendix J: Sample Three-Year Safety and Security Review Checklist
Appendix K: Sample Certification that Rail Transit Agency System Safety Program Plan and
System Security Plan Have Been Developed, Reviewed, and Approved
7.
-6-
�Resource Toolkit
Cross-Walk Matrix
49 CFR Part 659
(April 29, 2005)
Where it is Addressed in Sample
“Program Standard and
Referenced Procedures”
§ 659.5 Definitions
§ 659.11 Confidentiality of investigation reports and security plans
§ 659.13 Overview
§ 659.15 System safety program standard
(a) General Requirement
(b) Contents
(1) Program management section
(2) Program standard development section
(3) Oversight of rail transit agency internal safety
and security reviews
(4) Oversight agency safety and security review
section
(5) Accident notification section
(6) Investigations section
(7) Corrective actions section
(8) System safety program plan section
(9) System security plan section
§ 659.17 System safety program plan: general requirements
§ 659.19 System safety program plan: contents
§ 659.21 System security plan: general requirements
§ 659.23 System security plan: contents
§ 659.25 Annual review of system safety program plan and system
security plan
§ 659.27 Internal safety and security audits
§ 659.29 Oversight agency safety and security reviews
§ 659.31 Hazard management process
§ 659.33 Accident notification
§ 659.35 Investigations
§ 659.37 Corrective action plans
§ 659.39 Oversight agency reporting to the Federal Transit
Administration
§ 659.41 Conflict of interest
§ 659.43 Certification of compliance
Section 1
Section 2
Section 1
-7-
Section 1
Section 1
Section 1
Section 4
Section 7
Section 6
Section 6
Section 8
Section 2
Section 3
Section 2
Section 2
Section 3
Section 3
Section 2 and Section 3
Section 4
Section 7
Section 5
Section 6
Section 6
Section 8
Section 9
Section 1
Section 9
�Resource Toolkit
Program Standard and Referenced Procedures
1.
Introduction and Overview
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency, its authority, organization, and designated point-of-contact, as well as the rail transit
agencies overseen by the program, the oversight agency’s provisions regarding conflict of interest,
and the definitions used by the oversight agency in managing its program. Below, the relevant
citations of the revised 49 CFR Part 659, which are addressed in this section, are listed:
§ 659.13 Overview.
The state oversight agency is responsible for establishing standards for rail safety and security
practices and procedures to be used by rail transit agencies within its purview. In addition, the
state oversight agency must oversee the execution of these practices and procedures, to ensure
compliance with the provisions of this part.
§ 659.15 System safety program standard.
(a) General requirement. Each state oversight agency shall develop and distribute a program
standard. The program standard is a compilation of processes and procedures that governs
the conduct of the oversight program at the state oversight agency level, and provides
guidance to the regulated rail transit properties concerning processes and procedures they
must have in place to be in compliance with the state safety oversight program. The program
standard and any referenced program procedures must be submitted to FTA as part of the
initial submission. Subsequent revisions and updates must be submitted to FTA as part of the
oversight agency’s annual submission.
§ 659.15(b)(1) and (2). System safety program standard: contents.
Each oversight agency shall develop a written program standard that meets the requirements
specified in this part and includes, at a minimum, the areas identified in this section.
(1) Program management section. This section shall include an explanation of the
oversight agency’s authority, policies, and roles and responsibilities for providing
safety and security oversight of the rail transit agencies within its jurisdiction. This
section shall provide an overview of planned activities to ensure on-going
communication with each affected rail transit agency relating to safety and security
information, as well as FTA reporting requirements, including initial, annual and
periodic submissions.
-8-
�Resource Toolkit
(2) Program standard development section. This section shall include a description of the
oversight agency’s process for the development, review, and adoption of the program
standard, the modification and/or update of the program standard, and the process by
which the program standard and any subsequent revisions are distributed to each
affected rail transit agency.
§ 659.41 Conflict of interest.
The oversight agency shall prohibit a party or entity from providing services to both the
oversight agency and rail transit agency when there is a conflict of interest, as defined by the
state.
§ 659.5 Definitions.
Contractor means an entity that performs tasks required by this part on behalf of the oversight
or rail transit agency. The rail transit agency may not be a contractor for the oversight agency.
Corrective action plan means a plan developed by the rail transit agency that describes the
actions the rail transit agency will take to minimize, control, correct, or eliminate hazards, and
the schedule for implementing for those actions.
FRA means the Federal Railroad Administration, an agency within the U.S. Department of
Transportation.
FTA means the Federal Transit Administration, an agency within the U.S. Department of
Transportation.
Hazard means any real or potential condition (as defined in the rail transit agency’s hazard
management process) that can cause injury, illness, or death; damage to or loss of a system,
equipment or property; or damage to the environment.
Individual means a passenger; employee; contractor; other rail transit facility worker;
pedestrian; trespasser; or any person on rail transit-controlled property.
Investigation means the process used to determine the causal and contributing factors of an
accident or hazard, so that actions can be identified to prevent recurrence.
New Starts Project means any rail fixed guideway system funded under FTA’s 49 U.S.C. 5309
discretionary construction program.
Oversight Agency means the entity, other than the rail transit agency, designated by the state or
several states to implement this part.
-9-
�Resource Toolkit
Passenger means a person who is on board, boarding, or alighting from a rail transit vehicle for
the purpose of travel.
Passenger operations means the period of time when any aspect of rail transit agency
operations are initiated with the intent to carry passengers.
Program standard means a written document developed and adopted by the oversight agency,
that describes the policies, objectives, responsibilities, and procedures used to provide rail transit
agency safety and security oversight.
Rail fixed guideway system means, as determined by FTA, any light, heavy, or rapid rail
system, monorail, inclined plane, funicular, trolley, or automated guideway that:
(1) Is not regulated by the Federal Railroad Administration; and
(2) Is included in FTA’s calculation of fixed guideway route miles or receives funding
under FTA’s formula program for urbanized areas (49 U.S.C. 5336); or
(3) Has submitted documentation to FTA indicating its intent to be included in FTA’s
calculation of fixed guideway route miles to receive funding under FTA’s formula
program for urbanized areas (49 U.S.C. 5336).
Rail transit agency means an entity that operates a rail fixed guideway system.
Rail transit-controlled property means property that is used by the rail transit agency and may
be owned, leased, or maintained by the rail transit agency.
Rail transit vehicle means the rail transit agency’s rolling stock, including, but not limited to
passenger and maintenance vehicles.
Safety means freedom from harm resulting from unintentional acts or circumstances.
Security means freedom from harm resulting from intentional acts or circumstances.
State means a State of the United States, the District of Columbia, Puerto Rico, the Northern
Mariana Islands, Guam, American Samoa and the Virgin Islands.
System safety program plan means a document developed by the rail transit agency, describing
its safety policies, objectives, responsibilities, and procedures.
System security plan means a document developed by the rail transit agency describing its
security policies, objectives, responsibilities, and procedures.
-10-
�Resource Toolkit
1.1
Purpose
This document describes the state of [insert name of state]’s program for addressing regulations
promulgated by the Federal Transit Administration (FTA). These regulations establish minimum
requirements for safety and security programs at each rail transit agency (RTA) within the state’s
jurisdiction. The purpose of this document is to provide standards, procedures, and technical
direction to RTAs in order to implement the program specified by the state.
1.2
Authority
Through [insert Executive Order/Enabling Legislation/Other], the [insert Governor/
Legislature/Other] of the state has assigned the [insert name of agency – will be referred to State
Oversight Agency (SOA) throughout this document] as the agency responsible for rail transit safety
and security oversight in the state. Appendix A contains a copy of the [insert Executive
Order/Enabling Legislation/Other Provision] that grants authority to the SOA to develop, manage,
and carry out FTA’s safety and security program requirements in the state. To implement the [insert
Executive Order/Enabling Legislation/Other Provision], this document establishes the system safety
and security requirements for each RTA in the state to implement the provisions of the SSO
program.
FTA's authority to require this program derives from its authority to condition the receipt of FTA
grant funds on compliance with FTA guidance (49 U.S.C. § 4324(c)). The Intermodal Surface
Transportation Efficiency Act (ISTEA), recently reauthorized by the Safe, Accountable, Flexible,
and Efficient Transportation Equity Act: A Legacy for Users (SAFTEA-LU), directed FTA to issue
regulations requiring states to oversee the safety and security of rail transit agencies (49 USC
§ 5330). FTA promulgated its regulations through the adoption of a rule in 1995, entitled “Rail
Fixed Guideway Systems; State Safety Oversight” (49 CFR Part 659). FTA recently revised 49 CFR
Part 659, publishing its new final Rule on April 29, 2005, hereinafter referred to as “the Rule” or
Part 659. Appendix B contains a copy of the Rule.
[Insert Executive Order/Enabling Legislation/Other] and Part 659 establish authority for the SOA’s
program and the standards, procedures, and technical direction to be provided to each RTA
operating within the state’s jurisdiction. This document combines the SOA’s program standard and
procedures and comprises the state’s Initial Submission to FTA. It documents both RTA and SOA
required activities to implement [insert Executive Order/Enabling Legislation/Other] and Part 659.
It also specifies the program in place to ensure on-going communication between the SOA and each
affected RTA regarding safety and security information, and to address SOA communication with
the FTA, including initial, annual, and periodic submissions.
-11-
�Resource Toolkit
1.3
SOA Point of Contact
The program administered by the SOA is managed by [insert name and title of SOA SSO Program
Manager].
Oversight Agency:
Name of SOA
Program Manager:
Mr./Ms. First Name/Last Name
Title
Address Line 1
Address Line 2
City, State and Zip Code
Phone: (XXX) - XXX - XXXX
Fax: (XXX) - XXX - XXXX
E-mail: [email protected]
SOA’s oversight program is located within the [insert name of department, i.e., Department of
Transportation Safety] within the [insert name of agency, i.e., state Department of Transportation].
Organization charts for both the [insert name of agency, i.e., state Department of Transportation]
and the [insert name of department, i.e., Office of Transportation Safety] are provided in Appendix
C. The SOA Program Manager administers the state safety and security oversight program full-time.
The SOA Program Manager reports to the [insert name of supervisor], who reports to the [insert
name of supervisor, i.e., Deputy Administrator for Transportation], who reports information on the
oversight program to the [insert name of agency]’s chief executive. In the event that additional
personnel, technical or staff support is required from [insert name of agency], [insert name of
supervisor] is authorized dedicate these resources to the program. [Insert name of supervisor] is also
authorized to arrange a meeting with the [insert name of agency]’s chief executive in the event that
agency-wide attention should be focused on a specific RTA safety or security issue. The SOA
retains the authority to use contractors as required to support the performance of safety and security
oversight activities. Procurement activities for the contractor are managed by the SOA Program
Manager in conjunction with the [insert name of agency]’s procurement department.
1.4
Affected Rail Transit Agency(s)
RTAs affected by this program include any light, heavy, or rapid rail system, monorail, inclined
plane, funicular, trolley, or automated guideway operating within the state’s jurisdiction that:
•
•
is not regulated by the Federal Railroad Administration; and
is included in FTA’s calculation of fixed guideway route miles or receives funding under
FTA’s formula program for urbanized areas (49 U.S.C. 5336); or
-12-
�Resource Toolkit
•
has submitted documentation to FTA indicating its intent to be included in FTA’s calculation
of fixed guideway route miles to receive funding under FTA’s formula program for
urbanized areas (49 U.S.C. 5336).
RTA’s subject to the provisions of the state’s program include:
RTA Number 1:
Name of RTA
Address Line 1
Address Line 2
City, State and Zip Code
RTA Number 2:
Name of RTA
Address Line 1
Address Line 2
City, State and Zip Code
Affected RTAs shall supply, and update as necessary, points-of-contact for their safety and security
programs to SOA. This information is attached as Appendix D.
1.5
Conflict of Interest
No individual or entity may provide services to both SOA and an RTA when there is a conflict of
interest or an appearance of a conflict. A conflict of interest occurs when an individual or entity
performing work for an RTA or the SOA is unable, or potentially unable, to render impartial
assistance or advice on the development or implementation of the standards and provisions of this
SSO manual, or to objectively perform such work without bias. A third party contractor to the SOA
or an RTA may not have an unfair competitive advantage over other contractors. Each contractor is
subject to full disclosure on all present and potential conflicts of interest in its activities or
relationships prior to being awarded a contract with SOA or an RTA.
1.6
Distribution of Program Standard and Procedures
This document is distributed through the SOA’s [insert name of office]. Copies can be obtained
from:
Name of Office
Address Line 1
Address Line 2
City, State and Zip Code
This document can also be obtained directly from the SOA point-of-contact. In addition, copies of
this document have been distributed directly to the designated safety and security points-of-contact
established by each affected RTA.
-13-
�Resource Toolkit
1.7
Revisions and Updates
To ensure currency, this document will be reviewed on a biennial schedule to determine if updates
are necessary. The first biennial review will be performed beginning on the first working day in
January 2008. After a 30-day review period, during which SOA will develop its proposed revisions,
the revised document will be circulated for review in draft form to the affected RTAs. At least 30
days will be provided for the RTAs to submit comments to the SOA point-of-contact.
Following this review and comment period, draft changes will be approved by the [insert name of
approving party] and incorporated into the next version of the document. After every update, final
versions of the revised document will be submitted to the RTA safety and security points-of-contact.
Final versions of the revised document will also be submitted to FTA’s Office of Safety and Security
as part of the SOA’s Annual Submission. Final versions of this document will also be available for
distribution in the manner described in Section 1.6.
In addition to the biennial update, changes may be requested to this document based on reviews or
audits from internal or external sources, such as FTA, or based on policy changes, statewide
meetings, and/or organizational changes. Each request for change will be reviewed by appropriate
SOA staff in a timely manner. Proposed changes to this document will be circulated for review in
draft form to the affected RTAs in the manner described for the biennial reviews. As with the
biennial updates, final copies of the revised version of this document will be submitted to the RTA
safety and security points-of-contact and to the FTA as part of the SOA’s Annual Submission. Final
versions of this document will also be available for distribution in the manner described in
Section 1.6.
1.8
Definitions
Definitions used in this document include the following:
Contractor means an entity that performs tasks required on behalf of the oversight or rail
transit agency. The rail transit agency may not be a contractor for the oversight agency.
Corrective action plan means a plan developed by the rail transit agency that describes the
actions the rail transit agency will take to minimize, control, correct, or eliminate hazards,
and the schedule for implementing those actions.
FRA means the Federal Railroad Administration, an agency within the U.S. Department of
Transportation.
FTA means the Federal Transit Administration, an agency within the U.S. Department of
Transportation.
-14-
�Resource Toolkit
Hazard means any real or potential condition (as defined in the rail transit agency’s hazard
management process) that can cause injury, illness, or death; damage to or loss of a system,
equipment or property; or damage to the environment.
Individual means a passenger; employee; contractor; other rail transit facility worker;
pedestrian; trespasser; or any person on rail transit-controlled property.
Investigation means the process used to determine the causal and contributing factors of an
accident or hazard, so that actions can be identified to prevent recurrence.
New Starts Project means any rail fixed guideway system funded under FTA’s 49 U.S.C.
5309 discretionary construction program.
Oversight Agency means the entity, other than the rail transit agency, designated by the
state or several states to implement this part.
Passenger means a person who is on board, boarding, or alighting from a rail transit vehicle
for the purpose of travel.
Passenger Operations means the period of time when any aspect of rail transit agency
operations are initiated with the intent to carry passengers.
Program Standard means a written document developed and adopted by the oversight
agency, that describes the policies, objectives, responsibilities, and procedures used to
provide rail transit agency safety and security oversight.
Rail Fixed Guideway System means any light, heavy, or rapid rail system, monorail,
inclined plane, funicular, trolley, or automated guideway that: (1) is not regulated by the
Federal Railroad Administration; and (2) is included in FTA’s calculation of fixed guideway
route miles or receives funding under FTA’s formula program for urbanized areas (49 U.S.C.
5336); or (3) has submitted documentation to FTA indicating its intent to be included in
FTA’s calculation of fixed guideway route miles to receive funding under FTA’s formula
program for urbanized areas (49 U.S.C. 5336).
Rail Transit Agency means an entity that operates a rail fixed guideway system.
Rail Transit-Controlled Property means property that is used by the rail transit agency and
may be owned, leased, or maintained by the rail transit agency.
Rail Transit Vehicle means the rail transit agency’s rolling stock, including but not limited
to passenger and maintenance vehicles.
Safety means freedom from harm resulting from unintentional acts or circumstances.
-15-
�Resource Toolkit
Security means freedom from harm resulting from intentional acts or circumstances.
State means a state of the United States, the District of Columbia, Puerto Rico, the Northern
Mariana Islands, Guam, American Samoa, and the Virgin Islands.
System Safety Program Plan means a document developed and adopted by the rail transit
agency, describing its safety policies, objectives, responsibilities, and procedures.
System Security Plan means a document developed and adopted by the rail transit agency
describing its security policies, objectives, responsibilities, and procedures.
-16-
�Resource Toolkit
2.
System Safety Program Plan Standard
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s requirements for the System Safety Program Plan (SSPP), which must be developed by the
rail transit agency, and formally reviewed and approved by the oversight agency. The state oversight
agency must also require the rail transit agency to conduct an annual review to determine whether
the SSPP should be updated, and must explain its process for receiving, reviewing and formally
approving updated SSPPs. Below, the relevant citations of the revised 49 CFR Part 659, which are
addressed in this section, are listed:
§ 659.15(b)(8). System safety program standard: contents.
(8) System safety program plan section. This section shall specify the minimum
requirements to be contained in the rail transit agency’s system safety program plan.
The contents of the system safety plan are discussed in more detail in § 659.19 of this
part. This section shall also specify information to be included in the affected rail
transit agency’s system safety program plan relating to the hazard management
process, including requirements for ongoing communication and coordination relating
to the identification, categorization, resolution, and reporting of hazards to the
oversight agency. More details on the hazard management process are contained in
§ 659.31 of this part. This section shall also describe the process and timeframe
through which the oversight agency must receive, review, and approve the rail transit
agency system safety program plan.
§ 659.39(a) and (b) Oversight agency reporting to the Federal Transit Administration.
(a) Initial submission. Each designated oversight agency with a rail fixed guideway system that
is in passenger operations as of April 29, 2005 or will begin passenger operations by
May 1, 2006, must make its initial submission to FTA by May 1, 2006. In states with rail
fixed guideway systems initiating passenger operations after May 1, 2006, the designated
oversight agency must make its initial submission within the time frame specified by the
state in its designation submission, but not later than at least sixty (60) days prior to initiation
of passenger operations. Any time a state changes its designated oversight agency to carry
out the requirements identified in this part, the new oversight agency must make a new initial
submission to FTA within thirty (30) days of the designation.
(b) An initial submission must include the following:
(1) Oversight agency program standard and referenced procedures; and
-17-
�Resource Toolkit
(2) Certification that the system safety program plan and the system security plan have
been developed, reviewed, and approved.
§ 659.17 System safety program plan: general requirements.
(a) The oversight agency shall require the rail transit agency to develop and implement a written
system safety program plan that complies with requirements in this part and the oversight
agency’s program standard.
(b) The oversight agency shall review and approve the rail transit agency system safety program
plan.
(c) After approval, the oversight agency shall issue a formal letter of approval to the rail transit
agency, including the checklist used to conduct the review.
§ 659.25(a) and (b). Annual review of system safety program plan.
(a) The oversight agency shall require the rail transit agency to conduct an annual review of its
system safety program plan.
(b) In the event the rail transit agency’s system safety program plan is modified, the rail transit
agency must submit the modified plan and any subsequently modified procedures to the
oversight agency for review and approval. After the plan is approved, the oversight agency
must issue a formal letter of approval to the rail transit agency.
§ 659.19 System safety program plan: contents.
The system safety plan shall include, at a minimum:
(a) A policy statement signed by the agency’s chief executive that endorses the safety program
and describes the authority that establishes the system safety program plan.
(b) A clear definition of the goals and objectives for the safety program and stated management
responsibilities to ensure they are achieved.
(c) An overview of the management structure of the rail transit agency, including:
(1) An organization chart;
(2) A description of how the safety function is integrated into the rest of the rail transit
organization; and
(3) Clear identification of the lines of authority used by the rail transit agency to manage
-18-
�Resource Toolkit
safety issues.
(d) The process used to control changes to the system safety program plan, including:
(1) Specifying an annual assessment of whether the system safety program plan should be
updated; and
(2) Required coordination with the oversight agency, including timeframes for
submission, revision, and approval.
(e) A description of the specific activities required to implement the system safety program,
including:
(1) Tasks to be performed by the rail transit safety function, by position and management
accountability, specified in matrices and/or narrative format; and
(2) Safety-related tasks to be performed by other rail transit departments, by position and
management accountability, specified in matrices and/or narrative format.
(f) A description of the process used by the rail transit agency to implement its hazard
management program, including activities for:
(1) Hazard identification;
(2) Hazard investigation, evaluation and analysis;
(3) Hazard control and elimination;
(4) Hazard tracking; and
(5) Requirements for on-going reporting to the oversight agency relating to hazard
management activities and status.
(g) A description of the process used by the rail transit agency to ensure that safety concerns are
addressed in modifications to existing systems, vehicles, and equipment, which do not
require formal safety certification but which may have safety impacts.
(h) A description of the safety certification process required by the rail transit agency to ensure
that safety concerns and hazards are adequately addressed prior to the initiation of passenger
operations for New Starts and subsequent major projects to extend, rehabilitate, or modify an
existing system, or to replace vehicles and equipment.
(i) A description of the process used to collect, maintain, analyze, and distribute safety data, to
ensure that the safety function within the rail transit organization receives the necessary
information to support implementation of the system safety program.
(j) A description of the process used by the rail transit agency to perform accident notification,
-19-
�Resource Toolkit
investigation and reporting, including:
(1) Notification thresholds for internal and external organizations;
(2) Accident investigation process and references to procedures;
(3) The process used to develop, implement, and track corrective actions that address
investigation findings;
(4) Reporting to internal and external organizations; and
(5) Coordination with the oversight agency.
(k) A description of the process used by the rail transit agency to develop an approved,
coordinated schedule for all emergency management program activities, which include:
(1) Meetings with external agencies;
(2) Emergency planning responsibilities and requirements;
(3) Process used to evaluate emergency preparedness, such as annual emergency field
exercises;
(4) After action reports and implementation of findings;
(5) Revision and distribution of emergency response procedures;
(6) Familiarization training for public safety organizations; and
(7) Employee training.
(l) A description of the process used by the rail transit agency to ensure that planned and
scheduled internal safety reviews are performed to evaluate compliance with the system
safety program plan, including:
(1) Identification of departments and functions subject to review;
(2) Responsibility for scheduling reviews;
(3) Process for conducting reviews, including the development of checklists and
procedures and the issuing of findings;
(4) Review of reporting requirements;
(5) Tracking the status of implemented recommendations; and
(6) Coordination with the oversight agency.
(m) A description of the process used by the rail transit agency to develop, maintain, and ensure
compliance with rules and procedures having a safety impact, including:
(1) Identification of operating and maintenance rules and procedures subject to review;
-20-
�Resource Toolkit
(2) Techniques used to assess the implementation of operating and maintenance rules and
procedures by employees, such as performance testing;
(3) Techniques used to assess the effectiveness of supervision relating to the
implementation of operating and maintenance rules; and
(4) Process for documenting results and incorporating them into the hazard management
program.
(n) A description of the process used for facilities and equipment safety inspections, including:
(1) Identification of the facilities and equipment subject to regular safety-related
inspection and testing;
(2) Techniques used to conduct inspections and testing;
(3) Inspection schedules and procedures; and
(4) Description of how results are entered into the hazard management process.
(o) A description of the maintenance audits and inspections program, including identification of
the affected facilities and equipment, maintenance cycles, documentation required, and the
process for integrating identified problems into the hazard management process.
(p) A description of the training and certification program for employees and contractors,
including:
(1) Categories of safety-related work requiring training and certification;
(2) A description of the training and certification program for employees and contractors
in safety-related positions;
(3) Process used to maintain and access employee and contractor training records; and
(4) Process used to assess compliance with training and certification requirements.
(q) A description of the configuration management control process, including:
(1) The authority to make configuration changes;
(2) Process for making changes; and
(3) Assurances necessary for formally notifying all involved departments.
(r) A description of the safety program for employees and contractors that incorporates the
applicable local, state, and federal requirements, including:
(1) Safety requirements that employees and contractors must follow when working on, or
-21-
�Resource Toolkit
in close proximity to, rail transit agency property; and
(2) Processes for ensuring the employees and contractors know and follow the
requirements.
(s) A description of the hazardous materials program, including the process used to ensure
knowledge of and compliance with program requirements.
(t) A description of the drug and alcohol program and the process used to ensure knowledge of
and compliance with program requirements.
(u) A description of the measures, controls, and assurances in place to ensure that safety
principles, requirements and representatives are included in the rail transit agency’s
procurement process.
§ 659.31 Hazard management process.
(a) The oversight agency must require the rail transit agency to develop and document in its
system safety program plan a process to identify and resolve hazards during its operation,
including any hazards resulting from subsequent system extensions or modifications,
operational changes, or other changes within the rail transit environment.
(b) The hazard management process must, at a minimum:
(1) Define the rail transit agency’s approach to hazard management and the
implementation of an integrated system-wide hazard resolution process;
(2) Specify the sources of, and the mechanisms to support, the on-going identification of
hazards;
(3) Define the process by which identified hazards will be evaluated and prioritized for
elimination or control;
(4) Identify the mechanism used to track through resolution the identified hazard(s);
(5) Define minimum thresholds for the notification and reporting of hazard(s) to
oversight agencies; and
(6) Specify the process by which the rail transit agency will provide on-going reporting
of hazard resolution activities to the oversight agency.
-22-
�Resource Toolkit
2.1
Objective
This section identifies the minimum requirements for the System Safety Program Plan (SSPP) to be
developed, approved, adopted and implemented by the each RTA in the SOA program.
2.2
SSPP Minimum Requirements
SOA has adopted a minimum system safety program standard in order to comply with requirements
specified by FTA in 49 CFR 659.17 and 49 CFR 659.19 of the revised Rule. SOA encourages the
RTAs to exceed this standard in their revenue service operations and to further enhance safety by
applying system safety principles throughout all life cycle phases of the transit system’s activities.
Each RTA must develop, implement, and maintain a written SSPP that complies with the SSPP
Program Requirements specified in Appendix E of this document. This SSPP must:
be endorsed by top management of the transit agency;
establish the safety and security goals and objectives of the transit agency;
identify the safety roles and responsibilities of all RTA departments/functions;
require cooperation within the transit agency and the accountability of executive leadership
for addressing identified safety issues;
identify the hazard management process to be managed by the RTA;
identify the internal safety audit process to be managed by the RTA and overseen by the
SOA;
identify the notification, investigation and reporting procedures to be used jointly by the
RTA and the SOA in managing accidents meeting thresholds specified by FTA’s Rule;
require communication and coordination with SOA in all SSO program provisions; and
provide a schedule for the implementation and revision of the SSPP.
Based on the requirements specified in Appendix E, an outline for the minimum content for the
RTA SSPP is illustrated in Figure 1.
-23-
�Resource Toolkit
Figure 1: Outline for SSPP
1. Executive Approval (Policy Statement)
2. Purpose, Goals and Objectives
2.1 Purpose
2.2 Goals
2.3 Objectives
3. Management Structure
3.1 Overview
3.1.1 General Overview and History of Transit Agency
3.1.2 Scope of Transit Services
3.1.3 Physical Plant
3.1.4 Operations
3.1.5 Maintenance
3.2 Integration of Safety Function
3.3 Lines of Authority for Safety
4. Plan Review and Modification
4.1 SSPP Review Schedule
4.2 SSPP Control and Update Procedures
4.3 SSPP Review and Approval by the State Oversight Agency
4.4 SSPP Change Management
5. SSPP Implementation – Tasks and Activities
5.1 Overview
5.2 System Safety Function
5.2.1 Methodology Used by the System Safety Unit
5.3 Safety Responsibilities of Other Departments
5.4 Safety Task Responsibility Matrix (or Narrative Description)
6. Hazard Management Process
6.1 Overview
6.2 Hazard Management Process – Activities and Methodologies
6.3 Coordinating with the State Oversight Agency
7. Safety Certification
8. Managing Safety in System Modifications
-24-
�Resource Toolkit
9. Safety Data Acquisition
9.1 Data Acquisition Process
9.2 Access to Data
10. Accident/Incident Notification, Investigation and Reporting
10.1 Overview
10.2 Accident/Incident Reporting Criteria
10.3 Accident/Incident Investigation Procedures
10.4 Internal Notification Procedure
10.5 External Notification Procedure
10.6 Accident/Incident Reporting and Documentation
10.7 Corrective Action Resulting from Accident Investigation
10.8 Coordination with State Oversight Agency
11. Emergency Response Planning/Coordination/Training
11.1 Responsibilities for Emergency Preparedness
11.2 Coordinated Schedule
11.3 Emergency Drills and Exercises
11.4 Emergency Procedures
11.5 Emergency Training
11.6 Familiarization Training
12. Internal Safety Audit Process
12.1 Overview
12.2 Scope of Activities
12.3 Audit Process
12.3.1 Integrity of Audit Process
12.3.2 Cycle/Schedule
12.3.3 Checklists and Procedures
12.3.4 Annual Audit Report
12.3.5 Audit Reporting
12.3.6 Coordination with the Oversight Agency
12.3.7 Audit Completeness
13. Rules Compliance/Procedures Review
13.1 Overview
13.2 Review of Rules and Procedures
13.3 Process for Ensuring Rules Compliance
13.4 Compliance Techniques – Operations and Maintenance Personnel
13.5 Compliance Techniques – Supervisory Personnel
13.6 Documentation
14. Facilities and Equipment Inspections
-25-
�Resource Toolkit
14.1
14.2
14.3
14.4
Facilities and Equipment Subject to Inspection
Regular Inspection and Testing
Checklists
Coordination with Hazard Management Process
15. Maintenance Audits/Inspections
15.1 Systems and Facilities Subject to Maintenance Program
15.2 Resolution of Audit/Inspection Findings
15.3 Checklists
16. Training and Certification Review/Audit
16.1 Overview
16.2 Employee Safety
16.3 Contractor Safety
16.4 Record Keeping
16.5 Compliance with Training Requirements
17. Configuration Management
17.1 Overview
17.2 Process for Changes
17.3 Authority for Change
18. Compliance with local, state and federal Requirements
18.1 Employee Safety Program
18.2 Working on or near Rail Transit Controlled Property
18.3 Compliance with Required Safety Programs
19. Hazardous Materials
20. Drug & Alcohol Abuse
21. Procurement
2.3
Initial Review and Approval of SSPP
In carrying out its oversight responsibilities under FTA’s SSO Program (49 CFR 659.17), SOA will
receive, review, and approve in writing each RTA SSPP. With the SSPP, the RTA should also
submit any referenced materials, including procedures, checklists and training materials for accident
investigation, the internal safety audit program, the hazard management process, the emergency
response planning, coordination and training program, and the rules compliance program.
To ensure compliance with FTA’s initial submission requirements, each RTA must submit an SSPP, in
compliance with the program requirements specified in Appendix E and all referenced
-26-
�Resource Toolkit
procedures/materials by April 1, 2006. The SSPP should be submitted in electronic format via email
to the SOA point-of-contact. Supporting procedures may be submitted in hard copy via mail or fax.
SOA will review the submitted SSPP, using the checklist provided in Appendix F. Upon approval,
SOA will provide a written letter of approval and a copy of the completed checklist to the RTA.
While conducting its review, SOA may request additional information, clarifications or revisions
from the RTA safety point-of-contact. A meeting or teleconference may also be conducted to
address any issues identified by SOA during its review of the SSPP. Any additional requirements
will be conveyed by the SOA point-of-contact. Pending any major deficiencies in the RTA SSPP,
SOA will approve the initial SSPP submission by April 30, 2006.
2.4
Subsequent Reviews of RTA SSPP
Each RTA shall conduct an annual review of its SSPP and update it as necessary to ensure that the
SSPP is current at all times. The RTA shall complete the review for the previous calendar year and
submit a revised SSPP to the SOA point-of-contact by March 1. As appropriate, referenced
materials affected by the revision(s) should also be submitted with the SSPP.
Each revised SSPP submitted to the SOA by an RTA shall include a text or tabular summary that
identifies and explains proposed changes and includes a time frame for completion of the associated
activities. Following the process specified in Figure 2, SOA will review subsequent SSPP
submissions from RTAs. Upon approval of modifications, SOA will issue to the RTA written
approval of its SSPP within 30 calendar days of submission and the completed SSPP checklist.
In the event that an RTA conducts its annual SSPP review and determines that no update is
necessary for that year, it must prepare and submit by March 1 formal correspondence notifying
SOA of this determination. If SOA wishes to object to this determination, the SOA point-of-contact
will notify the RTA within 30 days.
Additional reviews of the RTA SSPP may be required to address specific issues based on revisions to
the SOA’s program standard or procedures, revisions to FTA 49 CFR 659, audit results, on-site
reviews, investigations, or changing trends in incident data. Upon receipt of a written notification
from the SOA for SSPP modifications, the RTA shall submit a revised SSPP to SOA within 30
calendar days. SOA will review and approve the revised SSPP, providing a formal approval letter and a
completed review checklist (if appropriate for the change) within 30 days of receipt of the revised RTA
SSPP.
In the event that the RTA initiates updates outside of the annual review cycle, the RTA shall submit
the modified SSPP, and any subsequently modified procedures, to the SOA for review and approval
within 30 calendar days of the effective date of the change.
-27-
�Resource Toolkit
Figure 2: SSPP Approval Process
SOA adopts and maintains its
Standard and SSPP Program
Requirements and transmits
them to the RTA
Each RTA reviews its SSPP at
least annually and prepares
updates, as necessary
RTA revises its SSPP as
directed
Each RTA submits its SSPP to
SOA for approval
SOA reviews RTA SSPP using
review checklist
No
SOA requests additional
information; specifies
modifications/revisions
Is SSPP
acceptable?
Yes
SOA approves SSPP, completing
review checklist
SOA notifies RTA in writing that
SSPP is approved
-28-
�Resource Toolkit
2.5
SSPP Submittals from New Starts Projects
An RTA New Starts project shall make an initial submittal of an SSPP and all referenced
procedures/materials to SOA at least 180 calendar days before beginning passenger service operations.
The initial SSPP will be approved and adopted by the RTA as part of the New Starts project safety
certification process.
SOA will review and approve the initial SSPP using its review checklist, and will transmit a formal
letter of approval and the completed checklist to the RTA point-of-contact. While conducting its
review, SOA may request additional information, clarifications or revisions from the RTA safety
point-of-contact. A meeting or teleconference may also be conducted to address any issues identified
by SOA during its review of the SSPP. Any additional requirements will be conveyed by the SOA
point-of-contact.
2.6
SSPP Readiness Review
SOA reserves the right to conduct an on-site SSPP Readiness Review of any New Starts project. This
review would be conducted after receipt of the RTA’s initial SSPP submission but prior to its entry
into passenger operations. This assessment would focus on the capabilities of the RTA to implement
its SSPP during passenger operations. This assessment may be conducted in conjunction with SOA
review and approval of the initial SSPP submission.
This assessment may be conducted formally, following the procedures specified for the Three-Year
Safety and Security Review, identified in Section 7 of this document. Or this assessment may be
conducted less formally, as an on-site walk-through of the RTA’s safety program with the RTA’s
safety point-of-contact and other RTA personnel to ensure both the accuracy of its initial SSPP
submission and the capacity of the RTA to implement its SSPP.
Based on the type of review conducted, SOA may issue an official report with required corrective
actions (see Section 7 of this document), or may address any findings through the review and approval
process used for the RTA’s SSPP.
-29-
�Resource Toolkit
3.
System Security Plan Standard
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s requirements for the System Security Plan, which must be developed by the rail transit
agency, and formally reviewed and approved by the oversight agency. The state oversight agency
must also require the rail transit agency to conduct an annual review to determine whether the
System Security Plan should be updated, and must explain its process for receiving, reviewing and
formally approving updated System Security Plans. Below, the relevant citations of the revised 49
CFR Part 659, which are addressed in this section, are listed:
§ 659.15(b)(9). System safety program standard: contents.
(9) System security plan section. This section shall specify the minimum requirements to
be included in the rail transit agency’s system security plan. More details about the
system security plan are contained in §§ 659.21 through 659.23 of this part. This
section shall also describe the process by which the oversight agency will review and
approve the rail transit agency system security program plan. This section also shall
identify how the state will prevent the system security plan from public disclosure.
§ 659.11 Confidentiality of investigation reports and security plans.
(a) A state may withhold an investigation report that may have been prepared or adopted by the
oversight agency from being admitted as evidence or used in a civil action for damages
resulting from a matter mentioned in the report.
(b) This part does not require public availability of the rail transit agency’s security plan and any
referenced procedures.
§ 659.21 System security plan: general requirements.
(a) The oversight agency shall require the rail transit agency to implement a system security plan
that, at a minimum, complies with requirements in this part and the oversight agency’s
program standard. The system security plan must be developed and maintained as a separate
document and may not be part of the rail transit agency’s system safety program plan.
(b) The oversight agency may prohibit a rail transit agency from publicly disclosing the system
security plan.
(c) After approving the system security plan, the oversight agency shall issue a formal letter of
-30-
�Resource Toolkit
approval, including the checklist used to conduct the review, to the rail transit agency.
§ 659.23 System security plan: contents.
The system security plan must, at a minimum address the following:
(a) Identify the policies, goals, and objectives for the security program endorsed by the agency’s
chief executive;
(b) Document the rail transit agency’s process for managing threats and vulnerabilities during
operations, and for major projects, extensions, new vehicles and equipment, including
integration with the safety certification process;
(c) Identify controls in place that address the personal security of passengers and employees;
(d) Document the rail transit agency’s process for conducting internal security reviews to
evaluate compliance and measure the effectiveness of the system security plan; and
(e) Document the rail transit agency’s process for making its system security plan and
accompanying procedures available to the oversight agency for review and approval.
§ 659.25(b) and (c). Annual review of system security plan.
(b) The oversight agency shall require the rail transit agency to conduct an annual review of its
system security plan.
(c) In the event the rail transit agency’s system security plan is modified, the rail transit agency
must make the modified system security plan and accompanying procedures available to the
oversight agency for review, consistent with requirements specified in § 659.23(e) of this
part. After the plan is approved, the oversight agency shall issue a formal letter of approval to
the rail transit agency.
-31-
�Resource Toolkit
3.1
Objective
This section identifies the minimum requirements for the System Security Plan to be developed,
approved, adopted and implemented by the each RTA in the SOA program.
3.2
Security Program Plan Minimum Requirements
SOA has adopted a minimum system security program standard in order to comply with
requirements specified by FTA in 49 CFR 659.21 and 49 CFR 659.23 of the revised Rule. Each
RTA must develop, implement, and maintain a written System Security Plan that complies with the
program requirements specified in Appendix G of this document. This appendix is based on FTA’s
System Security and Emergency Preparedness Planning Guide, issued in January 2003. FTA’s
guide addresses all of the activities specified in 49 CFR Part 659.23. In addition, compliance with
this FTA guide is required for RTAs participating in the Transit Security Grant Program (TSGP),
administered by the Department of Homeland Security, Preparedness Directorate, Office of Grants
and Training (G&T), formerly the Office for Domestic Preparedness (ODP). The program
requirements in Appendix G also affirm the authority of the Transportation Security Administration
(TSA) in the areas of rail transit security and terrorism preparedness.
At a minimum, the System Security Plan developed by the RTA must:
identify the policies, goals, and objectives for the security program endorsed by the chief
executive of the RTA;
document the RTA process for managing threats and vulnerabilities during operations and
for major projects, extensions, new vehicles and equipment, including integration with the
safety certification process;
identify controls in place that address the personal security of passengers and employees;
document the RTA process for conducting internal security audits to evaluate compliance
and measure the effectiveness of the system security plan; and
document the RTA process for making available its system security plan and accompanying
procedures to the SOA for review and approval.
In addressing this last item, the SOA has authority in place to protect against the public disclosure of
RTA security documents. To ensure the further protection of these documents, the SOA requests
that all security submissions are either delivered to the SOA point-of-contact in person, via email, or
delivered via overnight mail with a signature required.
Based on the requirements specified in Appendix G, an outline for the minimum content for the
RTA System Security Plan is illustrated in Figure 3.
-32-
�Resource Toolkit
Figure 3: Outline for System Security and Emergency Preparedness Plan (SEPP)
SEPP Memorandum of Executive Approval/System Security Policy
1.0
System Security and Emergency Preparedness Program Introduction
1.1.
Purpose of the SEPP
1.1.1 System Security
1.1.2 Emergency Preparedness
1.2
Goals and Objectives
1.2.1 Goals
1.2.2 Objectives
1.3
Scope of Program
1.4
Security and Law Enforcement
1.5
Management Authority and Legal Aspects
1.6
Government Involvement
1.7
Security Acronyms and Definitions
2.0
System Description
2.1
Background & History of System
2.2
Organizational Structure
2.3
Human Resources
2.4
Passengers
2.5
Services and Operations
2.6
Operating Environment
2.7
Integration with Other Plans and Programs
2.8
Current Security Conditions
2.9
Capabilities and Practices
3.0
SEPP Management Activities
3.1
Responsibility for Mission Statement and System Security Policy
3.2
Management of the SEPP Program
3.3
Division of Security Responsibilities
3.3.1 Security/Police Function Responsibilities
3.3.2 Security Responsibilities of Other Departments/Functions
3.3.3 Job-specific Security Responsibilities
3.3.4 Security Task Responsibilities Matrix
3.3.5 Security Committees
4.0
SEPP Program Description
4.1
Planning
4.2
Organization
4.3
Equipment
4.4
Training and Procedures
-33-
�Resource Toolkit
4.5
Emergency Exercises and Evaluation
5.0
Threat and Vulnerability Identification, Assessment, and Resolution
5.1
Threat and Vulnerability Identification
5.1.1 Asset Analysis
5.1.2 Security Data Collection for the Identification of Threats and Vulnerabilities
5.1.3 Other Sources of Information – Security Reviews, Testing and Inspection
Programs
5.1.4 Identifying Threats for Prioritized Assets
5.1.5 Identifying Vulnerabilities
5.2
Threat and Vulnerability Assessment
5.3
Threat and Vulnerability Resolution
6.0
Implementation and Evaluation of SEPP
6.1
Implementation Tasks for Goals and Objectives
6.2
Implementation Schedule
6.3
Evaluation
7.0
Modification of System Security Plan
7.1
Initiation
7.2
Review Process
7.3
Implement Modifications
3.3
Initial Review and Approval of System Security Plan
In carrying out its oversight responsibilities under FTA’s SSO Program (49 CFR 659.21), the SOA
will receive, review, and approve in writing each RTA System Security Plan. With the System
Security Plan, the RTA should also submit any referenced materials, including procedures and
checklists for the threat and vulnerability identification/assessment/resolution process, the internal
security audit program, and the controls in place that address the personal security of passengers and
employees. For RTAs participating in the DHS/G&T TSGP, SOA also requests copies of the RTA’s
Regional Transit Security Strategy.
To ensure compliance with FTA’s initial submission requirements, each RTA must submit a System
Security Plan, in compliance with the program requirements specified in Appendix G and all
referenced procedures/materials by April 1, 2006 to the SOA point-of-contact. SOA will review the
submitted SSPP, using the checklist provided in Appendix H. Upon approval, SOA will provide a
written letter of approval and a copy of the completed checklist to the RTA. Pending any major
deficiencies in the initial System Security Plan submission, SOA will approve this plan by
April 30, 2006.
-34-
�Resource Toolkit
3.4
Subsequent Reviews of RTA System Security Plan
Each RTA shall conduct an annual review of its System Security Plan and update it as necessary to
ensure that the System Security Plan is current at all times. The RTA shall complete the review for
the previous calendar year and submit a revised System Security Plan to the SOA point-of-contact
by March 1. As appropriate, referenced materials affected by the revision(s) should also be
submitted with the System Security Plan.
Each revised System Security Plan submitted to SOA by an RTA shall include a text or tabular
summary that identifies and explains proposed changes and includes a time frame for completion of
the associated activities. SOA will review subsequent System Security Plan submissions from
RTAs. Upon approval of modifications, the SOA will issue to the RTA written approval of its
System Security Plan within 30 calendar days and a copy of the completed System Security Plan
review checklist.
In the event that an RTA conducts its annual System Security Plan review and determines that no
update is necessary for that year, it must prepare and submit by March 1 formal correspondence
notifying SOA of this determination. If SOA wishes to object to this determination, the SOA pointof-contact will notify the RTA within 30 days.
Additional reviews of the RTA System Security Plan may be required to address specific issues
based on revisions to the SOA’s program standard or procedures, revisions to FTA 49 CFR 659,
audit results, on-site reviews, investigations, or changing trends in crime data or terrorism threat
levels. Upon receipt of a written notification from the SOA for System Security Plan modifications,
the RTA shall submit a revised System Security Plan to the SOA within 30 calendar days. SOA will
review and approve the revised System Security Plan, providing a formal approval letter and a
completed review checklist (if appropriate for the change). This review and approval process will be
completed 30 days after receipt of the modified System Security Plan.
In the event that the RTA initiates updates outside of the annual review cycle, the RTA shall submit
the modified System Security Plan, and any subsequently modified procedures, to the SOA for
review and approval within 30 calendar days of the effective date of the change.
SOA encourages the RTA to ensure that submissions of updated System Security Plans are also
made to DHS/G&T and TSA, following the conditions specified in grant program, directives or
other requirements and regulations administered by these agencies.
Figure 4 provides a visual depiction of the SOA System Security Plan review and approval process.
-35-
�Resource Toolkit
Figure 4: System Security Plan Approval Process
SOA adopts and maintains its
Standard and System Security
Plan Program Requirements
and transmits them to the RTA
Each RTA reviews its System
Security Plan at least annually
and prepares updates, as
necessary
RTA revises its System
Security Plan as directed
Each RTA submits its System
Security Plan to SOA for
approval
SOA reviews RTA System
Security Plan using review
checklist
No
Is System
Security Plan
acceptable?
SOA requests additional
information; specifies
modifications/revisions
Yes
SOA approves System Security
Plan, completing review checklist
SOA notifies RTA in writing that
System Security Plan is approved
-36-
�Resource Toolkit
3.5
System Security Plan Submittals from New Starts Projects
An RTA New Starts project shall make an initial submittal of a System Security Plan and all
referenced procedures/materials to SOA at least 180 calendar days before beginning passenger
service operations. This submission shall be made following any restrictions placed on these
materials by either the RTA or SOA to ensure their protection from public release. The initial
System Security Plan shall be approved and adopted by the RTA as part of the New Starts project
safety certification process.
SOA will review and approve the initial System Security Plan using its review checklist, and will
transmit a formal letter of approval and the completed checklist to the RTA point-of-contact. During
its review, SOA may make requests for additional information, revisions or modifications. Any
additional requirements will be conveyed by the SOA point-of-contact.
3.6
System Security Plan Readiness Review
SOA reserves the right to conduct an on-site System Security Plan Readiness Review of any New
Starts project. This review would be conducted after receipt of the RTA’s initial System Security
Plan submission but prior to its entry into passenger operations. This assessment would focus on the
capabilities of the RTA to implement its System Security Plan during passenger operations. This
assessment may be conducted in conjunction with SOA review and approval of the initial System
Security Plan submission.
This assessment may be conducted formally, following the procedures specified for the Three-Year
Safety and Security Review, identified in Section 7 of this document. Or this assessment may be
conducted less formally, as an on-site walk-through of the RTA’s security and emergency
preparedness program with the RTA’s security point-of-contact and other RTA personnel to ensure
both the accuracy of its initial System Security Plan submission and the capacity of the RTA to
implement its System Security Plan.
Based on the type of review conducted, SOA may issue an official report with required corrective
actions (see Section 7 of this document), or may address any findings through the review and
approval process used for the RTA’s System Security Plan.
-37-
�Resource Toolkit
4.
Internal Safety and Security Audit Program
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s requirements for the internal safety and security audit program, which must be performed
by the rail transit agency, and formally reviewed and approved by the oversight agency. The state
oversight agency must also require the rail transit agency chief executive officer to certify on annual
basis that, based on the results of this process, the rail transit agency is in compliance with its SSPP
and System Security Plan. In the event that the chief executive officer cannot make this certification,
an action plan must be submitted to the state oversight agency for review and approval. Below, the
relevant citations of the revised 49 CFR Part 659, which are addressed in this section, are listed:
§ 659.15(b)(3). System safety program standard: contents.
(3) Oversight of rail transit agency internal safety and security reviews. This section shall
specify the role of the oversight agency in overseeing the rail transit agency internal
safety and security review process. This includes a description of the process used by the
oversight agency to receive rail transit agency checklists and procedures and approve the
rail transit agency’s annual reports on findings, which must be submitted under the
signature of the rail transit agency’s top management.
§ 659.27 Internal safety and security reviews.
(a) The oversight agency shall require the rail transit agency to develop and document a process
for the performance of on-going internal safety and security reviews in its system safety
program plan.
(b) The internal safety and security review process must, at a minimum:
(1) Describe the process used by the rail transit agency to determine if all identified
elements of its system safety program plan and system security plan are performing
as intended; and
(2) Ensure that all elements of the system safety program plan and system security plan
are reviewed in an ongoing manner and completed over a three-year cycle.
(c) The rail transit agency must notify the oversight agency at least thirty (30) days before the
conduct of scheduled internal safety and security reviews.
(d) The rail transit agency shall submit to the oversight agency any checklists or procedures it
will use during the safety portion of its review.
-38-
�Resource Toolkit
(e) The rail transit agency shall make available to the oversight agency any checklists or
procedures subject to the security portion of its review, consistent with § 659.23(e).
(f) The oversight agency shall require the rail transit agency to annually submit a report
documenting internal safety and security review activities and the status of subsequent
findings and corrective actions. The security part of this report must be made available for
oversight agency review, consistent with § 659.23(e).
(g) The annual report must be accompanied by a formal letter of certification signed by the rail
transit agency’s chief executive, indicating that the rail transit agency is in compliance with
its system safety program plan and system security plan.
(h) If the rail transit agency determines that findings from its internal safety and security reviews
indicate that the rail transit agency is not in compliance with its system safety program plan
or system security plan, the chief executive must identify the activities the rail transit agency
will take to achieve compliance.
(i) The oversight agency must formally review and approve the annual report.
-39-
�Resource Toolkit
4.1
Objectives
The section describes SOA requirements for the internal safety and security audit program to be
implemented by the RTA.
4.2
Minimum Requirements for Audits
As described in the SSPP and System Security Plan, the RTA must implement a process for the
performance of on-going internal safety and security audits to ensure the implementation of the
RTA SSPP and System Security Plan, and to evaluate the effectiveness of these plans. To ensure
compliance with FTA’s 49 CFR Part 659.27, the RTA must:
Develop and submit to SOA an internal safety and security audit schedule, which addresses
all required 21 elements of the SSPP (Part 659.19) and all five (5) required elements of the
System Security Plan (Part 659.23), over a three-year cycle. At a minimum, annual updates
of this schedule must be provided to SOA with the annual report discussed in Section 4.3
below.
Develop checklists and procedures for conducting each of the 21 required SSPP audits.
These materials must ensure sufficient criteria to determine if all audited elements are
performing as intended.
Develop checklists and procedures for conducting each of the five (5) required System
Security Plan audits. These materials must ensure sufficient criteria to determine if all
audited elements are performing as intended.
Not less than 30 days prior to the conduct of an internal safety or security audit, notify SOA.
Notification must be in writing and may be transmitted to the SOA point-of-contact via
letter, email or fax. Notification should include the time and location of the internal audit.
SOA may participate in any internal audit of which it is notified.
In addition, at the time of notification, checklists and procedures relevant for the audit being
conducted must be submitted to SOA. These materials may be submitted to the SOA pointof-contact in electronic copy via email or in hard copy via mail or fax. For security audits,
any special provisions established by the RTA or SOA to ensure the protection of these
materials must be followed.
Based on the results of each audit conducted, the RTA must prepare a written report
documenting recommendations and any corrective actions identified as a result of the audit.
The RTA must also prepare an Internal Safety and Security Audit Findings Log to track
-40-
�Resource Toolkit
through to implementation all findings, recommendations, and corrective actions developed
as a result of the internal safety and security audit process. This log should be available to
the SOA and may be referenced during activities performed in support of the Hazard
Management Process (discussed in Section 5 of this document).
4.3
Minimum Requirements for Annual Report on the Internal Safety
and Security Audit Process
By March 1 of each year, SOA requires the RTA to submit an annual report to the SOA point-ofcontact that documents the internal audits conducted for the previous year. This report may be
submitted in electronic copy via email or in hard copy via mail or fax. For sections devoted to the
results of security audits, any special provisions established by the RTA or SOA to ensure the
protection of these materials must be followed.
This annual report must include:
a listing of the internal safety and security audits conducted for that year;
a discussion of where the RTA is in meeting its three-year internal audit schedule, including
the identification of any obstacles in meeting the schedule and any proposed mitigation
measures;
an updated schedule for the next year’s audits;
the status of all findings, recommendations and corrective actions resulting from the audits
conducted that year; and
any challenges or issues experienced by the RTA system safety function or security/police
function in obtaining action from/compliance with these findings, recommendations and
corrective actions during that year.
The SOA will review and approve this report within 30 days. While conducting its review, SOA
staff may request additional information, clarifications or revisions from the RTA safety or security
point-of-contact. A meeting or teleconference may also be conducted to address any issues identified
by SOA during its review of the annual report. Any additional requirements will be conveyed to the
RTA by the SOA point-of-contact.
In addition to the annual report, also by March 1, SOA requires that the RTA submit a formal letter
of certification, signed by the rail transit agency’s chief executive, stating that, based on the
evaluation performed during the internal safety and security audit process during the previous year,
the RTA is in compliance with its SSPP and System Security Plan.
-41-
�Resource Toolkit
If the RTA determines that findings from its internal safety and security audits indicate that the RTA
is not in compliance with its SSPP, the chief executive must then identify the activities that the RTA
will take to achieve compliance. SOA must review and approve this action plan using the
procedures specified in Section 8 of this document.
Figure 5 shows the internal safety and security audit process specified by SOA.
-42-
�Resource Toolkit
Figure 5: Internal Safety and Security Review Process
RTA forwards notification, checklists and
procedures to SOA at least 30 calendar
days prior to conducting internal safety or
security audit
SOA reviews checklists and procedures
RTA prepares written report
documenting the results of the
internal safety or security audit. RTA
maintains log of status of findings,
recommendations and corrective
actions
RTA conducts internal safety or security
audit. SOA reserves option to attend and
observe
RTA prepares Annual Report and Annual
Certification documenting the results of
the internal safety or security audit
process and submits to SOA
RTA provides additional
data/corrective actions to SOA
No
SOA requests additional
data/corrective actions
SOA approves annual
report?
Yes
RTA tracks corrective actions, if any, and
reports status to SOA
-43-
�Resource Toolkit
5.
Hazard Management Process
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s requirements for the Hazard Management Process, which must be developed by the rail
transit agency in its SSPP, and formally reviewed and approved by the oversight agency. The state
oversight agency must also ensure on-going participation in the rail transit agency’s Hazard
Management Process. Below, the relevant citations of the revised 49 CFR Part 659, which are
addressed in this section of the sample “Program Standard and Referenced Procedures” are
provided:
§ 659.19(f) System safety program plan: contents.
(f) A description of the process used by the rail transit agency to implement its hazard
management program, including activities for:
(1) Hazard identification;
(2) Hazard investigation, evaluation and analysis;
(3) Hazard control and elimination;
(4) Hazard tracking; and
(5) Requirements for on-going reporting to the oversight agency relating to hazard
management activities and status.
§ 659.31 Hazard management process.
(a) The oversight agency must require the rail transit agency to develop and document in its
system safety program plan a process to identify and resolve hazards during its operation,
including any hazards resulting from subsequent system extensions or modifications,
operational changes, or other changes within the rail transit environment.
(b) The hazard management process must, at a minimum:
(1) Define the rail transit agency’s approach to hazard management and the
implementation of an integrated system-wide hazard resolution process;
(2) Specify the sources of, and the mechanisms to support, the on-going identification of
hazards;
(3) Define the process by which identified hazards will be evaluated and prioritized for
elimination or control;
-44-
�Resource Toolkit
(4) Identify the mechanism used to track through resolution the identified hazard(s);
(5) Define minimum thresholds for the notification and reporting of hazard(s) to
oversight agencies; and
(6) Specify the process by which the rail transit agency will provide on-going reporting
of hazard resolution activities to the oversight agency.
§ 659.37 Corrective action plans.
(a) The oversight agency must, at a minimum, require the development of a corrective action
plan for the following:
(1) Results from investigations, in which identified causal and contributing factors are
determined by the rail transit agency or oversight agency as requiring corrective
actions; and
(2) Findings from safety and security reviews performed by the oversight agency.
(b) Each corrective action plan should identify the action to be taken by the rail transit agency,
an implementation schedule, and the individual or department responsible for the
implementation.
(c) The corrective action plan must be reviewed and formally approved by the oversight agency.
(d) The oversight agency must establish a process to resolve disputes between itself and the rail
transit agency resulting from the development or enforcement of a corrective action plan.
(e) The oversight agency must identify the process by which findings from an NTSB accident
investigation will be evaluated to determine whether or not a corrective action plan should be
developed by either the oversight agency or rail transit agency to address NTSB findings.
(f) The rail transit agency must provide the oversight agency:
(1) Verification that the corrective action(s) has been implemented as described in the
corrective action plan, or that a proposed alternate action(s) has been implemented
subject to oversight agency review and approval; and
(2) Periodic reports requested by the oversight agency, describing the status of each
corrective action(s) not completely implemented, as described in the corrective
action plan.
(g) The oversight agency must monitor and track the implementation of each approved corrective
action plan.
-45-
�Resource Toolkit
5.1
Objective
This section describes SOA requirements for the RTA Hazard Management Process. The objective
of this process is to provide SOA with an on-going role in overseeing the RTA’s identification,
assessment and resolution of hazards.
5.2
Minimum Requirements
SOA requires each RTA to develop and document in its SSPP a process to identify and resolve
hazards for New Starts projects, extensions, or modifications of existing systems, operational or
environmental changes, or from hazards discovered during reviews, audits, inspections, and
investigations.
The hazard management process must, at a minimum:
5.3
define the RTA’s approach to hazard management and the implementation of an integrated
system-wide hazard resolution process;
specify the sources of, and the mechanisms to support, the on-going identification of
hazards;
define the process by which identified hazards will be evaluated and prioritized for
elimination and control;
identify the mechanism used to track through resolution the identified hazard(s);
define the minimum thresholds for the notification and reporting of hazards to the SOA; and
specify the process by which the RTA will provide on-going reporting of hazard resolution
activities to the SOA.
Hazard Tracking Log
In its SSPP, the RTA must specify is approach to identifying and assessing hazards. Each RTA may
use a variety of methodologies, including informal processes, such as reports from operations and
maintenance personnel, results from rules compliance checks and employee evaluations, the mining
of maintenance data, results from facilities and vehicles inspections, findings from internal safety
and security audits, and daily review of the RTA’s unusual occurrences log, as well as more formal
approaches, such as trend analysis, hazard classification and resolution using the Mil-Std 882
process, hazard analyses using inductive processes (Preliminary Hazard Analysis, Failure Modes
and Effects Analysis, Job Hazard Analysis, etc.) and hazard analysis using deductive processes
(Fault Tree Analysis).
Based on its selected methods, the RTA must identify its process for consolidating all hazard
information into a single, coordinated process. This process may use worksheets, forms, databases
and other tools to support standardization and organization of hazard information. Based on this
-46-
�Resource Toolkit
process, SOA requires the RTA to establish a Hazard Tracking Log which reflects the
consolidation of information in the hazard management process. The Hazard Tracking Log must
contain all hazards identified through the various methods applied by the RTA. The Hazard
Tracking Log may be organized by the hazard number assigned by the RTA, or by the type of
hazard, the source from which it was identified, or the element of the RTA’s operation affected by
the hazard (i.e., facilities, vehicles, track and signal, communications/SCADA, tunnel ventilation,
personnel training and procedures, etc.). A sample log appears in Figure 6.
Figure 6: Sample Monthly Hazard Tracking Log
RTA Monthly Hazard Tracking Log
No.
Description
Date
Identified
Source
Assessment
Results
Recommendations
Status
No. – refers to the number assigned to the hazard by the RTA.
Description – refers to a brief narrative summary of the hazard – what it is; where it is located; what elements it is
comprised of; etc.
Date Identified – refers to the date the hazard was identified at the RTA.
Source – indicates the mechanism used to identify the hazard, i.e., operator report, near-miss, accident investigation,
results of internal safety or security audit, rules compliance or training program; maintenance failure, facility or vehicle
inspection, trend analysis, formal hazard analysis, etc.
Assessment Results – refers to the hazard severity and hazard frequency ratings initially assigned to hazard by the
RTA.
Recommendations – refers to the actions recommended by the RTA to address the hazard and to bring it into a level
of risk acceptable to management.
Status – refers to the status of the recommendations. Status may be designated as: not started, open, in progress, or
closed.
-47-
�Resource Toolkit
The proposed Hazard Tracking Log must be submitted by the RTA to the SOA in its SSPP for
review and approval. Once the log is approved, it must be submitted monthly to the SOA point-ofcontact in electronic copy via email or in hard copy via mail or fax. The SOA will review the
Monthly Hazard Tracking Log and forward any questions or requests for information to the RTA
safety point-of-contact.
5.4
Quarterly Meetings on the Hazard Management Process
To ensure an on-going involvement in the RTA’s hazard management process, as specified in 49
CFR Part 659. 31, SOA is requiring quarterly meetings with the RTA to review the Hazard Tracking
Log and the other RTA activities associated with the hazard management process. These meetings
should occur no later than the third week after the calendar year quarters ending on March 31,
June 30, September 30, and December 31. By the first week after each calendar year quarter has
ended, the RTA must submit to SOA a proposed date and location for the quarterly meeting and a
proposed agenda. SOA will review and approve the agenda, making any modifications as
appropriate, and schedule the quarterly meeting with the RTA.
During the quarterly meetings, SOA retains the authority to request and review any records
maintained by the RTA documenting the results of its hazard management process. If these records
are not available at the meetings, they will be transmitted to the SOA point-of-contact in electronic
copy via email or in hard copy via mail or fax after the conclusion of the quarterly meeting.
The RTA should prepare meeting minutes from each quarterly meeting, being sure to document any
identified action items or required activities. The meeting minutes should be prepared and submitted
to SOA no later than two weeks after each quarterly meeting.
5.5
Notification of Unacceptable Hazards
During application of its hazard management process, should the RTA determine that the final risk
assessment of the hazard identified is “unacceptable” using the criteria and assessment process
specified in its SSPP, the RTA shall notify the SOA point-of-contact within 24 hours or by
5:00 p.m. on the next regular working day following the determination of the unsafe condition as
“unacceptable”. The RTA shall transmit an electronic copy via email or a hard copy via fax of the
appropriately completed worksheets, forms or other materials documenting the unacceptable hazard.
5.6
Investigation of Unacceptable Hazards
The RTA or its contractor must investigate a hazard reported to the SOA as unacceptable in
accordance with the provisions specified by the RTA in its SSPP and the Accident Investigation
Procedure submitted to and approved by SOA. The RTA shall maintain a file of hazards reported to
the SOA and make these files available to the SOA for review and evaluation.
-48-
�Resource Toolkit
5.6.1 Initial Investigation Report
The RTA shall submit to the SOA the initial report of its investigation of the unacceptable hazard
within 7 calendar days of the hazard being reported to the SOA point-of-contact. The RTA may
transmit an electronic copy via email or a hard copy via mail or fax.
5.6.2 Status Investigation Reports
The RTA shall submit to the SOA point-of-contact status reports of the unacceptable hazard
investigation at least monthly until the investigation is completed. The RTA may transmit these
status reports as an electronic copy via email or as hard copy via mail or fax.
5.6.3 Final Investigation Report
Upon completing the investigation of the unacceptable hazard, the RTA shall prepare and submit to
the SOA for review and approval a final report that includes a description of activities, findings,
identified causal factors, and a corrective action plan. The RTA shall transmit an electronic copy of
the final investigation report to the SOA point-of-contact via email. Within 30 calendar days of
receiving a report designated as final, the SOA will review the report, using the process specified
in Section 6 of this document. Within 30 calendar days of acceptance of the RTA investigation
report, the SOA will issue to the RTA written approval of the report. In the event that SOA does not
accept the RTA report, SOA will communicate in writing the area(s) of disagreement or concern.
The report shall not be considered final until all conditions are met and the report is approved by
SOA.
5.6.4 Corrective Action Plans (CAP)
The RTA shall develop a corrective action plan to correct those elements or activities identified as
deficient. In addition, the SOA may, during the course of an investigation, identify corrective actions
to avoid or minimize the reoccurrence of the unsafe condition or address a related, systemic
problem. Procedures associated with development, submission, review and approval of corrective
action plans are the subject of Section 8 of this document. At any time during an investigation, SOA
reserves the right to request a full briefing from the RTA on the known circumstances of the
investigation, including corrective actions.
-49-
�Resource Toolkit
5.6.5 SOA Investigation of Hazards
SOA reserves the right to conduct independent investigations of identified unacceptable hazards. A
description of the SOA investigation process is provided Section 6.3.2 of this document.
Upon its determination to conduct an independent investigation, SOA will inform the RTA in
writing of its intention to conduct an investigation of a reported hazard no later than 7 calendar days
following receipt of the RTA initial report. SOA will advise the RTA of the following:
investigation processes;
identity of individual(s) conducting the investigation; and
tentative schedule of investigation elements.
The RTA shall assist the SOA investigators by providing required information and resources
necessary for conducting the investigation. The SOA or its contractor will complete an investigation
report that includes a description of activities, findings, identified causal factors, and a corrective
action plan. The report will be finished within 30 calendar days after completion of the
investigation, and will be delivered to the RTA for review. The RTA will have 15 days to prepare a
correction action plan and submit it to the SOA point-of-contact.
-50-
�Resource Toolkit
6.
Accident Notification, Investigation and Reporting
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s requirements for accident notification, investigation and reporting. Below, the relevant
citations of the revised 49 CFR Part 659, which are addressed in this section of the sample “Program
Standard and Referenced Procedures” are provided:
§ 659.15(b)(5), (6) and (7). System safety program standard: contents.
(5) Accident notification section. This section shall include the specific requirements for
the rail transit agency to notify the oversight agency of accidents. This section shall
also include required timeframes, methods of notification, and the information to be
submitted by the rail transit agency. Additional detail on this portion is included in
§659.33 of this part.
(6) Investigations section. This section contains the oversight agency identification of the
thresholds for incidents that require an oversight agency investigation. The roles and
responsibilities for conducting investigations shall include: coordination with the rail
transit agency investigation process, the role of the oversight agency in supporting
investigations and findings conducted by the NTSB, review and concurrence of
investigation report findings, and procedures for protecting the confidentiality of
investigation reports.
(7) Corrective actions section. This section shall specify oversight agency criteria for the
development of corrective action plan(s) and the process for the review and approval
of a corrective action plan developed by the rail transit agency. This section shall also
identify the oversight agency’s policies for the verification and tracking of corrective
action plan implementation, and its process for managing conflicts with the rail
transit agency relating to investigation findings and corrective action plan
development.
§ 659.19(j) System safety program plan: contents.
(j) A description of the process used by the rail transit agency to perform accident notification,
investigation and reporting, including:
(1) Notification thresholds for internal and external organizations;
(2) Accident investigation process and references to procedures;
(3) The process used to develop, implement, and track corrective actions that address
investigation findings;
-51-
�Resource Toolkit
(4) Reporting to internal and external organizations; and
(5) Coordination with the oversight agency.
§ 659.33 Accident notification.
(a) The oversight agency must require the rail transit agency to notify the oversight agency
within two (2) hours of any incident involving a rail transit vehicle or taking place on rail
transit-controlled property where one or more of the following occurs:
(1) A fatality at the scene; or where an individual is confirmed dead within thirty (30)
days of a rail transit-related incident;
(2) Injuries requiring immediate medical attention away from the scene for two or more
individuals;
(3) Property damage to rail transit vehicles, non-rail transit vehicles, other rail transit
property or facilities and non-transit property that equals or exceeds $25,000;
(4) An evacuation due to life safety reasons;
(5) A collision at a grade crossing;
(6) A main-line derailment;
(7) A collision with an individual on a rail right of way; or
(8) A collision between a rail transit vehicle and a second rail transit vehicle, or a rail
transit non-revenue vehicle.
(b) The oversight agency shall require rail transit agencies that share track with the general
railroad system and are subject to the Federal Railroad Administration notification
requirements, to notify the oversight agency within two (2) hours of an incident for which the
rail transit agency must also notify the Federal Railroad Administration.
(c) The oversight agency shall identify in its program standard the method of notification and the
information to be provided by the rail transit agency.
§ 659.35 Investigations.
(a) The oversight agency must investigate, or cause to be investigated, at a minimum, any
incident involving a rail transit vehicle or taking place on rail transit-controlled property
meeting the notification thresholds identified in § 659.33(a).
(b) The oversight agency must use its own investigation procedures or those that have been
formally adopted from the rail transit agency and that have been submitted to FTA.
-52-
�Resource Toolkit
(c) In the event the oversight agency authorizes the rail transit agency to conduct investigations
on its behalf, it must do so formally and require the rail transit agency to use investigation
procedures that have been formally approved by the oversight agency.
(d) Each investigation must be documented in a final report that includes a description of
investigation activities, identified causal and contributing factors, and a corrective action
plan.
(e) A final investigation report must be formally adopted by the oversight agency for each
accident investigation.
(1) If the oversight agency has conducted the investigation, it must formally transmit its
final investigation report to the rail transit agency.
(2) If the oversight agency has authorized an entity other than itself (including the rail
transit agency) to conduct the accident investigation on its behalf, the oversight
agency must review and formally adopt the final investigation report.
(3) If the oversight agency does not concur with the findings of the rail transit agency
investigation report, it must either:
(i) Conduct its own investigation according to paragraphs (b), (d) and (e)(1) of this
section; or
(ii) Formally transmit its dissent to the findings of the accident investigation, report
its dissent to the rail transit agency, and negotiate with the rail transit agency until
a resolution on the findings is reached.
(f) The oversight agency shall have the authority to require periodic status reports that document
investigation activities and findings in a time frame determined by the oversight agency.
§ 659.37 Corrective action plans.
(a) The oversight agency must, at a minimum, require the development of a corrective action
plan for the following:
(1) Results from investigations, in which identified causal and contributing factors are
determined by the rail transit agency or oversight agency as requiring corrective
actions; and
(2) Findings from safety and security reviews performed by the oversight agency.
(b) Each corrective action plan should identify the action to be taken by the rail transit agency,
an implementation schedule, and the individual or department responsible for the
implementation.
-53-
�Resource Toolkit
(c) The corrective action plan must be reviewed and formally approved by the oversight agency.
(d) The oversight agency must establish a process to resolve disputes between itself and the rail
transit agency resulting from the development or enforcement of a corrective action plan.
(e) The oversight agency must identify the process by which findings from an NTSB accident
investigation will be evaluated to determine whether or not a corrective action plan should be
developed by either the oversight agency or rail transit agency to address NTSB findings.
(f) The rail transit agency must provide the oversight agency:
(1) Verification that the corrective action(s) has been implemented as described in the
corrective action plan, or that a proposed alternate action(s) has been implemented
subject to oversight agency review and approval; and
(2) Periodic reports requested by the oversight agency, describing the status of each
corrective action(s) not completely implemented, as described in the corrective action
plan.
(g) The oversight agency must monitor and track the implementation of each approved corrective
action plan.
-54-
�Resource Toolkit
6.1
Objective
This section addresses the requirements in place for the notification, investigation and reporting
of accidents meeting the thresholds specified in FTA’s 49 CFR Part 659.33.
6.2
Minimum Requirements
The RTA shall notify the SOA within 2 hours of any safety or security event involving a rail transit
vehicle or taking place on RTA controlled property where one or more of the following occur:
a fatality at the scene; or where an individual is confirmed dead within 30 calendar days of a
transit-related incident;
injuries requiring immediate medical attention away from the scene for two or more
individuals;
property damage to RTA vehicles, non-RTA vehicles, other RTA property or facilities, and
non-RTA property that equals or exceeds $25,000;
an evacuation due to life safety reasons;
a collision at a grade crossing;
a main-line derailment;
a collision with an individual on a RTA right of way; or
a collision between a RTA vehicle and a second RTA vehicle or a RTA non-revenue vehicle.
Each RTA that shares track with a general railroad system and is subject to the Federal Railroad
Administration (FRA) notification requirements shall notify the SOA within 2 hours of an incident
for which the RTA must notify the FRA.
6.2.1 Initial Notification
The RTA shall provide initial notification to the SOA point-of-contact in electronic copy via email.
The following information shall be provided by the RTA in the initial notification of the event.
If the information is not pertinent to the event, the item should be identified on the Initial Notification
as “non applicable” (N/A).
Name and Job Title of person reporting and name of RTA
Event Type (fatality, injuries, property damage, evacuation, derailment or other)
Location, Time, Date
Fatalities
Injuries
Rail transit vehicle(s) involved (type, number)
Other vehicle(s) involved (type, number)
Property damage estimate
-55-
�Resource Toolkit
NTSB reportable
FRA reportable
RTA primary person (i.e., Chief Investigator) conducting the investigation (name, title,
phone and fax numbers, email address)
Description of the event
Implemented and/or planned corrective actions
The RTA shall provide additional information at SOA’s request. The RTA shall maintain a current
list of contact information for all primary and alternate SOA contact personnel, including delivery
street addresses, email addresses, and fax, telephone, cell phone, and pager numbers.
6.3
Investigations of Reportable Events
49 CFR Part 659.35 requires SOA to investigate, or cause to be investigated, at a minimum, any
incident involving a rail transit vehicle or taking place on rail transit-controlled property meeting the
notification thresholds identified in Section 6.2. In conducting these investigations, SOA may
authorize the RTA to conduct an investigation on its behalf, conduct its own independent
investigation, or, if the NTSB is investigating the accident, join in the investigation through NTSB’s
Party System.
6.3.1 Authorization of the RTA to Conduct Investigations on Behalf of SOA
After receiving notification of the accident as specified in Section 6.2.1, the SOA must formally
authorize the RTA in writing, via an email submitted to the RTA safety point-of-contact, to conduct
the investigation on its behalf. For all investigations conducted by the RTA on behalf of the SOA,
the RTA must use investigation procedures that have been approved by the SOA.
The RTA must submit these procedures to SOA with the SSPP by April 1, 2006. Subsequent updates
and revisions to these procedures should be submitted to SOA as they are completed and
implemented by the RTA or with the annual update of the SSPP. These procedures should be treated
as part of the SSPP. These procedures will be submitted to FTA as part of the SOA Initial
Submission. Subsequent updates to these procedures will be submitted to FTA as part of the SOA
Annual Submission.
In the event that authorization is conferred upon the RTA to conduct the investigation, SOA may
participate in the investigation process. The terms of participation are specified in the RTA SSPP and
in the RTA accident investigation procedures.
-56-
�Resource Toolkit
Each RTA investigation conducted on behalf of the SOA must be documented in a final report
that includes a description of investigation activities, findings, identified causal factors, and a
corrective action plan. At its discretion, and as specified in its accident investigation procedures,
the RTA may separate its investigation report into two parts: (1) description of investigation
activities, investigation findings, and determination of the most probable cause and additional
contributing causes; and (2) recommendations to prevent recurrence, including a corrective
action plan.
The investigation report prepared by the RTA shall be submitted to the SOA within 30 calendar days
following completion of the investigation. Until the investigation is completed, the RTA shall
prepare and submit monthly status investigation reports. The status investigation reports at a
minimum shall include:
minutes of any meeting held by a RTA ad hoc reportable event investigation committee or
contractor;
disclosure of any immediate corrective actions the RTA has planned or completed;
principal issues or items currently being evaluated; and
overall progress and status of the investigation.
At any time during an investigation, the RTA shall be prepared to provide a full briefing on the
known circumstances of the event, status of the RTA or NTSB investigation, and investigation
activities.
Upon receipt of the RTA accident investigation report, the SOA will review the report in accordance
with its Checklist for Reviewing RTA Investigation Reports, specified in Appendix I of this
document. In the event that the SOA does not agree with the description of the investigation, the
identification of primary and contributing causes, or the findings of the RTA report, the SOA shall
communicate in writing to the RTA safety-point-of-contact the area(s) of disagreement or concern.
SOA will work with the RTA to address these issues in the RTA’s accident investigation report.
In the event that agreement cannot be reached on these issues, the SOA will issue its own accident
investigation report, which may be no more than the RTA report and the SOA dissent.
SOA approval must be obtained on the corrective action plan portion of the RTA accident
investigation report. In the event that SOA takes issue with the RTA’s proposed corrective action
plan, SOA and the RTA must work together until SOA approval can be obtained.
To reduce the potential for conflict, SOA encourages each RTA to submit a draft version of the
accident investigation report to the SOA point-of-contact so that agreement may be obtained on the
most probable cause, additional contributing causes, corrective action plan, and an implementation
schedule before the report is finalized and formally issued by the RTA.
-57-
�Resource Toolkit
Reports and records of accident investigations submitted to the SOA by the RTA, as well as related
reports and records produced by both SOA and the RTA, will be treated as confidential information,
and will not be released without concurrence by both SOA and the RTA.
6.3.2 Independent SOA Investigations
SOA at its discretion may choose to conduct an independent investigation of any accident meeting
the thresholds specified in Section 6.2 utilizing its own personnel or an authorized contractor. Any
investigation conducted by the SOA or its contractor must be in accordance with the approved RTA
investigation procedures. SOA investigations may also follow the American Public Transportation
Association (APTA) Standard for Rail Transit Accident/Incident Investigation (Volume 4 Operating Practices APTA RT-S-OP-002-02 dated 7/26/04). This referenced standard, along with
the RTA accident investigation procedures, has been submitted to FTA as part of the SOA Initial
Submission.
The SOA will inform the RTA of its intention to conduct an investigation or participate in an RTA
investigation of a reported event no later than 7 calendar days following receipt of the RTA initial
report. SOA will advise the RTA as to the personnel who will be conducting the independent
investigation, and provide a preliminary schedule as to the investigation process.
All SOA authorized accident investigation personnel are granted authority under the state safety
oversight program to conduct an investigation and evaluate records, materials, data, analysis, and
other information which is pertinent to the investigation. It is expected that the RTA will provide to
the SOA investigation team the resources and information necessary to conduct the investigation
in an effective and efficient fashion.
SOA accident investigation personnel may conduct field analysis, operational surveys, interviews,
record checks, data analysis, and other on-site and off-site tasks which may be necessary for a
comprehensive investigation. If SOA accident investigation personnel require information or
analysis which is not readily available, or which may require additional resources by the RTA, it will
request this data in a written request to the RTA safety point-of-contact via email or letter.
In conducting its investigation, SOA will, at a minimum, perform the following activities:
SOA will assign a team of qualified personnel to investigate the accident (off and on-site).
The team will include individuals with technical expertise in the type of accident being
investigated. For example, a vehicle expert would be included in a team conducting the
accident investigation for an accident involving a rail vehicle mechanical failure. Technical
areas of specialization may include:
– System Safety
– Safety Training
– Transportation Management and Operations
– Substance Abuse Programs
-58-
�Resource Toolkit
–
–
–
–
–
Vehicles and Vehicle Maintenance
Worker Health & Safety, Facility Safety, & Hazardous Materials
Emergency Operations
Track, Structures, Signals & Communications
Transit System Security
The SOA on-site team will wait until the RTA and/or other emergency response personnel
have secured the accident/incident scene area before commencing its on-site accident
investigation. SOA reserves the right to request that the RTA hold the accident scene to the
maximum extent feasible until the arrival of and accident investigation by SOA team
members.
The SOA team will assess physical evidence of the accident scene including: damage and
debris analysis; skid mark analysis; and the use of measurements, diagrams and photographs.
They also will document the environmental and physical factors of the accident scene.
As part of the accident/incident investigation SOA will also assess compliance with
operating rules and procedures; conduct follow-up interviews (if required); analyze
employee records and the results of post accident drug and alcohol tests; and conduct vehicle
and equipment inspections.
All information gathered from the accident/incident investigation will be documented and
included in the SOA accident investigation report.
Within 30 work days of completion of the on-site and off-site accident investigation
requirements, the SOA investigation team will prepare a draft accident investigation
report.
The draft accident investigation report will be provided to the RTA for its review.
Comments will be due to SOA 10 work days after initial RTA receipt of the draft report.
If necessary, a meeting to discuss the draft report will also be held between SOA and the
RTA.
If necessary, and based upon the comments received from the transit agency, the draft report
will be revised.
A final accident investigation report will be issued by SOA within 30 work days of the end
of the comment period.
The RTA will be required to review the final SOA accident investigation report, and within 10 days
after receiving it, either (1) provide concurrence to implement the SOA-proposed corrective action
-59-
�Resource Toolkit
plan or (2) submit an alternate corrective action plan to SOA for review and approval.
6.6.3 NTSB Investigations
The NTSB may investigate a reportable event to achieve its primary function to promote safety in
transportation. In such case, the NTSB is responsible for the investigation; the determination of facts,
conditions, and circumstances; the cause or probable cause or causes; and recommendations to
reduce the likelihood of recurrence. SOA will support the NTSB as a member of its Party System.
In the event of an NTSB investigation, the RTA shall be responsible for timely briefing the SOA on
NTSB activities including meetings, interviews, requests for data, functional testing, examination of
equipment, and the results of drug and alcohol tests. The RTA shall provide the SOA with a copy of
all written correspondence to the NTSB concerning a reportable event or investigation, and also shall
provide the SOA a copy of all NTSB reports and any recommendations concerning the event or its
investigation, upon receipt by the RTA. The SOA will assist the NTSB by providing information
requested about the RTA critical practices and other matters as appropriate.
If the NTSB releases preliminary findings and recommendations, the SOA is authorized to participate
in any discussions and reviews with the RTA and NTSB. The SOA and the RTA will review the
NTSB findings, draft, and final reports and make a determination of whether or not to adopt the
NTSB recommendations. Should the NTSB recommendations be adopted, the RTA shall implement
the findings.
-60-
�Resource Toolkit
7.
Three-Year On-site Safety and Security Review
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s process for conducting on-site reviews of the rail transit agency’s implementation of its
SSPP and System Security Plan at least once every three years. Below, the relevant citations of the
revised 49 CFR Part 659, which are addressed in this section of the sample “Program Standard and
Referenced Procedures” are provided:
§ 659.15(b)(4) System safety program standard: contents.
(4) Oversight agency safety and security review section. This section shall lay out the
process and criteria to be used at least every three years in conducting a complete
review of each affected rail transit agency’s implementation of its system safety
program plan and system security plan. This section includes the process to be used
by the affected rail transit agency and the oversight agency to manage findings and
recommendations from this review. This also includes procedures for notifying the
oversight agency before the rail transit agency conducts an internal review.
§ 659.29 Oversight agency safety and security reviews.
At least every three (3) years, beginning with the initiation of rail transit agency passenger
operations, the oversight agency must conduct an on-site review of the rail transit agency’s
implementation of its system safety program plan and system security plan. Alternatively, the
on-site review may be conducted in an on-going manner over the three year timeframe. At the
conclusion of the review cycle, the oversight agency must prepare and issue a report containing
findings and recommendations resulting from that review, which, at a minimum, must include an
analysis of the effectiveness of the system safety program plan and the security plan and a
determination of whether either should be updated.
-61-
�Resource Toolkit
7.1
Objective
This section addresses SOA’s procedures for the Three-Year Safety and Security Review to be
performed on-site at the RTA. This review will determine the extent to which the RTA is meeting
its SSPP and System Security Plan requirements, the effectiveness of the SSPP and System Security
Plan, and whether the SSPP and System Security Plan should be updated.
7.2
Minimum Requirements
As specified in 49 CFR Part 659.29 at least every three (3) years, SOA must conduct an on-site
review of the RTA’s implementation of its SSPP and System Security Plan. Alternatively, this onsite review may be conducted in an on-going manner over the three-year timeframe.
In conducting the three-year review, SOA will establish a review team and prepare a schedule,
procedures and a checklist to guide the review process. Criteria will be established through which
SOA can evaluate the RTA’s implementation of its SSPP and System Security Plan.
As the conclusion of the review, SOA will prepare and issue a report containing findings and
recommendations resulting from the review, which will analyze the effectiveness of the SSPP and
System Security Plan and whether either should be updated. Corrective actions required as a result
of this review will be managed through the process described in Section 8 of this document.
SOA will submit its completed report for the three-year safety and security review to FTA as part of
its Annual Submission.
Figure 7 shows the Three-Year Safety and Security Review process.
7.3
Process and Procedure
7.3.1 Pre-Review Preparations
The SOA point-of-contact will establish a schedule for conducting the review at each RTA
operating within the state’s jurisdiction. This schedule will include milestones for the development
of checklists to guide the review, notification of the RTA regarding the review, conduct of a prereview meeting with the RTA, conducting the review, preparation of a draft report, delivery of the
draft report to the RTA, issuance of a final report, and the receipt, review, approval and tracking
through to implementation of RTA corrective action plans.
-62-
�Resource Toolkit
Figure 7: Three-Year Safety and Security Review Process
SOA schedules
Three-Year Safety and Security
on-site Review
with RTA
SOA develops checklists and
schedules activities for ThreeYear on-site Safety and Security
Review
SOA conducts Three-Year onsite Safety and Security Review
SOA directs RTA to prepare a
Corrective Action Plan to address
areas of concern and to correct
deficiencies
SOA prepares Draft Report identifying areas
of concern and/or deficiencies and transmits
to the RTA
SOA reviews and approves
Corrective Action Plans and
incorporates into Final Report
SOA issues Final Three-Year
Safety and Security Review
Report
RTA transmit Monthly Status Reports
and verification of completion of
corrective actions
-63-
�Resource Toolkit
The SOA point-of-contact will determine whether the review will be conducted by SOA personnel, a
contractor, or a combination of both. If a contractor is to be used, required activities to ensure that
contractor services are available in time to plan for and conduct the review will be added to the
milestone schedule.
Based on the milestone schedule, the SOA point-of-contact will assign a team of SOA and/or
contractor personnel to conduct the review. Each team shall have a designated Lead Reviewer and
supporting Team Members.
Once assigned, the team will begin its work by reviewing in detail the RTA’s SSPP, System Security
Plan, and referenced and supporting procedures and materials. These materials will form the basis
of SOA’s review checklist. As necessary, while preparing this checklist, the SOA point-of-contact
may contact the RTA’s safety or security point-of-contact and request additional information,
procedures, or documentation. These requests may be transmitted via email, letter or fax. For
example, the team may request and review the RTA’s operating rule book, bulletins, orders,
instructions, and procedures; maintenance manuals and procedures for vehicles, track and signals;
design criteria and project engineering procedures for extensions or modifications; internal safety
and security audit checklists and reports; the results of the hazard management process; and the
status of all corrective action plans.
Utilizing these materials, the team will complete its checklist development. This checklist will
identify:
the safety and security requirements to be reviewed;
the applicable reference documents that establish the acceptance criteria for those
requirements; and
the method of verification.
Space shall also be provided on the checklists to record the results of the review. Once the checklists
are completed, SOA will formally notify the RTA safety and security points-of-contact of the
upcoming review, no less than 60 days before the review is schedule. This notification will occur via
letter.
Shortly after notification, SOA will schedule a pre-review meeting with the RTA for clarification of
any questions and concerns, and coordination of daily schedules with the RTA. Either during this
meeting or via email or hard copy mail, SOA’s point-of-contact will also transmit its review
checklists to the RTA safety and security points-of-contact. The checklists will be delivered to RTA
at least 30 calendar days prior to the start date of the review.
-64-
�Resource Toolkit
7.3.2 On-Site Review
To begin the review, the SOA team will conduct an entrance meeting with the RTA to resolve any
outstanding issues and verify the schedule previously agreed to during the pre-review meeting. The
SOA team will then conduct the on-site safety and security review using checklists developed during
the pre-review period and transmitted to the RTA.
In performing this review, the SOA team will administer the checklists as specified, through
interviews, document and record reviews, first-hand observations of operations and maintenance
activities, spot checks, and visual examinations and measurements. Results will be recorded in the
checklists. When the results indicate a deficiency or discrepancy with the acceptance criteria
specified in the checklist, it will be noted and a supplemental form may be completed. At the
conclusion of the on-site review, the SOA team will conduct an exit meeting with the RTA,
providing an overview of the major findings, observations and concerns.
7.3.3 Draft and Final Three-Year Safety and Security Review Reports
Following the completion of the on-site review, the SOA team shall prepare a draft report with the
completed review checklists and supplemental forms included as attachments. A sample review
checklist and supplemental form are provided in Appendix J.
This draft report will provide:
Verification that the SSPP and System Security Plan are integral parts of the RTA’s overall
management, engineering, operating, and maintenance practice and/or identification of
deficiencies or areas requiring improvement.
Verification that the SSPP and System Security Plan are reviewed, at a minimum, on an
annual basis in order to ensure that they remain dynamic and viable documents and/or
identification of deficiencies or areas requiring improvement.
Verification that the RTA regularly monitors compliance with the SSPP and System Security
Plan, through a continuous and on-going internal safety and security audit process and/or
identification of deficiencies or areas requiring improvement.
Verification that the RTA identifies potentially serious conditions, hazards, threats and
vulnerabilities and ensures that methods to eliminate, control, and mitigate them are
implemented and/or identification of deficiencies or areas requiring improvement.
Verification that investigations are conducted following established procedures adopted
by RTA and/or identification of deficiencies or areas requiring improvement.
-65-
�Resource Toolkit
Verification that the RTA’s emergency preparedness and terrorism preparedness programs
are being implemented as specified in the SSPP and System Security Plan and/or
identification of deficiencies or areas requiring improvement.
Verification that specific activities and tasks identified in the SSPP and System Security Plan
are being carried out as specified in these plans and/or identification of deficiencies or areas
requiring improvement.
The draft report will be delivered to the RTA safety and security points-of-contact via email no later
than 30 working days after the conclusion of the on-site review. The RTA will have 30 days to
respond to the draft report and to prepare corrective actions as requested by the SOA in the draft
report to address any identified findings, recommendation or concerns. Upon receipt of the RTA’s
response, SOA will make any required revisions to the draft and issue the final report. The final
report shall be issued no later than 90 days after the conclusion of the on-site review.
While individual reports may vary, the basic outline used for the SOA Three-Year Safety and
Security Review Report is presented in Figure 8.
The SOA will transmit the completed three-year on-site safety and security review reports to FTA as
part of its Annual Submission.
Corrective action plans submitted by the RTA to address review findings will be reviewed, approved
and tracked through to implementation following the process specified in Section 8 of
this document.
-66-
�Resource Toolkit
Figure 8: Sample Three-Year Safety and Security Review Final Report Outline
Executive Summary
Introduction
Methodology for Three-Year Safety and Security
Review
RTA Implementation of System Safety Program
Plan
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
RTA Implementation of System Security Plan
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Hazard Management Process
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Threat and Vulnerability Resolution Process
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
System Safety Function Tasks and Activities
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Security/Police Function Tasks and Activities
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Emergency/Terrorism Preparedness Program
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
-67-
Employee Training and Rules Compliance
Programs
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Internal Safety and Security Audit Process
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Safety and Security in Capital Project Planning
and Implementation
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Safety-Sensitive Employee Fitness-For-Duty
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Facilities Inspections and Employee/Contractor
Safety
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Maintenance Inspections and Employee/
Contractor Safety
o Description
o Current Situation
o Evaluation Criteria
o Findings and Observations
Comments and/or Exceptions taken by the RTA
RTA Corrective Actions Tracking Matrix
�Resource Toolkit
8.
Corrective Action Plans
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s process for requiring, reviewing, approving and tracking to close-out corrective action
plans prepared by the rail transit agency. Below, the relevant citations of the revised 49 CFR Part
659, which are addressed in this section of the sample “Program Standard and Referenced
Procedures” are provided:
§ 659.15(b)(7) System safety program standard: contents.
(7) Corrective actions section. This section shall specify oversight agency criteria for the
development of corrective action plan(s) and the process for the review and approval
of a corrective action plan developed by the rail transit agency. This section shall also
identify the oversight agency’s policies for the verification and tracking of corrective
action plan implementation, and its process for managing conflicts with the rail
transit agency relating to investigation findings and corrective action plan
development.
§ 659.37 Corrective action plans.
(a) The oversight agency must, at a minimum, require the development of a corrective action
plan for the following:
(1) Results from investigations, in which identified causal and contributing factors are
determined by the rail transit agency or oversight agency as requiring corrective
actions; and
(2) Findings from safety and security reviews performed by the oversight agency.
(b) Each corrective action plan should identify the action to be taken by the rail transit agency,
an implementation schedule, and the individual or department responsible for the
implementation.
(c) The corrective action plan must be reviewed and formally approved by the oversight agency.
(d) The oversight agency must establish a process to resolve disputes between itself and the rail
transit agency resulting from the development or enforcement of a corrective action plan.
(e) The oversight agency must identify the process by which findings from an NTSB accident
investigation will be evaluated to determine whether or not a corrective action plan should be
developed by either the oversight agency or rail transit agency to address NTSB findings.
-68-
�Resource Toolkit
(f) The rail transit agency must provide the oversight agency:
(1) Verification that the corrective action(s) has been implemented as described in the
corrective action plan, or that a proposed alternate action(s) has been implemented
subject to oversight agency review and approval; and
(2) Periodic reports requested by the oversight agency, describing the status of each
corrective action(s) not completely implemented, as described in the corrective action
plan.
(g) The oversight agency must monitor and track the implementation of each approved corrective
action plan.
-69-
�Resource Toolkit
8.1
Objectives
This section addresses SOA’s procedure to ensure that corrective action plans are developed and
implemented by the RTA to address hazardous conditions identified through accident
investigations, the hazard management process, deficiencies in the RTA’s implementation of its
SSPP or System Security Plan, or recommendations specified by SOA.
8.2
Minimum Requirements
The RTA must develop corrective action plans for the following:
results from investigations in which identified causal factors are determined by the RTA or
SOA as requiring corrective actions; and
hazards or deficiencies identified from internal and external safety and security
audits/reviews performed by the RTA or SOA or from the hazard management process.
Each corrective action plan shall identify:
identified hazard or deficiency;
planned activities or actions to resolve deficiency or hazard;
RTA department(s) responsible for implementing corrective actions; and
scheduled completion dates for implementation.
The corrective action plan shall be submitted to the SOA for review and approval. In the event that
the SOA and the RTA dispute the need, findings, or enforcement of a corrective action plan, SOA
will allow the RTA 30 calendar days to submit its case. SOA will then issue final direction to the
RTA regarding the corrective action plan.
In the event that the NTSB conducts an investigation, the RTA and SOA shall review the NTSB
findings and recommendations to determine whether or not a corrective action plan should be
developed by the RTA. If a corrective action plan is required either by the NTSB or SOA, the RTA
shall develop it.
The RTA shall develop and maintain a Corrective Action Monitoring Log, which identifies all
corrective action plans approved by SOA and presents their status. This log shall be submitted
monthly to the SOA point-of-contact in electronic form via email or in hard copy via mail or fax. As
corrective action plans are closed out, the RTA must submit verification that the corrective action(s)
has been implemented as described in the corrective action plan or that a proposed alternative
action(s) has been implemented. This verification should be submitted with the monthly Corrective
Action Plan Tracking Log in electronic or hard copy format. In the monthly log, the RTA must also
inform SOA concerning any alternative actions for implementing a corrective action plan.
-70-
�Resource Toolkit
8.3
Notification
The RTA shall develop a corrective action plan with the intent of addressing the hazard or
deficiency identified as a result of an accident investigation, the hazard management process, or the
internal and external safety and security audits/reviews performed by the RTA or SOA. The RTA
shall submit the corrective action plan to the SOA for approval within 30 calendar days after the
need for the corrective action plan been identified by either the RTA or SOA. Depending on the
complexity
of
the issue requiring corrective action, and at SOA’s discretion, additional time may be granted to the
RTA to prepare the corrective action plan.
8.4
Corrective Action Plan Review and Approval
SOA will notify the RTA of its approval or rejection of a corrective action plan within 15 calendar
days of receiving the corrective action plan. In the event SOA rejects a corrective action plan, SOA
will state its reasons in writing and recommend revisions. The RTA shall submit a revised corrective
action plan to SOA no later than 15 calendar days following the rejection.
8.5
Monitoring and Tracking
The RTA shall maintain a Corrective Action Monitoring Log and provide the SOA with monthly
corrective action implementation updates. The RTA shall verify to SOA in writing when a corrective
action has been fully implemented. The RTA corrective action is subject to independent SOA
verification.
Figure 9 identifies the corrective action plan process.
-71-
�Resource Toolkit
Figure 9: Corrective Action Plan Process
SOA or RTA
determines need for a
Corrective Action Plan
(CAP)
RTA prepares and
submits CAP for
approval
RTA revises CAP as directed
SOA reviews CAP
SOA specifies revisions to CAP
Does SOA
approve CAP?
No
Yes
SOA notifies RTA of approval of
CAP and begins monitoring
implementation of CAP
RTA provides monthly monitoring reports
and notifies SOA when CAP is fully
implemented
-72-
�Resource Toolkit
9.
Reporting to FTA
This section of the “Program Standard and Referenced Procedures” introduces the state oversight
agency’s process for reporting to FTA. Below, the relevant citations of the revised 49 CFR Part 659,
which are addressed in this section of the sample “Program Standard and Referenced Procedures”
are provided:
§ 659.39 Oversight agency reporting to the Federal Transit Administration.
(a) Initial submission. Each designated oversight agency with a rail fixed guideway system that
is in passenger operations as of April 29, 2005 or will begin passenger operations by
May 1, 2006, must make its initial submission to FTA by May 1, 2006. In states with rail
fixed guideway systems initiating passenger operations after May 1, 2006, the designated
oversight agency must make its initial submission within the time frame specified by the
state in its designation submission, but not later than at least sixty (60) days prior to initiation
of passenger operations. Any time a state changes its designated oversight agency to carry
out the requirements identified in this part, the new oversight agency must make a new initial
submission to FTA within thirty (30) days of the designation.
(b) An initial submission must include the following:
(1) Oversight agency program standard and referenced procedures; and
(2) Certification that the system safety program plan and the system security plan have
been developed, reviewed, and approved.
(c) Annual submission. Before March 15 of each year, the oversight agency must submit the
following to FTA:
(1) A publicly available annual report summarizing its oversight activities for the
preceding twelve months, including a description of the causal factors of investigated
accidents, status of corrective actions, updates and modifications to rail transit agency
program documentation, and the level of effort used by the oversight agency to carry
out its oversight activities.
(2) A report documenting and tracking findings from three-year safety review activities,
and whether a three-year safety review has been completed since the last annual
report was submitted.
(3) Program standard and supporting procedures that have changed during the preceding
year.
-73-
�Resource Toolkit
(4) Certification that any changes or modifications to the rail transit agency system safety
program plan or system security plan have been reviewed and approved by the
oversight agency.
(d) Periodic submission. FTA retains the authority to periodically request program information.
(e) Electronic reporting. All submissions to FTA required in this part must be submitted
electronically using a reporting system specified by FTA.
§ 659.43 Certification of compliance.
(a) Annually, the oversight agency must certify to the FTA that it has complied with the
requirements of this part.
(b) The oversight agency must submit each certification electronically to FTA using a reporting
system specified by FTA.
(c) The oversight agency must maintain a signed copy of each annual certification to FTA,
subject to audit by FTA.
-74-
�Resource Toolkit
9.1
Objective
This section addresses SOA’s procedures for making initial, annual and periodic submissions to
FTA’s Office of Safety and Security, in compliance with 49 CFR Part 659.39 and Part 659.43.
9.2
Reporting Requirements to FTA
Initial Submission. SOA will make its Initial Submission to FTA’s Office of Safety and Security by
May 1, 2006. This submission will be delivered to FTA’s Office of Safety and Security in the
format and method specified by FTA and communicated to the SOA point-of-contact. The Initial
Submission includes:
SOA’s program standard and referenced procedures; and
SOA’s certification that the system safety program plan and the system security plan have
been developed, reviewed, and approved.
A sample certification that the system safety program plan and the system security plan have been
developed, reviewed, and approved is located in Appendix K.
In the event that the state should ever determine that oversight authority should be transferred to
another agency of the state, SOA will work with this agency to ensure that a new Initial Submission
is delivered to FTA within thirty (30) days of the determination to make change. SOA will also
work with this agency to ensure that at no point are the RTAs affected by 49 CFR Part 659 left
without a duly authorized oversight agency.
Annual Submission. Before March 15 of each year, SOA must submit the following to FTA:
A publicly available annual report summarizing its oversight activities for the preceding
twelve months, including a description of the causal factors of investigated accidents, status
of corrective actions, updates and modifications to rail transit agency program
documentation, and the level of effort used by the oversight agency to carry out its oversight
activities.
A report documenting and tracking findings from three-year safety review activities and
whether a three-year safety review has been completed since the last annual report was
submitted.
Program standard and supporting procedures that have changed during the preceding year.
Certification that any changes or modifications to the rail transit agency system safety
program plan or system security plan have been reviewed and approved by the oversight
agency.
-75-
�Resource Toolkit
Annual Certification. With its Annual Submission, SOA must certify to the FTA that it has complied
with the requirements of 49 CFR Part 659. SOA will submit this certification electronically to FTA
using a reporting system specified by FTA. SOA will maintain a signed copy of each annual
certification to FTA, subject to audit by FTA.
Periodic Submissions. Status reports of accidents/incidents, hazardous conditions, and corrective
action plans or other program information must be forwarded to the FTA upon request.
SOA will ensure that all submissions to FTA are submitted electronically using the reporting system
specified by FTA.
-76-
�Appendix A: Authority for the State Oversight Agency
�[In this Appendix, the designated state oversight agency should insert
the Executive Order, enabling legislation or other source of authority
for the State Safety and Security Oversight program.]
�Appendix B: 49 CFR Part 659 (April 29, 2005)
�49 CFR Part 659
“Rail Fixed Guideway Systems; State Safety Oversight; Final Rule”
April 29, 2005
Subpart A – General Provisions
§ 659.1 Purpose
This part implements 49 U.S.C. 5330 by requiring a state to oversee the safety and security of
rail fixed guideway systems through a designated oversight agency.
§ 659.3 Scope
This part applies to a state that has within its boundaries a rail fixed guideway system, as defined
in this part.
§ 659.5 Definitions
Contractor means an entity that performs tasks required by this part on behalf of the oversight
or rail transit agency. The rail transit agency may not be a contractor for the oversight agency.
Corrective action plan means a plan developed by the rail transit agency that describes the
actions the rail transit agency will take to minimize, control, correct, or eliminate hazards, and
the schedule for implementing for those actions.
FRA means the Federal Railroad Administration, an agency within the U.S. Department of
Transportation.
FTA means the Federal Transit Administration, an agency within the U.S. Department of
Transportation.
Hazard means any real or potential condition (as defined in the rail transit agency’s hazard
management process) that can cause injury, illness, or death; damage to or loss of a system,
equipment or property; or damage to the environment.
Individual means a passenger; employee; contractor; other rail transit facility worker;
pedestrian; trespasser; or any person on rail transit-controlled property.
Investigation means the process used to determine the causal and contributing factors of an
accident or hazard, so that actions can be identified to prevent recurrence.
New Starts Project means any rail fixed guideway system funded under FTA’s 49 U.S.C. 5309
discretionary construction program.
Oversight Agency means the entity, other than the rail transit agency, designated by the state or
several states to implement this part.
1
�Passenger means a person who is on board, boarding, or alighting from a rail transit vehicle for
the purpose of travel.
Passenger operations means the period of time when any aspect of rail transit agency operations
are initiated with the intent to carry passengers.
Program standard means a written document developed and adopted by the oversight agency,
that describes the policies, objectives, responsibilities, and procedures used to provide rail transit
agency safety and security oversight.
Rail fixed guideway system means, as determined by FTA, any light, heavy, or rapid rail
system, monorail, inclined plane, funicular, trolley, or automated guideway that:
(1) Is not regulated by the Federal Railroad Administration; and
(2) Is included in FTA’s calculation of fixed guideway route miles or receives funding
under FTA’s formula program for urbanized areas (49 U.S.C. 5336); or
(3) Has submitted documentation to FTA indicating its intent to be included in FTA’s
calculation of fixed guideway route miles to receive funding under FTA’s formula
program for urbanized areas (49 U.S.C. 5336).
Rail transit agency means an entity that operates a rail fixed guideway system.
Rail transit-controlled property means property that is used by the rail transit agency and may
be owned, leased, or maintained by the rail transit agency.
Rail transit vehicle means the rail transit agency’s rolling stock, including, but not limited to
passenger and maintenance vehicles.
Safety means freedom from harm resulting from unintentional acts or circumstances.
Security means freedom from harm resulting from intentional acts or circumstances.
State means a State of the United States, the District of Columbia, Puerto Rico, the Northern
Mariana Islands, Guam, American Samoa and the Virgin Islands.
System safety program plan means a document developed by the rail transit agency, describing
its safety policies, objectives, responsibilities, and procedures.
System security plan means a document developed by the rail transit agency describing its
security policies, objectives, responsibilities, and procedures.
Subpart B – Role of the State
§ 659.7 Withholding of funds for noncompliance
2
�(a) The Administrator of the FTA may withhold up to five percent of the amount required to be
distributed to any state or affected urbanized area in such state under FTA’s formula program for
urbanized areas, if:
(1) The state in the previous fiscal year has not met the requirements of this part; and
(2) The Administrator determines that the state is not making adequate efforts to comply
with this part.
(b) The Administrator may agree to restore withheld formula funds, if compliance is achieved
within two years (See 49 U.S.C. 5330).
§ 659.9 Designation of oversight agency
(a) General requirement. Each state with an existing or anticipated rail fixed guideway system
regulated by this part shall designate an oversight agency consistent with the provisions of this
section. For a rail fixed guideway system that will operate in only one state, the state must
designate an agency of the state, other than the rail transit agency, as the oversight agency to
implement the requirements in this part. The state’s designation or re-designation of its oversight
agency and submission of required information as specified in this section, are subject to review
by FTA.
(b) Exception. States which have designated oversight agencies for purposes of this part before
May 31, 2005 are not required to re-designate to FTA.
(c) Timing. The state designation of the oversight agency shall:
(1) Coincide with the execution of any grant agreement for a New Starts project between
FTA and a rail transit agency within the state’s jurisdiction; or
(2) Occur before the application by a rail transit agency for funding under FTA’s formula
program for urbanized areas (49 U.S.C. 5336).
(d) Notification to FTA. Within (60) days of designation of the oversight agency, the state must
submit to FTA the following:
(1) The name of the oversight agency designated to implement requirements in this part;
(2) Documentation of the oversight agency’s authority to provide state oversight;
(3) Contact information for the representative identified by the designated oversight
agency with responsibility for oversight activities;
(4) A description of the organizational and financial relationship between the designated
oversight agency and the rail transit agency; and
(5) A schedule for the designated agency’s development of its State Safety Oversight
Program, including the projected date of its initial submission, as required in
§ 659.39(a).
3
�(e) Multiple states. In cases of a rail fixed guideway system that will operate in more than one
state, each affected state must designate an agency of the state, other than the rail transit agency,
as the oversight agency to implement the requirements in this part. To fulfill this requirement,
the affected states:
(1) May agree to designate one agency of one state, or an agency representative of all
states, to implement the requirements in this part; and
(2) In the event multiple states share oversight responsibility for a rail fixed guideway
system, the states must ensure that the rail fixed guideway system is subject to a
single program standard, adopted by all affected states.
(f) Change of designation. Should a state change its designated oversight agency, it shall submit
the information required under paragraph (d) of this section to FTA within (30) days of its
change. In addition, the new oversight agency must submit a new initial submission, consistent
with § 659.39(b), within (30) days of its designation.
§ 659.11 Confidentiality of investigation reports and security plans
(a) A state may withhold an investigation report that may have been prepared or adopted by the
oversight agency from being admitted as evidence or used in a civil action for damages resulting
from a matter mentioned in the report.
(b) This part does not require public availability of the rail transit agency’s security plan and any
referenced procedures.
Subpart C – Role of the State Oversight Agency
§ 659.13 Overview
The state oversight agency is responsible for establishing standards for rail safety and security
practices and procedures to be used by rail transit agencies within its purview. In addition, the
state oversight agency must oversee the execution of these practices and procedures, to ensure
compliance with the provisions of this part. This subpart identifies and describes the various
requirements for the state oversight agency.
§ 659.15 System safety program standard
(a) General requirement. Each state oversight agency shall develop and distribute a program
standard. The program standard is a compilation of processes and procedures that governs the
conduct of the oversight program at the state oversight agency level, and provides guidance to
the regulated rail transit properties concerning processes and procedures they must have in place
to be in compliance with the state safety oversight program. The program standard and any
referenced program procedures must be submitted to FTA as part of the initial submission.
Subsequent revisions and updates must be submitted to FTA as part of the oversight agency’s
annual submission.
4
�(b) Contents. Each oversight agency shall develop a written program standard that meets the
requirements specified in this part and includes, at a minimum, the areas identified in this
section.
(1) Program management section. This section shall include an explanation of the
oversight agency’s authority, policies, and roles and responsibilities for providing
safety and security oversight of the rail transit agencies within its jurisdiction. This
section shall provide an overview of planned activities to ensure on-going
communication with each affected rail transit agency relating to safety and security
information, as well as FTA reporting requirements, including initial, annual and
periodic submissions.
(2) Program standard development section. This section shall include a description of the
oversight agency’s process for the development, review, and adoption of the program
standard, the modification and/or update of the program standard, and the process by
which the program standard and any subsequent revisions are distributed to each
affected rail transit agency.
(3) Oversight of rail transit agency internal safety and security reviews. This section shall
specify the role of the oversight agency in overseeing the rail transit agency internal
safety and security review process. This includes a description of the process used by
the oversight agency to receive rail transit agency checklists and procedures and
approve the rail transit agency’s annual reports on findings, which must be submitted
under the signature of the rail transit agency’s top management.
(4) Oversight agency safety and security review section. This section shall lay out the
process and criteria to be used at least every three years in conducting a complete
review of each affected rail transit agency’s implementation of its system safety
program plan and system security plan. This section includes the process to be used
by the affected rail transit agency and the oversight agency to manage findings and
recommendations from this review. This also includes procedures for notifying the
oversight agency before the rail transit agency conducts an internal review.
(5) Accident notification section. This section shall include the specific requirements for
the rail transit agency to notify the oversight agency of accidents. This section shall
also include required timeframes, methods of notification, and the information to be
submitted by the rail transit agency. Additional detail on this portion is included in
§659.33 of this part.
(6) Investigations section. This section contains the oversight agency identification of the
thresholds for incidents that require an oversight agency investigation. The roles and
responsibilities for conducting investigations shall include: coordination with the rail
transit agency investigation process, the role of the oversight agency in supporting
investigations and findings conducted by the NTSB, review and concurrence of
investigation report findings, and procedures for protecting the confidentiality of
investigation reports.
(7) Corrective actions section. This section shall specify oversight agency criteria for the
development of corrective action plan(s) and the process for the review and approval
of a corrective action plan developed by the rail transit agency. This section shall also
5
�identify the oversight agency’s policies for the verification and tracking of corrective
action plan implementation, and its process for managing conflicts with the rail transit
agency relating to investigation findings and corrective action plan development.
(8) System safety program plan section. This section shall specify the minimum
requirements to be contained in the rail transit agency’s system safety program plan.
The contents of the system safety plan are discussed in more detail in § 659.19 of this
part. This section shall also specify information to be included in the affected rail
transit agency’s system safety program plan relating to the hazard management
process, including requirements for ongoing communication and coordination relating
to the identification, categorization, resolution, and reporting of hazards to the
oversight agency. More details on the hazard management process are contained in
§ 659.31 of this part. This section shall also describe the process and timeframe
through which the oversight agency must receive, review, and approve the rail transit
agency system safety program plan.
(9) System security plan section. This section shall specify the minimum requirements to
be included in the rail transit agency’s system security plan. More details about the
system security plan are contained in §§ 659.21 through 659.23 of this part. This
section shall also describe the process by which the oversight agency will review and
approve the rail transit agency system security program plan. This section also shall
identify how the state will prevent the system security plan from public disclosure.
§ 659.17 System safety program plan: general requirements
(a) The oversight agency shall require the rail transit agency to develop and implement a written
system safety program plan that complies with requirements in this part and the oversight
agency’s program standard.
(b) The oversight agency shall review and approve the rail transit agency system safety program
plan.
(c) After approval, the oversight agency shall issue a formal letter of approval to the rail transit
agency, including the checklist used to conduct the review.
§ 659.19 System safety program plan: contents
The system safety plan shall include, at a minimum:
(a) A policy statement signed by the agency’s chief executive that endorses the safety program
and describes the authority that establishes the system safety program plan.
(b) A clear definition of the goals and objectives for the safety program and stated management
responsibilities to ensure they are achieved.
(c) An overview of the management structure of the rail transit agency, including:
6
�(1) An organization chart;
(2) A description of how the safety function is integrated into the rest of the rail transit
organization; and
(3) Clear identification of the lines of authority used by the rail transit agency to manage
safety issues.
(d) The process used to control changes to the system safety program plan, including:
(1) Specifying an annual assessment of whether the system safety program plan should
be updated; and
(2) Required coordination with the oversight agency, including timeframes for
submission, revision, and approval.
(e) A description of the specific activities required to implement the system safety program,
including:
(1) Tasks to be performed by the rail transit safety function, by position and management
accountability, specified in matrices and/or narrative format; and
(2) Safety-related tasks to be performed by other rail transit departments, by position and
management accountability, specified in matrices and/or narrative format.
(f) A description of the process used by the rail transit agency to implement its hazard
management program, including activities for:
(1) Hazard identification;
(2) Hazard investigation, evaluation and analysis;
(3) Hazard control and elimination;
(4) Hazard tracking; and
(5) Requirements for on-going reporting to the oversight agency relating to hazard
management activities and status.
(g) A description of the process used by the rail transit agency to ensure that safety concerns are
addressed in modifications to existing systems, vehicles, and equipment, which do not require
formal safety certification but which may have safety impacts.
(h) A description of the safety certification process required by the rail transit agency to ensure
that safety concerns and hazards are adequately addressed prior to the initiation of passenger
operations for New Starts and subsequent major projects to extend, rehabilitate, or modify an
existing system, or to replace vehicles and equipment.
(i) A description of the process used to collect, maintain, analyze, and distribute safety data, to
ensure that the safety function within the rail transit organization receives the necessary
information to support implementation of the system safety program.
7
�(j) A description of the process used by the rail transit agency to perform accident notification,
investigation and reporting, including:
(1) Notification thresholds for internal and external organizations;
(2) Accident investigation process and references to procedures;
(3) The process used to develop, implement, and track corrective actions that address
investigation findings;
(4) Reporting to internal and external organizations; and
(5) Coordination with the oversight agency.
(k) A description of the process used by the rail transit agency to develop an approved,
coordinated schedule for all emergency management program activities, which include:
(1) Meetings with external agencies;
(2) Emergency planning responsibilities and requirements;
(3) Process used to evaluate emergency preparedness, such as annual emergency field
exercises;
(4) After action reports and implementation of findings;
(5) Revision and distribution of emergency response procedures;
(6) Familiarization training for public safety organizations; and
(7) Employee training.
(l) A description of the process used by the rail transit agency to ensure that planned and
scheduled internal safety reviews are performed to evaluate compliance with the system safety
program plan, including:
(1) Identification of departments and functions subject to review;
(2) Responsibility for scheduling reviews;
(3) Process for conducting reviews, including the development of checklists and
procedures and the issuing of findings;
(4) Review of reporting requirements;
(5) Tracking the status of implemented recommendations; and
(6) Coordination with the oversight agency.
(m) A description of the process used by the rail transit agency to develop, maintain, and ensure
compliance with rules and procedures having a safety impact, including:
(1) Identification of operating and maintenance rules and procedures subject to review;
8
�(2) Techniques used to assess the implementation of operating and maintenance rules and
procedures by employees, such as performance testing;
(3) Techniques used to assess the effectiveness of supervision relating to the
implementation of operating and maintenance rules; and
(4) Process for documenting results and incorporating them into the hazard management
program.
(n) A description of the process used for facilities and equipment safety inspections, including:
(1) Identification of the facilities and equipment subject to regular safety-related
inspection and testing;
(2) Techniques used to conduct inspections and testing;
(3) Inspection schedules and procedures; and
(4) Description of how results are entered into the hazard management process.
(o) A description of the maintenance audits and inspections program, including identification of
the affected facilities and equipment, maintenance cycles, documentation required, and the
process for integrating identified problems into the hazard management process.
(p) A description of the training and certification program for employees and contractors,
including:
(1) Categories of safety-related work requiring training and certification;
(2) A description of the training and certification program for employees and contractors
in safety-related positions;
(3) Process used to maintain and access employee and contractor training records; and
(4) Process used to assess compliance with training and certification requirements.
(q) A description of the configuration management control process, including:
(1) The authority to make configuration changes;
(2) Process for making changes; and
(3) Assurances necessary for formally notifying all involved departments.
(r) A description of the safety program for employees and contractors that incorporates the
applicable local, state, and federal requirements, including:
(1) Safety requirements that employees and contractors must follow when working on, or
in close proximity to, rail transit agency property; and
(2) Processes for ensuring the employees and contractors know and follow the
requirements.
9
�(s) A description of the hazardous materials program, including the process used to ensure
knowledge of and compliance with program requirements.
(t) A description of the drug and alcohol program and the process used to ensure knowledge of
and compliance with program requirements.
(u) A description of the measures, controls, and assurances in place to ensure that safety
principles, requirements and representatives are included in the rail transit agency’s procurement
process.
§ 659.21 System security plan: general requirements
(a) The oversight agency shall require the rail transit agency to implement a system security plan
that, at a minimum, complies with requirements in this part and the oversight agency’s program
standard. The system security plan must be developed and maintained as a separate document
and may not be part of the rail transit agency’s system safety program plan.
(b) The oversight agency may prohibit a rail transit agency from publicly disclosing the system
security plan.
(c) After approving the system security plan, the oversight agency shall issue a formal letter of
approval, including the checklist used to conduct the review, to the rail transit agency.
§ 659.23 System security plan: contents
The system security plan must, at a minimum address the following:
(a) Identify the policies, goals, and objectives for the security program endorsed by the agency’s
chief executive.
(b) Document the rail transit agency’s process for managing threats and vulnerabilities during
operations, and for major projects, extensions, new vehicles and equipment, including integration
with the safety certification process;
(c) Identify controls in place that address the personal security of passengers and employees;
(d) Document the rail transit agency’s process for conducting internal security reviews to
evaluate compliance and measure the effectiveness of the system security plan; and
(e) Document the rail transit agency’s process for making its system security plan and
accompanying procedures available to the oversight agency for review and approval.
§ 659.25 Annual review of system safety program plan and system security plan
(a) The oversight agency shall require the rail transit agency to conduct an annual review of its
system safety program plan and system security plan.
10
�(b) In the event the rail transit agency’s system safety program plan is modified, the rail transit
agency must submit the modified plan and any subsequently modified procedures to the
oversight agency for review and approval. After the plan is approved, the oversight agency must
issue a formal letter of approval to the rail transit agency.
(c) In the event the rail transit agency’s system security plan is modified, the rail transit agency
must make the modified system security plan and accompanying procedures available to the
oversight agency for review, consistent with requirements specified in § 659.23(e) of this part.
After the plan is approved, the oversight agency shall issue a formal letter of approval to the rail
transit agency.
§ 659.27 Internal safety and security reviews
(a) The oversight agency shall require the rail transit agency to develop and document a process
for the performance of on-going internal safety and security reviews in its system safety program
plan.
(b) The internal safety and security review process must, at a minimum:
(1) Describe the process used by the rail transit agency to determine if all identified
elements of its system safety program plan and system security plan are performing
as intended; and
(2) Ensure that all elements of the system safety program plan and system security plan
are reviewed in an ongoing manner and completed over a three-year cycle.
(c) The rail transit agency must notify the oversight agency at least thirty (30) days before the
conduct of scheduled internal safety and security reviews.
(d) The rail transit agency shall submit to the oversight agency any checklists or procedures it
will use during the safety portion of its review.
(e) The rail transit agency shall make available to the oversight agency any checklists or
procedures subject to the security portion of its review, consistent with § 659.23(e).
(f) The oversight agency shall require the rail transit agency to annually submit a report
documenting internal safety and security review activities and the status of subsequent findings
and corrective actions. The security part of this report must be made available for oversight
agency review, consistent with § 659.23(e).
(g) The annual report must be accompanied by a formal letter of certification signed by the rail
transit agency’s chief executive, indicating that the rail transit agency is in compliance with its
system safety program plan and system security plan.
(h) If the rail transit agency determines that findings from its internal safety and security reviews
indicate that the rail transit agency is not in compliance with its system safety program plan or
11
�system security plan, the chief executive must identify the activities the rail transit agency will
take to achieve compliance.
(i) The oversight agency must formally review and approve the annual report.
§ 659.29 Oversight agency safety and security reviews
At least every three (3) years, beginning with the initiation of rail transit agency passenger
operations, the oversight agency must conduct an onsite review of the rail transit agency’s
implementation of its system safety program plan and system security plan. Alternatively, the
on-site review may be conducted in an on-going manner over the three year timeframe. At the
conclusion of the review cycle, the oversight agency must prepare and issue a report containing
findings and recommendations resulting from that review, which, at a minimum, must include an
analysis of the effectiveness of the system safety program plan and the security plan and a
determination of whether either should be updated.
§ 659.31 Hazard management process
(a) The oversight agency must require the rail transit agency to develop and document in its
system safety program plan a process to identify and resolve hazards during its operation,
including any hazards resulting from subsequent system extensions or modifications, operational
changes, or other changes within the rail transit environment.
(b) The hazard management process must, at a minimum:
(1) Define the rail transit agency’s approach to hazard management and the
implementation of an integrated system-wide hazard resolution process;
(2) Specify the sources of, and the mechanisms to support, the on-going identification of
hazards;
(3) Define the process by which identified hazards will be evaluated and prioritized for
elimination or control;
(4) Identify the mechanism used to track through resolution the identified hazard(s);
(5) Define minimum thresholds for the notification and reporting of hazard(s) to
oversight agencies; and
(6) Specify the process by which the rail transit agency will provide on-going reporting
of hazard resolution activities to the oversight agency.
§ 659.33 Accident notification
(a) The oversight agency must require the rail transit agency to notify the oversight agency
within two (2) hours of any incident involving a rail transit vehicle or taking place on rail transitcontrolled property where one or more of the following occurs:
(1) A fatality at the scene; or where an individual is confirmed dead within thirty (30)
days of a rail transit-related incident;
12
�(2) Injuries requiring immediate medical attention away from the scene for two or more
individuals;
(3) Property damage to rail transit vehicles, non-rail transit vehicles, other rail transit
property or facilities and non-transit property that equals or exceeds $25,000;
(4) An evacuation due to life safety reasons;
(5) A collision at a grade crossing;
(6) A main-line derailment;
(7) A collision with an individual on a rail right of way; or
(8) A collision between a rail transit vehicle and a second rail transit vehicle, or a rail
transit non-revenue vehicle.
(b) The oversight agency shall require rail transit agencies that share track with the general
railroad system and are subject to the Federal Railroad Administration notification requirements,
to notify the oversight agency within two (2) hours of an incident for which the rail transit
agency must also notify the Federal Railroad Administration.
(c) The oversight agency shall identify in its program standard the method of notification and the
information to be provided by the rail transit agency.
§ 659.35 Investigations
(a) The oversight agency must investigate, or cause to be investigated, at a minimum, any
incident involving a rail transit vehicle or taking place on rail transit-controlled property meeting
the notification thresholds identified in § 659.33(a).
(b) The oversight agency must use its own investigation procedures or those that have been
formally adopted from the rail transit agency and that have been submitted to FTA.
(c) In the event the oversight agency authorizes the rail transit agency to conduct investigations
on its behalf, it must do so formally and require the rail transit agency to use investigation
procedures that have been formally approved by the oversight agency.
(d) Each investigation must be documented in a final report that includes a description of
investigation activities, identified causal and contributing factors, and a corrective action plan.
(e) A final investigation report must be formally adopted by the oversight agency for each
accident investigation.
(1) If the oversight agency has conducted the investigation, it must formally transmit its
final investigation report to the rail transit agency.
(2) If the oversight agency has authorized an entity other than itself (including the rail
transit agency) to conduct the accident investigation on its behalf, the oversight
agency must review and formally adopt the final investigation report.
13
�(3) If the oversight agency does not concur with the findings of the rail transit agency
investigation report, it must either:
(i) Conduct its own investigation according to paragraphs (b), (d) and (e)(1) of this
section; or
(ii) Formally transmit its dissent to the findings of the accident investigation, report
its dissent to the rail transit agency, and negotiate with the rail transit agency until
a resolution on the findings is reached.
(f) The oversight agency shall have the authority to require periodic status reports that document
investigation activities and findings in a time frame determined by the oversight agency.
§ 659.37 Corrective action plans
(a) The oversight agency must, at a minimum, require the development of a corrective action
plan for the following:
(1) Results from investigations, in which identified causal and contributing factors are
determined by the rail transit agency or oversight agency as requiring corrective
actions; and
(2) Findings from safety and security reviews performed by the oversight agency.
(b) Each corrective action plan should identify the action to be taken by the rail transit agency, an
implementation schedule, and the individual or department responsible for the implementation.
(c) The corrective action plan must be reviewed and formally approved by the oversight agency.
(d) The oversight agency must establish a process to resolve disputes between itself and the rail
transit agency resulting from the development or enforcement of a corrective action plan.
(e) The oversight agency must identify the process by which findings from an NTSB accident
investigation will be evaluated to determine whether or not a corrective action plan should be
developed by either the oversight agency or rail transit agency to address NTSB findings.
(f) The rail transit agency must provide the oversight agency:
(1) Verification that the corrective action(s) has been implemented as described in the
corrective action plan, or that a proposed alternate action(s) has been implemented
subject to oversight agency review and approval; and
(2) Periodic reports requested by the oversight agency, describing the status of each
corrective action(s) not completely implemented, as described in the corrective action
plan.
(g) The oversight agency must monitor and track the implementation of each approved corrective
action plan.
14
�§ 659.39 Oversight agency reporting to the Federal Transit Administration
(a) Initial submission. Each designated oversight agency with a rail fixed guideway system that
is in passenger operations as of April 29, 2005 or will begin passenger operations by May 1,
2006, must make its initial submission to FTA by May 1, 2006. In states with rail fixed guideway
systems initiating passenger operations after May 1, 2006, the designated oversight agency must
make its initial submission within the time frame specified by the state in its designation
submission, but not later than at least sixty (60) days prior to initiation of passenger operations.
Any time a state changes its designated oversight agency to carry out the requirements identified
in this part, the new oversight agency must make a new initial submission to FTA within thirty
(30) days of the designation.
(b) An initial submission must include the following:
(1) Oversight agency program standard and referenced procedures; and
(2) Certification that the system safety program plan and the system security plan have
been developed, reviewed, and approved.
(c) Annual submission. Before March 15 of each year, the oversight agency must submit the
following to FTA:
(1) A publicly available annual report summarizing its oversight activities for the
preceding twelve months, including a description of the causal factors of investigated
accidents, status of corrective actions, updates and modifications to rail transit agency
program documentation, and the level of effort used by the oversight agency to carry
out its oversight activities.
(2) A report documenting and tracking findings from three-year safety review activities,
and whether a three-year safety review has been completed since the last annual
report was submitted.
(3) Program standard and supporting procedures that have changed during the preceding
year.
(4) Certification that any changes or modifications to the rail transit agency system safety
program plan or system security plan have been reviewed and approved by the
oversight agency.
(d) Periodic submission. FTA retains the authority to periodically request program information.
(e) Electronic reporting. All submissions to FTA required in this part must be submitted
electronically using a reporting system specified by FTA.
§ 659.41 Conflict of interest
The oversight agency shall prohibit a party or entity from providing services to both the
oversight agency and rail transit agency when there is a conflict of interest, as defined by the
state.
15
�§ 659.43 Certification of compliance
(a) Annually, the oversight agency must certify to the FTA that it has complied with the
requirements of this part.
(b) The oversight agency must submit each certification electronically to FTA using a reporting
system specified by FTA.
(c) The oversight agency must maintain a signed copy of each annual certification to FTA,
subject to audit by FTA.
16
�Appendix C: Organization Charts
�Sample State Department of Transportation
Organization Chart
STATE
TRANSPORTATION
COMMISSION
OFFICE OF THE
DIRECTOR
PUBLIC TRANSIT
RAIL
TRANSPORTATION
SAFETY
HIGHWAY DIVISION
DEPUTY
DOT
HEADQUARTERS
COMMUNICATIONS
DIVISION
DRIVER & MOTOR
VEHICLE SERVICES
HQ MOTOR
CARRIER
TRANSPORTATION
DEVELOPMENT
CENTRALSERVCES
DEPUTY DIRECTOR
Executive Officer
For Highway
Hwy Finance
Office
Field Services
Motor Carrier
Services
Planning
Civil Rights
Local
Government
Technical
Services
Program
Services
Field Motor
Carrier Services
Freight
Mobility
Financial
Services
Office of
Maintenance
DOT Regions
Customer
Service
Investigation/
Safety/Federal
Programs
Transportation
Data
Office of Project
Delivery
Region 2
Office of
Innovative
Partnerships
Region 4
Region 1
Region 3
Region 5
Processing
Services
Research
Human
Resources
Information
Systems
Support
Services
Audit
Services
�Sample State Safety Oversight Department
Organization Chart
Office of
Transportation Safety
Director
Driver Education and
Safety Program
State Safety Oversight
Program
Work Zone Safety
Program
Vehicle, Equipment and
Standards Program
Manager
Manager
Manager
Manager
�Appendix D: Rail Transit Agency Safety and Security
Points-of-Contact
�Rail Transit Agency Point-of-Contact Information
Rail Transit Agency:
Name of Rail Transit Agency
Safety Point-of-Contact:
Mr./Ms. First Name/Last Name
Title
Address Line 1
Address Line 2
City, State and Zip Code
Phone: (XXX) - XXX - XXXX
Fax: (XXX) - XXX - XXXX
E-mail: [email protected]
Security Point-of-Contact:
Mr./Ms. First Name/Last Name
Title
Address Line 1
Address Line 2
City, State and Zip Code
Phone: (XXX) - XXX - XXXX
Fax: (XXX) - XXX - XXXX
E-mail: [email protected]
Rail Transit Agency:
Name of Rail Transit Agency
Safety Point-of-Contact:
Mr./Ms. First Name/Last Name
Title
Address Line 1
Address Line 2
City, State and Zip Code
Phone: (XXX) - XXX - XXXX
Fax: (XXX) - XXX - XXXX
E-mail: [email protected]
Security Point-of-Contact:
Mr./Ms. First Name/Last Name
Title
Address Line 1
Address Line 2
City, State and Zip Code
Phone: (XXX) - XXX - XXXX
Fax: (XXX) - XXX - XXXX
E-mail: [email protected]
�Appendix E: Program Requirements for Development of a Rail
Transit Agency System Safety Program Plan (SSPP)
�SAMPLE
State Oversight Agency Program
Requirements for the Development
of Rail Transit Agency System Safety
Program Plans
This document has been developed to serve as a
template for use by state oversight agencies in
specifying the requirements established in 49 CFR
Part 659 for the development of a rail transit
agency System Safety Program Plan (SSPP). State
oversight agencies can adopt or tailor this
document to establish the requirements to be
addressed by rail transit agencies in developing or
revising their SSPPs to address the 21 elements
specified in 49 CFR Part 659.17.
NOTE: Complete samples for each of the 21
required SSPP sections are available on the CDROM that is provided with the FTA’s
Implementation Guidelines for 49 CFR Part 659.
�Table of Contents
1.
Executive Approval (Policy Statement) .................................................................................................................. 5
2.
Purpose, Goals and Objectives ................................................................................................................................ 5
3.
2.1
Purpose.............................................................................................................................................................. 5
2.2
Goals.................................................................................................................................................................. 5
2.3
Objectives .......................................................................................................................................................... 6
Management Structure............................................................................................................................................. 7
3.1
Overview............................................................................................................................................................ 7
3.1.1
General Overview and History of Transit Agency...................................................................................... 7
3.1.2
Scope of Transit Services............................................................................................................................. 7
3.1.3
Physical Plant ............................................................................................................................................... 7
3.1.4
Operations..................................................................................................................................................... 7
3.1.5
Maintenance.................................................................................................................................................. 8
4.
5.
3.2
Integration of Safety Function .......................................................................................................................... 8
3.3
Lines of Authority for Safety.............................................................................................................................. 8
Plan Review and Modification................................................................................................................................. 8
4.1
Annual SSPP Review......................................................................................................................................... 8
4.2
SSPP Control and Update Procedures............................................................................................................. 9
4.3
SSPP Review and Approval by the State Oversight Agency ............................................................................ 9
4.4
SSPP Change Management ............................................................................................................................ 10
SSPP Implementation – Tasks and Activities ...................................................................................................... 10
5.1
Overview.......................................................................................................................................................... 10
5.2
System Safety Function.................................................................................................................................... 10
5.2.1
Methodology Used by the System Safety Unit.......................................................................................... 11
6.
5.3
Safety Responsibilities of Other Departments ................................................................................................ 11
5.4
Safety Task Responsibility Matrix (Or Narrative Description)...................................................................... 11
Hazard Management Process ................................................................................................................................ 14
6.1
Overview.......................................................................................................................................................... 14
6.2
Hazard Management Process – Activities and Methodologies...................................................................... 14
6.3
Coordinating with the State Oversight Agency............................................................................................... 19
7.
Safety Certification.................................................................................................................................................. 21
8.
Managing Safety in System Modifications ........................................................................................................... 23
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
2
�9.
Safety Data Acquisition .......................................................................................................................................... 23
9.1
Data Acquisition Process ................................................................................................................................ 23
9.2
Access to Data ................................................................................................................................................. 24
10.
Accident/Incident Notification, Investigation and Reporting ....................................................................... 24
10.1
Overview.......................................................................................................................................................... 24
10.2
Accident/Incident Investigation Criteria......................................................................................................... 25
10.3
Accident/Incident Investigation Procedures................................................................................................... 25
10.4
Internal Notification Procedure...................................................................................................................... 25
10.5
External Notification Procedure ..................................................................................................................... 25
10.6
Accident/Incident Reporting and Documentation .......................................................................................... 26
10.7
Corrective Action Resulting from Accident Investigation .............................................................................. 27
10.8
Coordination with State Oversight Agency .................................................................................................... 27
11.
Emergency Response Planning/Coordination/Training................................................................................ 27
11.1
Responsibilities for Emergency Preparedness ............................................................................................... 27
11.2
Coordinated Schedule ..................................................................................................................................... 28
11.3
Emergency Exercises....................................................................................................................................... 29
11.4
Emergency Procedures ................................................................................................................................... 29
11.5
Emergency Training........................................................................................................................................ 30
11.6
Familiarization Training................................................................................................................................. 30
12.
Internal Safety Audit Process ........................................................................................................................... 30
12.1
Overview.......................................................................................................................................................... 30
12.2
Scope of Activities............................................................................................................................................ 31
12.3
Audit Process................................................................................................................................................... 32
12.3.1
Integrity of Audit Process ..................................................................................................................... 32
12.3.2
Cycle/Schedule ...................................................................................................................................... 32
12.3.3
Checklists and Procedures..................................................................................................................... 32
12.3.4
Audit Reporting..................................................................................................................................... 33
12.3.5
Annual Audit Report ............................................................................................................................. 34
12.3.6
Coordination with the Oversight Agency ............................................................................................. 34
12.3.7
Audit Completeness .............................................................................................................................. 35
13.
Rules Compliance/Procedures Review ............................................................................................................ 35
13.1
Overview.......................................................................................................................................................... 35
13.2
Review of Rules and Procedures..................................................................................................................... 35
13.3
Process for Ensuring Rules Compliance ........................................................................................................ 36
13.4
Compliance Techniques – Operations and Maintenance Personnel............................................................. 36
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
3
�13.5
Compliance Techniques – Supervisory Personnel ......................................................................................... 37
13.6
Documentation ................................................................................................................................................ 37
14.
Facilities and Equipment Inspections .............................................................................................................. 37
14.1
Facilities and Equipment Subject to Inspection ............................................................................................. 37
14.2
Regular Inspection and Testing ...................................................................................................................... 37
14.3
Checklists......................................................................................................................................................... 38
14.4
Coordination with Hazard Management Process .......................................................................................... 39
15.
Maintenance Audits/Inspections....................................................................................................................... 39
15.1
Systems and Facilities Subject to Maintenance Program .............................................................................. 39
15.2
Resolution of Audit/Inspection Findings......................................................................................................... 39
15.3
Checklists......................................................................................................................................................... 40
16.
Training and Certification Review/Audit........................................................................................................ 40
16.1
Overview.......................................................................................................................................................... 40
16.2
Employee Safety............................................................................................................................................... 40
16.3
Contractor Safety............................................................................................................................................. 41
16.4
Record Keeping ............................................................................................................................................... 42
16.5
Compliance with Training Requirements ....................................................................................................... 42
17.
Configuration Management.............................................................................................................................. 42
17.1
Overview.......................................................................................................................................................... 42
17.2
Process for Changes........................................................................................................................................ 43
17.3
Authority for Change....................................................................................................................................... 44
18.
Compliance with Local, State and Federal Requirements ............................................................................ 44
18.1
Employee Safety Program............................................................................................................................... 44
18.2
Working on or near Rail Transit Controlled Property................................................................................... 45
18.3
Compliance with Required Safety Programs.................................................................................................. 46
19.
Hazardous Materials.......................................................................................................................................... 46
20.
Drug & Alcohol Abuse....................................................................................................................................... 47
21.
Procurement........................................................................................................................................................ 48
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
4
�1. Executive Approval (Policy Statement)
•
Element: A policy statement is developed for the System Safety Program Plan (SSPP).
A policy statement must be provided which establishes the System Safety Program Plan (SSPP) as
an operating document that has been prepared for, and approved by, rail transit agency top
management.
•
Element: The policy statement describes the authority that establishes the SSPP, including
statutory requirements and relationship with the oversight agency.
The policy statement should define, as clearly as possible, the authority for the establishment and
implementation of the SSPP. As appropriate, reference should be made to the authority provided
by state and local statues to develop and safely operate the rail transit system. The role of the
oversight agency in requiring the SSPP and monitoring its establishment and implementation
should be clearly described.
•
Element: The policy statement is signed and endorsed by the rail transit agency’s chief
executive.
Reference should be made to management's approval, either by referencing the enabling signature
on the title page or by other means.
2. Purpose, Goals and Objectives
2.1 PURPOSE
•
Element: The purpose of the SSPP is defined.
This section must explain the purpose of the SSPP. The SSPP establishes the activities that must be
performed by all departments within the rail transit agency to ensure safe operations and work
practices. The SSPP establishes the safety philosophy of the rail transit agency and provides the
means and authority for implementing that philosophy.
2.2 GOALS
•
Element: Goals are identified to ensure that the SSPP fulfills its purpose.
This section of the SSPP should identify the goals developed by the rail transit agency to meet the
purpose established for the SSPP. Goals are broad statements of ideal future conditions for the
safety program that are desired by the rail transit agency, endorsed by top management, and are
supported by specific objectives to aid in their attainment. Goals must be realistic and generally are
presented in qualitative terms.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
5
�Sample goals may include the following:
identify, eliminate, minimize, and/or control safety hazards and their risks.
provide a superior level of safety in transportation operations.
achieve and maintain a superior level of safety in the agency's work environment.
comply with applicable requirements for regulatory agencies.
maximize the safety of future operations through the design and procurement process.
2.3 OBJECTIVES
•
Element: Objectives are identified to monitor and assess the achievement of goals.
Objectives are the working elements of the SSPP, the means by which the identified goals are
achieved. Unlike goals, objectives must be easily quantifiable. They must provide a framework for
guiding the day-to-day activities that provide for a safe rail transit operation.
Sample objectives may include the following:
•
Establish safety policies, procedures, and requirements that integrate safety into
decision-making and operations.
Assign responsibilities related to safety policies, procedures, and requirements.
Verify adherence to safety policies, procedures, and requirements.
Thoroughly investigate all accidents, fires, injuries, and incidents as warranted.
Identify, analyze, and resolve all hazards in a timely manner.
Meet or exceed safety requirements in specifications; facility construction; equipment
installation; and system testing, operations, and maintenance.
Meet or exceed safety requirements in vehicle operations and maintenance.
Evaluate and verify operational readiness of new transportation systems.
Establish standards, and procedures for safety training, and performance.
Evaluate routes and scheduling from a safety perspective.
Element: Stated management responsibilities are identified for the safety program to
ensure that the goals and objectives are achieved.
The SSPP should identify the titles and departments of persons responsible for developing and
monitoring these goals and objectives. Quarterly, semi-annual, or annual reporting on the
performance of the rail transit agency in meeting its goals and objectives should also be specified.
Reports should be provided to the rail transit agency’s executive leadership.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
6
�3. Management Structure
The primary purpose of this section is to provide organizational information and operating
parameters for both those outside the organization that need to understand the rail transit system,
and those inside the organization to have clearly defined lines of report and responsibility
delineation. The information presented should be sufficient to allow non-technical and non-transit
persons to understand the system and its basic operations.
3.1 OVERVIEW
•
Element: An overview of the management structure of the rail transit agency is provided
including an organization chart.
This section should provide a narrative description of the organization of the rail transit agency and
include an organization chart. All major departments/functions should be introduced.
•
Element: Organizational structure is clearly defined and includes a brief description of:
system history and scope of service, physical characteristics, operations, and maintenance.
3.1.1 General Overview and History of Transit Agency
This section should describe when and how the rail transit agency was established, a brief history
of service delivery, and major milestones in the rail transit agency’s history.
3.1.2 Scope of Transit Services
This section should describe the various modes of transportation provided by the transit
organization, including the number of passengers, the number of routes, the day and hours of
service provided, and operational characteristics that could affect safety and security.
3.1.3 Physical Plant
This section should describe the size, location, and function of the transit agency’s physical assets
including: maintenance facilities, offices, stations, vehicles, signals, and structures for all modes.
3.1.4 Operations
The section should include a description of the role, the responsibilities and the organization of the
operating departments.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
7
�3.1.5 Maintenance
This section should describe the role, the responsibilities, and the organization of the various
maintenance departments. The type of maintenance required by each of the major systems and
facilities should be briefly described.
3.2 INTEGRATION OF SAFETY FUNCTION
•
Element: A description of how the safety function is integrated into the rest of the rail
transit organization is provided.
This section of the SSPP should describe the organization of the rail transit safety function, and its
relationship to the rail transit agency organization. An organizational chart of the system safety
function should be provided as well as an organizational chart(s) demonstrating the relationship of
the system safety function to the other rail transit agency departments/functions.
3.3 LINES OF AUTHORITY FOR SAFETY
•
Element: Clear identification of the lines of authority used by the rail transit agency to
manage safety issues is provided.
This section of the SSPP should describe the authority of the safety function to work with rail
transit departments and executive leadership to receive information, identify safety concerns,
conduct internal audits and inspections, develop recommendations and corrective action plans to
address safety concerns, track and verify the implementation of recommendations and corrective
action plans, and report, on a regular basis, to executive management.
4. Plan Review and Modification
4.1 ANNUAL SSPP REVIEW
•
Element: An annual assessment of whether the system safety program plan should be
updated is specified.
Once developed, the SSPP is vulnerable to becoming out-of-date if it is not revised to:
reflect changes in organizational structure or system characteristics;
review progress on tasks accomplished;
refine and improve the current task descriptions and activities;
identify new tasks required as the system grows or in response to new regulations; and
identify additional or emerging safety- and fire/life safety-related tasks and
responsibilities.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
8
�On-going review and revision ensures the status of the SSPP as a “living document” at the rail
transit agency.
As specified in 49 CFR Part 659 (§ 659.25), state oversight agencies must now require an annual
review of the rail transit agency’s SSPP to determine if it should be updated. This section of the
SSPP should clarify that the rail transit agency will conduct a complete and thorough review of its
SSPP annually. If an established schedule is in place to manage this annual review process, it
should also be mentioned in this section. Any time-frames specified by the state oversight agency
for this review should also be addressed.
4.2 SSPP CONTROL AND UPDATE PROCEDURES
•
Element: The process used to control changes to the system safety program plan is
described.
This section of the SSPP should describe the rail transit agency’s process for updating the SSPP.
For many rail transit agencies, revision of the SSPP is conducted through a committee devoted to
safety issues. The revision process is typically led by a designated member of the system safety
function. Inputs for revisions are solicited from all rail transit agency staff, contractors, and the
state oversight agency. At some rail transit agencies, the SSPP may be classified as a controlled
document. As such, it is subject to formal document control procedures, including designation of
control copies which are issued to individuals within rail transit agency by name and/or job title.
Whatever process is used by the rail transit agency to prepare revisions, once the revised version of
the SSPP is complete, it typically must be reviewed and accepted by a designated committee or set
of departments/functions. The accepted version of the SSPP is then usually forwarded on to the
General Manager for approval and signature.
4.3 SSPP REVIEW AND APPROVAL BY THE STATE OVERSIGHT AGENCY
•
Element: Required coordination with the oversight agency regarding plan modification,
including timeframes for submission, revision, and approval, is addressed.
This section should explain how the rail transit agency will interface with the state oversight
agency regarding the review and approval of the SSPP. Requirements should be detailed regarding
how the rail transit agency will notify the state oversight agency regarding its performance of the
annual review to determine whether the SSPP should be updated. In the event that an update is
necessary, the rail transit agency will conform to its SSPP update process, and the timeframes and
requirements specified by the state oversight agency in its Program Standard. In the event that an
update is not needed for that year, the rail transit agency will notify the state oversight using the
method and timeframe specified in the oversight agency’s Program Standard.
This section should also explain how the rail transit agency will respond to requests from the state
oversight agency for revisions, additional information or other items, and how conflicts will be
resolved regarding differences in opinion between the rail transit agency and the state oversight
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
9
�agency. Finally, this section should also explain how the rail transit agency will receive the
completed SSPP review checklist and formal correspondence letter from the state oversight agency,
and adopt as final the SSPP that is approved by the state oversight agency.
4.4 SSPP CHANGE MANAGEMENT
•
Element: Specific departments and persons responsible for initiating, developing,
approving, and issuing changes to the SSPP are identified.
This section should identify the departments and persons responsible for each of the steps in
reviewing, revising, approving and issuing changes to the SSPP. In addition, designated personnel
within the system safety function should be identified with responsibility for coordinating with the
state oversight agency.
5. SSPP Implementation – Tasks and Activities
5.1 OVERVIEW
•
Element: A description of the specific activities required to implement the SSPP is
included.125
•
This section of the SSPP should provide an overview of the approach followed by the rail transit
agency in managing the specific activities performed to implement the SSPP and provide on-going
safety in rail transit operations and maintenance activities. To ensure that rail operations are
conducted in the safest manner possible, all transit system personnel will have been assigned safety
responsibilities. In addition, within the rail transit agency, each department/function provides
distinct roles and carries out specific responsibilities to ensure the protection of passengers,
employees, local responders, the community served by the system, and the agency’s property.
These responsibilities and roles should be summarized in this section of the SSPP.
5.2 SYSTEM SAFETY FUNCTION
•
Element: Tasks to be performed by the rail transit safety function, by position and
management accountability, are identified and described.
The responsibilities and tasks of each position in the system safety function should be described.
Tasks may include activities required to: establish the organization of safety activities and outline
employee responsibilities with respect to those activities; promote and maintain safety and training
programs as mandated by federal, state, and local regulatory agencies; set and implement
established safety goals, objectives, and practices; provide the mechanisms for identifying and
assessing safety hazards during the operation and maintenance of the system; provide the methods
to eliminate, minimize, or control the identified hazards and/or other concerns; define the formal
requirements necessary for maintaining insurance coverage; define the requirements and
procedures for conducting standard safety audits; and coordinate with the state oversight agency.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
10
�5.2.1 Methodology Used by the System Safety Unit
•
Element: A description of the methodologies used by the system safety function to achieve
their safety responsibilities should be provided.
This section should describe the different methodologies used by the system safety function to
ensure a proactive approach to safety. Examples include data collection and analysis, hazard
management and resolution, periodic inspections, compliance checks, and internal audits.
5.3 SAFETY RESPONSIBILITIES OF OTHER DEPARTMENTS
•
Element: Safety-related tasks to be performed by other rail transit departments, by position
and management accountability, are identified and described.
The safety responsibilities and tasks of other rail transit departments should be described. For
example, the role of operating departments, human resources, planning, customer services, etc. in
the creation of a safe rail transit agency should be described. This description should include a
brief overview of the department and a discussion of the department’s safety responsibilities. As
appropriate, and if not already addressed in Section 3, organizational charts showing the
relationship of those units with major safety responsibilities to the rail transit agency and system
safety should be provided.
5.4 SAFETY TASK RESPONSIBILITY MATRIX (OR NARRATIVE DESCRIPTION)
•
Element: A task matrix showing: all identified safety responsibilities, interfaces among all
rail transit units responsible for each task, and the key reports or actions required, should
be provided (or an equivalent narrative description).
A safety task responsibility matrix (or a narrative equivalent) showing interfaces among the system
safety unit and other rail transit units for identified safety responsibilities and the key reports or
actions required, should be provided in the SSPP. An example of an integrated safety task matrix is
displayed in Figure 1. This matrix depicts the roles and responsibilities of both the rail transit
agency safety function and the other rail transit departments. As used in this figure:
P
S
R
A
Primary Task Responsibility. The identified participant(s) is (are) responsible for the preparation of the specified
documentation.
Secondary or Support Responsibility. The identified participant(s) is (are) to provide the necessary support to
accomplish and document the task.
Review/Comment Responsibility. The identified participant(s) may review and provide comment on the task or
requirement.
Approval Responsibility. The identified participant is to review, comment and subsequently approve the task or
requirement.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
11
�Engineering
Human Resources
Risk Management
R
R
P
R
R
R
R
Development of SSPP
Summary Statement
A
A
S
S
P
S
S
R
R
Authority
A
A
S
S
P
S
S
R
R
Purpose
Goals & Objectives
Scope
A
A
A
A
A
A
S
S
S
S
S
S
P
P
P
S
S
S
S
S
S
R
R
R
R
R
R
SSPP Controls & Revisions
A
A
S
S
P
S
S
R
R
System Description
Operations & Maintenance
R
P
P
P
R
P
R
R
Operations
R
P
P
P
R
p
R
R
Maintenance of Physical Plant & Equipment
R
P
P
P
R
S
R
R
Facilities & Systems Description
R
P
P
P
R
p
R
R
Transit Police
Training
A
Safety
A
Maintenance
Management
Management Commitment & Directive/Policy
Operations
TASK/ACTIVITY
State Oversight
Agency
Figure 1: Sample Integrated Safety Task Matrix
Safety Management
Organizational Structure
R
P
P
P
P
P
P
R
R
R
Interagency Coordination
Interdepartmental Coordination
R
R
P
P
P
P
P
P
P
P
R
P
R
P
R
R
R
R
R
R
Safety Committees
Change Order Review Committee
R
R
P
P
P
P
P
P
P
P
R
R
P
P
R
R
R
R
R
R
Fire/Life Safety Committee
R
P
P
P
P
R
P
R
R
R
Safety Review Committee
R
P
P
P
P
R
P
R
R
R
Employee Safety Awards Committee
R
P
P
P
P
R
P
R
R
R
Security Program Committees
Proactive Security Committee
R
R
P
P
P
P
P
P
P
P
R
R
P
P
R
R
R
R
R
R
Security Breach Review Committee
R
P
P
P
P
R
P
R
R
R
System Safety Program Activities
Hazard Management
R
P
P
P
P
R
P
R
R
R
Safety & Fire/Life Safety Implementation
R
P
P
P
P
R
P
R
R
R
Hazard Identification, Analysis & Resolution
A
R
R
User Requirements
Equipment and System Design
Safety Certification Program
R
R
P
P
P
S
S
R
S
S
P
S
P
A
A
R
P
R
S
P
P
R
R
P
P
P
Acceptance Testing and Inspection
A
P
S
P
Configuration Management
A
R
R
P
Computer Software Configuration Management
A
R
R
P
Configuration Control
A
R
R
P
Investigating Accidents, Incidents & Hazardous
Conditions
R
R
P
P
P
S
S
R
Internal Investigations
Supervisor Investigations
R
R
A
A
P
P
P
P
P
S
S
S
S
S
R
R
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
12
�Operations
Maintenance
Safety
Training
Engineering
Accident/Incident Investigation Team - Internal
R
A
P
P
P
S
S
R
External Investigation
R
A
P
P
S
S
S
R
State Oversight Agency
NTSB
P
R
S
S
S
S
S
S
S
S
S
S
S
S
R
R
Safety Inspections
Facilities Inspections
P
P
P
P
P
P
R
R
R
R
R
R
Equipment Inspections
Operations Safety
Emergency Operating (Response) Procedures
Operational Documents
P
P
P
P
P
P
P
P
P
P
P
P
R
R
R
R
R
R
P
P
P
Occupational Safety & Health Programs
Rules & Procedures Review
R
R
R
P
R
R
R
Industrial Hygiene Program
R
R
R
P
R
R
R
Hazardous Material Management Program
R
R
R
P
R
R
R
Transit Police
Management
Risk Management
TASK/ACTIVITY
State Oversight
Agency
Human Resources
Figure 1: Sample Integrated Safety Task Matrix
R
Personal Protective Equipment Protection
R
R
R
P
R
R
R
Medical Surveillance Program
R
R
R
P
R
R
R
Construction Safety Program
Contractor Safety Program
S
S
S
S
S
S
P
P
Safety & Security Data Acquisition, Analysis &
Reporting
R
S
S
P
R
R
R
R
Data Acquisition
Data Analysis & Tracking
R
R
S
S
S
S
P
P
R
R
R
R
R
R
R
R
Reports
Training
R
R
S
P
S
P
P
P
R
P
R
R
R
R
R
R
Safety/Industrial Hygiene Training & Education
R
P
P
P
P
R
R
R
Operationally Related Safety Training
R
P
P
P
P
R
R
R
LRV Operator
LRV Supervisor
Maintenance Personnel
R
R
R
P
P
P
P
P
P
P
P
P
P
P
P
R
R
R
R
R
R
R
R
R
Emergency Response Personnel
R
S
S
P
S
R
S
R
R
S
P
S
P
S
S
R
S
S
Environmental Protection Program
S
S
P
S
S
P
Hazardous Waste Management Program
S
S
P
S
S
P
S
S
S
P
A
S
S
S
S
P
P
S
S
S
P
S
P
S
P
P
S
S
S
R
S
P
S
S
Emergency Exercises & Drills
Public Awareness Program
Waste Water Abatement Program
Internal Audit Program
External Audits
Drug & Alcohol Abuse Program/Policy
System Safety Program Verification
R
R
P
R
P
P
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
R
R
R
R
R
R
R
R
P
13
�6. Hazard Management Process
6.1 OVERVIEW
•
Element: The process used by the rail transit agency to implement its hazard management
program, including the role of the oversight agency in providing on-going monitoring, is
described.
This section of the SSPP should provide an overview of the hazard management process developed
by the rail transit agency. The hazard management process must, at a minimum:
1. Define the rail transit agency’s approach to hazard management and the implementation
of an integrated system-wide hazard resolution process.
2. Specify the sources of, and the mechanisms to support, the on-going identification of
hazards.
3. Define the process by which identified hazards will be evaluated and prioritized for
elimination or control.
4. Identify the mechanism used to track through resolution the identified hazard(s).
5. Define minimum thresholds for the notification and reporting of hazard(s) to oversight
agencies.
6. Specify the process by which the rail transit agency will provide on-going reporting of
hazard resolution activities to the oversight agency. This activity may include weekly,
monthly or quarterly meetings with the rail transit agency to discuss hazard
management issues.
6.2 HAZARD MANAGEMENT PROCESS – ACTIVITIES AND METHODOLOGIES
•
Element: The hazard management process includes activities for: hazard identification,
hazard investigation, evaluation, and analysis, hazard control and elimination, and hazard
tracking.
In this section of the SSPP, the rail transit agency should provide a detailed description of its
approach to addressing each required element of the hazard management process. Each rail transit
agency may use a variety of methodologies, including informal processes, such as review of reports
from operations and maintenance personnel, results from rules compliance checks and employee
evaluations, the mining of maintenance data, results from facilities and vehicles inspections,
findings from internal safety and security audits, and daily review of the rail transit agency’s
unusual occurrences log, as well as more formal approaches, such as trend analysis, hazard
classification and resolution using the Mil-Std 882 process, hazard analyses using inductive
processes (Preliminary Hazard Analysis, Failure Modes and Effects Analysis, Job Hazard Analysis,
etc.) and hazard analysis using deductive processes (Fault Tree Analysis). These methods should
be identified and described in this section of the SSPP.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
14
�For example, the rail transit agency may state the following:
The hazard management process is the primary tool used by the rail transit agency to ensure the
safety of rail transit agency activities, passengers, employees, facilities and vehicles. This process
is accessible to all levels of the organization and is the means by which hazards are identified,
analyzed for potential impacts on the transit system and resolved in a manner acceptable to
management. This process will follow the guidelines listed in the five sub-sections below.
I. Hazard identification is a process whereby an attempt is made to discover conditions in the
system that, if not altered, has the potential to cause accidents, injuries, or other losses. Where
reasonably feasible, all employees are charged with the responsibility of identifying and reporting
conditions that have the potential to cause accidents, injuries, or other losses. These conditions may
be found in the form of physical hazards, unsafe actions, and policies that create or fail to recognize
hazards. There may also be certain employees who, through periodic field observations, review of
incident data, performance and complaint records, are identified as needing counseling, re-training,
termination or other action as deemed appropriate.
Potentially hazardous conditions may also be identified through other means, including those listed
below:
Reports from passengers and other individuals through contact with customer service,
field personnel, or management personnel.
Reports from operators and other field personnel regarding hazards associated with
agency vehicles, schedules, routes, policies and procedures.
Reports from maintenance personnel regarding equipment and facilities hazards.
Review of the rail transit agency’s 24-hour unusual occurrences log.
Investigation and review of accidents and incidents by safety personnel.
Collection and analysis of accident statistics and risk management information system
data regarding safety, accident rates, and claims reports, including trend analysis.
Audits performed by knowledgeable safety personnel.
Checklist audits performed by rail transit agency supervision.
Information, experiences, and ideas from support departments.
Observations of facilities and operations hazards, by administrative personnel.
Results from drills, exercises and emergency response to accidents and incidents.
Formal hazard analyses using the inductive process by analyzing system components to
identify failure modes and effects on the system and personnel. Failure modes include
conditions such as doors or switches failing to open or close, or acting improperly or
inadequately. Examples of formal hazard analyses include Preliminary Hazard
Analysis, Failure Modes and Effects Analysis.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
15
�
Formal hazard analysis using the deductive process to identify sequential and
concurrent conditions which are required to support a specific operation or task. An
example of this type of analysis is the Fault Tree Analysis.
II. Hazard classification for severity ensures that hazards are rated in terms of their effects on
employees, passengers and/or the transit system. Severity categories are defined below.
Category I - Catastrophic: Operating conditions are such that human error,
environment, design deficiencies, element, sub-system or component failure or
procedural deficiencies may cause death or major system loss, thereby requiring
immediate cessation of the unsafe activity or operation.
Category II - Critical: Operating conditions are such that human error, environment,
design deficiencies, element, sub-system or component failure or procedural
deficiencies may cause severe injury or illness or major system damage thereby
requiring immediate action including immediate cessation of the unsafe activity or
operation.
Category III – Marginal: Operating conditions may cause minor injury or illness or
minor system damage such that human error, environment, design deficiencies,
element, sub-system or component failure or procedural deficiencies can be
counteracted or controlled without serious injury, illness or major system damage.
Category IV – Negligible: Operating conditions are such that human error,
environment, design deficiencies, element, sub-system or component failure or
procedural deficiencies will result in no, or less than minor, illness, injury or system
damage.
III. Hazard classification for probability ensures that the probability that a hazard will occur can be
described in potential occurrences per unit of time, events, population items or activity. A
qualitative hazard probability may be derived from research, analysis, and evaluation of safety data
from the operating experience of the rail transit agency or other similar transit authorities. A
depiction of a hazard probability rating system is described below.
DESCRIPTIVE
WORD
Frequent
Reasonably Probable
LEVEL
A
B
Occasional
C
Remote
D
Improbable
E
SPECIFIC INDIVIDUAL
ITEM
Likely to occur frequently
Will occur several times in life
of an item
Likely to occur sometime in
life of an item
Unlikely, but possible to occur
in life of an item
So unlikely, it can be assumed
occurrence may not be
experienced
FLEET OR INVENTORY
Continuously experienced
Will occur frequently
Will occur several times
Unlikely, but can reasonably
be expected to occur
Unlikely to occur, but possible
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
16
�IV. Risk assessment determines the acceptability of assuming a risk associated with a hazard, the
necessity of implementing corrective measures to eliminate or reduce the hazard, or a combination
of both. Hazard risk assessment involves categorization of hazard severity and probability of
occurrence. A Risk Assessment Index, or Hazard Rating Table, is shown below.
HAZARD
FREQUENCY
Frequent (A)
Probable (B)
Occasional (C)
Remote (D)
Improbable (E)
CATEGORY
I
1A
1B
1C
1D
1E
Hazard Risk Index
1A, 1B, 1C, 2A, 2B, 3A
1D, 2C, 2D, 3B, 3C
1E, 2E, 3D, 3E, 4A, 4B
4C, 4D, 4E
Hazard Severity
CATEGORY
II
2A
2B
2C
2D
2E
CATEGORY
III
3A
3B
3C
3D
3E
CATEGORY
IV
4A
4B
4C
4D
4E
Criteria by Index
Unacceptable
Undesirable
Acceptable with review
Acceptable without review
Unacceptable Hazardous Conditions - means a condition that may endanger human
life or property. This condition cannot remain as is but must be mitigated.
Undesirable - means that the hazard should be mitigated, if at all possible within fiscal
constraints. However, it may be mitigated at a later time.
Acceptable with review - means the system safety function must determine the risk
associated with not mitigating the hazard.
Acceptable without review - means that the hazard can remain.
After assessment of the severity and probability of a hazard, and where reasonably feasible, the key
departments, safety committee, and the system safety function will make a standard analysis. A
determination will be made regarding acceptance of the risk or taking corrective action. Risk
assessment issues of significant impact or those where there is a lack of consensus will be
submitted to the executive leadership for resolution.
Executive leadership will reach a consensus to accept, modify, or reject the recommendation. If
modified or rejected, the safety committee is called into session for further review and
recommendation. Upon final approval by executive leadership, the resolution is placed into the
hands of the responsible department(s) for implementation.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
17
�V. Hazard Resolution refers to activities taken to eliminate or mitigate the hazard. Where
reasonably feasible, a hazard that has been submitted by an individual for resolution shall be
handled as follows:
A written Hazard I.D. will be submitted to the system safety function for input into the
Hazard I.D. Workflow System.
The safety staff member will forward the Hazard I.D. to the immediate supervisor (in
each case) and/or to other management (as appropriate) who shall initiate a resolution if
possible.
If unable to resolve, the supervisor shall forward the Hazard I.D. form along with their
response to the appropriate department/function or committee for review and resolution.
The decision on where best to forward the Hazard I.D. will be based on the best
judgment of the supervisor/manager.
As requested, the appropriate department/function or committee shall review and
initiate a recommendation for resolution whenever possible.
If the submitting employee is not satisfied with the response from the supervisor or the
committee, they may appeal the decision directly to the safety committee.
The safety committee may either accept the recommendations as presented, or may
initiate their own resolution to the hazard.
When the risks are assessed, a plan is developed for resolution. There are four choices in the hazard
resolution process:
Design for Minimum Risk: From the first, design to eliminate hazards through design
selection.
Safety Devices: Hazards that cannot be eliminated or controlled through design
selection shall be controlled to an acceptable level through the use of fixed, automatic
or other protective safety design features or devices. Provisions shall be made for
periodic functional checks of safety devices.
Warning Devices: When either design or safety devices cannot effectively eliminate or
control an identified hazard, devices shall be used to detect the condition and to
generate an adequate warning signal to correct the hazard or provide for personnel
evacuation. Warning signals and their application shall be designed to minimize the
probability of incorrect personnel reaction to the signals and shall be standardized
within like types of systems.
Procedures and Instruction: Where it is impossible to eliminate or adequately control
a hazard through design selection or use of safety and warning devices, procedures and
training shall be used to control the hazard. Procedures may include the use of personal
protective equipment. Precautionary notations shall be standardized as specified by
management. Safety critical tasks and activities may require certification of personnel
deficiency.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
18
�6.3 COORDINATING WITH THE STATE OVERSIGHT AGENCY
•
Element: Requirements for on-going reporting to the oversight agency relating to hazard
management activities and status are specified.
In this section of the SSPP, the rail transit agency should document its approach for providing ongoing hazard management information to the state oversight agency. Examples of these activities
include: submission of monthly or weekly logs and reports documenting the implementation of the
rail transit agency’s hazard management process and the conduct of monthly or quarterly meetings
with the oversight agency to review results from the hazard management process. In addition, the
role of the oversight agency in coordinating with the rail transit agency regarding the investigation
of certain categories of hazardous conditions and the development, review and approval of
corrective actions plans (as appropriate) should be specified.
To complete this section of the SSPP, the rail transit agency may state the following:
To ensure an on-going role in the oversight of the rail transit agency’s hazard management process,
the rail transit agency will establish a Hazard Tracking Log which reflects the consolidation of
information in the hazard management process. The Hazard Tracking Log will contain all hazards
identified through the various methods applied by the rail transit agency. The Hazard Tracking
Log may be organized by the hazard number assigned by the rail transit agency, or by the type of
hazard, the source from which it was identified, or the element of the rail transit agency’s operation
affected by the hazard (i.e., facilities, vehicles, track and signal, communications/SCADA, tunnel
ventilation, personnel training and procedures, etc.). A sample log appears on the next page.
The proposed Hazard Tracking Log will be submitted monthly to the state oversight agency’s
designated point-of-contact. The state oversight agency will review the Monthly Hazard Tracking
Log and forward any questions or requests for information to the rail transit agency.
In addition, the rail transit agency will conduct quarterly meetings with the oversight agency to
review the Hazard Tracking Log and the other rail transit agency activities associated with the
hazard management process. The rail transit agency will submit to the state oversight agency a
proposed date and location for the quarterly meeting and a proposed agenda. The state oversight
agency will review and approve the agenda, making any modifications as appropriate, and schedule
the quarterly meeting with the rail transit agency. During the quarterly meetings, the rail transit
agency will attempt to provide any documents and to answer any requests that the state oversight
agency may have. If these records are not available at the quarterly meetings, they will be
transmitted to the state oversight agency after the conclusion of the quarterly meeting.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
19
�Hazard Tracking Log
No.
Description
Date
Identified
Source
Assessment
Results
Recommendations
Status
No. – refers to the number assigned to the hazard by the RTA.
Description – refers to a brief narrative summary of the hazard – what it is; where it is located; what elements it is
comprised of; etc.
Date Identified – refers to the date the hazard was identified at the RTA.
Source – indicates the mechanism used to identify the hazard, i.e., operator report, near-miss, accident investigation,
results of internal safety or security audit, rules compliance or training program, maintenance failure, facility or vehicle
inspection, trend analysis, formal hazard analysis, etc.
Assessment Results – refers to the hazard severity and hazard frequency ratings initially assigned to hazard by the RTA.
Recommendations – refers to the actions recommended by the RTA to address the hazard and to bring it into a level of
risk acceptable to management.
Status – refers to the status of the recommendations. Status may be designated as: not started, open, in progress, or
closed.
During application of the hazard management process, for any hazard identified as an
“unacceptable hazard condition,” as defined in Section 6.2 of this SSPP, the system safety function
will notify the state oversight agency designated point-of-contact within 24 hours. In addition, the
system safety function will conduct an investigation following the basic procedures identified in
Section 10 of this SSPP. At the conclusion of the investigation, the investigation report will be
provided to the state oversight agency for review and comment. Any corrective action plans
developed as a result of the investigation will be reviewed and approved by the oversight agency.
The state oversight agency retains the authority to request a status briefing on any unacceptable
hazardous condition investigation.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
20
�7. Safety Certification
•
Element: A description of the safety certification process required by the rail transit
agency to ensure that safety concerns and hazards are adequately addressed prior to the
initiation of passenger operations for New Starts and subsequent major projects to extend,
rehabilitate, or modify an existing system, or to replace vehicles and equipment.
The rail transit agency may undertake major projects and modifications that require safety
certification. In this section, the rail transit agency should define those projects which require
certification. Examples may include: new rail systems and extensions, the acquisition and
integration of new rail vehicles and safety critical technologies into existing service, and major
safety critical redesign projects, excluding functionally similar replacements.
In addressing these projects, this section of the SSPP should state that the goals of the rail transit
agency’s safety certification program are to verify that identified safety and security requirements
have been met and to provide evidence that the new operating segments/phases are safe and secure
for use in revenue service.
This section should clarify that for each such project, the rail transit agency will develop a Safety
and Security Certification Plan (SSCP) during the preliminary design phase of the project. Prior to
revenue service, a Safety and Security Verification Report (SCVR) will be developed,
documenting the agency’s compliance with its SSCP.
The rail transit agency should briefly describe its process in implementing its safety certification
program, including the following:
1.
2.
3.
4.
5.
develop a certifiable items list;
identify safety and security requirements for each certifiable element;
verify compliance;
issue Certificates of Compliance for each certifiable element; and
issue rail transit agency certification.
This section should also identify final authority to approve the certification of rail transit agency
major projects, extensions, etc. The role of the system safety function should also be described,
including activities to be performed to ensure that:
1. facilities and equipment have been constructed, manufactured, inspected, installed, and
tested, in accordance with safety and security requirements in the design criteria and
contract specifications;
2. operations and maintenance procedures and rules have been developed and
implemented to ensure safe and secure operations;
3. training documents have been developed for the training of operating personnel, and
emergency response personnel;
4. transportation and maintenance personnel have been trained and qualified/certified;
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
21
�5. emergency response agency personnel have been prepared to respond to emergency
situations in or along the right-of-way;
6. safety and security-related system integration tests have been conducted; and
7. security for the segments in operation and the Yard and Shop are addressed.
This section should also clarify that each critical certifiable system element receives a written
safety and security certificate of conformance. When all required certifiable system elements are
certified, a system safety certification statement, signed by the General Manager, is issued along
with a Safety Certification Verification Report. These documents verify the readiness for revenue
service for each operational phase of the system in regards to the safety and security requirements
of the system. If the state oversight agency has additional authorities, beyond the scope of 49 CFR
Part 659, for reviewing or approving this report, they should be stated here.
Finally, the rail transit agency should also identify the major components that form the baseline for
certification. These typically include:
1. manuals of Design Criteria and Standard and Directive drawings which determine the
safety and security requirements to be incorporated in the contract specifications;
2. the Contract Final Design which determines that the safety and security features of
facilities, systems, and equipment are in compliance; and
3. the System Verification Report and Test Plans which form the basis for determining
that safety and security-related inspections and tests have been performed in
compliance with codes and guidelines, and that all facilities, vehicles, equipment, and
procedures can function in a safe and secure manner.
Once the SSCP is adopted, a formal process should specify what happens when a portion of the
system will not be available on time, or equipment which will be placed in service is not complete.
Issuance of such directives as "work-arounds" or "exceptions" should occur only when top
management determines that they are absolutely necessary. If such exceptions prove to be
necessary, all departments involved need to sign off on the process to indicate they fully understand
the nature of the exception and what temporary measures are in place to mitigate any potential side
effects.
The exceptions in place must also be monitored constantly to ensure that neither the procedure nor
the spirit of the mitigating factors are bypassed or removed during the life of the respective
exception. If any type of coordinating committee or communication process is maintained by a
respective rail transit agency, regular reports should be included to ensure all organizational entities
are thoroughly familiar with both the procedure and necessity for each exception.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
22
�8. Managing Safety in System Modifications
•
Element: The process used by the rail transit agency to ensure that safety concerns are
addressed in modifications to existing systems, vehicles, and equipment, which do not
require formal safety certification, but which may have safety impacts, is described.
This section should clearly specify the rail transit agency’s processes and procedures regarding
those maintenance and construction activities that do not require formal safety certification, but that
do require safety inspections and sign-offs prior to placement of the facility, equipment, part, or
vehicle in service (i.e., replacements or repair in kind, etc.). To avoid confusion and to clarify roles
and responsibilities, the rail transit agency system safety function should coordinate with the
maintenance function to develop a formal procedure, if one does not already exist. This procedure
should be referenced in this section.
In addressing this activity, the rail transit agency may require a sign-off prior to the placement of
the modification in revenue service. In this case, coordination and compatibility with the existing
system, construction efforts under operating conditions, and testing and break-in phases must all be
managed as part of the ongoing system safety effort.
The rail transit agency may also include operating and safety department personnel in the design
review process for certain modification activities. Sign-off procedures may be established for the
appropriate departments.
Finally, the rail transit agency may identify the department and person in the organization with
responsibility for ensuring that hazards associated with system modifications are included in the
Hazard Management Process. One function of the organization, usually system safety, should be
delegated with the responsibility of ensuring that any hazards associated with system modifications
of any kind are worked into the Hazard Management Process. In this way any accepted risks
associated with such system changes will be documented and tracked from the outset.
9. Safety Data Acquisition
9.1 DATA ACQUISITION PROCESS
•
Element: The process used to collect, maintain, analyze, and distribute safety data is
clearly defined.
This section should clearly describe the process used by the rail transit agency to collect and
analyze safety data to support improvements in the agency’s safety performance and to monitor
compliance with the agency’s safety goals and objectives. This data can come from multiple
sources, such as daily unusual occurrence logs, operator and supervisor reports, mining of
maintenance data, analysis of vehicle and personnel records, and procurement contracts.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
23
�One of the most important services the safety unit provides for the transit organization is the
collection, maintenance, and distribution of safety data relative to system operation. This data
includes information gathered from not only within the respective system on various operating
characteristics relative to safety, but also from other rail transit agencies, the state oversight agency,
and the FTA. This section should describe the sources of this data, ensuring that all required
reports from all departments within the agency are identified.
As described in the Hazard Management Process section of this SSPP, analysis of this system
specific data can be used to determine trends and patterns in system operation. Used as part of the
hazard management process, data collection and analysis can identify hazards before they cause
accidents by such techniques as trend analysis. It thus becomes a vital component of efforts to
improve system performance, not only in respect to safety, but also in overall delivery of service to
the riding public.
9.2 ACCESS TO DATA
•
Element: The management process for ensuring that the safety function within the rail
transit organization receives the necessary information to support implementation of the
system safety program is clarified.
In addition to describing the safety data acquisition process, the SSPP must address the
management process used to ensure that other departments within the rail transit agency provide
required data to the system safety function. This section of the SSPP should clarify which
departments are responsible for reporting what types of data, and also identify management
controls in place to ensure that this data is delivered to the safety department in a timely manner
and is appropriately validated.
10. Accident/Incident Notification, Investigation and Reporting
10.1 OVERVIEW
•
Element: A description is provided regarding the process used by the rail transit agency to
perform accident notification, investigation and reporting.
This section of SSPP should describe the process used by the rail transit agency to conduct accident
investigations, and to notify appropriate external agencies, including the state oversight agency, the
National Transportation Safety Board (NTSB), and the Federal Railroad Administration (FRA). In
addition, there should be clear links specified between the accident/incident notification,
investigation and reporting process and the hazard management process. Finally, this section
should address the process used by the rail transit agency to develop corrective action plans to
prevent recurrences, and to coordinate review and approval of these plans with the state oversight
agency.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
24
�10.2 ACCIDENT/INCIDENT INVESTIGATION CRITERIA
•
Element: Criteria for determining what accidents/incidents require investigation, and who
is responsible to conduct specific investigations are developed.
A formal policy needs to exist and be fully understood by all organizational elements on exactly
how accidents/incidents will be classified, and how different classifications of accidents/incidents
will be investigated, by whom, and to what level of detail. This policy should include a predetermination regarding such things as thresholds for automatic activation of an investigation,
guidelines on whether incidents should be investigated immediately or after the fact, and who is in
charge of each specific level of investigation. The SSPP should describe these criteria in detail.
10.3 ACCIDENT/INCIDENT INVESTIGATION PROCEDURES
•
Element: A description of the procedures for performing investigations, including proper
documentation and reporting of findings, conclusions reached, use of hazard resolution
process to develop corrective action recommendations, and follow-up to verify corrective
action implementation is provided.
Preparation of appropriate procedures, formats, and approaches for performing investigations must
be documented and properly implemented. Verification of full understanding and compliance with
such procedures by all organizational elements is also required. The SSPP should describe and
reference these procedures. The rail transit agency should also submit these procedures to the state
oversight agency with the SSPP for review and approval.
10.4 INTERNAL NOTIFICATION PROCEDURE
•
Element: Notification thresholds for internal departments/functions are defined.
Predetermination of appropriate notification of accidents and participation in accident
investigations should be understood and available to all involved rail transit personnel. The SSPP
should clearly describe the internal notification procedures and the technology or methods used to
support internal notification.
10.5 EXTERNAL NOTIFICATION PROCEDURE
•
Element: Criteria are specified for notifying external agencies (NTSB, state oversight
agency) of accidents and incidents.
49 CFR Part 659 mandates that each rail transit agency report accidents meeting specific thresholds
to the state oversight agency. The rail transit agency system safety function must notify the state
oversight agency within two hours of the occurrence of an accident or incident meeting the
thresholds specified in FTA’s 49 CFR Part 659. These thresholds include the following:
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
25
�1.
2.
3.
4.
5.
6.
7.
8.
A fatality (death at the scene or where an individual is confirmed dead within 30 days).
Two or more injuries requiring immediate medical attention away from the scene.
Property damage in excess of $25,000.
Any evacuation due to life safety reasons.
Any collision at a grade crossing, regardless of injuries or property damage.
Any main-line derailment.
Any collision with an individual on a rail right of way.
Any collision between a rail transit vehicle and another rail transit vehicle or a rail
transit non-revenue vehicle.
Notification must occur through the means specified in the state oversight agency Program
Standard. In addition, 49 CFR Part 659 requires that the state oversight agency investigate each
accident meeting these thresholds. In the event that the state oversight agency intends to authorize
the rail transit agency to conduct investigations upon its behalf, it will formally review, approve
and adopt the rail transit agency’s accident investigation procedures and submit them to FTA. In
addition, the state oversight agency must formally (in writing) transmit its request to the rail transit
agency, which must receive it. In the event that the state oversight agency plans to conduct
independent investigations, using its own personnel or contractors, the state oversight agency
coordinate this investigation with the rail transit agency.
This section of the SSPP should also identify the criteria utilized to notify other outside agencies.
For example, the NTSB must be notified within two hours for any occurrence involving a
passenger/employee fatality, two or more injuries to employees or passengers requiring admission
to a hospital, an evacuation on the mainline, or a fatality at a rail grade crossing. The NTSB will be
notified within 4 hours for any occurrence that totals or exceeds $25,000. The system safety
function will make these notifications.
FRA thresholds are more inclusive than the FTA thresholds, and only apply to those rail transit
systems with waivers in place for shared track systems or that connect to the general railroad
system. In the event the rail transit agency notifies FRA, it should also notify the state oversight
agency. In addition, if the information is available, the rail transit agency should also notify the
state oversight agency of the NTSB’s intent to investigate the accident. The details for notifying
the state oversight agency are described in the agency’s accident investigation procedure.
10.6 ACCIDENT/INCIDENT REPORTING AND DOCUMENTATION
•
Element: Procedures are established for documenting and reporting on accident
investigations.
It is important that the rail transit agency have a procedure in place for the development, review
and approval of reports and other materials documenting the results of the accident investigation.
This section of the SSPP should reference the appropriate procedure or provide an outline of the
required elements of a rail transit agency investigation activities and reports. The state oversight
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
26
�agency may also specify certain accident investigation reporting requirements. These requirements
should also be included.
10.7 CORRECTIVE ACTION RESULTING FROM ACCIDENT INVESTIGATION
•
Element: Process used to develop, implement, and track corrective actions that address
investigation findings is specified.
The SSPP needs to describe the process used to develop, track, report and verify implementation of
all recommendations and identified needs for corrective actions. The agency should have a process
in place to ensure all necessary corrective actions are completed. The corrective action process and
the parties responsible for the corrective action process should be clearly described and identified
in the SSPP.
10.8 COORDINATION WITH STATE OVERSIGHT AGENCY
•
Element: Coordination with the oversight agency is specified.
In this section, the rail transit agency should describe its process for coordinating the conduct of
accident investigations with the oversight agency, including the delivery of accident investigation
reports and corrective action plans, working with the state oversight agency to receive approvals on
corrective action plans, and providing the oversight agency with status updates.
11. Emergency Response Planning/Coordination/Training
11.1 RESPONSIBILITIES FOR EMERGENCY PREPAREDNESS
•
Element: The agency’s emergency planning responsibilities and requirements are
identified.
In this section of the SSPP, the rail transit agency must identify its responsibilities for ensuring its
readiness to respond to an emergency on its system or to support response to an emergency in its
service area. Responsibilities typically include:
developing an internal Emergency Operations Plan, which includes the rail transit
agency’s Incident Management Organization (IMO) for responding to emergencies and
integrating with the Incident Command System (ICS) established by local responders;
ensuring that the internal Emergency Operations Plan is appropriately coordinated with
the SSPP and the System Security Plan;
developing a Continuity of Operations Plan (COOP);
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
27
�
coordinating with local/county Emergency Management Agencies (EMAs) and other
regional emergency planning groups and committees, to support the integration of rail
transit agency resources and emergency response requirements into the regional
emergency planning and preparedness program;
working with the local/county EMAs and public safety agencies to support regional
programs for addressing requirements specified by the Department of Homeland
Security (DHS) and the Federal Emergency Management Agency (FEMA) for the
National Response Plan (NRP) and the National Incident Management System (NIMS);
ensuring that any emergency preparedness requirements specified in the terms of rail
transit agency’s participation in the Department of Homeland Security, Transit Security
Grant Program (TSGP) or Homeland Security Exercise and Evaluation Program
(HSEEP) are addressed;
coordinating with local public safety agencies and other transportation agencies to
develop memorandum of understanding/agreement;
developing emergency procedures and training for transit employees;
developing emergency awareness training and signage/outreach for passengers and
others who use the system;
conducting emergency exercises to validate and reinforce implementation of procedures
and training; and
supporting familiarization of local responders with the rail transit agency system and
vehicles.
11.2 COORDINATED SCHEDULE
•
Element: A description of the process used by the rail transit agency to develop an
approved, coordinated schedule for emergency management program activities is provided.
Emergency response is a primary component of any rail transit SSPP. This component must
include an approved, coordinated schedule for all emergency response activities. This section of
the SSPP must describe the process through which the rail transit agency develops, distributes and
maintains this schedule. Specific responsibility should be identified by department and job title.
•
Element: Required meetings with external agencies regarding the emergency management
program are specified.
Meetings with outside agencies, participation in training and emergency exercises sponsored by
other agencies, and revision and distribution of the rail transit agency’s Emergency Operations
Plans and emergency response procedures can all be scheduled on an annual basis, with necessary
approvals and checks for completion built in. The process in place for managing this coordination
should be documented in the SSPP.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
28
�Frequently the system safety function is responsible for coordination of these types of emergency
preparedness functions. As part of the regular reports to general management issued by the system
safety function, status reports on emergency preparedness items can automatically be included.
11.3 EMERGENCY EXERCISES
•
Element: The process used to evaluate emergency preparedness, such as annual
emergency field exercises, is documented.
Emergency exercises form the backbone of the process for determining whether emergency
response plans are adequate. While no exercise can recreate the urgency of a real emergency, they
still provide indispensable training and familiarization opportunities for both emergency response
personnel and rail transit agency staff. Flaws in the planned process are also frequently discovered
during the conduct of these exercises and their subsequent debriefings. It should be noted that
emergency exercises need not always be full blown "mock" disasters, but can also be conducted as
simple “walk-throughs” of how employees would respond to a specific set of circumstances, as
well as targeted training opportunities.
In this section of the SSPP, the rail transit agency must describe its process for developing,
scheduling, conducting and evaluating emergency exercises and drills. Coordination with the
DHS, G&T Transit Security Grant Program and the G&T Homeland Security Exercise and
Evaluation Program should be documented as appropriate.
•
Element: After action reports and implementation of findings are required.
The rail transit agency must describe its process for ensuring the preparation and dissemination of
after action reports to document the findings and recommendations from the emergency exercise or
drill. In addition, the rail transit agency must document its approach to tracking the implementation
of recommendations. Integration of relevant findings into the hazard management process should
also be discussed. Finally, coordination with the DHS, G&T Transit Security Grant Program and
the G&T Homeland Security Exercise and Evaluation Program should be documented as
appropriate.
11.4 EMERGENCY PROCEDURES
•
Element: The process is explained to be used by the rail transit agency for the revision and
distribution of emergency response procedures.
The SSPP must reference or describe up-to-date emergency procedures that are accessible to transit
agency emergency response units and external agencies, and explain how revised procedures are
disseminated and communicated to employees and external agencies.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
29
�11.5 EMERGENCY TRAINING
•
Element: The agency’s responsibilities for providing employee training are identified.
An important consideration for handling of emergency situations is internal staff training. It is
imperative that rail transit agency staff have absolute knowledge of both the standard and
emergency operating characteristics of their rail transit agency. This can only be accomplished
through proper initial and refresher training at all operational levels, as well as specifically targeted
training for those staff members who may be involved in handling of emergency situations, while
not necessarily involved in day to day operations. This section of the SSPP should provide an
overview of the rail transit agency’s training program for ensuring proficiency in the response to
the full range of emergencies possible at the system.
11.6 FAMILIARIZATION TRAINING
•
Element: The agency’s responsibilities for providing familiarization training to local
public safety organizations are identified.
Emergency response by its very nature implies significant involvement by outside agencies. Fire
department, police, emergency medical services, and those local agencies involved in handling of
terrorist activities (e.g., bomb threats) must be coordinated by the rail transit agency in order to
ensure the best possible response to emergency situations, as well as realization of maximum
benefit from the expertise contained within these external agencies.
12. Internal Safety Audit Process
12.1 OVERVIEW
•
Element: A description of the process used by the rail transit agency to ensure that planned
and scheduled internal safety reviews are performed to evaluate compliance with the SSPP
is included.
This section of the SSPP must describe the rail transit agency’s approach to developing,
implementing and reporting an internal safety audit process or ISAP. The ISAP is a critical
component of the rail transit agency’s SSPP. Following the procedures developed for the ISAP,
over a three-year period, every one of the 21 elements specified in the rail transit agency’s SSPP
will be reviewed and evaluated for its implementation. During this review, the ISAP process will
determine if all organizational elements, equipment, procedures, and functions are performing as
intended from a safety perspective. In addition, the ISAP measures effectiveness of the SSPP.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
30
�The SSPP must document the process and procedures used to plan, schedule, conduct, evaluate,
and report on the internal safety audits and to ensure that reports are issued, with recommendations
to address any deficiencies or findings. In addition, the revised 49 CFR Part 659 requires additional
involvement of the state oversight agency in this process. These requirements must be addressed as
well.
12.2 SCOPE OF ACTIVITIES
•
Element: Identification of departments and functions subject to review is performed.
The objectives of the internal safety audit process are to provide a mechanism for determining the
effectiveness of the rail transit agency SSPP and to assess its level and quality of implementation.
Specifically, internal safety audit objectives are to:
verify that safety programs have been developed/implemented in accordance with SSPP
requirements;
assess the effectiveness of the rail transit agency’s system safety programs;
identify program deficiencies;
identify potential hazards in the operational system and weaknesses in the system safety
programs;
verify that corrective actions are being developed, implemented and tracked to closure
to address deficiencies and potential hazards;
recommend improvements to the rail transit agency SSPP;
provide management with an assessment of the status and adequacy of the system
safety program; and
assure continuing evaluation of safety-related programs, issues, awareness and
reporting.
Based on a careful review of these objectives and the activities addressed in the SSPP, the rail
transit agency should identify the organizational units and functions which are subject to the
internal audit process. A list of these organizational units and functions should be included in the
SSPP.
A thorough ISAP must provide top management with a mechanism for documenting the fact that
key elements of the organization are performing specified functions. These organizational
elements must include all key elements with identified system safety responsibilities as specified in
the SSPP.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
31
�12.3 AUDIT PROCESS
12.3.1 Integrity of Audit Process
•
Element: Auditors must be independent from the first line of supervision responsible for the
activity being audited.
This section of the SSPP must identify the rail transit agency personnel responsible for performing
the ISAP, and specify requirements to protect against individuals auditing their own work.
Required interfaces with the system safety function must also be specified.
In some instances, the system safety function of the rail transit agency will be responsible for
implementation and oversight of the ISAP, however, each rail transit agency must be able to tailor
such responsibilities to its own unique organizational structure. The overriding philosophy which
must be protected regardless of structure is the independent nature of the audit process. The unit in
charge of auditing must not be the unit in charge of implementation of the items being audited.
12.3.2 Cycle/Schedule
•
Element: A three-year audit schedule must be developed, reviewed, maintained and
updated to ensure that all 21 SSPP elements are reviewed during the audit cycle.
This section of the SSPP must specify the requirement to develop a three-year schedule depicting
all 21 audits to be performed. This schedule must be disseminated within the rail transit agency,
and also delivered to the state oversight agency. Responsibility for scheduling audits must be
clearly identified, by department and job title. Regular dissemination of the audit schedule will
support awareness of the ISAP throughout the rail transit agency. Annual schedule updates of this
schedule must be provided to the state oversight agency with the Annual Audit Report (see Section
12.3.5).
Audited departments must know when to expect audits. Audits must be scheduled so that they are
as unobtrusive as possible. Unannounced inspections or spot audits must be approved as part of the
overall audit process with concurrence of general management.
12.3.3 Checklists and Procedures
•
Element: The process for conducting reviews, including the development of checklists, and
procedures for conducting audits and issuing of findings is described.
To guide the performance of the ISAP, and to ensure its integrity, a set of ISAP procedures and
checklists must be developed for all 21 audits. The procedures and checklists must be reviewed and
approved by the rail transit agency, and submitted to the state oversight agency. The procedures
must include the new requirement, specified in 49 CFR Part 659, that the rail transit agency must
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
32
�notify the oversight agency no less than thirty days prior to the conduct of each internal audit. The
oversight agency retains the authority to observe each internal safety audit.
This requirement ensures that a list of items to be audited will be prepared in advance and that the
methodology for conducting the audit will be clearly specified. When necessary, audited
departments should be given time to produce necessary documentation. This does not preclude
spot check of individual records, such as maintenance records or personnel qualification records,
however, the cooperative nature of the audit process must be maintained.
12.3.4 Audit Reporting
•
Element: The process for resolving problems and disagreements, report distribution, and
follow-up on corrective action procedures is described.
In order for an internal audit to be effective, the results of the audit must be used for positive, allencompassing corrective actions. This does not occur if the audit report is not an official document
which is automatically provided to all appropriate levels of management. This section of the SSPP
must specify that an audit report will be prepared to document the results of each internal audit. At
a minimum, this report should contain a brief overview of the activities performed, the completed
checklists, and any findings, recommendations or concerns identified. This report may be delivered
in draft to the audited department for a period of review and comment prior to finalization.
Each ISAP report, or an executive summary, should be provided to the chief executive officer and
the individual, respective departments. To support discussion of results and the development of
action plans to address findings, various techniques such as audit coordination meetings and
management briefings can be used to make the process as unobtrusive as possible, while still
providing valuable input to each respective department being audited as to areas of concern and
possible corrective actions.
It is also important to design the process so that it is construed as a positive force in the
organization. While the internal audit should be as cooperative as possible, there must also be an
administrative process to deal with any problems or disagreements which develop. It should be
emphasized that the audit process is only a management tool which provides assistance in
discovering possible problem areas. By itself, it should not be considered an internal regulatory or
decision making process. Final authority for all decisions always rests within the management
structure as prescribed by the individual organization.
The SSPP must specify that a summary of recommended corrective actions, if any, must be
included in each audit report. Corrective actions approved by management must then be formally
tracked for compliance. In addition, a tracking log must be maintained by the system safety
function, documenting the status of all recommended corrective actions.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
33
�12.3.5 Annual Audit Report
•
Element: The SSPP must describe the requirement of an annual audit report that
summarizes the results of individual audits performed during the previous year and
includes the status of required corrective action items. This report must be submitted to the
state oversight agency for review and approval.
This section of the SSPP must state that the rail transit agency will prepare an annual audit report
documenting its activities and findings over the last year, and submit this report to the state
oversight agency for review and approval. To support preparation of this report and its review by
the state oversight agency, formal documentation of all aspects of the internal audit process must be
maintained. Included in this documentation, should be all necessary reports to general
management, respective departments, and the state oversight agency.
As specified by the state oversight agency, the annual report may include the following
information:
a listing of the internal safety and security audits conducted for that year;
a discussion of where the RTA is in meeting its three-year internal audit schedule,
including the identification of any obstacles in meeting the schedule and any proposed
mitigation measures;
an updated schedule for the next year’s audits;
the status of all findings, recommendations and corrective actions resulting from the
audits conducted that year; and
any challenges or issues experienced by the RTA system safety function or
security/police function in obtaining action from/compliance with these findings,
recommendations and corrective actions during that year.
12.3.6 Coordination with the Oversight Agency
•
Element: The ISAP process and reporting must be coordinated with the state oversight
agency.
The SSPP must identify the role of the state oversight agency in monitoring and overseeing
implementation of the ISAP at the rail transit agency. In this capacity, the state oversight agency
may request completed reports and status updates regarding the implementation of
recommendations. In addition, results from the ISAP may feed into the hazard management
process, which is also overseen by the state oversight agency.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
34
�12.3.7 Audit Completeness
•
Element: The ISAP process should be comprehensive.
The SSPP should identify the types of documentation that may be required to ensure audit
completeness: Maintenance Procedures, Training Manuals, Proceedings of Meetings, Equipment
Specifications, Rules/Regulations, Management Program Plans, System Safety Program Plan,
Standard Operating Procedures, Emergency Procedures, Configuration Management Plan,
Hazardous Materials Management Plan, Administrative Procedures, Rule Book, Safety Rules, Fire
Codes, and Engineering Design Criteria.
While ongoing inspections may be conducted on an unannounced basis, actual audits should be
done on a coordinated basis, with full management support. Once schedules are approved by
general management, all involved departments must provide absolute cooperation.
13. Rules Compliance/Procedures Review
13.1 OVERVIEW
•
Element: Operating and maintenance rules and procedures that affect safety are identified.
All rail transit systems should have a written expression of their policies and practices. These
policies and practices are conveyed in various general and specialized rulebooks, operating
bulletins, special orders, standard operating procedures and/or other similar documents, generally
referred to as rules and procedures. Operating rules and procedures are created to promote safe,
efficient, timely, and customer-oriented transit operations. Adherence to these operating rules is
necessary to achieve these objectives. A rules compliance program is needed to verify adherence to
operating rules.
The SSPP should identify all of the rules and procedures that affect passenger and employee safety,
and, as such, are subject to compliance monitoring activities. These rules and procedures may also
be reviewed during the ISAP, and/or the rail transit agency’s activity to update its SSPP. This
identification should include all safety-critical operating and maintenance rules and procedures.
13.2 REVIEW OF RULES AND PROCEDURES
•
Element: Operating and maintenance rules and procedures that affect safety are reviewed
for their effectiveness and determinations are made regarding their need to be updated.
The SSPP should describe the process used by the rail transit agency system safety function and
supporting committees to review safety-critical operations and maintenance rules and procedures
and to make determinations regarding whether they need updating. Procedures for document
control and the methods for disseminating updates should also be described. Roles and
responsibilities should be identified, by department and job title.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
35
�13.3 PROCESS FOR ENSURING RULES COMPLIANCE
•
Element: Description of process for developing, maintaining, and ensuring compliance
with operating and maintenance rules and procedures.
The benefits of rules and procedures come from their implementation and use, which can only be
assured through periodic review and follow-up. Each rail transit agency shall develop a formal
process of observations to evaluate and verify that rules are followed. Each rail transit agency must
define its Rule Compliance program to verify and evaluate that its rules are followed. This program
must be described in the SSPP.
13.4 COMPLIANCE TECHNIQUES – OPERATIONS AND MAINTENANCE PERSONNEL
•
Element: Techniques used to assess the implementation of operating and maintenance
rules and procedures by employees, such as performance testing/compliance checks.
While each rail transit agency shall develop its own requirements for assessing compliance with
rules, the following elements must be included:
1. Evaluation Process: The rail transit agency must define which job classifications and
job functions will be evaluated.
2. Organizational Responsibility: The rail transit agency must define which part or parts
of the organization/departments or areas will administer the rule compliance process.
This includes monitoring the compliance program to verify if it is being followed
according to established policies and standards. The rail transit agency must establish
the minimum level of qualification required to perform the function of an evaluator.
3. Evaluation Cycle / Definition of the Frequency of Compliance Checks: The rail
transit agency must determine the evaluation frequency. The rail transit agency should
consider the size and complexity of its operation in establishing the evaluation cycles.
4. Method of Verification: In determining the method, the rail transit agency must
consider characteristics such as various times of the day, days of the week, geographic
locations, system features and/or other appropriate practices/conditions. Compliance
Checks will be observations of operational personnel performing their jobs/duties.
Observations will be performed in a methodical, objective manner. The means of
collecting data (i.e., forms, electronic, other) shall be standardized along with specific
instructions for conducting the compliance checks. Observers must be trained in the
methods of collection and proper documentation of the observations.
5. Automated Verification: Some rail transit agencies have automated means of
monitoring rule compliance. The following elements should be monitored to the extent
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
36
�possible of the rail transit agency’s capabilities: on-time terminal dispatches;
unauthorized train operation; improper train operations; proper vehicle speed; signal
conformance; and nullification of operating / safety device.
13.5 COMPLIANCE TECHNIQUES – SUPERVISORY PERSONNEL
•
Element: Techniques used to assess the effectiveness of supervision relating to the
implementation of operating and maintenance rules.
In the SSPP, the rail transit agency must also describe is process for ensuring the effectiveness of
supervisors in implementing operating and maintenance rules. This process may be similar to the
one used for operations and maintenance personnel as described above or may be based on other
methodologies.
13.6 DOCUMENTATION
•
Element: Process for documenting results and incorporating them into the hazard
management program.
In the SSPP, the rail transit agency must describe its process for maintaining records of compliance
observations and corrective actions. The rail transit agency must also determine acceptable levels
of compliance and have defined corrective actions or guidelines to address non-compliance.
14. Facilities and Equipment Inspections
14.1 FACILITIES AND EQUIPMENT SUBJECT TO INSPECTION
•
Element: Identification of the facilities and equipment that are subject to regular safety
related-inspection and testing is provided.
The SSPP must specify the general categories of facilities and equipment with safety-related
characteristics and corresponding inspection requirements. In addition the SSPP must describe the
process for developing and maintaining a custom list at the rail transit agency.
14.2 REGULAR INSPECTION AND TESTING
•
Element: A description of how safety-related equipment and facilities are included in a
regular inspection and testing program is provided.
The SSPP should describe the rail transit agency’s approach to implementing a regular cycle of
inspections for facilities and safety-related equipment along with a list of exactly which items are to
be inspected. Observations of defective or missing equipment of course should be reported
whenever observed.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
37
�For example, the SSPP may specify that all rail transit agency operating and maintenance facilities
undergo a complete inspection by the system safety function at least once a year to ensure the
safety and health of employees. Individual maintenance shops within the maintenance facilities are
formally inspected on a monthly basis. These inspections are conducted using inspection forms,
and include inspections to verify OSHA compliance, personal protective protection utilization,
inspections of equipment, housekeeping inspections, inspections to verify industrial hygiene
practices, etc. However, informal inspections may be conducted at any time. Inspection reports are
issued which list the hazards and the safety and health problems found during the inspection.
Follow-up inspections and reports are completed within 30 days. The department responsible for
the inspected area is required to provide a schedule of corrective actions within 30 days. Follow-up
inspections and reports are made 30 to 60 days after the initial inspection.
For equipment inspections, the SSPP may require that equipment inspections are made in
accordance with manufacturer guidelines, industry-accepted standards and practices. The SSPP
may also specify that track inspections will conform to FRA standards, such as: walking
inspections twice a week; riding inspections by track inspectors twice a week; ultrasonic inspection
once a year; and gage and other geometry measurements twice each year. Also, a sweep of the
alignment will be performed by the first train each morning. The yard & shop areas are inspected
monthly. Routine inspections of the structures, bridges, inverts, and aerial guideways are
performed at established cycles using approved guidelines.
The system elements such as train control/signaling, grade crossing equipment, traction power,
SCADA, and OCS are inspected at established cycles based on the manufacturer guidelines and
industry experience. The periodicity of these inspections may be varied based on climatic
conditions and corrective maintenance demands.
Rail vehicle inspections are made in accordance with industry-accepted procedures including
periodic inspections specified by the Maintenance and Servicing Manual and the Heavy
Maintenance Manual. Operators also perform visual inspections and relevant systems checks prior
to service-start.
14.3 CHECKLISTS
•
Element: Use of a written checklist for conducting facility inspections.
The SSPP should require use of a written checklist when conducting facility inspections. This
checklist will ensure a more uniform and complete audit.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
38
�14.4 COORDINATION WITH HAZARD MANAGEMENT PROCESS
•
Element: Descriptions of how identified hazardous conditions are entered into the Hazard
Resolution Process.
The SSPP must require that results from facilities and equipment inspections are closely
coordinated with the rail transit agency’s hazard management process. The SSPP should provide a
description of how hazards identified during these inspections are integrated into the hazard
management process.
15. Maintenance Audits/Inspections
15.1 SYSTEMS AND FACILITIES SUBJECT TO MAINTENANCE PROGRAM
•
Element: A list of systems and facilities subject to a maintenance program, along with
established maintenance cycle and required documentation of maintenance performed for
each item, is provided.
This section of the SSPP needs to list all of the systems and facilities subject to the rail transit
agency’s maintenance program. The maintenance cycle, a description of the maintenance to be
conducted, and the required documentation of the maintenance to be performed needs to be
detailed. The SSPP also needs to include a description of the type of maintenance audits the rail
transit agency will conduct. This description should include the audits/inspections conducted by
the front line maintenance employees and by the system safety function. The audits conducted
should be a comprehensive process and including auditing whether the correct procedures are being
followed, and the quality and timeliness of the work performed.
15.2 RESOLUTION OF AUDIT/INSPECTION FINDINGS
•
Element: A description of the process for tracking and resolving problems identified
during inspections is provided.
This section of the SSPP must describe the process used to ensure that all issues identified during
maintenance audits/inspections are addressed and/or resolved. It is imperative that proper
corrective actions be prescribed, implemented, and tracked as part of this process. Such audit
records become extremely valuable tools in establishing that the respective management
organization is reasonable and prudent in discharging its professional responsibilities. Since
accidents are prevented by such preparation and double checking, the audit/inspection process
should be considered an excellent way of minimizing costly litigation.
Safety critical systems, such as track, structures, train control, transit vehicles, tunnel ventilation
and flood control, elevators, escalators, and communications are inspected/tested and/or serviced
on a scheduled, periodic basis. Should such systems be found in a failed or to be in an out-oftolerance condition, in such a manner that would present a hazard, the SSPP should state that
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
39
�applicable operations will be restricted to maintain safety until such time a appropriate remedial
action has been completed. Equipment found to be in a failed or out of tolerance condition are
recorded and tracked by the responsible maintenance department. These discrepancies are not to
be closed out until repairs are completed. In the case of transit vehicle maintenance, should a
vehicle not receive the prescribed preventive maintenance within the required maintenance
schedule, the vehicle is to be withheld from revenue service.
15.3 CHECKLISTS
•
Element: Use of a written checklist for conducting maintenance audits is required.
A checklist should be used to document the maintenance audits conducted by System Safety and by
maintenance employees. This checklist helps ensure a more uniform and complete audit, and will
direct maintenance audits/inspections to focus on adherence to schedule, application of standards
and procedures, and record keeping.
16. Training and Certification Review/Audit
16.1 OVERVIEW
•
Element: A description of the training and certification program for employees and
contractors is provided.
The SSPP should provide a description of the program in place for rail transit agency employees
and contractors to ensure their consistent and complete training and their capabilities to perform
their job activities safety and in compliance with rail transit agency rules and procedures. Such a
program requires employees to have a base knowledge that is consistent across their particular job.
The program also ensures that the rail transit agency provides initial certification and refresher
training.
•
Element: Categories of safety-related work requiring training and certification are
identified.
Proper qualification of operating and maintenance personnel is a vital part of a safe transit
environment. The SSPP should describe the categories of safety-related work that require training
and certification.
16.2 EMPLOYEE SAFETY
•
Element: Description of the training and certification program for employees and
contractors in safety-related positions is provided.
The SSPP should describe each of the agency’s training and certification programs including
general course content and grading procedures. For example, each rail transit agency should
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
40
�develop initial qualification and refresher training programs to ensure that employees demonstrate
an understanding and proficiency in the application of rules, procedures, and equipment.
Such characteristics as consistency over several classes, and effective and equitable testing of
personnel in both initial and recurrent training should be part of the evaluation process. While the
training program elements and content will be specific to the rail transit agency, the SSPP should
describe the process applied to ensure that training staff, designated by the rail transit agency, are
qualified by training and/or experience. Training staff shall be responsible for the preparation,
maintenance, and provision of the training program.
As described in the SSPP, the qualification training program should include the following forms of
instruction. Refresher and familiarization training/training for change can use any combination of
the following forms: classroom instruction; field instruction (e.g., set up a train with a problem to
simulate a unique situation); and on-the-job instruction (e.g., in revenue or non-revenue conditions
or both).
The rail transit agency should establish durations for its training programs. The rail transit agency
should also conduct periodic internal reviews of the complexity and types of its equipment, system
characteristics, and performance to verify the adequacy of the time period allocated for training.
The length of the training program is flexible. The rail transit agency shall allow adequate time in
the training program for daytime and nighttime, and peak hour practice train operation. The SSPP
should also specify that employee training is coordinated with the rail transit agency’s Employee
Safety Program (discussed in Section 18).
16.3 CONTRACTOR SAFETY
•
Element: Description of the training and certification program for contractors is provided.
While employees of contractors do not come under the direct jurisdiction of rail transit agencies,
when contractors work on transit property, especially under operating conditions, certain
requirements must be applied to all members of the contractor work force. This is essential for the
safety of passengers, transit employees, contractor employees, and protection of transit property.
The contractor and all contractor employees must be clear right from the outset that the rail transit
agency is in charge and all necessary rules and procedures will be followed without exception.
The rail transit agency, and the responsible units, must ensure that all contractor personnel: 1) are
instructed on the procedures, 2) know the procedures, and 3) follow the procedures. Sanctions
which will be imposed must be spelled out from the beginning, and if possible, included in the
contract.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
41
�16.4 RECORD KEEPING
•
Element: The process used to maintain and access employee and contractor training
records is described.
The SSPP should describe the way in which a permanent file of personnel training records are
maintained by the transit agency.
16.5 COMPLIANCE WITH TRAINING REQUIREMENTS
•
Element: The process used to assess compliance with training and certification
requirements is described.
The SSPP needs to describe the process utilized to assess compliance with training and certification
requirements. This process may include reviews of records and observations of training courses to
evaluate: familiarization of equipment, operating conditions, procedures and practices, classroom
training, performance/practice training, testing with established scores based on the nature,
complexity and safety sensitivity of the material, application of standardized criteria for all
elements such as length and type of training, locations (e.g., yards, routes, etc.), rail vehicle
equipment, and specific topics to be included, (e.g., use of fire extinguishers, yard operations,
signal tests, troubleshooting, etc.), post-qualification review of employee performance, including
employee records and in-person interviews.
17. Configuration Management
17.1 OVERVIEW
•
Element: A description of the configuration management control process is provided and
appropriate references are made to other rail transit agency documents governing this
process.
Configuration Management is a process which ensures, as much as possible, that all rail transit
property, equipment, systems design elements, etc., are documented as to configuration accurately
and completely. Any changes to an individual sub-system, or a fleet/inventory wide change should
be recorded on as-built drawings in a timely and effective manner.
For most rail transit agencies, configuration management requirements are established in separate
Configuration Management Plans (CMP) or procedures. These requirements are included in major
contracts to assure that changes to design of equipment and facilities are adequately documented
and approved. Contractors are required to submit "as-built" drawings and update manuals and
procedures. Changes to designs, after completion of design reviews, are coordinated with the rail
transit agency.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
42
�The SSPP should reference the CMP or configuration management procedure, and provide a brief
description of the process used by the agency. In most cases, rail transit agencies use baseline
management to ensure that the technical baseline (as established at the time of Safety Certification
for Revenue Service for New Starts or at another time for existing systems) is defined and
controlled throughout maintenance and operations, and that the end products satisfy the technical
and operational requirements derived from the system needs. At specific points in time, selected
documentation is formally designated and approved as part of the technical baseline. The
operations and maintenance technical baseline is the final as-built documentation and system
performance requirements. In this manner, configuration management includes certain specified
contractual documents, operations and maintenance documents, and safety and security documents.
17.2 PROCESS FOR CHANGES
•
Element: Process for making changes is described.
The rail transit agency establishes policy, responsibility and procedures for configuration control to
ensure the continued design integrity of the system, subsystems, equipment and facilities.
Achieving this integrity requires that configuration changes to the defined system elements are
properly coordinated, reviewed, approved, documented, and implemented. The SSPP must
describe this process.
In general, system changes are changes to the configuration and supporting documentation that are
precipitated by need for new or revised: alignment extensions/upgrades, equipment extensions;
systems; quality improvement initiatives; unforeseen conditions discovered during operations; and
maintenance activities which require a re-design of a system or its component(s) and so on.
System and/or element changes which affect design and/or operations and maintenance of rail
transit agency are reviewed and recommendations are made by a designated committee or function
within the rail transit agency regarding requests for configuration management changes. System
modifications to the operating system or design extensions are controlled by a systematic review
and approval process which includes representatives from a variety of committees and functions,
including the system safety function. The SSPP should describe this process, including the
committees and functions and their roles and responsibilities.
Special processes may be in place for addressing issues such as computer software configuration
management. Because of its significance, computer software may be managed and controlled in
accordance with a designated software management process or applicable procedures, which may
be separate from, or referenced in, the rail transit agency’s CMP. These processes may apply to
software and firmware that is developed in-house, licensed or procured from a commercial vendor,
obtained from another organization, or otherwise acquired and used in rail transit agency
applications. The SSPP should also describe these processes.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
43
�17.3 AUTHORITY FOR CHANGE
•
Element: Authority to make configuration changes is described and assurances are
provided for formal notification of all involved departments.
The SSPP should describe the process used to make changes using the rail transit agency’s
configuration management process. At a minimum, this should include: procedures for the
authority to make configuration changes, the process for incorporating these changes into all
appropriate documentation, and the process for ensuring that all necessary units, including the
system safety function, are formally made aware of such changes. It is also recommended that the
process be coordinated or combined with the System Modification Review and Approval Process
and the Safety Certification Process, described in Sections 7 and 8 of the SSPP. Notification of
changes, especially individual unit changes, cannot always occur in advance. It should be a
requirement, however, that all units be informed of such changes as expeditiously as possible.
18. Compliance with Local, State and Federal Requirements
18.1 EMPLOYEE SAFETY PROGRAM
•
Element: A description of the safety program for employees and contractors that
incorporates the applicable local, state, and federal requirements is provided.
The SSPP should describe the rail transit agency’s Employee Safety Program. While it is difficult
to develop a generic program, at a minimum, those elements required by local, state or federal law
must be incorporated into the Employee Safety Program. These include such elements as
Employee Right To Know requirements for hazardous materials and Occupational Safety & Health
requirements promulgated by the Occupational Health and Safety Administration (OSHA) or state
and local authorities. It is emphasized that these are only minimum programs, and that efforts
should be made to maintain a thorough Employee Safety Program above and beyond these
minimums.
For many rail transit agencies, Occupational, Environmental, Safety and Health (OES&H)
programs are high priorities. The system safety function may be responsible for monitoring
implementation of these programs, while designated safety officers or supervisors/managers within
Rail Operations, Maintenance and Construction may be responsible for ensuring compliance with
safety programs, all applicable OSHA standards and local codes. Generally, it is the responsibility
of each department manager and supervisor to ensure a safe and healthy work environment for all
employees under their direction. The rail transit agency Human Relations function may have the
responsibly for ensuring that employee information bulletin boards are posted and maintained.
The rail transit agency may also conduct regular industrial hygiene studies such as air quality, noise
level, hazardous materials, including wastes, and environmental stresses, to evaluate the degree of
employee or patron exposure to chemical and physical agents encountered in the work
environment, including the office environment. The survey results are utilized to determine the
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
44
�necessary corrective action, including engineering and administrative controls and/or the required
use of personal protective equipment. Reports of the industrial hygiene study are submitted to all
affected departments.
Industrial hygiene studies may be performed on a hazard priority basis to identify and eliminate
exposures that exceed the Threshold Limit Value (TLV) and Permissive Exposure Level (PEL).
These priority levels are typically established by the system safety function through an evaluation
of the work processes, including type of work performed, types of chemicals or hazardous
materials used to which persons are exposed, frequency and duration of exposure, and number of
employee (or patrons) exposed. Examples of high priority exposures include: airborne
concentrations of lead, silica and other toxic particulates and aerosols, organic solvents and
excessive noise levels.
In addition, physical examinations may be coordinated through the system safety function to
monitor the health and welfare of employees, and to identify workplace conditions which may
jeopardize their safety and health.
Finally, for construction projects, specific procedures are in place to ensure worker protection and
public safety by fostering an awareness and concern for safety on the job site. Implementation of
these procedures is the responsibility of the rail transit agency. The Construction function, in
coordination with the system safety function, administers a program to address these procedures
and their use in the field. Referenced documents for this program also contain requirements
concerning contractor and subcontractor safety programs and implementation requirements.
Manuals and training courses have been developed and include communication requirements
including applicable federal, state and local OSHA requirements. Activities include: (i) providing
basic E, S&H training to employees, (ii) training in fire prevention, industrial hygiene and
environmental compliance, and (iii) administering the Substance Abuse Prevention and Security
programs for E, S&H staff. All accident reports are reviewed and processed by appropriate rail
transit agency staff and management.
18.2 WORKING ON OR NEAR RAIL TRANSIT CONTROLLED PROPERTY
•
Element: Safety requirements that employees and contractors must follow when working
on, or in close proximity to, rail transit agency controlled property.
The SSPP must describe the safety program established for employees and contractors working on,
or in close proximity to, rail transit controlled property. Typically, the system safety function,
working with the construction function, administers this program. Contractors are required to
comply with all applicable OSHA standards for the safety of their own employees as well as to
safeguard rail transit agency employees, contractors, passengers and the public. All employees and
contractors working on, or interfacing with, the rail transit agency are required to attend safety
training while working on the operating system. This training course may be developed jointly by
the operating function and the system safety function. The rail transit agency’s Operating and
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
45
�Safety Rules and Procedures are typically included in each construction contract, and these rules
and procedures bind contractors and employees performing work on the operating system.
18.3 COMPLIANCE WITH REQUIRED SAFETY PROGRAMS
•
Element: Processes for ensuring the employees and contractors know and follow the
requirements are described.
The SSPP must describe the rail transit agency’s process for supporting compliance with the
Employee and Contractor Safety Programs. Each rail transit manager and supervisor is typically
responsible for having knowledge of, and enforcing compliance with, all applicable federal and
state OSHA laws, standards and regulations. Although OSHA stipulates that employees are
responsible for complying with OSHA standards, many rail transit agencies consider that it is
responsible for the employees’ compliance. As a result, the rail transit agency may ensure that
procedures are established by all departments that facilitate disciplinary action against those
individuals who fail to comply with applicable OSHA laws, standards, and regulations.
Examples of types of employee actions that require disciplinary action are: failure to use/wear
required personal protective equipment, failure to follow appropriate chemical handling
procedures, and the unauthorized modification of safety equipment and devices.
19. Hazardous Materials
•
Element: A description of the hazardous materials program, including the process used to
ensure knowledge of and compliance with program requirements is provided.
Transit agencies must have a process to ensure that the appropriate employees are familiar with the
Hazardous Material Program and the Employee Safety Program. This process should be described
in the SSPP.
Most rail transit agencies come under the jurisdiction of either state or federal Environmental
Protection Agencies. It is incumbent on each system to determine which regulations it must follow
and then ensure all organizational elements are aware of these requirements and how they must be
followed. Fundamental requirements of the Right-To-Know laws/standards are included in basic
training and the rail transit agency’s Hazard Communication Program. The system safety function
enforces procedures that ensure compliance with the standards by employees of all departments.
Material Safety Data Sheets (MSDS) for all chemicals and other hazardous materials that are being
considered for purchase and use are reviewed and evaluated by the system safety function for
approval, prior to use. The user will furnish the manufacturer’s MSDS for hazardous products, and
information on the planned use and application methods. The rail transit agency procurement
department will ensure that the system safety function has submitted written approval of requested
materials prior to procurement.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
46
�The rail transit agency trains its employees in the use of chemicals and hazardous materials.
Follow-up are conducted on the field use of approved products to ensure that safe, proper handling
methods are utilized. Appropriate personal protective equipment (PPE) is also provided and its use
is required, as specified, by the rail transit agency. Rail transit agency management and
supervisory personnel are responsible for providing the necessary PPE and enforcing its use by
employees.
20. Drug & Alcohol Abuse
•
Element: A description of the drug and alcohol program and the process used to ensure
knowledge of and compliance with program requirements is provided.
The abuse of legal drugs, the misuse of alcohol, and/or the use of illegal drugs by rail transit agency
employees poses a serious risk of harm to the health and safety of the public and to other
employees. Moreover, the use of illegal drugs, on or off duty, is inconsistent with the law-abiding
behavior expected of all citizens, and with the special trust placed in such employees as public
servants in the field of transportation.
Since virtually all rail transit agencies require federal funds for continued growth and operation, the
Drug Testing Requirements of the FTA now form the basis for the drug and alcohol abuse
programs. The SSPP must describe the Drug and Alcohol Abuse Program of the agency and must
explain that the Drug and Alcohol Abuse Program includes FTA and US DOT requirements (49
CFR Parts 40, 653, and 654). The Drug and Alcohol Abuse Program of the transit agency must also
comply with the Drug Free Workplace Act and the SSPP should acknowledge this compliance.
In addition, in this section of the SSPP, the rail transit agency should describe its Employee
Assistance Program (EAP) and/or Substance Abuse Program (SAP). Through these programs, rail
transit agencies provide an opportunity for employees to deal with drug and alcohol-related
problems. Any employee who voluntarily requests assistance in dealing with a personal drug
and/or alcohol problem may do so through the EAP and/or SAP in complete confidence and
without jeopardizing his/her employment with rail transit agency solely because of the request for
assistance. Other treatment programs for drug and alcohol problems are available through the
health and welfare provider selected by rail transit agency. The immediate discontinuation of any
involvement with alcohol or drugs is an essential requisite for participation in any treatment
program. Although employees are encouraged to receive help for drug or alcohol problems,
participation in an EAP and/or SAP will not excuse an employee’s failure to comply with the
requirements of the Policy.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
47
�21. Procurement
•
Element: A description of the measures, controls, and assurances in place to ensure that
safety principles, requirements, and representatives are included in the rail transit agency
procurement process.
System safety should encompass the routine procurement of supplies, materials, and equipment.
Procedures must be in place and enforced to preclude the introduction into the transit environment
of unauthorized hazardous materials and supplies, as well as defective or deficient equipment. The
SSPP must describe the process that is used to prevent inadvertent acceptance of unauthorized
materials or defective items.
In addition, the SSPP must describe the process used by the rail transit agency to ensure that all
hazardous materials are procured in a safe and controlled manner. The procurement of hazardous
materials must follow all state and federal regulations. The SSPP must describe the measures used
to ensure safe procurement these hazardous materials, and where appropriate, reference other
procedures or manuals.
The transit agency must also have a quality assurance program in place to assure that new materials
used for maintenance or construction activities have been assessed for safety concerns or safety
hazards. The SSPP must describe and/or reference this quality assurance program.
Program Requirements for the Development of Rail Transit Agency System Safety Program Plans
48
�Appendix F: State Oversight Agency SSPP Review Checklist
�Checklist for Reviewing the System Safety Program Plan
Rail Transit Agency (RTA) ___________________________________________________________________________
State Oversight Agency Reviewer ___________________________
#
1.
2.
3.
CHECKLIST
ITEM
Policy
Statement
Purpose, Goals
and Objectives
Management
Structure
Date __ _______________
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A policy statement is developed for the System Safety
Program Plan (SSPP).
•
The policy statement describes the authority that
establishes the system safety program plan.
•
The policy statement is signed and endorsed by the rail
transit agency’s chief executive.
•
The purpose of the SSPP is defined.
•
Goals are identified to ensure that the SSPP fulfills its
purpose.
•
Objectives are identified to monitor and assess the
achievement of goals.
•
Stated management responsibilities are identified for the
safety program to ensure that the goals and objectives
are achieved.
•
An overview of the management structure of the rail
transit agency is provided including an organization
chart.
•
Organizational structure is clearly defined and includes:
o
History and scope of service,
o
Physical characteristics, and
o
Operations and Maintenance.
•
A description of how the safety function is integrated
into the rest of the rail transit organization is provided.
•
Clear identification of the lines of authority used by the
rail transit agency to manage safety issues is provided.
1
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
4.
5.
CHECKLIST
ITEM
Plan Review
and Modification
Plan
Implementation
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
An annual assessment of whether the system safety
program plan should be updated is specified.
•
The process used to control changes to the system
safety program plan is described.
•
Specific departments and persons responsible for
initiating, developing, approving, and issuing changes to
the SSPP are identified.
•
Required coordination with the oversight agency
regarding plan modification, including timeframes for
submission, revision, and approval, is addressed.
•
A description of the specific activities required to
implement the system safety program plan is included.
•
Tasks to be performed by the rail transit safety function,
by position and management accountability, are
identified and described.
•
A description of the methodologies used by the system
safety function to achieve their safety responsibilities
should be provided.
•
Safety-related tasks to be performed by other rail transit
departments, by position and management
accountability, are identified and described.
•
A task matrix (or an equivalent narrative description)
showing: all identified safety responsibilities, interfaces
among all rail transit units responsible for each task, and
the key reports or actions required, should be provided.
2
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
6.
CHECKLIST ITEM
Hazard Management
Process
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
The process used by the rail transit agency to
implement its hazard management program,
including the role of the oversight agency in
providing on-going communication, is
described.
•
The hazard management process includes
activities for: hazard identification, hazard
investigation, evaluation, and analysis, hazard
control and elimination, hazard tracking.
•
Requirements for on-going reporting to the
oversight agency relating to hazard
management activities and status are
specified.
7.
Safety Certification
Process
•
A description of the safety certification
process required by the rail transit agency to
ensure that safety concerns and hazards are
adequately addressed prior to the initiation of
passenger operations for New Starts and
subsequent major projects to extend,
rehabilitate, or modify an existing system, or
to replace vehicles and equipment.
8.
System Modifications
•
The process used by the rail transit agency to
ensure that safety concerns are addressed in
modifications to existing systems, vehicles,
and equipment, which do not require formal
safety certification, but which may have safety
impacts, is described.
9.
Safety Data
Acquisition
•
The process used to collect, maintain,
analyze, and distribute safety data is clearly
defined.
•
The management process for ensuring that
the safety function within the rail transit
organization receives the necessary
information to support implementation of the
3
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
system safety program is clarified.
#
10.
CHECKLIST ITEM
Incident Notification,
Investigation, and
Reporting
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A description is provided regarding the
process used by the rail transit agency to
perform accident notification, investigation
and reporting.
•
Criteria for determining what
accidents/incidents require investigation, and
who is responsible to conduct specific
investigations are developed.
•
A description of the procedures for performing
investigations, including proper
documentation and reporting of findings,
conclusions reached, use of hazard resolution
process to develop corrective action
recommendations, and follow-up to verify
corrective action implementation is provided.
•
Notification thresholds for internal
departments/functions are defined.
•
Criteria are specified for notifying external
agencies (NTSB, state oversight agency) of
accidents and incidents.
•
Procedures are established for documenting
and reporting on accident investigations.
•
Process used to develop, implement, and
track corrective actions that address
investigation findings is specified.
•
Coordination with the oversight agency is
specified.
4
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
11.
CHECKLIST ITEM
Emergency
Management Program
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
The agency’s emergency planning
responsibilities and requirements are
identified.
•
A description of the process used by the rail
transit agency to develop an approved,
coordinated schedule for emergency
management program activities is provided.
•
Required meetings with external agencies
regarding the emergency management
program are specified.
•
The process used to evaluate emergency
preparedness, such as annual emergency
field exercises, is documented.
•
After action reports and implementation of
findings are required.
•
The process is explained to be used by the
rail transit agency for the revision and
distribution of emergency response
procedures.
•
The agency’s responsibilities for providing
employee training are identified.
•
The agency’s responsibilities for providing
familiarization training to local public safety
organizations are identified.
5
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
12.
CHECKLIST ITEM
Internal Safety Audit
Program
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A description of the process used by the rail
transit agency to ensure that planned and
scheduled internal safety audits are
performed to evaluate compliance with the
SSPP is included.
•
Identification of departments and functions
subject to audit is performed.
•
Auditors must be independent from the first
line of supervision responsible for the activity
being audited.
•
A three-year audit schedule must be
developed, reviewed, maintained and updated
to ensure that all 21 SSPP elements are
reviewed during the audit cycle.
•
The process for conducting audits, including
the development of checklists, and
procedures for conducting audits and issuing
of findings is described.
•
The SSPP must describe the requirement of
an annual audit report that summarizes the
results of individual audits performed during
the previous year and includes the status of
required corrective action items. This report
must be submitted to the state oversight
agency for review and approval.
•
The process for resolving problems and
disagreements, report distribution, and followup on corrective action procedures is
described.
•
The ISAP process and reporting must be
coordinated with the state oversight agency.
•
The ISAP process should be comprehensive.
6
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
13.
14.
CHECKLIST ITEM
Rules Compliance
Facilities and Equipment
Inspections
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
Operating and maintenance rules and
procedures that affect safety are identified.
•
Operating and maintenance rules and
procedures that affect safety are reviewed for
their effectiveness and determinations are
made regarding their need to be updated.
•
Description of process for developing,
maintaining, and ensuring compliance with
operating and maintenance rules and
procedures.
•
Techniques used to assess the
implementation of operating and maintenance
rules and procedures by employees, such as
performance testing/compliance checks.
•
Techniques used to assess the effectiveness
of supervision relating to the implementation
of operating and maintenance rules.
•
Process for documenting results and
incorporating them into the hazard
management program.
•
Identification of the facilities and equipment
that are subject to regular safety relatedinspection and testing is provided.
•
A description of how safety-related equipment
and facilities are included in a regular
inspection and testing program is provided.
•
Use of a written checklist for conducting
facility inspections.
•
Descriptions of how identified hazardous
conditions are entered into the Hazard
Resolution Process.
7
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
15.
16.
CHECKLIST ITEM
Maintenance Audit and
Inspection Program
Training and
Certification Program
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A list of systems and facilities subject to a
maintenance program, along with established
maintenance cycle and required
documentation of maintenance performed for
each item, is provided.
•
A description of the process for tracking and
resolving problems identified during
inspections is provided.
•
Use of a written checklist for conducting
maintenance audits is required.
•
A description of the training and certification
program for employees and contractors is
provided.
•
Categories of safety-related work requiring
training and certification are identified.
•
Description of the training and certification
program for employees and contractors in
safety-related positions is provided.
•
Description of the training and certification
program for contractors is provided.
•
The process used to maintain and access
employee and contractor training records is
described.
•
The process used to assess compliance with
training and certification requirements is
described.
8
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
#
17.
18.
CHECKLIST ITEM
Configuration
Management Process
Compliance with Local,
State and Federal
Safety Requirements
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A description of the configuration management
control process is provided and appropriate
references are made to other rail transit agency
documents governing this process.
•
Process for making changes is described.
•
Authority to make configuration changes is
described and assurances are provided for
formal notification of all involved departments.
•
A description of the safety program for
employees and contractors that incorporates
the applicable local, state, and federal
requirements is provided.
•
Safety requirements that employees and
contractors must follow when working on, or in
close proximity to, rail transit agency controlled
property are identified.
•
Processes for ensuring the employees and
contractors know and follow the requirements
are described.
19.
Hazardous Materials
Program
•
A description of the hazardous materials
program, including the process used to ensure
knowledge of and compliance with program
requirements is provided.
20.
Drug and Alcohol
Program
•
A description of the drug and alcohol program
and the process used to ensure knowledge of
and compliance with program requirements is
provided.
21.
Procurement
•
A description of the measures, controls, and
assurances in place to ensure that safety
principles, requirements, and representatives
are included in the rail transit agency
procurement process.
9
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Safety Program Plan
10
�Appendix G: Program Requirements for Development of a
Rail Transit Agency System Security and Emergency
Preparedness Program Plan (SEPP)
�SAMPLE
State Oversight Agency Program
Requirements for the Development
of Rail Transit System Security and
Emergency Preparedness Plans
This document has been developed to serve as a
template for use by state oversight agencies in
specifying the requirements established in 49
CFR Part 659 for the development of a rail transit
agency System Security and Emergency
Preparedness Plan (SEPP). It includes a sample
set of Program Requirements, detailing the
required SEPP contents and a set of
recommended SEPP appendices.
�Table of Contents
SEPP Memorandum of Executive Approval/System Security Policy ................................................4
1. System Security and Emergency Preparedness Program Introduction .......................................4
1.1.
Purpose of the SEPP.............................................................................................................4
1.1.1 System Security ................................................................................................................5
1.1.2 Emergency Preparedness .................................................................................................6
1.2
Goals and Objectives............................................................................................................6
1.2.1 Goals .................................................................................................................................6
1.2.2
Objectives .....................................................................................................................7
1.3
Scope of Program .................................................................................................................9
1.4
Security and Law Enforcement............................................................................................9
1.5
Management Authority and Legal Aspects .......................................................................10
1.6
Government Involvement...................................................................................................11
1.7
Security Acronyms and Definitions...................................................................................12
2.0 System Description .....................................................................................................................12
2.1
Background & History of System......................................................................................12
2.2
Organizational Structure.....................................................................................................13
2.3
Human Resources...............................................................................................................13
2.4
Passengers...........................................................................................................................14
2.5
Services and Operations .....................................................................................................15
2.6
Operating Environment ......................................................................................................15
2.7
Integration with Other Plans and Programs.......................................................................15
2.8
Current Security Conditions...............................................................................................16
2.9
Capabilities and Practices..................................................................................................16
3.0 SEPP Management Activities.....................................................................................................19
3.1
Responsibility for Mission Statement and System Security Policy..................................19
3.2
Management of the SEPP Program....................................................................................20
3.3
Division of Security Responsibilities.................................................................................21
3.3.1 Security/Police Function Responsibilities .....................................................................21
3.3.2 Security Responsibilities of Other Departments/Functions ..........................................23
3.3.3 Job-specific Security Responsibilities ...........................................................................24
3.3.4 Security Task Responsibilities Matrix...........................................................................27
3.3.6 Security Committees ......................................................................................................29
4. SEPP Program Description.........................................................................................................30
4.1
Planning ..............................................................................................................................31
4.2
Organization........................................................................................................................33
4.3
Equipment...........................................................................................................................35
4.4
Training and Procedures.....................................................................................................37
4.5
Emergency Exercises and Evaluation................................................................................42
5.0 Threat and Vulnerability Identification, Assessment, and Resolution......................................46
5.1
Threat and Vulnerability Identification..............................................................................48
5.1.1 Asset Analysis ................................................................................................................50
5.1.2 Security Data Collection for the Identification of Threats and Vulnerabilities............52
5.1.3 Other Sources of Information – Security Reviews, Testing and Inspection Programs 53
5.1.4 Identifying Threats for Prioritized Assets......................................................................54
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
2
�5.1.5 Identifying Vulnerabilities .............................................................................................55
5.2
Threat and Vulnerability Assessment ................................................................................57
5.3
Threat and Vulnerability Resolution..................................................................................59
6.0 Implementation and Evaluation of SEPP...................................................................................63
6.1
Implementation Tasks for Goals and Objectives...............................................................63
6.2
Implementation Schedule ...................................................................................................65
6.3
Evaluation ...........................................................................................................................65
7.0 Modification of System Security Plan .......................................................................................66
7.1
Initiation..............................................................................................................................66
7.2
Review Process...................................................................................................................66
7.3
Implement Modifications ...................................................................................................67
Appendix A: DHS Regulation and Requirements Relevant to the SEPP .........................................68
Homeland Security Presidential Directives and Supporting Guidance.........................................68
Implications for the Rail Transit Agency .......................................................................................74
Appendix B: Acronyms ......................................................................................................................79
Appendix C: Definitions .....................................................................................................................80
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
3
�SEPP Memorandum of Executive Approval/System Security Policy
•
Element: A policy statement should be developed for the System Security and Emergency
Preparedness Plan.
In this section, a policy statement should be provided which establishes the System Security and
Emergency Preparedness Plan (SEPP) as an operating document that has been prepared for, and
approved by, rail transit agency top management.
•
Element: The policy statement should describe the authority that establishes the SEPP,
including statutory requirements and the rail transit agency’s relationship with the
oversight agency.
The policy statement should define, as clearly as possible, the authority for the establishment and
implementation of the SEPP. As appropriate, reference should be made to the authority provided
by state and local statues to develop and securely operate the rail transit system and coordinate
with local, state and federal agencies regarding security and emergency preparedness issues. The
role of the SEPP in addressing FTA’s 49 CFR Part 659 and state oversight agency requirements
should be clearly described. Participation in programs managed by the Department of Homeland
Security, Office of Grants and Training (G&T) (formerly the Office of State and Local
Government Coordination and Preparedness (SLGCP), Office for Domestic Preparedness (ODP))
and the Transportation Security Administration (TSA) that require the SEPP should also be
mentioned, including the Transit Security Grant Program (TSGP) and compliance with TSA
directives and the TSA Rail Security Inspector Program.
•
Element: The policy statement is signed and endorsed by the rail transit agency’s chief
executive.
Reference should be made to management's approval, either by referencing the enabling signature
on the title page or by other means.
1.
System Security and Emergency Preparedness Program Introduction
1.1.
PURPOSE OF THE SEPP
•
Element: The SEPP should identify the purpose of the security program endorsed by the
agency’s chief executive.
This section of the SEPP should identify its purpose. For most rail transit agencies, the purpose of
the SEPP is to ensure a planned, documented, organized response to actual and potential security
threats to the system, and to address these threats with proactive measures and response techniques
that manage and minimize the outcome of security breaches or related events. The SEPP typically:
develops, documents, and communicates a comprehensive, responsive, appropriate and
effective security and emergency preparedness program;
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
4
�
documents security and emergency preparedness goals and objectives for the rail transit
agency, as official direction to employees and department managers, and as a
performance accountability basis for the agency's security program;
serves as the rail transit agency's in-house point-of-reference for a complete and
comprehensive description of its security and emergency preparedness program;
fulfills regulations promulgated by FTA (“Rail Fixed Guideway Systems; State Safety
Oversight” (49 CFR Part 659)) and the state oversight agency (cite state regulations) to
address the security of passengers and employees and to ensure their protection from
emergencies, including terrorism and natural disasters;
supports rail transit agency compliance with region-wide initiatives to address
requirements specified in Homeland Security Presidential Directives (HSPDs) for the
National Response Plan, the National Incident Management System the National
Infrastructure Protection Plan, and the National Response Goal;
fulfills DHS/G&T requirements for Transit Security Grant Program (TSGP) assistance;
and
ensures compliance with TSA directives, including RAILPAX-04-01 issued on
May 20, 2004.
As set forth in rail transit agency's security program policy, accountability for security and
emergency preparedness of the rail transit system rests with each employee, supervisor, manager,
director, and department. As a result of this program, the rail transit agency will achieve not only
an effective physical security program, but also develop emergency preparedness.
The rail transit agency's plans for response to natural disaster or terrorism incidents are based on
partnerships with the emergency management and first-responder organizations of the cities and
counties throughout the rail transit agency's service area, and the region's coordinated plans for
response and recovery from such events. This coordination is essential for the rail transit agency's
response and recovery capabilities, while at the same time, continuity of rail transit operations
during a community-wide emergency is a vital capability for the region's recovery.
1.1.1
•
System Security
Element: The SEPP should introduce the concept of “system security.”
System security is defined as:
“the application of operating, technical, and management techniques and principles to the security
aspects of a system throughout its life to reduce threats and vulnerabilities to the most practical
level through the most effective use of available resources.”
System security provides a structured methodology for analyzing threats and weighing the
consequences of the cost of their resolution against the capabilities of the system to fund
improvements. This process allows the system; whatever its size, service, or operating
environment; to implement the most effective security and preparedness program possible within
its available resources. System security promotes an integrated approach to protection, identifying
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
5
�how all system activities come together as part of an interdependent system that deters, detects,
assesses, and responds to threats.
1.1.2
•
Emergency Preparedness
Element: The SEPP introduce the concept of “emergency preparedness.”
Within the context of this approach, emergency preparedness is a central feature of the program,
ensuring the capability to mitigate and manage those events that cannot be prevented. Emergency
preparedness is defined as:
“a uniform basis for operating policies and procedures for mobilizing public transportation system
and other public safety resources to assure rapid, controlled, and predictable responses to various
types of transportation and community emergencies.”
Emergency preparedness ensures that the rail transit agency has a process in place to provide fast,
controlled and predictable responses to various types of emergencies that may occur within the
system or nearby locations. Emergency preparedness identifies how municipal and county agencies
can both support, and obtain support from, the rail transit agency in addressing transit-specific and
area-wide emergencies.
1.2
GOALS AND OBJECTIVES
1.2.1
Goals
•
Element: The SEPP should identify the goals of the SEPP program endorsed by the
agency’s chief executive.
This section of the SEPP should identify the goals developed by the rail transit agency to meet the
purpose established for the SEPP. Goals are broad statements of ideal future conditions for the
safety program that are desired by the rail transit agency, endorsed by top management, and are
supported by specific objectives to aid in their attainment. Goals should be realistic and generally
are presented in qualitative terms.
Sample goals include the following:
1. Security: Reduce the rate of crime, and the fear of crime, on the rail transit system.
2. Awareness and Involvement: Engage all rail transit employees and contractor
personnel in a program of awareness activities to ensure that they serve as “eyes and
ears” for the system. Also establish a similar process of engagement in awareness
activities for passengers and others who come into contact with the system.
3. System Approach: Systematically and continually identify, assess and resolve threats
to the security of the system, optimizing use of human resources, operating procedures,
technology and equipment, facilities design and improvements, and community and
interagency partnerships, to maximize security effectiveness.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
6
�4. Emergency Preparedness: Develop and implement Plans, Organization, Equipment,
Training/procedures, and emergency Exercises/evaluation (POETE) to assure
preparedness for catastrophic natural disasters or terrorist attacks. These POETE
activities should be appropriately coordinated and integrated with the emergency
management/response jurisdictions in the rail transit agency’s service area, and should
support compliance with Homeland Security Presidential Directives (HSPDs) requiring
implementation of the National Response Plan (NRP), the National Incident
Management System (NIMS), the National Infrastructure Protection Plan (NIPP), and
the National Preparedness Goal. The rail transit agency’s activities to support
implementation of HSPD requirements may be coordinated through the Regional
Transit Security Working Group (RTSWG) and the Regional Transit Security Strategy
(RTSS).
1.2.2
•
Objectives
Element: The SEPP should identify the objectives of the SEPP program endorsed by the
agency’s chief executive.
Objectives are the working elements of the SEPP, the means by which the identified goals are
achieved. Unlike goals, objectives should be easily quantifiable. They should provide a framework
for guiding the day-to-day activities that provide for a safe and secure rail transit operation.
Objectives are often supported by the identification of associated tasks that are required to be
completed. Objectives for the sample goals identified above are presented in the table on the next
page.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
7
�GOALS AND OBJECTIVES
Goal #1. Security: Reduce the rate of crime, and the fear of crime, on the rail transit system.
Objective Maintain 100,000 boarding rides or better per reported crime on the rail transit system, as
measured by crimes occurring on the system reported to police.
1.A
Objective Maintain 70% or better customer rating of "good" or "excellent" addressing concerns about
security on board the rail system, as measured through the rail transit agency’s annual Attitude
1.B
and Awareness survey.
Objective Maintain 300,000 or better boarding rides per customer complaint about security or vandalism,
as measured through rail transit agency’s Customer Service Information (CSI) system.
1.C
Goal # 2. Awareness and Involvement: Engage all rail transit employees and contractor personnel in a
program of awareness activities to ensure that they serve as “eyes and ears” for the system. Also establish a
similar process of engagement in awareness activities for passengers and others who come into contact with
the system.
Objective Achieve broad-based awareness of security responsibilities, alertness and procedures by rail
transit personnel (means of measurement to be determined).
2.A
Objective Achieve broad-based security alertness by rail transit agency customers (means of
measurement to be determined).
2.B
Goal # 3. System Approach: Systematically and continually identify, assess and resolve threats to the
security of the system, optimizing use of human resources, operating procedures, technology and
equipment, facilities design and improvements, and community and interagency partnerships, to maximize
security effectiveness.
Objective Systematically determine and assess deployments and tactics of dedicated security personnel,
in relation to systematically analyzed information on crime, threats, and effectiveness on
3.A
customer perception of security on the transit system.
Objective Continually foster partnerships with law enforcement jurisdictions and community
organizations, in support and extension of the rail transit agency’s dedicated security resources.
3.B
Objective Systematically incorporate security design considerations and security technology and
equipment into design of rail transit agency facilities.
3.C.
Goal # 4. Emergency Preparedness: Develop and implement Plans, Organization, Equipment,
Training/procedures, and emergency Exercises/evaluation (POETE) for preparedness to perform the
prevention, detection, response and recovery capabilities applicable to rail transit systems and their
employees during catastrophic natural disasters or terrorist attacks. These activities should be appropriately
integrated with emergency management/public safety jurisdictions in the rail transit agency’s service area,
and should support compliance with Homeland Security Presidential Directives (HSPDs) requiring
implementation of the National Response Plan (NRP), the National Incident Management System (NIMS),
the National Infrastructure Protection Plan (NIPP), and the National Preparedness Goal. The rail transit
agency’s activities to support implementation of HSPD requirements will be coordinated through the
Regional Transit Security Working Group (RTSWG) and the Regional Transit Security Strategy (RTSS).
Objective Develop and implement the rail transit agency’s internal emergency preparedness POETE
through integration of these activities into the agency’s Emergency Operations Plan and into
4.A
the development of Memorandum of Understanding (MOUs) with external agencies.
Objective Develop and implement the rail transit agency’s external emergency preparedness, through the
development of procedures, training and emergency exercises, by partnering with the
4.B
emergency management and first-responder organizations of cities and counties throughout the
rail transit agency’s service area, to integrate POETE needed for natural disaster or terrorism
incidents on the transit system, and into the region's coordinated, mutual POETE for response
and recovery from such events.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
8
�1.3
SCOPE OF PROGRAM
•
Element: Describe the scope of the SEPP and Program.
This section of the SEPP should establish the scope of the SEPP to cover all agency personnel, and
be applicable to all agency operations:
each department/function shall support the rail transit agency’s SEPP and shall
cooperate in achievement of the SEPP security objectives;
each rail transit agency employee shall cooperate with the system safety and
security/police functions and provide them with any information requested to aid in any
threat or vulnerability identification, assessment or resolution, and/or security
investigation; and
accountability for security and emergency preparedness of the rail transit system rests
with each employee, supervisor, manager, director.
The Scope should also specify that coordinating and integrating the emergency response plans of
the rail transit agency and of the jurisdictions in the agency's service area, is part of the SEPP
program.
1.4
SECURITY AND LAW ENFORCEMENT
•
Element: Describe the security and law enforcement functions that manage and support
implementation of the SEPP.
This section of the SEPP should describe the security and law enforcement functions that manage
and support implementation of the SEPP. If the rail transit agency has its own police force, this
section of the SEPP should introduce this department and provide an overview of the department’s
activities. Also, this section of the SEPP should identify the rail transit police responsibilities
regarding relationships with other law enforcement agencies in the municipalities traversed by the
rail transit system.
If the rail transit system purchases security services from local law enforcement agency(s), the plan
should introduce this arrangement, and provide an overview of the mechanisms in place to
integrate contracted law enforcement services into the rail transit agency’s day-to-day operations.
This section of the SEPP should also clarify which function within the rail transit agency manages
this contract, and how activities are coordinated with other law enforcement agencies in the rail
transit agency’s service area.
If the system employs its own security (non-sworn) force or purchases security services from a
private company, the plan should provide an overview of these security forces and identify the
methodologies used to support cooperation with local law enforcement agencies in the rail transit
agency’s service area. This section of the SEPP should also clarify which function within the rail
transit agency manages this contract or in-house security force.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
9
�If the system depends solely on local law enforcement for primary response, the plan should
discuss how the system interacts with local law enforcement and what formal or informal
arrangements or agreements, including any memorandum of understanding (MOU), are in place. If
the system uses any combination of these types of security configurations, the SEPP should
provide an overview of how the various components of the security/police function work together.
Whatever the rail transit operator's police or security configuration, the SEPP should explain how
staff officers work with, communicate with, coordinate activities with, and share jurisdiction with
local law enforcement agencies. In this discussion, the rail transit agency should include
information regarding response to incidents, planning and deployment, joint operations, special
events, and the sharing the threat and crime information.
1.5
MANAGEMENT AUTHORITY AND LEGAL ASPECTS
•
Element: Describe the authority which oversees the operation and management of the rail
transit agency, including its security/police function.
This section of the SEPP should describe the authority which oversees the operation and
management of the rail transit agency, including its security/police function. The section should
identify the charter or legislation which created the rail transit agency, and address the roles of the
Board of Directors, General Manager, other executive leadership, and the manager of the
security/police function in executing the SEPP. Municipal, county and state codes that are
enforced on the transit system should be identified, including ordinances for fare evasion, parking
enforcement, vandalism, disorderly conduct, and other public order violations. Any special
authorities provided to transit police, contracted law enforcement, contracted private security or inhouse security personnel should also be identified.
In preparing this section, the rail transit agency may first introduce its charter, enabling legislation
and/or cooperative agreements with the municipalities and counties in its service area. Then, after
describing the role of the Board of Directors (providing stewardship and budget approval for the
transit agency) and the General Manager (approves and issues the SEPP, established policy that
assigns responsibility for developing, implementing and administering the SEPP), this section may
identify the roles of other management positions (Executive Director, Operations; Director of
Safety and Security, Chief of Police/Security Manager) and explain how each is responsible for
developing and enforcing the Standard Operating Procedures (SOPs), operating orders, training,
rules compliance programs, evaluation programs, internal security audits, and other activities that
assure implementation of the SEPP.
Then, the roles and responsibilities of middle management and line personnel may be briefly
introduced and described (i.e., management within the transit security/police function, as well as
the roles of supervisors and operations and maintenance personnel). Finally, the section may
conclude with a discussion of the ordinances, codes, rules and other laws enforced on the rail
transit system (i.e., felonies and misdemeanors applicable to the transit agency’s service area, fare
evasion, vandalism, unlawful entry (trespass) upon transit property or vehicles, interference with
movement of or access to transit vehicles, disorderly conduct on transit property or in transit
vehicles, and offensive physical contact with a transit passenger, employee, agent, security officer
or police officer).
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
10
�This section of the SEPP should provide a high-level overview only. SEPP management and
implementation will be discussed in greater detail in Chapters 3 and 4.
1.6
GOVERNMENT INVOLVEMENT
•
Element: Describe how the SEPP interfaces with local, state and federal authorities to
ensure security and emergency preparedness for the system.
This section of the SEPP should introduce and briefly describe the local, state and federal agencies
with whom the rail transit agency coordinates for security and emergency preparedness. For
example, at the federal level, the rail transit agency may coordinate with government agencies for
funding support and to ensure compliance with security regulations and grant requirements.
Federal partners may include: FTA, Federal Highway Administration (FHWA), Federal Railroad
Administration (FRA), DHS, and its subsidiary bureaus, including G&T, the Federal Emergency
Management Agency (FEMA), and TSA.
In working with FTA, 49 USC 5307(J)(i) requires that a recipient of federal transportation funds
under 49 USCS 5336 spend at least one percent of the amount received on mass transportation
security projects. The rail transit agency may consistently exceed the 1% utilization the FTA
guideline.
In working with DHS, the rail transit agency may participate in the Transit Security Grant Program
(TSGP), which is funded by G&T, and administered by the State Administrative Agency (SAA)
and the regional Urban Area Security Initiative (UASI) Point-of-Contact Working Group
(UAPOC). Participation in the TSGP requires the development of this SEPP, the implementation
of an on-going threat and vulnerability assessment process, and creation of Regional Transit
Security Working Groups (RTSWG) to develop and implement a Regional Transit Security
Strategy (RTSS), in coordination with the SAA and UAPOC. G&T also offers technical assistance
programs for establishing the RTSS, conducting rail transit threat and vulnerability assessment, and
developing and conducting emergency exercises and evaluation.
The rail agency also coordinates with local, regional and state emergency management and public
safety agencies to address other DHS requirements for implementation of the National Response
Plan, the National Incident Management System, and the National Infrastructure Protection Plan.
The rail transit agency may also support the TSA Rail Security Inspector Program, as well as
research and pilot projects being performed by TSA, and ensure compliance with TSA directives.
Appendix A provides additional information on these DHS, G&T and TSA programs.
State government coordination may include the state Department of Transportation (DOT), the
state Office of Homeland Security, and the state SAA for the G&T TSGP program. The state
oversight agency should also be discussed here, including its role in requiring, receiving, reviewing
and approving the SEPP. If the state oversight agency does not have protections in place to shield
security documents from public release, then the procedures developed to review and approve
these documents, discussed in Section 6 of this SEPP, should be briefly mentioned. The state
oversight agency’s enabling legislation and/or program requirements may be referenced here or
included as an appendix.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
11
�At the regional level, the rail transit agency may coordinate with the region's emergency
management group, the county emergency management agency, or a county emergency
management committee; the UAPOC; the local office of the Federal Bureau of Investigation’s
(FBI) Joint Terrorism Task Force (JTTF), and for transportation project funding, the region's
Metropolitan Planning Organization (MPO). In supporting regional coordination, the rail transit
agency may have signed intergovernmental agreements or memorandum of understanding (MOUs)
to formally partner with the county/regional emergency management agency or committee,
including requirements for participation in emergency management planning monthly coordination
meetings and implementation of regional incident management and response protocols. The rail
transit agency may have also joined the region's UASI working group, UAPOC, in support of the
region's UASI Strategy, through implementation of the RTSS.
The rail transit agency may also have signed MOUs with local law enforcement, emergency
medical services (EMS), fire departments, hospitals, and other transit providers in the region to
address a range of issues associated with SEPP implementation.
1.7
SECURITY ACRONYMS AND DEFINITIONS
•
Element: Provide a listing of acronyms and definitions used in the SEPP.
This section of the SEPP should include all of the acronyms and definitions used in the plan.
Acronyms and definitions may be presented in this section or included in an Appendix that is
referenced in this section. Appendices B and C of this document include sample acronym and
definition lists.
2.0
System Description
The primary purpose of Chapter 2 is to provide organizational information and operating
parameters for both those outside the organizations that need to understand the transit system, and
those inside the organization to have clearly defined lines of report and responsibility delineation.
The information presented should be sufficient to allow non-technical and non-transit persons to
understand the system and its basic operations.
2.1
BACKGROUND & HISTORY OF SYSTEM
•
Element: A description of the agency including general overview, a brief history and scope
of rail transit services provided.
This section should briefly describe the system's characteristics. This section should describe when
and how the transit system was established, history of service delivery, major milestones in the
transit system’s history, and the modes of service provided. A system map and reference to the
transit agency’s website should also be provided.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
12
�2.2
ORGANIZATIONAL STRUCTURE
•
Element: Organizational charts showing the lines of authority and responsibility as they
relate to security and emergency preparedness.
This section of the SEPP should provide or reference:
2.3
Detailed organizational diagrams for the rail transit agency showing the title of each
position.
Detailed diagram of the structure of the security/police function identifying the key
positions at all levels.
Diagrams showing the relationship and lines of communications between the
security/police function and other units of the organization.
The relationship of the transit system to local political jurisdictions, including law
enforcement and emergency management agencies.
HUMAN RESOURCES
•
Element: Provide a categorization and break-down of all employees and contractors who
work for/on the rail transit agency.
This section of the SEPP should identify all departments supported at the rail transit agency and
clarify how many full-time employees, part-time employees, and contracted personnel support
them. For example, a table such as the one appearing below may be used.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
13
�Department
Full-time
Employees
Part-Time
Employees
Contractors
General and Administrative
Capital Projects and Facilities
CP&F Bus and Rail Facilities Management
Operations
Administration and Planning
Safety and Security Department
Director and Administrative Staff
Security Staff
Safety Staff
Transit Police Officers
Transit Security Officers
Rider Advocates
Deputy District Attorney
Bus and Rail Transportation
Transportation Staff and Supervisory
Full-Time Bus Operators
Part-Time Bus Operators
Rail Operators
Contracted Support
Field Operations
Field Operations Staff and Lead Supervisors
Bus Dispatchers and Rail Controllers
Bus and Rail Field Operations Supervisors
Fare Inspection Field Operations Supervisors
Accessible Transportation Programs
Administrative and IT Staff
Vehicle Operators
Vehicle Maintainers
Dispatchers
Bus Maintenance
Maintenance Staff and Supervisory
Mechanics, Helpers, Cleaners, Clerks, Storekeepers
Rail Maintenance (excl. Rail Facilities Management)
Maintenance Staff and Supervisory
Mechanics, Cleaners, Clerks, Storekeepers
2.4
PASSENGERS
•
Element: Provide a description of the rail transit agency’s ridership.
This section of the SEPP should provide annual ridership statistics for the most recent year they are
available. Ridership may be broken down mode of service and by day of week. Weekly and
annual totals should also be provided. Major changes in ridership (increases, decreases, new
service areas or expanded modes of service) should also be identified. Relevant statistics or
information on system riders may also be included, such as: growth in population in service area,
characteristics of typical riders (i.e., commuters, students, etc.), percentage of adults living in
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
14
�service are who ride the system at least once a month, and information on the usage of accessible
services and paratransit service.
2.5
SERVICES AND OPERATIONS
•
Element: Describe the rail transit agency’s operations and services.
In this section of the SEPP, the rail transit agency should provide information on the size, location,
and function of the transit agency’s physical assets including; maintenance facilities, offices,
stations, vehicles, signals, and structures for all modes. This information, for each mode of service,
may include: hours of operation, the number of vehicles, the number of routes, number of vehicles
typically in peak and off-peak service, frequency of vehicles, the types of facilities owned and
operated by the system and the types of activities performed there, and the names and addresses of
relevant locations.
2.6
OPERATING ENVIRONMENT
•
Element: Describe the rail transit agency’s operating environment.
This section of the SEPP should describe the rail transit agency’s operating environment, including
traffic conditions, rail alignment, weather, issues associated with special events or other activities,
safety issues associated with the rail transit service, and levels of crime in the communities served
by the rail transit agency.
2.7
INTEGRATION WITH OTHER PLANS AND PROGRAMS
•
Element: Describe how the SEPP integrates with other plans and programs maintained by
the rail transit agency.
This section of the SEPP should discuss how the SEPP is integrated with the System Safety
Program Plan, the System Safety and Security Certification Program Plan, the Emergency
Operations Plan, Incident Specific Response Plans, Facility Emergency/Evacuation Plans, and
other documents and programs that affect security and emergency preparedness, including the
Regional Transit Security Strategy. A brief description of each of these documents should be
provided, as well as the management interface which ensures coordination at the rail transit
agency.
For example, the rail transit agency may state that the System Safety Program Plan and the SEPP
are companion documents, and both are in accordance with FTA regulations concerning safety and
security of transit systems, as implement by the state oversight agency. The rail transit agency may
also specify that the Emergency Operations Plan and supporting training, drills and exercises are
critical elements which support and reinforce SEPP provisions and procedures. Finally, the rail
transit agency may identify how the SEPP supports, and is supported by, the Regional Transit
Security Strategy, including the identification of tasks and G&T grant allocations to support
achievement of SEPP goals and objectives.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
15
�2.8
CURRENT SECURITY CONDITIONS
•
Element: Description of the current security conditions at the rail transit agency and the
types of security incidents experienced by the transit system and their frequency of
occurrence.
This section should describe current security conditions and issues at the transit agency including
the incidents of crime experienced on the system and relevant information on passenger
fear/perceptions of security. Crime data should be provided, documenting the most recent year for
which it is available. The types of security incidents (including Part I and Part II offenses and
ordinance violations) and their frequency of occurrence on the transit system should be included.
Also this section should provide context for this information, including a comparison of crime rates
at the transit system over time and/or a comparison of crime rates from the rail transit agency with
crime rates for the municipalities in its service area.
2.9
CAPABILITIES AND PRACTICES
•
Element: Summary description of methods and procedures, devices, and systems utilized
to prevent or minimize security breaches, including passenger education, campaigns,
delay, detection, and assessment devices, and others that may be applicable.
This section should summarize methods and procedures, devices, and systems utilized by the
transit agency to minimize security incidents throughout the transit system. In addition, this section
should also address activities performed to reduce passenger fear. This section should not provide
detailed information on the security/police function or distinct security roles and responsibilities of
specific elements of the rail transit organization (this information will be provided in Chapter 3).
Instead, this section is intended to provide a broad overview of the types of activities performed by
the rail transit agency to address the security conditions described in Section 2.8. In preparing this
section, the rail transit agency may want to consider the following types of descriptions:
Theft and Vandalism at Park and Ride Lots, Transit Centers and Rail Transit
Stations -- Use of fixed-post and roving foot patrols, patrolling for suspicious persons
at the parking facilities, using undercover surveillance in parked vehicles or camerabased enforcement to identify either suspicious vehicles or “at risk” vehicles,
community crime prevention programs, trend analysis of crime data and customer
service information, and joint operations with local law enforcement.
Drug Dealing at Rail Transit Stations/Facilities -- Continuing security patrols,
undercover surveillance, and apprehension missions to control “open air” drug dealing,
use of K-9 teams to support patrol and make arrests, bicycle patrol for heightened
visibility and apprehension capabilities, partnership with local law enforcement and
neighborhood associations, outreach in schools and coordination with community
crime prevention programs.
Fare Evasion -- Use of fare inspectors with closely monitored fare enforcement goals,
CCTV surveillance of fare vending machines and turnstiles, law enforcement “ride
alongs” and vehicle boardings, steep fines and even arrests for violators, use of “no
proof of purchase” as basis of policing/patrolling action (field identification cards,
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
16
�warrant checks, etc.), outreach in schools and coordination with community crime
prevention programs.
Rowdiness and Disruptive Behavior -- Coordination with schools and the deployment
of additional personnel during school-dismissal hours, targeted patrols and missions, in
collaboration with local police agencies, strict enforcement of laws, local ordinances,
and the rail transit agency’s Code of Conduct, field identification and warrant checks,
trend analysis on specific locations, and coordination and planning for special events.
Other Security Programs may be in place to address a range of passenger security issues and
concerns, including:
Transit Passenger Waiting Zones -- Located to ensure that evening and late-night
riders can wait in a well-lit area with CCTV surveillance, emergency call boxes, and
roving foot patrols, and then board the train in the first car, near the operator’s
compartment.
Radio Help Program -- Rail transit operators can radio the rail Operations Control
Center for help if someone needs emergency assistance, as part of the Radio Help
Network. “Radio Help” decals are displayed on all transit vehicles.
Reward Program -- The rail transit agency’s Security Hotline may offer rewards of up
to $1,000 for information leading to the arrest and conviction of a person(s) who
assaults a rail transit operator/employee or vandalizes rail transit property.
Security-related features of the rail transit agency’s vehicles, facilities and communication systems
include the following:
Vehicles -- Vehicles are equipped with on-board CCTV systems. Additional security
features include: radio system for voice communication between Operators and
Operations Control Center; enclosed, locked operator cabs on rail transit vehicles,
passenger emergency intercoms to Operators on rail transit vehicles, "Be Alert" and
"Transit Watch" notifications posted in all rail transit vehicles, to encourage passenger
security awareness.
Operations Facilities and Offices -- Internal security procedures at the rail transit
agency require that doors providing access into facilities from outside are secured by
the agency’s card-key access control system or manually locked, except that doors
providing public access may be unlocked during hours when staffed with
reception/door monitoring personnel. Such personnel sign-in un-badged visitors and
provide temporary, limited access cards. Key-locked doors and gates into securitysensitive areas use non-duplicatible keys, which are issued and tracked under a standard
operating procedure (SOP). Operations facilities with vehicle or maintenance yards are
secured with perimeter fencing, and by employee vigilance per agency SOPs to observe
and question un-badged persons on the premises, and report the situation to the
Operations Control Center if the person does not belong. Operating activities at
operations facility locations are around-the-clock, all days. Following September 2001,
the rail transit agency designated one or more on-site security representatives for each
operations and office facility. Facilities received security assessments performed by the
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
17
�agency’s security/police function. A program of site-specific projects to strengthen
internal facilities security was implemented in 2002. Additional perimeter security
actions may be identified as a result of incident review if a security breach occurs.
Transit Centers and Park/Ride Facilities – Rail transit parking garages are equipped
with CCTV surveillance. In general, Transit Security Officers (non-sworn contracted
security personnel), Transit Police Officers, and Field Operations Supervisors patrol the
park/ride facilities according to deployment plans based on analysis of transit crime
data and intelligence. Warnings and Citations are issued for infractions of parking rules.
Suspicious activity is identified through undercover operations, CCTV surveillance,
and reports from employees and passengers. "Be Alert" and “Transit Watch”
notifications are posted in all transit centers, to encourage passenger security
awareness. The notifications ask passengers to notify the vehicle operator or other rail
transit employee of suspicious objects or activity.
Stations and Right of Way – Security features include: Operations Control Center,
Radio Communications, and Supervisory Control and Data Acquisition (SCADA)
System, CCTV surveillance is installed at most rail transit stations, intrusion detection
devices on key portals and cross-passages in tunnels monitored at the Operations
Control Center, public telephones at rail transit stations provide 9-1-1 access to
customers for emergencies. "Be Alert" and “Transit Watch” notifications are posted in
all stations, to encourage passenger security awareness. The notifications ask
passengers to notify the vehicle operator or other rail transit employee of suspicious
objects or activity, SOPs and employee training reinforce constant vigilance and
observations of the right-of-way and facilities by rail operators and field supervisors.
Transit Police, Transit Security Officers, and Fare Inspectors are deployed along the
rail transit system daily according to regular deployment schedules and special tactical
missions.
Design and Construction of Extension Projects and Modifications -- The design
development process includes design reviews by operations managers, including the
agency’s safety and security/police function. Crime Prevention Through Environmental
Design (CPTED) principles, including FTA's Transit Security Design Considerations,
are applied to light rail facilities design to enhance security, such as through open sight
lines, lighting levels, etc., enforced through the safety and security certification process.
Ongoing security assessments or incident reviews may identify design changes
sometimes needed at existing stations to improve security are performed.
Operations Control Center -- Rail controllers staff the Command Center all hours, all
days. SOPs and Rulebooks, combined with training of all operations personnel, realtime communications with all personnel involved in the movement of trains or working
in the right-of-way, and a contemporary SCADA monitoring and control system, are
the foundation of both safety and security of the light rail system operations. The
SCADA system displays the locations of all trains, remotely controls trackway and
tunnel equipment systems, and provides alarm and fault indications for equipment
systems. Rail controllers use dedicated radio, telephone, and automatic pager systems
to rapidly mobilize field supervisors, and via 9-1-1, police, fire and other emergency
responders for safety or security incidents on the rail system.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
18
�
3.0
Communications – The rail transit agency uses an 800 MHz trunked radio system for
rail operations (rail vehicles, controllers, operators, and rail field supervisors) and nonrevenue vehicles. The 800 Mhz radios are programmed with numerous talkgroups
dedicated to regular operations and tactical/incident command functions, as well as
many local government talkgroups for interoperable radio communications during
incidents on or involving the rail transit system, including local law enforcement and
fire/emergency medical services throughout the rail transit agency’s service area. This
800 Mhz radio system provides good radio communications capability for normal and
incident operations, and good radio interoperability among the rail transit agency and
emergency responder organizations. Note: The 800 MHz trunked system is used for
voice communications only; at the current time, it is not configured for data
communications.
SEPP Management Activities
The purpose of Chapter 3 is to identify responsibilities for managing the rail transit agency’s SEPP
program, including its conception, development, implementation, evaluation, review, and update.
This Chapter will first identify responsibilities of senior management for specific functions
necessary to create the SEPP and its supporting program. Then, responsibilities for SEPP
implementation will be detailed for the security/police function, for the other rail transit agency
departments/functions, and by job title. The role of external agencies in supporting SEPP
development, implementation and evaluation will also be explained. Finally, this chapter will
describe the committee(s) established by the rail transit agency to manage and coordinate security
issues across departments/functions.
3.1
RESPONSIBILITY FOR MISSION STATEMENT AND SYSTEM SECURITY POLICY
•
Element: Identification of the person(s) responsible for establishing transit system security
and emergency preparedness policy and for developing and approving the SEPP.
This section should define the authority and responsibility for the security organization, including
but not limited to:
designate and list the individual(s) responsible for determining security policy on behalf
of the system and for carrying out the SEPP; and
define the security/police function’s mission and role in the organization.
Typically, this section of the SEPP will discuss the role of the General Manager in preparing,
revising, reviewing and signing the policy statement and the role of the head of security/police
function and his or her staff in preparing, revising and reviewing the SEPP. It should be noted that
annual reviews are now required by FTA’s 49 CFR Part 659 and the state oversight agency,
regarding a determination of whether the SEPP should be updated. The head of the security/police
function is typically responsible for ensuring that this annual review is performed and that the
results are conveyed to the state oversight agency according to procedures and time-frames
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
19
�specified in the oversight agency’s Program Standard. This section may quote or reference the
SEPP Memorandum of Executive Approval/System Security Policy.
3.2
MANAGEMENT OF THE SEPP PROGRAM
•
Element: Identification of the person(s) with overall responsibility for transit security and
emergency preparedness, including day-to-day operations, SEPP-related internal
communications, liaison with external organizations, and identifying and resolving SEPPrelated concerns.
This section of the SEPP needs to identify the person or people in charge of managing transit
security and emergency preparedness and the SEPP program. Two basic structures for managing
the program are possibly dependent on the size of the transit system. In a small rail transit system
that lacks its own police or security department, the General Manager or Operations Manager may
play a large role not only in setting SEPP policy, but in actually overseeing the plan and carrying it
out on a regular basis.
In larger rail transit systems, although the General Manager is ultimately responsible and
accountable for system security and emergency preparedness, it is expected that another individual,
most likely the Manager or Chief of the security/police function, will be responsible for
coordinating the daily activities outlined in the SEPP. Other individuals within the security/police
function may be designed to support the Manager or Chief in overseeing implementation of the
SEPP.
Although it may appear self-evident which arrangement governs the plan, this section should state
clearly and unequivocally which structure is in effect and should present the general reporting
responsibilities regarding security for the entire organization. Specifically, this section should
address who is responsible for these ten critical SEPP management activities:
1. Defining ultimate responsibility for secure rail transit system operations.
2. Communicating that security is a top priority for all rail transit employees.
3. Advocating for, and allocating security program resources; directing day-to-day
security operational activities (including tactics, intelligence and analysis); and
assessing security performance.
4. Developing and explaining relations with outside organizations that contribute to the
rail transit agency's security and emergency preparedness program.
5. Developing relations with local, state and federal security-related agencies, including
security oversight roles of FTA's state Safety Oversight and Project Management
Oversight (PMO) programs, security oversight role of DHS TSA, and emergency
preparedness roles of DHS G&T, the state Office of Homeland Security, the region's
emergency management group or committee, and Urban Area Security Initiative, Pointof-Contact Working Group.
6. Explaining the mechanism for bringing security concerns to the attention of the
appropriate rail transit agency official or group.
7. Identifying potential security concerns in any part of the rail transit agency's operations.
8. Actively soliciting the security concerns of employees.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
20
�9. Explaining the liaison between rail transit employees and other security and emergency
preparedness groups, committees and functions at the rail transit agency, for the
purpose of addressing employees' security concerns.
10. Working to ensure the rail transit agency's security and emergency preparedness
program is carried out on a daily basis.
A matrix could also be used to present these 10 activities and to identify which management
positions have responsibility for their implementation (i.e., General Manager, Manager, the
Manager or Chief of the security/police function, the Commander of the Transit Police Division,
the rail transit agency’s Security Committee(s), the heads of various rail transit
departments/functions, and operations and maintenance supervisors).
3.3
DIVISION OF SECURITY RESPONSIBILITIES
3.3.1
Security/Police Function Responsibilities
•
Element: Listing of SEPP-related responsibilities of the personnel who work within the
transit agency security/police function.
This section should present a detailed description of the security/police function, including staff,
the qualifications of the personnel, any planned short- or long-term additions to the security
organization's mission, and any additional staff which may be required. Specific roles and
responsibilities should also be identified.
In preparing this section of the SEPP, the rail transit agency should consider including:
an organization chart of the transit agency’s security/police function if not provided in
Section 2.2 or included in an Appendix that is referenced in Section 2.2 or this section;
a description of the number of employees in the security/police function and their job
categories (i.e., Manager/Chief of Police, Access Control Coordinator, Security Data
Coordinator, Homeland Security Coordinator, sworn police officers (by rank – Police
Officer, Sergeant, Lieutenant, Captain, Commander, etc. or unit), non-sworn contracted
or in-house security personnel (by title or unit, i.e., fare inspectors, guards, etc.),
Deputy District Attorney, other specialized personnel, etc.;
the fiscal year operating budget for the security/police function; and
a description of the security/police roles and responsibilities for each category of job.
In addressing this last category, the rail transit agency may consider the following examples.
In describing the roles and responsibilities of the Manager or Chief of the security/police
function, the rail transit agency may identify the following activities:
coordinates security personnel deployments, tactics and protocols for optimal security
effectiveness;
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
21
�
coordinates and chairs the rail transit agency’s Proactive Security Committee and
Security Breach Review Committee;
coordinates and leads planning for the rail transit agency's SEPP program development;
coordinates with local law enforcement agencies, and ensures the development of
formal memorandum of agreement/understanding;
directs development and delivery of employee security awareness and training;
manages security threats and vulnerabilities for current operations and for new start
projects;
oversees Crime Prevention Through Environmental Design (CPTED), security design
criteria and certification process for new start projects;
oversees the agency’s facilities access control program;
oversees security incident reporting, investigation and trend analysis;
manages security independent audits and security corrective action plans;
directs and coordinates the agency's emergency preparedness program, providing for
plans, organization, equipment, training/procedures, and exercises/evaluation, for
preparedness to perform the prevention, detection, response and recovery capabilities
applicable to mass transit employees and operations during catastrophic natural
disasters or terrorist attacks, appropriately coordinated/integrated with emergency
response/management jurisdictions in the agency's service area;
assures that all rail transit agency security and emergency preparedness programs meet
or exceed applicable regulations and guidance of the FTA and DHS;
serves as the agency's lead liaison/representative for security-related functions of FTA's
state safety oversight program and project management oversight program, and for
coordination and integration of emergency plans with emergency response/
management jurisdictions in the agency’s service area, and for responsiveness to DHS
incident management and national preparedness directives; and
coordinates with the state oversight agency.
The security functions and responsibilities of the Commander, Transit Police Division may
include:
line authority for deployment and command of transit police officers and security
officers;
department-head responsibility for allocation of Transit Police Division resources,
operational activities (including tactics, intelligence and analysis), and performance;
law-enforcement representative on rail transit agency’s Security Committee; and
works with the other rail transit agency departments in: ongoing assessment and
development of the transit SEPP program and representing the rail transit agency's
security interests with other governmental jurisdictions and agencies.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
22
�In another example, Transit Police Officers may be responsible for:
3.3.2
•
knowing the law, and regulations governing the enforcement of law;
exercising discretion and good judgment;
conducting high visibility patrols of rail transit property to enforce laws, ordinances,
and codes;
responding to emergency incidents and taking appropriate action;
mutual liaison and assistance with law enforcement personnel throughout the agency’s
service area;
developing and conducting targeted enforcement and apprehension missions on the
transit system in collaboration with the Rail Operations department and other local law
enforcement jurisdictions;
assessing threats and vulnerabilities on the transit system and facilities and
recommending corrective measures to reduce potential crime and vulnerability on the
system;
conducting investigations of misdemeanor and minor felony crimes;
assisting rail transit agency staff in other departments in developing security-related
operating procedures, training, and customer/public information;
receiving security threat and crime intelligence through law enforcement sources in the
region, continually and concurrently, for assessment and incorporation into
security/police function resource deployments and tactics and agency Operations
Orders;
conducting security assessments and inspections of agency operations and facilities;
coordinating the use of CCTV surveillance systems throughout the rail transit system to
support investigations, apprehensions and prosecutions; and
performing CPTED reviews of designs for new service projects or operating facilities.
Security Responsibilities of Other Departments/Functions
Element: Listing of SEPP-related responsibilities of other departments/functions, including
their relationship to the security/police function.
This section of the SEPP should provide an overview of the other rail transit agency
departments/functions that support the security/police function in implementing the SEPP. This
section should contain a narrative description of the general roles and responsibilities performed by
each department/function and how that department/function interfaces with the security/police
function. As a guideline, no more than two or three paragraphs should be devoted to describing the
security responsibilities of each other department/function within the rail transit agency.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
23
�3.3.3
•
Job-specific Security Responsibilities
Element: Listing of security-related responsibilities for other (non-security/police) rail
transit agency employees, including their relationship to the employee’s other duties.
This section should review and list the titles of all line and staff positions of the other
departments/functions within the transit system and summarize their respective security
responsibilities. In preparing these lists, rail transit agency’s may to consider the following
examples.
Rail operators have an important role in system security and emergency response. They are
expected to:
At beginning of service and the end of lines/routes or shifts, inspect vehicles and/or
facilities for suspicious packages/items and unsafe conditions/defects.
While in service, observe/recognize unusual/suspicious conditions or emergency
incidents.
Report any unusual conditions or emergency incidents or accidents in accordance to the
Operations Control Center (OCC) in conformance with SOPs and Rulebook.
Determine when to call (via vehicle or portable radio) the OCC for assistance.
Respond to information or requests from passengers concerning security. On rail
vehicles, passengers contact the operator via emergency intercom from the passenger
compartment.
Be alert and observant of the personal security of rail transit system employees,
customers, and the general public at stations, stops and along the route of their vehicle.
In the event of an accident or security incident, perform initial situation assessment and
provide OCC and the security/police function with information regarding what has
happened, the vehicle number, location, route/direction, and information regarding
fatalities, injuries or other relevant conditions.
Identify and report any immediate safety concerns at the scene (fire, fuel leak, status of
suspicious package, etc.).
If involved in an accident, provide sufficient information to OCC to classify the
accident status and identify required resources.
Establish initial transportation agency response at scene, including evacuation of
vehicle or facility (if necessary) and protection of passengers, employees, contractors
and/or property at the scene (following SOPs and Rulebook).
Communicate with passengers, provide clear directions, and offer updates and
passenger assistance at the scene.
Follows instructions from OCC.
Collect information, including the names of as many affected passengers as possible
and others who may have been involved in the incident/accident, and distribute
Courtesy Cards to passengers.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
24
�
Provide updates to OCC.
Request resources (as appropriate).
Wait for/meet supervisor and other rail transit responders at scene.
As appropriate, briefs supervisor/other responders at scene.
Assume control of the scene of a security incident (acting on-scene incident
commander) until arrival of a rail supervisor, emergency personnel or security/police
function personnel.
Report all security incidents to the OCC, including observations of new vandalism
damage or major or offensive graffiti.
Provide security-related written reports to the OCC.
If appropriate, coordinate with supervisor and on-scene emergency responders to
support the protection of passengers, employees, contractors and other who may be
affected.
Collect information from emergency responders regarding city, badge numbers, and the
numbers of responder vehicles.
Rail supervisors have specific security and emergency responsibilities as well as a general
responsibility for monitoring employees’ compliance with the agency’s security procedures. For
this reason, rail supervisors should have full knowledge of security rules and procedures, and
should communicate them on an ongoing basis so as to encourage other employees to incorporate
security practices into their daily work activities. Specifically, rail supervisors are to:
Respond to security and emergency incidents.
Report observations of new vandalism damage or major or offensive graffiti to the
Operations Control Center.
Act as the on-scene incident commander for the rail transit agency.
Act in conjunction with the ranking or designated police authority in a unified incident
command structure according to Incident Command System (ICS) procedures.
Provide leadership and direction to employees during security incidents.
Provide liaison with local or transit law enforcement officers and assist, when asked, in
crowd control, securing witness information, and providing general on-scene assistance
(but no physical involvement in violent behavior, when avoidable).
Make on-scene decisions about restricting or continuing operations and requesting
resources.
Prepare and submit reports for security incidents in which they are involved or to which
they respond.
Identify and report security threats and vulnerabilities.
Collaborate with the system safety and security/police functions in assessing security
threats and vulnerabilities, and trends in security breaches.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
25
�
Collaborate with transit security/police responders and local law enforcement in
enforcement missions.
Follow radio communication protocols for internal and outside agency talk groups.
De-energize rail car(s) and overhead catenary, as applicable.
Apply hand brakes or secure rail car(s) to prevent unintended movement of same.
Ensure that sufficient resources are en route to the scene.
Support the protection of passengers, employees, vehicles and property at the scene.
Requests alternate means of transportation for passengers if required.
Meet arriving rail transit agency resources and emergency responders at the scene, and
provide briefings as required.
Support the establishment of staging areas.
Support the security/police functions and local emergency responders at the scene in
addressing the needs of injured passengers/employees and in isolating the scene.
Provide updates to OCC.
Request additional resources (if necessary) based on the evolving incident/accident
scene.
Block the scene (as appropriate) and secures the affected vehicle/location to prevent
people from entering.
As appropriate, ensure that the evidence and physical circumstances at the scene are
preserved as much as possible.
Ensure that activities have been performed to identify affected passengers/employees,
to distribute Courtesy Cards, and to collect information from passengers and arriving
emergency responders.
Rail controllers are expected to:
Dispatch rail supervisory personnel.
Receive and respond to calls for assistance during security and emergency incidents.
Call 9-1-1 emergency communications centers for local law enforcement and
emergency response, and transit security/police response in emergency situations,
convey information in an accurate and timely manner.
Prioritize emergency and non-emergency calls for assistance.
Maintain communications, location and status of agency system safety and
security/police function personnel.
Prepare and submit reports for security incidents to which they respond.
Make appropriate paging notifications to chain-of-command, public information and
other agency personnel, according to incident notification procedures.
Address requests for support through notification and dispatch of resources.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
26
�3.3.4
•
Perform action necessary to manage rail transit service in and around the affected area,
including suspension of service, re-routing of service, diversions, and bus
bridges/shuttles.
Coordinate information regarding service changes with rail transit field personnel and
with the on-scene response.
Manage the elements of the transportation system not affected by the emergency.
Coordinate with the security/police functions and other responding agency dispatch
centers regarding resource requests and requirements.
As appropriate, convey requests to and from local/county Emergency Operations
Center(s).
Support the preparation of incident summary information for use by Media Relations.
Monitor and respond to intrusion or security alarms and CCTV incidents. Operate
CCTV recording system for monitored facilities. Following CCTV recording chain-ofcustody procedures, remove and transfer recordings to authorized recipients, and order
vehicle maintenance departments to remove/transfer vehicle CCTV recordings to
authorized recipients.
Develop and issue Operations Orders for special events or situations calling for nonnormal transit system operations, including applicable security considerations
developed in collaboration with the system safety and security/police functions.
Monitor the transit system's building access control system alarms; coordinate with the
security/police function for resolving problems.
Security Task Responsibilities Matrix
Element: A SEPP Program Roles and Responsibilities Matrix should be developed
showing interfaces with other transit system departments/functions and the key reports or
actions required.
A security task responsibilities matrix should be presented showing interfaces and the key reports
or actions required, including the frequency of those reports or actions. An example of a security
task matrix, organized by SEPP section, is displayed below.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
27
�SEPP PROGRAM ROLES AND RESPONSIBILITIES MATRIX
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
S
S
P
P
P
P
P
P
P
P
P
P
P
S
S
S
S
P
P
P
P
P
P
P
P
P
P
P
P
S
P
S
S
P
P
P
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
S
S
S
C
S
S
S
S
S
S
S
S
C
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
C
S
S
S
C
S
S
S
S
S
S
S
S
P
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
C
S
S
S
C
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
S
S
S
S
S
S
S
S
S
S
S
S
System
Safety
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
S
S
S
C
S
S
S
S
S
S
S
S
P
C
C
S
S
S
S
S
S
S
C
S
S
S
S
C
C
C
C
C
S
S
S
S
S
Human
Resources
A
A
A
A
A
A
A
A
C
C
C
C
C
C
C
C
A
A
A
A
A
C
A
A
A
S
A
S
S
S
S
S
P
P
P
P
P
P
C
C
F
C
P
A
A
A
A
P
P
P
P
C
P
P
C
P
P
Engineering
Maintenance
A
A
A
A
A
A
A
A
C
C
C
C
C
C
C
C
A
A
A
A
A
A
A
A
C
S
C
C
S
S
S
S
C
C
C
C
C
C
C
C
C
C
C
A
A
A
A
C
C
C
C
C
S
S
C
C
P
Training
Operations
System Security Program Introduction
Purpose of System Security Program Plan and Program
Goals, Objectives, & Tasks for the Program
Scope of Program
Security & Law Enforcement
Management Authority & Legal Aspects
Government Involvement
Security Definitions
System Description
Background & History of System
Organizational Structure
Human Resources
Passengers
Services and Operations
Operating Environment
Integration with Other Plans
Current Security Conditions
Capabilities & Practices
Management of the System Security Plan
Responsibility for Mission Statement & System Security
Management of the Program
General Manager
Chief Operating Officer
Division of Security Responsibilities
Job-specific Security Responsibilities
External Agencies
Security Committees
SEPP Program: Roles & Responsibilities
Planning
Proactive Measures
Training
Day-to-Day Activities
Security Program Threat & Vulnerability Management
Threat & Vulnerability Identification
Security Testing and Inspections
Data Collection
Reports
Security Information Flow
Threat & Vulnerability Assessment
Responsibility
Data Analysis
Frequency & Severity
Threat & Vulnerability Resolution
Emergency Response
Breach Investigation
Research and Improvements
Eliminate, Mitigate, or Accept
Implementation & Evaluation of System Security Program Plan
Implementation Goals & Objectives
Implementation Schedule
Evaluation
Internal Audit – Management
External Audits
Modification of the System Security Program Plan
Initiation
Review Process
Implement Modifications
Security/
Police
TASK OR ACTIVITY
P - Primary Responsibility
S - Support Responsibility
A - Approval
C - Review and Comment
Management
TRANSPORTATION SYSTEM
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
S
S
S
C
S
S
S
S
S
S
S
S
C
C
C
S
S
S
S
S
S
S
S
S
S
S
S
C
C
C
S
S
S
S
S
S
28
�For rail transit agencies choosing to take another approach, the task matrix can also be organized
by specific tasks identified to implement the goals and objectives presented in Section 1.2. Or, as
an alternate approach, rail transit agencies can organize their task matrices using a combination of
specific activities to be performed to achieve goals and objectives and the SEPP plan organization.
3.3.5
•
Responsibilities of External Agencies
Element: The responsibilities of external agencies for supporting SEPP development and
implementation should be identified.
This section should briefly identify the external agencies that the rail transit agency works with in
implementing its SEPP. As appropriate, reference may be made to Section 1.6 (Government
Involvement) of this plan. For each external agency listed, this section of the SEPP should identify
their specific responsibilities in supporting the SEPP (i.e., providing funding, training or technical
assistance, reviewing and approving plans, etc.).
In addition, this section of the SEPP should also describe the rail transit agency’s relationship with
the state safety oversight agency. This section should briefly summarize the requirements
specified by the state oversight agency for SEPP development and implementation and other
security activities, and the activities that must be performed by the state oversight agency.
The role of G&T and TSA in reviewing the SEPP should also be specified.
3.3.6
•
Security Committees
Element: The committees developed by the rail transit agency to address security issues
should be identified.
This section of the SEPP should identify the committee or committees established by the rail
transit agency to address security issues. In the rail transit environment, the security committee(s)
generally reports to top management through the chief operating officer or director of operations.
The major task of this committee(s) is to identify and resolve potential security risks that the
transportation system may encounter during operations. In preparing this section, the rail transit
agency may consider the following example:
Coordinating and leading planning for the rail transit agency's SEPP program development is an
essential job function of the Manager or Chief of the security/police function. In performing this
activity, the Manager or Chief chairs the rail transit agency's Security Committee, consisting of the
following:
Executive Director, Operations
Commander, Transit Police Division
Manager, Field Operations
Director, Transportation Operations
Director, Operations Training
Director, Facilities Management
Director, Operations Planning and Development
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
29
�
Asst. General Counsel, Compliance and Policy
The Security Committee also includes two rail operator representatives and one front-line
maintenance employee representative.
Members of the Security Committee, in their respective security-related functional roles, contribute
directly to planning the security and emergency preparedness program. The Security Committee
meets at least once monthly. It extends the scope and effectiveness of the management of the
security program, by assuring involvement and collaboration of all rail transit agency
departments/functions in security program development and implementation, and by advising on
development and evaluation of the program.
Security Committee meetings include reviews of:
4.
security incidents;
proposed improvements in security procedures, equipment and training;
changes to transit agency facilities or operations affecting security;
security information related to upcoming events in the region affecting the transit
system;
trends in transit system crime data; and
security assessments of transit agency operations and facilities.
SEPP Program Description
Chapter 3 identified the rail transit agency’s approach to managing the SEPP, and specified the
SEPP-related responsibilities of management and line positions within the security/police function
and the other rail transit departments/functions. Chapter 4 demonstrates how the SEPP
management functions and responsibilities identified in Chapter 3 are integrated into a cohesive
and effective program. The elements of this program are presented using the POETE
categorization specified by DHS/TSA and G&T in implementing the National Preparedness Goal:
Planning, Organization, Equipment, Training/Procedures, and Emergency Exercises and
Evaluation. Examples for how rail transit agencies could address each of these five categories of
activities are provided in Sections 4.1 through 4.5 below.
NOTE: In describing implementation of the SEPP program, rail transit agencies who are not
participating in the G&T Transit Security Grant Program may use the traditional categories,
previously recommended in FTA guidance: Planning, Proactive Measures, Training, and Day-toDay Activities. Or these rail transit agencies may choose to use the POETE categories, since either
organizational scheme provides the same general information.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
30
�4.1
PLANNING
•
Element: Identification of SEPP activities and programs in place at the rail transit agency
to support planning for system security and emergency preparedness.
Planning for the SEPP program includes developing internal agency plans to address SEPP issues
during rail transit agency operations; budgeting for system security and emergency preparedness
functions; addressing security requirements in system design and safety/security certification for
extensions and major projects, renovations and rehabilitations; and coordinating with local
emergency management agencies and public safety agencies to ensure integration of the rail transit
agency into response community plans for major criminal events, terrorist activities (including the
use of Improvised Explosive Devices [IEDs] and the release of Chemical, Biological, Radiological,
Nuclear and Explosive [CBRNE] agents), and natural disasters.
Internal Planning: Planning is an integral part of maintaining and operating a secure rail transit
system. Stemming from state safety oversight requirements and DHS/G&T regulations and
requirements, the rail transit agency has developed a set of plans to document its combined
activities to address issues affecting the safety and security of passengers and employees, the
agency’s ability to protect its infrastructure from crime and terrorism, and the agency’s capabilities
to provide effective emergency response to a wide range of emergencies. To this end, the rail
transit agency has developed this SEPP, as well as a System Safety Program Plan, a System Safety
and Security Certification Program Plan, an Emergency Operations Plan, and a set of Incident
Specific Response Plans for severe weather and natural disaster, a range of accident types and fires,
and major crimes and terrorism.
Wherever possible and appropriate, these plans address state oversight agency requirements as well
as DHS Homeland Security Presidential Directives (HSPDs) requiring implementation of the
National Response Plan, the National Incident Management System, the National Infrastructure
Protection Plan, and the National Preparedness Goal. In addition, the results of internal and
external assessments performed at and by the agency addressing SEPP-related issues are also
integrated into these plans, including needs assessments and threat and vulnerability assessments.
Budgeting: The rail transit agency's annual capital budget recommendations are developed by a
senior staff group called the Capital Committee. The Executive Director, Operations is represented
on the Capital Committee by the Director, Operations Planning and Development, who assures that
the security capital improvement needs are incorporated into the rail transit agency's annual capital
budget development process and 5-year Capital Improvement Program (C.I.P.) forecast. The rail
transit agency’s security/police function provides an annual budget request. Rail transit agency
committees also identify needed security and emergency preparedness improvements and make
recommendations to the Director, Operations Planning and Development. Finally, the results of
needs assessments and regional plans for communications interoperability and terrorism early
warning systems are also shared with the Capital Committee.
Security Requirements in Design: The rail transit agency addresses security in planning for
system modifications, extensions and rehabilitations. Using selected design features and
technologies, crime and terrorism prevention capabilities are accomplished through an integrated
approach based on CPTED principles. The rail transit agency requires all drawings and
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
31
�specifications to be reviewed by an American Society for Industrial Security (ASIS) Board
Certified Protection Professional (CPP) who reviews them for CPTED concepts and upon
acceptance, stamps the drawings and approves the specifications. Security reviews are conducted
throughout the design process, and during construction, security features are assessed for their
compliance with specifications, prior to being accepted and placed into service. The security/police
function has both formal and informal input into design decisions that affect passenger, employee,
and equipment security. In addition, the rail transit agency has developed Security Design Criteria,
which ensure that CPTED principles are applied to all aspects of facilities and vehicle design.
FTA's Transit Security Design Considerations is incorporated by reference into the design criteria,
as a comprehensive CPTED guide.
The rail transit agency’s security planning in development of new transit projects is formalized
through the Safety Certification Program. As described in the rail transit agency’s System Safety
Program Plan and System Safety and Security Certification Program Plan, the rail transit agency
conducts a safety certification process to ensure that safety concerns and hazards are adequately
addressed prior to the initiation of passenger operations for new start rail transit projects and for
major modifications to rail transit systems. The intent and practice of the safety certification
program is that security considerations are integrated into the safety certification process, in the
same manner as safety considerations.
To conduct this process, the rail transit agency specifies use of its security design criteria, a set of
safety and security design reviews performed by several groups devoted to safety and security
issues, including the Safety and Security Task Force, Fire/Life Safety and Security Committee,
contracted safety and security engineering support, the rail transit agency’s system safety and
security/police functions, and the agency’s standing committee for configuration management, and
an extensive verification process to ensure that security elements specified in the design are
actually built into the delivered project. Testing, start-up, training and emergency readiness issues
are also addressed in this process.
Coordination for Regional Emergency Preparedness Capabilities: Following the events of
September 11, 2001, and all subsequent DHS directives and guidance calling for a permanently
heightened level of security awareness and emergency preparedness, officials from the rail transit
agency have been working closely with officials of the region's emergency management
organizations to: (1) include the rail transit agency as a full-fledged member of regional
organizations and working groups established by emergency management and public safety
organizations for purposes of planning and preparing for regional emergency responses, and (2)
assure appropriate inclusion of the rail transit agency in the emergency response and security alert
procedures of the region's Emergency Operations Centers.
The rail transit agency has coordinated with both local and county governments and the emergency
management agencies in its service area to support on-going development and revision of their
respective Emergency Operations Plans and supporting incident management and response
protocols and resource inventories. The rail transit agency has also partnered with the major
municipality in its service area to develop a Downtown Evacuation Plan, to ensure effective
response to no-notice evacuations and emergencies, including events related to IED and CBRNE,
earthquakes, fires and flooding.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
32
�The rail transit agency has established MOUs with local law enforcement, emergency medical
services, fire departments, hospitals and other transit providers in the region. These MOUs provide
direction and clarification regarding response to an incident occurring on the rail transit agency,
and how the rail transit agency may support response to area-wide emergencies.
In addition, the rail transit agency, working with the Regional Transit Security Working Group and
the region’s Urban Area Security Initiative agencies, has developed and implemented the Regional
Transit Security Strategy. The RTSS provides the integration point between the individual, riskbased SEPPs of the rail transit agencies in the region, and the overall security goals and objectives
established for the region. The RTSS demonstrates a clear linkage to the applicable state and urban
area homeland security strategies developed or currently being developed. For G&T’s Transit
Security Grant Program, it is expected that the SEPPs and the RTSS will serve as the basis on
which funding is allocated to address regional transit security priorities, and the vehicle through
which the rail transit agency may justify and access other funding and resources available on a
region-wide basis through the UASI program.
4.2
ORGANIZATION
•
Element: Identification of the organization of SEPP-related activities and programs and
the ability to coordinate with external response agencies.
Capabilities for the rail transit agency’s response to major crimes, terrorism and natural disaster
emergencies are organized following the Incident Management Organization specified in the rail
transit agency Emergency Operations Plan, as well as the procedures identified in rail rulebooks
and SOPs/Emergency Procedures, the agency’s Crisis Communications Plan, the security/police
function’s General Orders, the agency’s Incident Specific Response Plans, and internal transit
facility emergency emergency/evacuation plans. The rail transit agency’s Incident Management
Organization provides an organized command and control structure to ensure (1) coordinated
response across the agency’s departments/functions and (2) adequate resources are mobilized
during emergency incidents. The rail transit agency’s Incident Management Organization is akin
to the Incident Command System (ICS) used by local responders. This organization enables the
rail transit agency to integrate effectively with the ICS established by public safety and emergency
management agencies, complying with the terms of both NIMS and the Major Emergency Incident
Management System protocols established for the regional area.
These capabilities are coordinated and integrated with external jurisdictions and regional
emergency preparedness plans, such as the municipal and county Emergency Operations Plans and
the Downtown Evacuation Plan. Specific rail transit agency capabilities are also documented in the
Regional Transit Security Strategy.
Specifically for terrorism, the rail transit agency recognizes that unique capabilities are provided by
public safety responders in the region for addressing a range of terrorism-related events, including
CBRNE and IED events occurring on or adjacent to rail transit property. Further, as specified in
the Regional Transit Security Strategy, the rail transit agency has identified these capabilities and
also has established its own resources to prevent, detect, respond to and recover from these events.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
33
�The organization of terrorism or emergency incident response teams in the rail transit agency’s
service area includes the following capabilities: canine teams, explosive ordinance disposal,
hazardous materials, underwater dive teams, special weapons and tactics, emergency medical
services, medical surge teams, and urban search and rescue. These teams are available throughout
the rail transit system’s service area.
Capabilities to collect, analyze, and disseminate information on potential threats to the region's
transit systems include:
Transit security/police function participates in the region’s Federal Bureau of
Investigation (FBI)/Joint Terrorism Task Force (JTTF). Any information relating to
potential transit threats is promptly forwarded through this function.
Transit security/police function is establishing a Homeland Security Unit, including an
officer dedicated to intelligence fusion and analysis and coordination with other law
enforcement agencies in the region, state and national level.
Transit security/police function receives advisories from DHS (including G&T and
TSA) as well as information transmitted by Federal Transit Administration and the U.S.
Department of Transportation.
Local police intelligence is continually shared with the tail transit security/police
function.
An additional capability desired is inclusion of public transportation agencies in development of a
Terrorism Early Warning (TEW) system for the region. The state Office of Homeland Security is
establishing a Strategic Analysis Information Center (SAIC) to effectively collect and share
information from many different sources. The SAIC is designed to integrate existing local, state
and federal information systems to create a central “fusion” center. The center will partner with
many different sources of information, fusing relevant information and distributing valuable
information to private and public sectors, first responders and investigators.
Policies or procedures to coordinate within this organizational structure to share information
include:
Using an 800 Mhz regional system owned by the municipality/state that enables crosscommunication through defined talk-group templates.
The region is developing an interoperability plan per HSPD-8 addressing Computer
Aided Dispatch (CAD)/data system and radio cross-communication among its
county/city 9-1-1 centers; the rail transit agency is a participant in developing the
region's HSPD-8 and G&T-required tactical interoperability communications plan
(TICP).
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
34
�4.3
EQUIPMENT
•
Element: Description of the equipment used to support implementation of the SEPP
program.
Through the administration of DHS and FEMA grants in the rail transit agency’s service area, first
responders have obtained equipment, training and certification to support response to security and
CBRNE events as well as natural disasters. Regional procedures, drills and exercises are being
developed to ensure these capabilities. Through the state Emergency Management Agency, this
activity has been coordinated with the Terrorism Annex of the state Emergency Operations Plan, as
well as the state Homeland Security Assessment and Strategy. Based on the results of this
assessment and strategy, specific equipment needs have been identified, prioritized and are being
addressed in each of the state’s counties and major municipalities. Regional UASI working groups
are also coordinating with the state Senior Interagency Coordinating Group (SICG) and the state
Security Task Force to address the need to achieve greater terrorism and natural disaster
preparedness and to work toward statewide response capabilities, including the acquisition of
additional equipment.
The rail transit agency also has equipment to support its capabilities to detect, prevent, respond to
and recover from security and terrorism events and to manage natural disasters:
CCTV equipment is installed on rail transit vehicles and in rail transit agency facilities,
coordinated with the agency’s access control system.
The rail transit agency is revising its CCTV policy and may decide to equip additional
stations and vehicles.
The rail transit agency’s security/police function monitors an extensive network of
security, fire, duress, intrusion, utility and internal 911 alarm systems.
Intrusion detection is installed for elevated structure access points and tunnel portals
and cross-passages.
The rail transit agency’s security/police function administers an automated employee
access control system and performs analysis of security data and security breeches.
CCTV incorporated into design criteria for all new-project stations and park-rides, as of
2005.
The rail transit agency’s security/police function performs security screening of visitors
and temporary visitor passes and escorts are required.
Mail is screened at a central facility and procedures have been established for receiving
deliveries from overnight services and vendors.
The rail transit agency revised its policy for standard trashcans, following 5/20/04 TSA
RAILPAX-04-01 directive.
New non-concealing trashcan design will be adopted for future projects.
The rail transit agency also has a variety of equipment in place to ensure the integrity of the
following:
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
35
�
Protection against unauthorized entry:
–
–
–
–
–
Fencing for rail yard and administrative facilities.
Fencing at traction power substations and maintenance of way out-buildings.
Fencing along right-of-way.
Intrusion detection separating right-of-way from shared corridor operations.
Walls, ceilings, and windows have been assessed, and graffiti-resistant materials,
locks, bullet resistant materials and anti-fragmentation materials have been
installed/used at critical locations.
Other features include:
– Consideration given to employee, passenger and visitor traffic patterns in the
design, lay-out and use of facilities and stations.
– Standards have been established to ensure internal and external lighting levels
compliance with recommendations from the American Society for Industrial
Security.
– Directional signage is provided in a consistent manner in all stations, both to
provide orientation and to support emergency evacuation.
– National Fire Protection Association Standard (NFPA) 130 is used to ensure
fire/life safety in station design, including fire detection systems, firewalls and
flame-resistant materials, back-up power and emergency lighting, defaults in
turnstile and other systems supporting emergency exists, and pre-recorded public
announcements.
– Gates and locks are used on all facility doors to prevent unauthorized access. Keys
are controlled through an established program managed by the security/police
function.
– Gates and locks are also used to close down system facilities after operating hours.
– Rail vehicles have radios, silent alarms, CCTV, and passenger communications.
– Uninterruptible Power Supply (UPS) or redundant power sources are provided for
safety and security of critical equipment, such as but not limited to: exit and
platform lighting; parking lot lighting; ancillary space and shop lighting; intrusion
detection (alarmed rooms and spaces, fare collection equipment, etc.); fire
detection, alarm and suppression systems; public address (shop and public areas);
call-for-aid telephones; CCTV; emergency trip stations; vital train control
functions; etc.
The rail transit agency has also identified the following equipment needs for optimum
IED/CBRNE prevention, detection and response within the regional transit sector:
expansion of CCTV surveillance, for prevention and detection;
comprehensive improvements to field and the security/police function communications
systems, for effective response capabilities, by being able to manage transit operations
during a major incident;
backup operations command center capability; and
investigation of the applicability of K-9 units or robotic devices to enhance explosive
detection capabilities.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
36
�4.4
TRAINING AND PROCEDURES
•
Element: Description of SEPP-related training and procedures available to ensure
employee proficiency.
Training: At the rail transit agency, training for SEPP-related topics is performed to ensure that:
applicable management, operations, and maintenance rules, procedures, and plans are
effectively documented and conveyed to those responsible for their implementation;
manuals showing how to administer, operate, and maintain the system’s safety and
security equipment and facilities are understood by those responsible for their use;
safety-related rules and procedures for management, operations, and maintenance
personnel are documented and effectively implemented by all employees as required;
emergency procedures have been developed, documented and are successfully
implemented by all personnel as required, including public safety personnel (if
appropriate);
transportation personnel and local emergency responders understand the hazards of the
transportation environment; and
an adequate level of preparation is maintained for a possible emergency.
Training typically addresses rules, policies, and procedures, as well as many of the hazards in the
transportation environment (e.g., live power, track and roadway safety, hazardous materials and
alternate fuels, medical emergencies or blood-borne pathogen awareness, personal safety, and
injury prevention). The rail transit agency also has established an emergency response agency
familiarization program that provides orientation for local law enforcement, fire personnel, and
medical services regarding the transportation environment and its vehicles.
The rail transit agency has performed basic security awareness or first responder awareness
training, which emphasizes topics, such as:
understanding the specific threats from explosives, incendiary devices, and toxic
materials (chemical, biological, or radiological agents) and the risks associated with
them in an incident;
understanding the potential outcomes associated with an emergency created when
explosives, incendiary devices, or toxic materials are present;
the ability to recognize the presence of these devices and materials;
the ability to identify the classes of chemical agents, if possible, using signs and
symptoms;
the ability to reference laminated cards and other automated and manual checklists to
support initial response activities and incident reporting; and
proper use of personal protective equipment, such as escape hoods and gas masks.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
37
�The rail transit agency offers a variety of training programs to support SEPP implementation, as
SEPP elements are integrated into including initial and refresher training programs provided to all
employees. In addition the rail transit agency provides general security awareness training to all
operations and maintenance departments and holds special seminars devoted to SEPP topics with
supervisors, managers and the rail transit agency’s executive leadership. A brief summary of key
training activities performed by the rail transit agency to address the SEPP appears below:
SEPP Training Campaigns
All rail transit agency front-line employees, maintenance personnel and most agency
staff received a four-hour security awareness training course during 2003 and 2004,
prepared and delivered by the rail transit agency’s training supervisors, based on the
National Transit Institute's (NTI) "System Security Awareness for Transit Employees"
course, sponsored by FTA.
Rail transit agency supervisors and dedicated security personnel have received and will
continue to receive specific classes devoted to SEPP-related topics, including managing
security threats and workplace violence, Weapons of Mass Destruction, and NIMS/ICS,
etc. For example, an NTI train-the-trainer course in Terrorist Activity Recognition and
Reaction was delivered to the rail transit agency’s trainers and supervisors last year,
and another NTI course in Transit Response to Weapons of Mass Destruction will be
delivered to the rail transit agency’s trainers, supervisors and operations managers this
year.
To fulfill the next set of transit security training needs, the rail transit agency will
deliver a "Phase 2" security training program, using G&T TSGP assistance. The Phase
2 security training program objectives include:
– Deliver Behavioral Awareness Security Screening (BASS) training.
– Deliver NIMS training, compliant with the "NIMS National Standard Training
Development Guidance" issued by the NIMS Integration Center April 12, 2005,
and fulfilling ICS training pursuant to the "Institutionalizing the Use of ICS"
guidance issued by the NIMS Integration Center February 17, 2005.
– Deliver training on the rail transit agency’s revised Emergency Operations Plan and
Incident Management Organization, including integration with regional CBRNE
and other emergency management plans (e.g., earthquake).
In early 2006, the rail transit agency will provide several versions of the "first responder
awareness level" of training as defined by U.S. OSHA at 29 CFR 1910.120(q)(6)(i):
"(i) First responder awareness level: First responders at the awareness level are
individuals who are likely to witness or discover a hazardous substance release and
who have been trained to initiate an emergency response sequence by notifying the
proper authorities of the release. They would take no further action beyond notifying
the authorities of the release. First responders at the awareness level shall have
sufficient training or have had sufficient experience to objectively demonstrate
competency in the following areas: (A) An understanding of what hazardous substances
are, and the risks associated with them in an incident. (B) An understanding of the
potential outcomes associated with an emergency created when hazardous substances
are present. (C) The ability to recognize the presence of hazardous substances in an
emergency. (D) The ability to identify the hazardous substances, if possible. (E) An
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
38
�understanding of the role of the first responder awareness individual in the employer’s
emergency response plan including site security and control and the U.S. Department of
Transportation’s Emergency Response Guidebook. (F) The ability to realize the need
for additional resources, and to make appropriate notifications to the communication
center."
Security/Police Function:
Security/police personnel have received security awareness training.
Security/police personnel continue to receive training on CBRNE recognition,
protective equipment, and response.
Security/police personnel continue to receive training in CPTED and community
policing techniques.
Security/police personnel and other rail transit personnel have received training from
the County Emergency Management Agency on the Major Emergency Incident
Management System (MEIMS) Basic Principles and Protocols.
Security/police personnel have also received training from local law enforcement
agencies in the rail transit agency’s service area regarding response to CBRNE events.
Employee Awareness:
All employees receive security awareness training course, based on National Transit
Institute (NTI) course sponsored through Federal Transit Administration.
Security awareness training is incorporated into initial and recurrent training for all
operators.
Transportation supervisors and all dedicated personnel have received and will continue
to receive specific classes on threats and SEPP-related issues (i.e., workplace violence,
CBRNE, IED, etc.)
Phase 2 of the rail transit agency’s awareness training will focus on recognizing
suspicious behavior, and will be provided to all front-line employees and supervisors.
Customer awareness:
All rail transit agency vehicles are posted with Transit Watch instructions for
passengers to report to Operator or other rail transit agency employee suspicious
objects or persons.
Public announcements are looped in stations directing anyone who identifies a
suspicious object to report it to the nearest rail transit agency employee.
NIMS/ICS:
The rail transit agency has updated its Incident Management Organization and
supporting procedures, as specified in its Emergency Operations Plan, per NIMS
guidance.
The rail transit agency is developing a training program for its revised Emergency
Operations Plan, including its NIMS-compliant Incident Management Organization.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
39
�
NIMS institutionalizing activities are in-progress at the rail transit agency for
completion by 2006.
Mutual aid and coordination relative to the rail transit agency is in process:
– Agreements are being revised/finalized with the County Emergency Management
Agency and the major municipality in the rail transit agency’s service area.
– There is an open invitation to law enforcement canine units to exercise/train on the
rail transit agency’s vehicles and stations.
– The Urban Area designated for the UASI program is developing a CBRNE
response plan which the rail transit agency is an integral part of. This regional plan
will serve as the external-responder elements of the rail transit agency’s internal
CBRNE plan as well as identify public transportation tasks and capabilities needed
for CBRNE preparedness.
Familiarization Training:
The rail transit agency has provided familiarization training on its facilities, vehicles,
operations and emergency response procedures to emergency management and public
safety agencies in its service area.
An overview of training offered by the rail transit agency is provided below.
Staff Level
Courses
Orientation
SOPs, Emergency Procedures, and
Emergency Operations Plan
Safety Rules
Security Awareness
Security Systems
- Facilities
- Vehicles
Emergency Training for 1st Responder
Introduction to ICS/NIMS
Incident Command Training
Interagency Training
Weapons of Mass Destruction/CBRNE
CPR
Blood-borne Pathogens
First Aid
Hazardous Material Awareness
1
2
3
Security
and/or
Police
Function
Rail
Controllers
and OCC
Supervisors
X
X
X
X
X
X
X
X
X
X1
X
X1
X1
X1
X1
X1
X1
X
Operators
and
Station
Agents
X
X
Operations
and
Maintenance
Supervisors
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X2
X
X2
X
X
X
X
X
X3
X3
X3
X3
X3
X
X3
X3
X
X3
X
X
X
Staff
X
X
X
Pre-qualified
Supervisors designated as On-site incident coordinators
Selected Staff
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
40
�Procedures: Rail operators, rail controllers at the rail transit agency’s Operations Control Center,
rail supervisors, transportation and maintenance personnel, and security/police function personnel
use Standard Operating Procedures (SOPs) and associated Rulebooks for normal, special, and
emergency operations. Most procedures supporting system security are embedded in the operations
SOPs pertaining to emergency operations, communications, and response, just as system safety is
embedded into operating procedures. Some security procedures are stand-alone SOPs. Training on
SOPs and Rulebooks applicable to respective employee jobs is the core element of operations
training for the respective jobs, serving as the primary mechanism for safety and security training
for employees. To illustrate the scope of security-related and emergency management-related
SOPs, a list of selected SOPs which apply to the rail operation appears below.
Example SOPs for Security and Emergency Response
Emergency Procedures Tunnel
Tunnel Single Track Operations
Operations/Emergencies Controller Procedures
Tunnel Emergency Standpipe
Response Protocols for Homeland Security Threat
Tunnel Electrification
Advisory Levels
Tunnel Person/Train Contact
Response to Threatened or Actual Acts of
Tunnel Re-Railing
Terrorism, Violence or Major Incidents
Security Procedures
Unknown Substances on Vehicles and Platforms
Security Roles and Responsibilities
Response to Chemical Agents on Vehicles and
Radio Usage - Security Talk Group
Platforms
Prohibited Conduct/Criminal Incident
Fire/Smoke on Train
CCTV Procedures – Vehicles and Platforms
Emergency Notification Guidelines
Building Access Control
Collision or Derailment
TVM/Fare Maintainer Security
Death on Rail Transit Property
Controlled-Access Facility Keys
Bomb Threat
Controllers Emergency Procedures
Earthquake
Coordination with Emergency Response Units
Common Corridor Emergency
Emergency Passenger Evacuations
Remote Overhead Power Removal
Documentation of Events
Medical Emergency - Passenger
Information Distribution
Emergency Access to Right of Way
SCADA Failure
Contact of Train and Person
Platform PA/Readerboards
Incident Command System
Central Control System Alarms
Immediate and Emergency Medical Care
Remote Signal and Switch Operation
Fire Alarms
Interface with Supervisors and Operators
Excessive Arcing/Broken Pantograph
Central Control System Failure
Emergency Vehicles
Rail Strategies and Restoration of Service
Accident/Incident Reports
Station Elevator Operations/Rescue
Train Log Procedure
Field Supervisor Procedures
Track Damage Assessment
Rail Supervisor Responsibilities
Loss of Radio Communications
Accident/Incident Investigation
Re-Railing (except Tunnel)
Maintaining Order in Park/Ride Facilities
Confirmed Tunnel Incidents
Contingency Plan for Radio Communications
Smoke/Fire in Tunnel
Emergency Mobilization
Tunnel Intrusion Detection/Security
Bus Silent Alarm Response
Tunnel Rescue Trains
Riot/Civil Disturbance
Tunnel Ventilation
Bomb Threat
Tunnel Evacuation
Biochemical Threat/Incident
Hostage or Barricade
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
41
�In other procedures-related activities, the rail transit agency is:
Establishing procedures for sweeping vehicles and stations to identify and manage
suspicious items, based on HOT characteristics (hidden, obviously suspicious, not
typical).
Developing a quick reference guide for security/police personnel and other rail transit
employees to use in addressing a variety of emergency situations, including the
identification and evaluation of suspicious packages and conditions.
Developing a new employee reporting procedure that assigns all operators and all other
employees in field with "eyes and ears" awareness and reporting responsibilities.
The rail transit agency has also adopted specific procedures for Homeland Security Advisory
System (HSAS) threat level changes; when advisory is raised, heightened security sweeps and
surveillance patrols for vehicles and stations are put into effect.
Rail transit agency activity to ensure compliance with both training programs and procedures
implementation is discussed in Chapter 6 of this SEPP and is also described in the System Safety
Program Plan.
4.5
EMERGENCY EXERCISES AND EVALUATION
•
Element: Description of SEPP-related activities to ensure the conduct of emergency
exercises and evaluation.
Rail transit agencies are vulnerable to a range of events which may result in emergencies. The
table on the following page illustrates some of the most likely of these events, organized into
categories of naturally occurring and human-caused events (intentional and unintentional).
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
42
�Human-Caused
Naturally Occurring
Droughts
Dust/Wind Storms
Earthquakes
Electrical Storms
Floods
High Winds
Hurricanes
Ice Storms
Landslides
Naturally Occurring
Epidemics
Snowstorms and
Blizzards
Tornadoes
Tropical Storms
Tsunamis
Typhoons
Wildfires
Intentional
Unintentional
Bomb Threats and Other Threats of
Violence
Disruption of Supply Sources
Fire/Arson
Fraud/Embezzlement
Labor Disputes/Strikes
Misuse of Resources
Riot/Civil Disorder
Sabotage: External and Internal
Actors
Security Breaches
Terrorist Assaults Using Chemical,
Biological, Radiological or Nuclear
Agents
Terrorist Assaults Using
Explosives, Firearms or
Conventional Weapons
Theft
Vandalism
War
Workplace Violence
Accidental Contamination or
Hazardous Materials Spills
Accidental Damage to or Destruction
of Physical Plant and Assets
Accidents which Affect the
Transportation System
Gas Outages
Human Errors
HVAC System Failures or
Malfunctions
Inappropriate Training on Emergency
Procedures
Power Outages
Software/Hardware Failures or
Malfunctions
Unavailability of Key Personnel
Uninterruptible Power Supply (UPS)
Failure or Malfunction
Voice & Data Telecommunications
Failures or Malfunctions
Water Outages
An exercise is a focused practice activity that places the participants in a simulated situation, which
requires them to function in the capacity that would be expected of them in a real event. A good
exercise, that is well evaluated, reveals inconsistencies in plans, highlights deficiencies in
resources, and underscores the need for additional training.
Going directly into a real emergency operation without exercising involves substantial risks. For
example, many participants may not know or thoroughly understand their emergency
responsibilities and how they relate to activities performed for other elements of the response;
equipment may not function as expected; or procedures may not be as effective as anticipated.
Such risks, when thoughtfully considered, are unacceptable to most transportation agencies.
Accordingly, a broad spectrum of exercise activity is necessary if functional emergency response
and recovery capability is to be realistically assessed and improved.
Well-designed and executed exercises are the most effective means of:
testing and validating policies, plans, procedures, training, equipment, and interagency
agreements;
clarifying and training personnel in roles and responsibilities;
demonstrating mastery of standard and emergency operating
communications, equipment, and public information dissemination;
improving internal agency and interagency coordination and communications;
identifying gaps in resources;
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
procedures,
43
�
improving individual performance; and
identifying specific activities which should be taken to improve the response capability.
Exercises are also an excellent way to demonstrate community resolve and cooperation to prepare
for disastrous events. Review of successful responses to emergencies over the years has shown that
pre-emergency exercising pays huge dividends when an actual emergency occurs. This is
especially true in instances where communities were involved full-scale exercises that tested the
range of response activities, communications protocols, and resources to be applied.
In the rail transit environment, exercises provide an effective way to implement and fine-tune an
agency’s emergency plan, provide training, and improve system safety and security. Additionally,
as providers of a public service, rail transit agencies have a responsibility to:
ensure customer and employee safety and security at all times;
train employees so they know what to do when an emergency occurs;
recognize that they are part of the regional emergency response effort; and
correct gaps and vulnerabilities in the system.
Exercises help the rail transit agency to fulfill these responsibilities. Transit agencies that integrate
exercise and evaluation programs into their preparedness activities can more efficiently and
effectively execute their emergency response plans during an actual event.
Since the mid-1980s, federal, state and local agencies involved in the design, conduct and
evaluation of emergency exercises have emphasized the importance of a progressive exercise
program. This approach encourages each rail transit agency to organize and prepare for a series of
increasingly complex exercises, using a process where each successive exercise builds upon the
previous one to meet specific operational goals. This program is coordinated using a set of project
management tools that promote defined goals, measurable objectives, formal schedules, and
dedicated resources.
A progressive program implements a cycle of emergency planning, training, exercises, and
improvement actions. This cycle is used to direct and schedule exercise activity, and then to ensure
that identified improvements are addressed. This program begins with the establishment of a threeyear exercise cycle. Within this cycle, targeted areas of focus are then identified based on formal
needs assessments, threat and vulnerability assessments, and the recommendations of senior
personnel. For example, target areas may include the use of communications equipment and
systems across multiple jurisdictions, the integration of rail transit resources into the
incident/unified command system established by local responders, and/or the performance of
specific types of activities in the rail transit environment (de-energizing and re-energizing third rail
or overhead catenary systems, station and vehicle evacuations, or procedures for managing
suspicious packages in transportation facilities and on vehicles).
Next, emergency response plans, policies, procedures, immediate actions and job aids are
developed or existing documents are reviewed in these focus areas, and training is provided (or the
quality of existing training is assessed). Then, over the course of the three-year cycle, increasingly
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
44
�more complex types of exercises are conducted to assess and reinforce critical activities within the
target areas of focus. Each exercise is evaluated, and results are incorporated into the planning
development process. As indicated in the figure below, following this “building block” approach,
over the three-year cycle, the rail transit agency will conduct seminars, workshops, tabletops,
games, drills, functional exercises and, culminate in a full-scale exercise.
Building Block Approach
Full-Scale Exercises
Functional Exercises
Drills
Capability
Games
Tabletops
Workshops
Seminars
P l a n ni ng/T rainin g
Discussion–based
Operations–based
To support effective SEPP implementation, the rail transit agency has already developed its Threeyear Exercise Schedule and Program. Following this schedule, the rail transit agency has already
conducted security awareness seminars and workshops and will continue this approach for
presenting its revised Incident Management Organization and Emergency Operations Plan, as well
as basic requirements for NIMS/ICS. The rail transit agency has also conducted a tabletop
regarding an Improvised Explosive Device in a rail transit station. Executive Leadership has
already participated in “war gaming” conducted by the American Public Transportation
Association and co-sponsored by the Transit Cooperative Research Program.
Drills and spot-inspections are routinely conducted by operations and maintenance supervisors to
ensure transit personnel knowledge of and compliance with a variety of safety and security-related
policies and procedure. The rail transit agency is currently planning and developing both a
functional exercise and a full-scale exercise with regional UASI and RTSWG partners, using its
newly developed Incident Management Organization, and the NIMS and Incident Command
models used by regional emergency management and public safety agencies. These two exercises
will address (1) the IED prevention and response requirements and the (2) regional CBRNE
exercise plan requirements pursuant to HSPD-8 and the Regional Transit Security Strategy.
In 2002, the rail transit agency received an Emergency Preparedness Drills grant from FTA. The
purpose of the drills was to exercise the rail transit agency’s plans and protocols during a Weapons
of Mass Destruction event. A table-top exercise was held in July 2003 involving an unknown
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
45
�explosive device left in a rails station receiving passengers for a sold out sporting event. A fullscale exercise was held November 2003 involving aerosol dispersal of an unknown substance on a
rail vehicle train spraying transit passengers that who had boarded to depart the airport station.
Shortly after these exercises, the rail transit agency filed after-action reports with both FTA and the
state oversight agency.
The region’s Urban Area Security Initiative, Point-of-Contact working group members continually
share opportunities for joint exercises. A single, coordinated Urban Area (UA) exercises planning
calendar is updated monthly by the members. Additional coordination of the UA's exercise
calendar is performed monthly by the technical committee of the UA's Regional Emergency
Management Group (REMG), which includes UAPOC members and leaders of UA functional
discipline working groups. The rail transit agency, represented on both the UAPOC and REMTEC
committees, encourages the UA's responder and emergency management agencies to situate
exercises on the transit system whenever possible, for mutual benefit to responder organizations
and the transit system.
A highly collaborative culture exists in the regional UA among responder and emergency
management agencies, with long-standing support to transit system incidents. As a result, there are
ongoing exercises in the regional UA involving the transit system, which at the same time fulfill
exercise objectives of the sponsoring responder or emergency management agencies. Examples of
these regional drills involving the rail transit agency include: Regional bioterrorism tabletop
(sponsored by regional Public Health organizations); Regional earthquake full-scale (sponsored by
County Emergency Management Agency); Plane crash full-scale exercise at Municipal Airport
(sponsored by the airport); and Multi-agency terrorism explosive tabletop (sponsored by the state
Emergency Management Agency).
To support the evaluation of emergency exercises, the rail transit agency has committed to
following the methodology specified in G&T’s Homeland Security Exercise and Evaluation
Program Volume II: Exercise Evaluation and Improvement. This volume identifies DHS mission
outcomes in support of the National Preparedness Goal, and provides guidelines for preparing an
Exercise Evaluation Guide, to provide evaluation and performance measures to be used during rail
transit exercises, which assess results in terms of DHS mission outcomes. This volume also
provides guidance on developing after action reports compliant with G&T requirements. While the
rail transit agency has not yet applied for funding assistances from the DHS Homeland Security
Exercise and Evaluation Program, it may do so in the next year.
5.0
Threat and Vulnerability Identification, Assessment, and Resolution
Chapter 5 of the SEPP outlines the rail transit agency’s process for managing threats and
vulnerabilities during operations, and for major projects, extensions, new vehicles and equipment,
including integration with the safety certification process.
Threats are defined as “any real or potential condition that can cause injury or death to passengers
or employees of damage to or loss of transit equipment, property, and/or facilities.” Threats range
from the extreme of CBRNE releases to more common events such as theft of service, pickpocketing, graffiti and vandalism. Vulnerabilities are defined as “characteristics of passengers,
employees, vehicles, and/or facilities which increase the probability of a security breach.”
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
46
�Threat and vulnerability assessment provides an analytical process to consider the likelihood that a
specific threat will endanger the rail transit system. Threat and vulnerability analysis can also
identify activities to be performed to reduce risk of a security threat and mitigate its consequences.
Threat and vulnerability assessment methodologies offer rail transit decision makers a consistent
and mutually agreed-upon process for addressing security risks.
Given the size and ubiquitous nature of the rail transit network, decision makers cannot possibly
protect every element of the transportation infrastructure from every type of security event.
Nevertheless, an informed threat and vulnerability assessment process can provide a structured and
systematic way to ensure that the rail transit agency receives a maximum level of security for its
investment. This process will also focus resources where they are most needed to reduce
vulnerabilities with the greatest potential for significant harm in the rail transit network.
Recent events have raised expectations that those entrusted with planning, designing and operating
the nation’s transportation infrastructure are making adequate provisions to mitigate security risks.
As shown in the figure below, DHS/G&T, FTA, FHWA, and a Blue Ribbon Panel of
transportation and security experts have also issued guidelines and recommendations which
address threat and vulnerability assessment.
Existing Guidelines for Transportation Threat and Vulnerability Assessment
As required by FTA’s revised 49 CFR Part 659 and the state oversight agency, in performing the
threat and vulnerability assessments to be documented in Chapter 5 of the SEPP, rail transit
agencies should, at a minimum, reference the process specified in “Chapter 5: Reducing Threat
and Vulnerability” in FTA’s Public Transportation System Security and Emergency Preparedness
Planning Guide (January 2003), available on FTA’s safety and security website at: http://transitsafety.volpe.dot.gov.
For those rail transit agencies participating in the DHS G&T Transit Security Grant Program, other
practices may be referenced, such as adoption of the threat and vulnerability assessment process
specified in G&T’s Special Needs Jurisdiction Tool Kit, or a process jointly developed by the rail
transit agency and G&T as a result of G&T’s Technical Assistance Program for Risk Assessment.
The G&T program follows an approach similar to what is described in FTA’s Public
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
47
�Transportation System Security and Emergency Preparedness Planning Guide, which is a
referenced requirement in the DHS Transit Security Grant Program application.
In preparing this SEPP chapter, the rail transit agency should begin by describing the methods the
transit system will use to prioritize critical assets and to identify threats and vulnerabilities to those
assets. Once threats and vulnerabilities have been systematically identified, they should be
assessed to determine their impact on both the affected asset(s) and the entire system, to ensure that
the greatest risks to the agency, its passengers and employees are identified. Finally, the process
used by the rail transit agency to make decisions regarding whether potential impacts from
identified threat and vulnerabilities will be accepted, mitigated or eliminated, should be explained.
For each of these activities, the SEPP should also identify the department/function responsible.
In addressing these three elements, FTA’s recommended methodology from its System Security
and Emergency Preparedness Planning Guide is presented graphically in the figure on the next
page. The G&T Special Needs Jurisdiction Risk Assessment Process is summarized on the page
following the figure. In this SEPP chapter, the rail transit agency can describe whichever approach
is the most appropriate for its operations and its status in the G&T Transit Security Grant Program.
5.1
THREAT AND VULNERABILITY IDENTIFICATION
•
Element: Description of the rail transit agency’s activities to identify security and
terrorism-related threats and vulnerabilities.
This section of the SEPP should begin by describing the methods the transit system will use to
identify security and terrorism-related threats and vulnerabilities. Typically, this process begins
with the identification and prioritization of rail transit agency assets. Then, using the rail transit
agency’s process for security data collection and analysis, specific threats and vulnerabilities are
identified for each prioritized asset.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
48
�FTA’s Threat and Vulnerability Process
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
49
�G&T Special Needs Jurisdiction Risk Assessment Process
Steps in Process
Required Forms
Form 1. Critical Asset Factors Worksheet
CRITICALITY ASSESSMENT
Step 1—Create an all-inclusive list of candidate Form 2. Critical Assets Worksheet
critical assets
Form 3. Weapons Matrix
Step 2—Identify and describe critical asset factors Form 4. Target Attractiveness Worksheet
Step 3—Assign critical asset factor values
Form 5. Scenario Development Worksheet
Step 4—Apply critical asset factors to candidate
Form 6. Vulnerability Worksheet
critical assets
Form 7. Vulnerability Decision Tree
Step 5—Prioritize critical assets
Form 8. Impact Worksheet
Form 9. Risk Worksheet
Form 10. Relative Risk Diagram
THREAT ASSESSMENT
Step 1—Develop a list of WMD types
Form 11. Capability STEP Process for Scenarios
Step 2—Evaluate the likelihood of weapon use
Form 12. Jurisdiction Functional Area Average
Step 3—Evaluate target attractiveness
Scores
Step 4—Define scenarios to be used for further Form 13. Security Countermeasure/Response
analysis
Capability Types
Form 14. Identification of Measures
Form 15. Security Countermeasure/Response
VULNERABILITY ASSESSMENT
Step 1—Assign scenario identifiers
Capability Summary
Step 2—Identify scenario specifics
Form 16. Security Countermeasure/Response
Step 3—Rate probabilities
Capability Prioritization
Step 4—Perform decision tree analysis
Form 17. Needs Consolidation
IMPACT ASSESSMENT
Step 1—Copy information from previous forms
Step 2—Generate Impact ratings
Step 3—Calculate overall Impact level
RISK ASSESSMENT
Step 1—Populate risk worksheet
Step 2—Determine the vulnerability rating
Step 3—Determine the consequence rating
Step 4—Plot values on risk diagram
Step 5—Analyze risk diagram
5.1.1
Asset Analysis
In security terms, assets are broadly defined as people, information, and property. For rail transit
agencies, the people typically include passengers, employees, visitors, and contractors, vendors,
nearby community members, and others who come into contact with system. Information includes
operating and maintenance procedures, vehicle control and power systems, employee information,
computer network configurations and passwords, and other proprietary information. The range of
rail transit assets that a SEPP program might consider is presented in the table below.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
50
�Rail Transit Assets
Passenger stations, transit centers, and
stops
Tenant facilities in passenger stations
Passenger vehicles
Structures (underground, at-grade and
elevated)
Passenger parking lots
Vehicle control systems
Communications systems
Heavy maintenance facilities
Service and inspection facilities
Maintenance vehicles and equipment
Backup power systems
Switches, signals and interlockings
Grade crossings and automatic
warning devices (gates, bells,
flashers, and signs)
Electrification Systems (3rd rail,
overhead catenaries)
Operations control centers
Revenue collection facilities
Vehicle storage facilities
Wayside support and maintenance
facilities
Ancillary facilities and storage
Employee parking lots
Administrative facilities
Security/police facilities and
communications systems
In reviewing assets, the rail transit agency should prioritize which among them has the greatest
consequences for people and the ability of the system to sustain service. These assets may require
higher or special protection from an attack. In making this determination, the system may wish to
consider:
the value of the asset, including current and replacement value;
the value of the asset to a potential adversary;
where the asset is located;
how, when, and by whom an asset is accessed and used; and
the impact, if these assets are lost, on passengers, employees, public safety
organizations, the general public and the public transportation operation.
There are a variety of worksheets which may be used by the rail transit agency in identifying which
assets in their operations would produce the greatest losses to the system and the community.
Worksheets are included in the System Security and Emergency Preparedness Planning Guide, as
well as in the G&T Special Needs Jurisdiction Risk Assessment process. G&T’s on-site technical
assistance program also supports the activities of rail transit agencies in identifying critical assets.
Based on the results of the completed worksheets, the rail transit agency should have a listing of its
most important assets. Rail transit agencies participating in G&T programs should share this listing
with the Regional Transit Security Working Group and the Urban Area Security Initiative Point-ofContact Working Group to support regional prioritization of assets and security planning.
Rail transit agency departments/functions responsible for the identification of critical assets
typically include the capital/planning department/function, the system safety function, and the
security/police function.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
51
�5.1.2
Security Data Collection for the Identification of Threats and Vulnerabilities
The rail transit agency’s security/police function is often the central point for collection,
assessment, reporting and recordkeeping of security data and information involving the rail transit
system. The rail transit agency’s security database includes standard crime analysis codes, and
information sorted by geographic location, geographic area, day of week, time of day, and train
route. Analysis of the security database is conducted continually to indicate patterns of criminal
behavior occurring on the rail transit system, as a valuable tool used to help determine deployment
of security resources on the system. The rail transit agency’s security/police function also receives
security threat and crime intelligence through law enforcement sources in the region continually
and concurrently, for assessment and incorporation into security personnel resource deployments
and tactics and rail transit agency operations orders. Security data and information inputs to the
security/police function include:
security incident or breach reports from supervisors, operators, or other personnel;
security incident or breach reports involving the transit system from local law
enforcement agencies in the rail transit system’s service area;
security threat and crime information from law enforcement sources in the region;
security complaints from citizens and rail transit agency customers;
special event service plans and information from the rail transit agency’s operating and
maintenance departments/functions, for assessment of security risks and incorporation
of security plans into the overall service plan for the special event;
security inspections and assessments of transit system facilities and operations
performed by the security/police function (in collaboration with the system safety
function and representatives of the facility user departments); and
security-related information from individual rail transit agency employees and through
rail transit agency Safety and Security Committees.
In addition, the rail transit agency is a member of the U.S. DOT and APTA-sponsored Surface
Transportation Information Sharing and Analysis Center (ST-ISAC), and monitors daily threat
information reported by ST-ISAC. The rail transit agency’s security/police function is also
provided transit-related intelligence information from the regional FBI Joint Terrorism Task Force
(JTTF). The rail agency will also join the state-wide terrorism early warning system, when it is
operational next year.
Every effort is made to compile all security-related data and reports into the most complete
accounting of transit system security information possible. The designated Security Data
Coordinator for the security/police function reviews security data and information for accuracy and
completeness on an on-going basis, and makes determinations regarding the reliability of the
information available as an appropriate basis for security operations and tactics.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
52
�5.1.3
Other Sources of Information – Security Reviews, Testing and Inspection Programs
The rail transit agency’s threat and vulnerability identification process also includes security
testing and inspections. These activities are geared toward ensuring that equipment is operating
properly, is readily available when needed, and that employees are proficient in the use of the
equipment. To accomplish this, testing programs are developed for specific systems and
equipment that not only assess the current state of security, but can also be used to upgrade staff
effectiveness through training.
The rail transit agency conducts formal reviews of every incident on its transit system which may
require changes in or additions to operating procedures, training programs, or to the design of
vehicles, equipment or facilities. Security or emergency incident reviews are generally conducted
through the rail transit agency’s Security Committee. The rail transit agency’s security/police
function typically leads the review process for security or emergency incidents. The incident
reviews identify causes, and corrective actions, as appropriate.
The rail transit agency has designated employees at each of its operating facilities and office
buildings, responsible to coordinate with occupant work groups at each facility and the rail transit
agency’s security/police function to assure that internal security procedures are identified and
followed, and that appropriate physical features and equipment for building/site security are
identified, implemented and maintained at each work facility. At a typical operations facility, the
security representatives are the maintenance and transportation operations managers of that
location. In addition, monthly safety inspections of operating facilities, which are performed by
these personnel, include inspections of security-related items. Managers responsible for
maintenance of the respective facilities are responsible to correct any security items found noncompliant by the monthly safety/security inspections.
The rail transit agency security/police function also supports facility security representatives and
operations managers by providing security assessments of transit system assets such as transit
centers, park/ride facilities, light rail tunnel and stations, and operations facilities. Supplemental or
update assessments may occur whenever prompted by identification of a vulnerability or in
corrective action resulting from a security breach incident review.
Within the security/police function, security data and information is processed in three (3)
functional areas:
the Security Data Coordinator continually collects, analyzes and reports data related to
transit crime and security incidents, and maintains the agency’s security information
database;
officers in the security/police function provide continuous identification and assessment
of transit system security threats and vulnerabilities; and
management staff in the security/police function continually translates incoming
information into security plans and operations orders for personnel deployment, tactical
operations, missions, investigations, and coordination of activities with rail transit
agency operating departments/functions and operations of local jurisdiction law
enforcement agencies.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
53
�Security data and information outputs from the security/police function include:
transit crime data is reported monthly to FTA's National Transit Database, and to the
state safety oversight agency;
detailed reports provided during monthly Security Coordination Team meetings,
including transit crime data reports and trend analysis, security incident reviews and
recommendations, security plans for special event transit service or regional events
affecting the transit system, facility security assessments, and security program
recommendations; and
reports from security inspections and assessments of transit system facilities.
In addition, the Operations Control Center reports rail transit security incidents meeting specified
thresholds to the state oversight agency, as required in 49 CFR Part 659. Every effort is made to
issue these reports within two-hours of incident occurrence, as per the standard of 49 CFR
§ 659.33. Full investigations are conducted of these events, and corrective action plans are
developed, reviewed and approved by the state oversight agency, and tracked through to
implementation by the security/police function.
As security issues are identified, they are documented and addressed through security design
criteria; development of new procedures and practices; employee training; changes in the
deployment of security personnel; and targeted integration with relevant local law enforcement and
regional emergency management agencies. The security/police function takes the lead in
coordinating rail transit agency activity to address the results of security information collection.
5.1.4
Identifying Threats for Prioritized Assets
Based on this security information collection and analysis process described above, the rail transit
agency will identify specific threats for its list of prioritized assets. This activity is termed “threat
analysis.” Threat analysis defines the level or degree of the threats against a prioritized asset by
evaluating the intent, motivation, and possible tactics of those who may carry them out. The
process involves gathering historical data about the ways in which criminals have perpetrated
crimes on the systems and also, for terrorism, identifying ways in which threats could be carried
out again the system. In performing this assessment, the rail transit agency should identify and
evaluate which information, from all that is collected, is relevant in assessing the threats against the
prioritized assets. This activity may be performed by the security/police function with the support
of a consultant and the system safety function.
Specifically for terrorism, possible methods of carrying out hostile actions in the transportation
environment are depicted in the table on the next page. Historical examples are provided for
reference and consideration, as well as the types of weapons typically used in these attacks.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
54
�Potential Threats from Terrorism
Type of Attack
Explosive and
Incendiary
Devices
Historical Example
2005 London Underground and Bus Bombings
2004 Madrid Bombings
1995 GIA bombing of Paris Metro
HAMAS suicide bombs on Israeli buses (on-going)
1998 bombings of U.S. Embassies in Tanzania and
Kenya
2001 World Trade Center
1990s abortion clinic bombings in GA
1995 Oklahoma City Bombing
Exterior Attacks
2001 militant assaults on Indian-held mosques in
Kashmir
Stand-off Attacks
Tamil Tiger’s July 2001 mortar attack & bombing of
Sri Lanka’s National Airport
Ballistics Attacks
Long Island Railroad Shootings; Columbine High
School
Networked/
Inside Access:
- Forced Entry
- Covert Entry
- Insider
Compromise
- Visual
Surveillance
- Acoustic/
Electronic
Surveillance
Amtrak Sunset Limited derailment
1996 Tupac Amaru Revolutionary Movement taking
of Japanese Ambassador’s residence and 500 guests
in Peru (access through disguise as waiters at the
party)
Cyber Attack
Code Red Worm (2002)
Chemical, Biological,
Radiological, &
Nuclear (CBRN)
Agent Release
1995 Aum Shinrikyo Sarin Gas Release in Tokyo
Subway
Type of Weapons
Planted Devices
Suicide Bombs
Vehicle Bomb
Proximity Bombs;
Incendiary Devices;
Secondary Devices
Rocks and Clubs;
Improvised Devices;
Molotov cocktails
Anti-tank rockets;
Mortars
Pistols;
Handguns;
Submachine guns;
Shotguns
Hand, power and thermal
tools;
Explosives
False credentials;
Stolen uniforms and
identification badges
False pretenses, cell
operations
Binoculars;
Photographic Devices
Listening Devices;
Electronic-emanation
surveillance equipment
Worms, Viruses, Denial of
Service Programs
Chemical, biological, or
radiological or nuclear
aerosolized
Identified threats for each prioritized asset may be recorded in worksheets or databases are
maintained by the rail transit agency’s security/police function. Sample worksheets are included in
the System Security and Emergency Preparedness Planning Guide, as well as in the G&T Special
Needs Jurisdiction Risk Assessment process.
5.1.5
Identifying Vulnerabilities
A vulnerability is anything that can be taken advantage of to carry out a threat. This includes
vulnerabilities in the design and construction of a facility, in its technological systems, and in the
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
55
�way a facility is operated (e.g., security procedures and practices or administrative and
management controls). To identify vulnerabilities, the rail transit agency should pair prioritized
assets with identified threats to create scenarios. This activity is termed “vulnerability analysis.”
Vulnerability analysis identifies specific weaknesses with respect to how they may invite and
permit a threat to be accomplished. Vulnerabilities are commonly prioritized through the creation
of scenarios that pair identified assets and threats. Using these scenarios, transportation agencies
can evaluate the effectiveness of their current policies, procedures, and physical protection
capabilities to address consequences.
In conducting its vulnerability analysis, the rail transit agency should apply an interpretive
methodology that encourages role-playing by transportation personnel, emergency responders, and
contractors to brainstorm ways to attack the system. By matching threats to critical assets,
transportation personnel can identify the capabilities required to support specific types of attacks.
This activity promotes awareness and highlights those activities that can be preformed to
recognize, prevent, and mitigate the consequences of attacks.
Both the FBI and DHS recommend that rail transit agencies focus on the top 10% of identified
critical assets (at a minimum). Using these assets, transportation personnel should investigate the
most likely threats, considering the range of attack objectives and methods that may be used (such
as property and violent crime, disruption of traffic, destruction of bridge or tunnel, airborne
contamination, hazardous materials accident, and threat or attack with explosives intended to
disrupt or destroy). The system should also consider the range of perpetrators, such as juvenile
gang members, drug users and pushers, car thieves, organized crime, terrorists, disgruntled
employees, disturbed copycats, and others.
When conducting the scenario analysis, the system may choose to create chronological scenarios
(event horizons) that emphasize the worst credible scenario as opposed to the worse case scenario.
Experienced transportation personnel, who have participated in transportation war-gaming,
recommend the investigation of worst credible scenarios. Based on this type of assessment, as
indicated in the table, the rail transit system may determine certain scenarios as the most relevant.
Results can be recorded in worksheets provided in System Security and Emergency Preparedness
Planning Guide, as well as in the G&T Special Needs Jurisdiction Risk Assessment process.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
56
�Relevant Rail Scenarios
Rail Assets
Stations
Track/signal
Rail cars
Power
substations
Command
Control Centers
5.2
Most Probable Threats
High-yield vehicle bomb near stations
Lower-yield explosive device in station
Armed assault, hijacking, hostage, or barricade situation in station
Chemical, biological, and nuclear release in station
Secondary explosive device directed at emergency responders
Graffiti in station
Car theft from station parking lot
Explosive detonated on track
Chemical, biological, nuclear release on track
Signal and/or rail tampering
Dumping of debris on track
Explosives placed on or under rail car
Improvised explosive device (pipe/fire bomb) on rail car
Chemical, biological, nuclear release on rail car
Armed assault, hostage, or barricade situation on rail car
Secondary explosive device directed at emergency responders
Graffiti on rail car
Explosive detonated in or near substation
Tampering with power substations and components
Physical or information attack on train control system
Physical or information attack dispatch system
Armed assault, hostage, or barricade situation
Explosive device near or in Center
Sabotage of train control system
THREAT AND VULNERABILITY ASSESSMENT
•
Element: Description of the rail transit agency’s activities to assess the likely impacts of
identified threats and vulnerabilities on the system and to identify particular vulnerabilities
which require resolution.
Threats and vulnerabilities to a transit system cover a wide array of events, virtually none of which
can be totally eliminated while still operating the system. Since no system can be rendered totally
secure, once threats and vulnerabilities are identified, their impact on the total system must be
assessed to determine whether to accept the risk of a particular danger, and the extent to which
corrective measures can eliminate or reduce its severity.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
57
�To conduct its threat and vulnerability assessment, for each scenario pairing prioritized assets with
identified threats, the transportation system should attempt to identify the costs and impacts using a
standard risk level matrix, which supports the organization of consequences into categories of high,
serious, and low. Consequences are assessed both in terms of severity of impact and probability of
loss for a given threat scenario. A sample matrix is presented below:
Very Easy
Relatively Easy
Difficult
Very Difficult
Too Difficult
Vulnerability
A
B
C
D
E
Impact
I
II
III
IV
Loss of life
Serious injuries, major service impact, >$250k damage
Minor injuries, minor service impact, <$250k damage
No injuries, no service impact
Criticality Matrix
I II III IV
A
B
C
D
E
H
H
H
S
S
H
H
S
L
L
S
S
L
L
L
S
L
L
L
L
�H = High
�S = Serious
�L = Low
Sample Threat and Vulnerability Assessment Matrix
Scenarios with vulnerabilities identified as “high” may require further investigation and the
implementation of countermeasures. Scenario-based analysis is not an exact science but rather an
illustrative tool demonstrating potential consequences associated with low-probability to highimpact events. To determine the system’s actual need for additional counter-measures, and to
provide the rationale for allocating resources to these counter-measures, the system should use the
scenarios to pin-point the vulnerable elements of the critical assets and make evaluations
concerning the adequacy of current levels of protection.
Examples of vulnerabilities that may be identified from scenario-based analysis include the
following:
accessibility of surrounding terrain and adjacent structures to unauthorized access (both
human and vehicular);
site layout and elements, including perimeter and parking that discourage access
control, support forced or covert entry, and support strategic placement of explosives
for maximum damage;
location and access to incoming utilities (easy access for offenders);
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
58
�
building construction with respect to blast resistance (tendency toward progressive
collapse, fragmentation, or no redundancy in load bearing);
sufficiency of lighting, locking controls, access controls, alarm systems, and venting
systems to support facility control; and
information technology (IT) and network ease-of-penetration.
At the conclusion of the scenario-based analysis, the transportation system should have assembled
a list of prioritized vulnerabilities for its top 10% critical assets. Typically, these vulnerabilities
may be organized into the following categories:
lack of planning;
lack of coordination with local emergency responders;
lack of training and exercising; and
lack of physical security (access control, surveillance; blast mitigation, or chemical,
biological, or radioactive agent protection).
These vulnerabilities should be documented in a confidential report or memorandum for the
system’s executive director. Results can be recorded in worksheets provided in System Security
and Emergency Preparedness Planning Guide, as well as in the G&T Special Needs Jurisdiction
Risk Assessment process.
5.3
THREAT AND VULNERABILITY RESOLUTION
•
Element: Description of how response strategies (both short- or long-term strategies) are
developed for prioritized vulnerabilities, including the decision process used to determine
whether to eliminate, mitigate, or accept security problems.
Based on the results of the analysis described in Section 5.2 of this SEPP, the rail transit system
can then identify countermeasures to reduce vulnerabilities identified as unacceptable to
management. Effective countermeasures typically integrate mutually supporting elements.
Physical protective measures designed to reduce system asset vulnerability to crime,
explosives, ballistics attacks, cyber attacks, and the release of CBRNE agents.
Procedural security measures, including procedures to detect and mitigate an act of
crime, terrorism, or extreme violence, and those procedures employed in response to an
incident that does occur.
As illustrated in the figure on the next page, security tends to emphasize “rings of protection,”
meaning that the most important or most vulnerable assets should be placed in the center of
concentric levels of increasingly stringent security measures. For example, a rail transit agency’s
Operational Control Center should not be placed right next to the building’s reception area, rather,
it should be located deeper within the building so that, to reach the control center, an intruder
would have to penetrate numerous rings of protection, such as a fence at the property line, a locked
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
59
�exterior door, an alert receptionist, an elevator with key-controlled floor buttons, or a locked door
to the control room.
MIDDLE RING
locked doors
receptionist
badge checks
access control
system
window bars
parcel
inspection
turnstiles
OUTER RING
lighting
fences
gates
bollards
walls
trenches
intrusion
detection
sensors
guards on
patrol and
posted at
property-line
access points
INNER RING
alert personnel
door and cabinet
locks
network firewalls and
password controls
visitor escort policies
document shredding
access control
devices
emergency
communications
systems
secure computer
room
motion-activated
closed-circuit
television
Sample Rings of Protection
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
60
�Within the rings of protection concept, the development of countermeasures typically reflects
standard precedence guidelines for hazard resolution, including:
design to eliminate or reduce threats and vulnerability;
security devices to reduce vulnerability;
detection/alarm devices for security response; and
security personnel, and security and emergency procedures and training for all
personnel.
As a first step in assessing the need for countermeasures, the rail transit agency assures that the
security policies, procedures, responsibilities, equipment, technology, and response capabilities
described throughout this SEPP are effectively in-place for all threats, so that the risks of loss from
security incidents to transit customers and employees, and to operating performance of the transit
system, is at a manageable or acceptable level.
Next, based on the assessment of identified vulnerabilities, the rail transit agency may consider
implementation of additional strategies to mitigate or eliminate vulnerabilities. Typically, rail
transit agencies consider both passive and active strategies for identifying, managing, and resolving
threats to the system’s operation. Passive strategies include all security and emergency response
planning activity, outreach with local law enforcement, training, evacuation and business
continuity and recovery plans, employee awareness, public information, and passenger training.
Passive responses also include security design strategies, supported by Crime Prevention Through
Environmental Design (CPTED) and Situational Crime Prevention (SCP) methods, such as
landscaping, lighting, and physical barriers (planters or bollards).
Active strategies include security technology, such electronic access control, intrusion detection,
closed circuit TV, digital recorders, emergency communications systems, and chemical agent or
portable explosives detectors. Active systems also include personnel deployment. It is important
to consider the entire lifecycle cost when evaluating security solutions. Technology options may
require a substantial one-time investment, supported by fractional annual allocations for
maintenance and vendor support contracts. Personnel solutions are generally more expensive.
Examples of ways in which the above prioritization may be applied include:
consideration of resources/action to resolve a potential security threat;
consideration of a corrective action as part of an security incident review, following a
breach; and
consideration of a CPTED proposal/investment during design development of a transit
facility project.
Other prevention strategies involve cooperation with law enforcement agencies, security staff in
other systems, and industry associations in order to share threat information. It is useful to know
whether other transportation systems in an area have experienced threats, stolen uniforms or keys,
or a particular type of criminal activity, in order to implement appropriate security measures.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
61
�Identifying Unusual or Out-of-Place Activity
Security Screening and Inspection Procedures
Enhancing Access Control for Stations/Vehicles
Securing Perimeters for Non-revenue Areas
Denying Access to Authorized-only Areas
Securing Vulnerable Areas (target hardening)
Removing Obstacles to Clear Line-of-Sight
Protecting Parking Lots
Enhanced Access Control for Control Center
Securing Critical Functions and Back-ups
Promoting Visibility of Uniformed Staff
Removing Spaces that Permit Concealment
Reinforcing Natural Surveillance
Procedures for Vehicle and Station Evacuations
Coordination with Community Planning Efforts
Backing up Critical Computer Systems
Revising Lost-and-Found Policies
Securing Tunnels and Elevated Structures
Elevating/securing Fresh Air Intakes
Protecting Incoming Utilities
Establishing Mail-handling Procedures
Identifying Appropriate Personal Protective
Equipment and Training
Preparing Response Folders and Notebooks for
Facilities and Vehicles
Familiarization Training for Local Emergency
Response Agencies
Planning for Scene Management and Emergency
Response
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Physical Security
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
WMD Agent Protection
Blast Mitigation
Surveillance
X
X
X
X
X
Access Control
Training and Exercising
Planning
Rail Transit Agency Countermeasures
Coordination with Local
Responders
The table below provides a sample listing of possible countermeasures.
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Possible Rail Transit Agency Countermeasures
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
62
�6.0
Implementation and Evaluation of SEPP
6.1
IMPLEMENTATION TASKS FOR GOALS AND OBJECTIVES
•
Element: Identification of tasks to be performed to implement the goals and supporting
objectives required to implement the SEPP.
This section should describe the specific tasks that will be implemented by the rail transit agency to
meet the goals and objectives specified in Section 1.2 of the SEPP, and the roles, responsibilities
and program implementation activities described in the other chapters. For example, for the
sample goals and objectives identified in Section 1.2 of this SEPP, the rail transit agency may
identify the following tasks:
Base routine deployment and tactics of transit system security personnel on current
intelligence and analysis of crime incidence, trends and threats on the transit system.
Specialize deployment and tactics of transit system security personnel for special event
transit operations, based on intelligence and analysis of crime incidence, trends and
threats particular to each special event.
Frequently deploy transit system security personnel in special missions and tactics to
target unfavorable trends in crime or threats on the transit system, identified by crime
analysis and intelligence.
Fulfill perceived security and order issues on the transit system with deployments and
tactics of security personnel which enhance visibility to system ridership and
stakeholders, and provide an environment in which the rail transit agency’s Code of
Conduct, regulations and laws of the community are enforced.
Communicate the System Security Policy and Security and Emergency Preparedness
Program, to all personnel.
Incorporate the security and emergency preparedness responsibilities specific to each
employee's job into the training program, procedures and instructions applicable to each
job.
Include security program considerations in performance evaluations of managers
according to their respective security program job responsibilities.
Integrate transit system security procedures, drills/demonstrations, and incident reviews
into transportation, maintenance, and safety operating and emergency procedures,
drills/demonstrations, and incident reviews.
Involve employees in security program development and implementation, through
mechanisms such as including security considerations in Safety Committees and
facility safety inspections, and designating security representatives for each operating
facility.
Reinforce an organizational culture for security responsibility, by enforcing access to
transit facilities by authorized personnel only.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
63
�
Assure that "Be Alert" and "Transit Watch" notifications are posted in all rail vehicles,
transit centers, rail stations, and are included in routine customer information materials
such as service brochures and website information.
Conduct accurate and complete data collection and analysis for all crime and security
breaches on the transit system.
Optimize security personnel deployments and tactics based on continuous crime
analysis and threat intelligence.
Through inter-agency cooperation, assure that all security threat and crime intelligence
available in the region significant to the transit system is concurrently available to rail
transit agency security/police function for assessment and incorporation into transit
system security resource deployments and tactics.
Provide sufficient personnel and equipment and sufficient levels of security training, to
reduce the rate of crime, and the fear of crime, on the system, and to resolve transit
system threats and vulnerabilities to acceptable risk.
Monitor developments in security technologies, and maintain and deploy security
equipment so as to optimize effectiveness of system security human resources.
Provide a level of fare enforcement, and enforcement of the rail transit agency’s
prohibited conduct regulations, on the system, for high effectiveness in both collection
of revenue, and in sustaining public perception that the transit system is reasonably
secure from prohibited conduct.
Perform fare inspections at a rate not less than 3,750 monthly per Fare Inspector.
Promote inter-agency cooperation and mutual security tactics and operations for the
transit system through intergovernmental agreements establishing the rail transit agency
security/police function as an extension of local jurisdiction law enforcement and viceversa.
Incorporate CPTED guidelines and FTA's Transit Security Design Considerations into
rail transit facilities design criteria and design reviews.
As funds allow, deploy security equipment systems to increase prevention and
detection capabilities, including surveillance, access control, and intrusion detection, in
priority of risk reduction to assets by criticality.
Develop partnerships with community organizations which help foster security on the
transit system.
Develop engagements of community-based personnel and services which can costeffectively contribute to perceived security on the transit system.
Collaborate development of criminal statutes in the community which benefit the
transit system, as well as criminal statutes specific to the transit system, through
intergovernmental cooperation, assisted by the rail transit agency’s legal function.
Review the system security program on an on-going basis for performance of its
objectives and tasks.
Update the SEPP annually.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
64
�6.2
Complete development and implementation of rail transit agency’s Emergency
Operations Plan, to reflect integration with the municipal/county Emergency
Operations Plan and the Regional Transit Security Strategy (RTSS).
Per DHS/G&T directives pursuant to HSPD-5, and the Urban Area Regional Transit
Security Strategy (RTSS), implement NIMS-compliant ICS at the rail transit agency.
Per DHS/G&T directives pursuant to HSPD-8, and the UA RTSS, assure that the UA's
CBRNE plan development, to be completed by May 1, 2006, incorporates POETE
covering potential CBRNE events occurring on the transit system, with priority on
potential IED events on mass transit.
Assure that the rail transit agency is an integral participant in the UA's IED scenario
full-scale exercise and in the region's future CBRNE exercises.
Per DHS/G&T directives pursuant to HSPD-8, the UA RTSS, and recommendations of
internal, FTA and G&T-assisted security needs assessments, complete assessment of
the rail transit agency’s communications and operations control systems needs,
coordinated with the UA’s communications interoperability plan.
Assure appropriate involvement of the rail transit agency in planning for, and
participation in, DHS-sponsored exercises occurring in the UA.
IMPLEMENTATION SCHEDULE
•
Element: General schedule with specific milestones for implementation of the security
program, threat and vulnerability analyses, staff security training, and regular program
reviews during the implementation process.
This section should detail a schedule that is used for the implementation of the security program.
For example, if the security plan is to be reviewed by the transit agency on an annual basis,
beginning in January of each year, then this review should be included in the general schedule. In
addition, if specific threat and vulnerability analysis of key stations or facilities are to be updated
every year, this section should include those items in the schedule.
6.3
EVALUATION
•
Element: Description of the types of internal management reviews to be conducted, the
frequencies of the reviews, and the person(s) responsible.
This section of the SEPP should document the rail transit agency’s process for conducting internal
security audits to evaluate compliance and measure the effectiveness of the SEPP. This process
must ensure that all elements in the rail transit SEPP are reviewed for their implementation and
effectiveness in an on-going manner over a three-year cycle. This process may be combined with
the internal audit process used for the System Safety Program Plan, or it may be an independent
procedure.
This section of the SEPP should identify the department/function with responsibility for
conducting these audits, the activities to be performed, including establishing the audit schedule,
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
65
�the development of checklists to guide the audit, and the notification of the state oversight agency
no less than 30 days prior to the conduct of an audit, the frequency of the audits, and, if possible,
the specific person or internal function responsible. For example, the system safety function may
audit the security/police function as part of its internal audit program on a three year basis. In
addition, security management may perform weekly or daily reviews of the private security forces
it has hired to provide security at transit agency facilities. The rail transit agency must submit an
annual report to the state oversight agency for review and approval, documenting its internal audit
activities over the past year, along with a certification, signed by the General Manager that, based
on the results of internal audit process, the SEPP is being implemented by the rail transit agency.
Any external reviews of the security program should also be explained in this section. The SEPP
should state that the state safety oversight agency will conduct an external review of the rail transit
agency’s SEPP program on a three year basis at a minimum. The transit agency should also
explain the process for correcting any findings that are a result of the external review. To respond
to findings of an oversight agency external review, the rail transit agency may need to submit a
corrective action plan describing how the finding will be resolved. The corrective action plan
should include the corrective action plan required, the person(s) or department responsible for
implementing the corrective action, a time frame for implementing the corrective action, and the
status of the corrective action plan. As applicable, the rail transit agency should also note reviews
to be conducted by G&T and/or TSA.
7.0
Modification of System Security Plan
7.1
INITIATION
•
Element: Description of process used to initiate revisions to the security plan, gather input
for the revisions, procedures for updating the security plan, and identification of
responsible person(s).
This section of the SEPP plan should include a process for initiating revisions, gathering input for
the revisions and procedures for updating the plan and the identification of the responsible person.
7.2
REVIEW PROCESS
•
Element: Description of the process used to review and revise the security plan as
necessary, including frequency of reviews, and responsible person(s).
The process used to review and revise the security plans as necessary should be explained,
including frequency and responsible person(s). The role of the state safety oversight in requiring
annual updates and reviewing the security plan needs to be included in this section.
This section of the SEPP should also document the rail transit agency’s process for making its
SEPP and accompanying procedures available to the oversight agency for review and approval. As
specified in § 659.11 of the revised Rule, the oversight agency must either have provisions in place
for protecting security-related materials from public disclosure or the rail transit agency must
develop special procedures to ensure that these materials cannot be released. The rail transit
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
66
�agency’s SEPP must describe the process in place to ensure that all security-related materials are
protected from public disclosure. In many instances, this may include the state oversight agency
conducting an on-site review of the SEPP and supporting procedures at the rail transit by agency.
7.3
IMPLEMENT MODIFICATIONS
•
Element: Description of process used to communicate and disseminate new and revised
procedures and other elements of the security plan to appropriate transit agency staff.
The process of communicating, disseminating and implementing new and revised procedures of
the security plan throughout the transit agency should be detailed.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
67
�Appendix A: DHS Regulation and Requirements Relevant to the SEPP
As discussed briefly in Section 1.6 (Government Involvement) and Section 3.3.6 (Responsibilities
of External Agencies), DHS and its departments (including G&T, FEMA, and TSA) all have a new
role in public transportation system security and emergency preparedness. This section of the
SEPP describes the various elements of this role, which are based in the Homeland Security Act of
2002 and subsequent Homeland Security Presidential Directives (HSPDs), and identifies the
implications for the rail transit agency.
The authority of the Department of Homeland Security to regulate the security and emergency
preparedness operations of public transportation agencies is two-fold. First, DHS has direct
regulatory authority over all modes of transportation. See Aviation and Transportation Security Act
of 2001, PL 107-71, 115 Stat. 597, 49 USC 40101 (transferring regulation of all modes of security
to the Transportation Security Administration (TSA), still within the Department of
Transportation) and Homeland Security Act of 2002, PL 107-296, 116 Stat. 2135, 6 USCA 101
(transferring TSA from the DOT to DHS). Thus, DHS (through TSA) has the authority to regulate
and oversee implementation of security and emergency preparedness measures for all modes of
transportation in the United States. TSA may exercise its authority through formal rulemaking or
binding directives to transportation operators. See 49 CFR § 1500–1699 (current rules as codified).
Second, DHS has control over the intergovernmental coordination of national security operations,
and because public transportation agencies are “local governments” as defined in the Homeland
Security Act, they are subject to the guidelines and any grant-based requirements associated with
DHS coordination efforts. See Homeland Security Act of 2002, PL 107-296, 116 Stat. 2135, 6
USCA 101. The Office of the Secretary of DHS includes the Office of State and Local
Government Coordination and Preparedness (SLGCP), which includes G&T, which plays a major
role administering and managing DHS grant programs. FEMA, now a part of DHS, also plays a
significant role in coordinating intergovernmental activities for all-hazards emergency
preparedness.
HOMELAND SECURITY PRESIDENTIAL DIRECTIVES AND SUPPORTING GUIDANCE
Under the Homeland Security Act, activities identified to support intergovernmental coordination
are carried out primarily by G&T and FEMA, following guidance and requirements specified in
Homeland Security Presidential Directives (HSPDs), particularly:
Homeland Security Presidential Directive 5: Management of Domestic Incidents, February 28,
2003
• National Incident Management System (NIMS) - March 2004
• National Response Plan - December 2004
Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization,
and Protection, December 17, 2003
• National Infrastructure Protection Plan (NIPP) - (interim) February 2005
Homeland Security Presidential Directive 8: National Preparedness, December 17, 2003
• National Planning Scenarios - August 2004
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
68
�•
•
•
•
•
•
•
National Preparedness Goal - draft March 2005
Universal Task List - December 2004 (v.2)
Target Capabilities List - February 2005
Homeland Security Grant Program Guidance - December 2004
National Preparedness Guidance - April 2005
DHS/G&T Transit Security Grant Program Guidance - April 2005
State and Urban Area Homeland Security Strategy Guidance on Aligning Strategies with
the National Preparedness Goal, July 2005
Relationships among HSPDs 5, 7 and 8 are depicted graphically in the figure below.
DHS Strategy, HSPDs, National Initiatives and Expected Results
HSPD-5 (Management of Domestic Incidents) mandated the creation of the National Incident
Management System (NIMS) and National Response Plan (NRP). The NIMS provides a consistent
framework for entities at all jurisdictional levels to work together to manage domestic incidents,
regardless of cause, size, or complexity. To promote interoperability and compatibility among
federal, state, local, and tribal capabilities, the NIMS includes a core set of guidelines, standards,
and protocols for command and management, preparedness, resource management,
communications and information management, supporting technologies, and management and
maintenance of NIMS. The NRP, using the template established by the NIMS, is an all-discipline,
all-hazards plan that provides the structure and mechanisms to coordinate operations for evolving
or potential Incidents of National Significance. Incidents of National Significance are major events
that “require a coordinated and effective response by an appropriate combination of federal, state,
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
69
�local, tribal, private sector, and nongovernmental entities.” The relationship of NIMS and the NRP
during Incidents of National Significance is presented below.
National Response Plan and National Incident Management System
National Incident Management System (NIMS)
Standardized process and procedures for
incident management
NIMS aligns command, control,
organization structure, terminology,
communication protocols, resources and
resource-typing for synchronization of
response efforts at all echelons of
government.
Incident
Local
Support or Response
State
Support or Response
DHS integrates
and applies Federal
resources both pre and
post incident
Federal
Support or Response
NRP is activated for
Incidents of National Significance
National Response Plan (NRP)
Activation and proactive application of
integrated Federal resources
Specific requirements in support of NRP and NIMS implementation have been placed on county,
municipal, and state emergency management agencies and on local emergency response agencies,
including law enforcement. Public transportation agencies now must address these requirements
through greater integration in the local/regional/state emergency planning process and through
adoption and implementation of NIMS.
To support implementation of HSPD-7 (Critical Infrastructure Identification, Prioritization,
and Protection), DHS issued the Interim National Infrastructure Protection Plan (NIPP) in
February 2005. The NIPP provides a consistent, unifying structure for integrating critical
infrastructure protection (CIP) efforts into a national program. The NIPP outlines how DHS and
its stakeholders will develop and implement the national effort to protect infrastructures across all
sectors, including transportation. DHS and the Sector-Specific Agencies (SSAs) are evaluating the
Interim NIPP with critical stakeholders to further ensure its effectiveness and success. As depicted
in the figure on the next page, DHS has developed a risk management framework to be used in
evaluating vulnerabilities and establishing priorities in each of the 17 sectors identified as
containing critical infrastructure or key resources. Public transportation is included as a critical
infrastructure.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
70
�DHS Risk Management Process for Critical Infrastructure Protection
For public transportation, DHS has identified representative measures of efforts being made across
the United States. These measures involve a layered approach to enhancing the safety and security
of its transit systems. Some of the elements of this approach include:
•
•
•
•
•
•
•
•
•
the increased presence of law enforcement to deter potential terrorists and to possibly
identify threats, as well as to provide additional first response capabilities should an event
occur;
the selected deployment of sensors and other detection devices to deter terrorists and to
quickly identify the presence of various chemical, biological, radiological, nuclear, or
explosive materials in order to minimize the consequences of an attack;
the application of facial recognition and other screening technologies in order to
identify suspect individuals;
training for employees and the traveling public to increase awareness of suspicious
individuals and packages and the need to promptly report them;
daily sharing of threat information and best practices for protective measures across
different transit systems;
development of emergency response and evacuation plans to assist in rapid evacuations
and control of any situations that occur;
development of recovery plans to allow safe operations to resume as quickly as possible
after a shutdown (with or without an actual attack);
selective closures of entrances and exits where the service benefit is low and the security
concerns are high;
greater separation of passenger areas from those that are open to the public;
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
71
�•
•
use of access control systems, badges and uniforms to more readily identify employees
and those that are supposed to be in restricted areas; and
greater cooperation and interaction with local, state, and federal law enforcement and
intelligence agencies to ensure that critical information is shared.
HSPD-8 (National Preparedness) establishes policies to strengthen the preparedness of the
United States to prevent and respond to threatened or actual domestic terrorist attacks, major
disasters and other emergencies by requiring a National Preparedness Goal, establishing
mechanisms for improved delivery of federal preparedness assistance to state and local
governments and outlining actions to strengthen preparedness capabilities of federal, state, and
local entities. Statewide all-hazards preparedness strategies should be consistent with the National
Preparedness Goal, assess the most effective ways to enhance preparedness, address areas facing
higher risk especially to terrorism, and address local government concerns and Citizen Corps
efforts.
The National Preparedness Goal establishes the requirement for federal, state, local and tribal
entities to achieve and sustain nationally accepted risk based target levels of capability for
prevention, preparedness, response and recovery for major events, especially terrorism. The target
levels of capability are based upon National Planning Scenarios, a Universal Task List (UTL), and
a Target Capabilities List (TCL). These tools have been developed with input from the homeland
security community at all levels and will continue to be updated over time. States should take steps
in FY05 to review and incorporate these tools in their preparedness efforts in preparation for full
implementation of HSPD-8 in FY06. The figure below provides a visual depiction of the interfaces
among the National Planning Scenarios, the Universal Task list, and the Target Capabilities List.
Elements of the National Preparedness Goal
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
72
�The 36 Critical Capabilities required to ensure National Preparedness are listed below:
Critical Capabilities
1. Animal Health Emergency Support
2. CBRNE Detection
3. Citizen Preparedness and Participation
4. Citizen Protection: Evacuation and/or In-Place
Protection
5. Critical Infrastructure Protection
6. Critical Resource Logistics and Distribution
7. Economic and Community Recovery
8. Emergency Operations Center Management
9. Emergency Public Information and Warning
10. Environmental Health and Vector Control
11. Explosive Device Response Operations
12. Fatality Management
13. Firefighting Operations/Support
14. Food and Agriculture Safety and Defense
15. Information Collection and Threat Recognition
16. Information Sharing and Collaboration
17. Intelligence Fusion and Analysis
18. Interoperable Communications
19. Isolation and Quarantine
20. Mass Care (Sheltering, Feeding, and Related
Services)
21. Mass Prophylaxis
22. Medical Supplies Management and Distribution
23. Medical Surge
24. On-Site Incident Management
25. Planning
26. Public Health Epidemiological Investigation and
Laboratory Testing
27. Public Safety and Security Response
28. Restoration of Lifelines
29. Risk Analysis
30. Search and Rescue
31. Structural Damage Assessment and Mitigation
32. Terrorism Investigation and Intervention
33. Triage and Pre-Hospital Treatment
34. Volunteer Management and Donations
35. WMD/Hazardous Materials Response and
Decontamination
36. Worker Health and Safety
For HSD-8, DHS has identified seven National Priorities, based on the scenarios, task list and
critical capabilities, as building blocks for the National Preparedness System. These seven
priorities reflect a limited number of the cross-cutting initiatives and critical capabilities that should
drive near-term planning and resource allocation efforts. The National Priorities are intended to
guide the nation’s preparedness efforts to meet its most urgent needs, and fall into two categories:
(1) overarching priorities that contribute to the development of multiple capabilities, and (2)
capability-specific priorities that build selected capabilities for which the nation has the greatest
need.
Overarching Priorities
1. Implement the National Incident Management System and National Response Plan
2. Expanded Regional Collaboration
3. Implement the Interim National Infrastructure Protection Plan
Capability-Specific Priorities
4. Strengthen Information Sharing and Collaboration capabilities
5. Strengthen Interoperable Communications capabilities
6. Strengthen CBRNE Detection, Response, and Decontamination capabilities
7. Strengthen Medical Surge and Mass Prophylaxis capabilities
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
73
�IMPLICATIONS FOR THE RAIL TRANSIT AGENCY
HSPD-5: NRP: Requirements for the NRP are being addressed by the state Emergency
Management Agency (EMA) in revising the state Emergency Operations Plan. The county EMA
and/or a specially created County Advisory Board (CEM Board) and the major municipality served
by the rail transit agency are also preparing Emergency Operations Plans for the county and city
respectively, which reflect requirements from the NRP and the state EOP. The rail transit agency,
in turn, is addressing these requirements through participation in the Major Emergency Incident
Management System (MEIMS) established for the county/municipality and through the
submission of its EOP to the appropriate municipal and county agencies. The rail transit agency is
also revising its MOUs and response protocols with the municipality and county, and preparing an
itemized inventory of emergency response resources.
The rail transit agency’s cooperative agreement with the county EMA extends to mutual aid with
participating communities. In addition, the county coordinate’s homeland security related
emergency management planning through the Urban Area Security Initiative (UASI) Point-ofContact Committee (UAPOC).
HSPD-5: NIMS: To address NIMS requirements, the rail transit agency has developed and
documented its Incident Management Organization and emergency notification and response
procedures in its Emergency Operations Plan. The rail transit agency EOP:
•
•
•
•
incorporates NIMS into emergency operations planning;
incorporates NIMS into existing training programs and exercises;
revises/updates mutual aid agreements with regional emergency management public safety
agencies in the rail system’s service area to address NIMS requirements; and,
institutionalizes the rail transit agency’s capabilities to interface with the Incident
Command System (ICS) used by emergency management and public safety agencies in its
service area.
The rail transit agency understands that full NIMS compliance is required for the receipt of
preparedness grants from G&T and FEMA for FY 2007. FEMA’s NIMS Integration Center (NIC)
is continuing to develop resource materials and guidance (http://www.fema.gov/nims). In
addressing NIMS requirements, the rail transit agency has committed to:
•
Having relevant personnel complete the NIMS Awareness Course: “National Incident
Management System (NIMS), An Introduction” IS 700. This independent study course is
available on-line and will take between forty-five minutes to three hours to complete. The
course is available on the Emergency Management Institute web page at:
http://training.fema.gov/EMIWeb/IS/is700.asp.
•
Formally recognizing NIMS and adopting NIMS principles and policies. The NIC will
provide sample language and templates to assist in formally adopting NIMS through
legislative and/or executive/administrative means.
•
Establishing a NIMS baseline by determining which NIMS requirements are already
satisfied. The NIC has developed a web-based self-assessment system, the NIMS
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
74
�Capability Assessment Support Tool (NIMCAST) to evaluate their incident response and
management capabilities. The NIC is currently piloting the NIMCAST with a limited
number of states. Upon completion of the pilot, the NIC will provide all potential future
users with voluntary access to the system. Additional information about the NIMCAST
tool will be provided later this year.
•
Establishing a timeframe and developing a strategy for full NIMS implementation. Rail
transit systems are encouraged to achieve full NIMS implementation during FY 2005. To
the extent that full implementation is not possible during FY 2005, federal preparedness
assistance must be leveraged to complete NIMS implementation in FY 2006. By FY 2007,
federal preparedness assistance will be conditioned upon full compliance with NIMS.
•
Institutionalizing the use of the ICS. Transit systems that are not already using ICS, must
institutionalize the use of ICS (consistent with the concepts and principles taught by DHS)
across the entire response system.
The rail transit agency is also addressing NIMS requirements through its partnership with the
county and municipal emergency management agencies in its service area. The county has
approved the Major Emergency Incident Management System (MEIMS) Basic Principals and
Protocols. MEIMS Basic Principles establish Emergency Incident Levels and define the roles and
responsibilities of the various entities, including the rail transit agency, which could become
involved in emergency response. MEIMS Protocols, which have been adopted by the rail transit
agency, specify use of the Incident Command System (ICS) and support compliance with the
National Incident Management System (NIMS) and the National Response Plan (NRP) regarding
both on-scene response and the request and mobilization of resources.
HSPD-7: NIPP: In developing its Emergency Operations Plan, SEPP, and supporting procedures,
plans, policies, training, drills/exercises, and other activities, the rail transit agency is addressing
concerns identified in the NIPP. Further, the rail transit agency remains committed to filling
requests from DHS or SSAs regarding:
•
•
•
•
•
•
the identification and prioritization of assets;
the sharing of data with DHS & SSAs and the response to all calls for such data;
the verification and update of data based on knowledge, practice and observations;
the conduct of shared assessments with DHS and SSAs;
the identification of infrastructure interdependencies; and
the development of cross-sectional prioritization efforts.
HSPD-8: G&T Transit Security Grant Program: G&T requires fulfillment of DHS emergency
preparedness guidance as a condition of eligibility for security preparedness grants and technical
assistance. G&T includes a Transportation Infrastructure Security Division (TISD) which
administers the Urban Area Security Initiative (UASI), Transit Security Grant Program (TSGP).
This program requires that the rail transit agency work with its State Administrative Agency
(SAA), and the state Emergency Management Agency, to:
•
Provide a point-of-contact and a program narrative describing the rail transit system,
including a description of its operating systems, infrastructure, ridership, the number of
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
75
�track miles (if applicable), the number of vehicles or vessels (if applicable), types of service
and other important features, as well as system maps, a description of the geographical
borders of the transit systems and the cities and counties served, and a description of other
sources of funding being leveraged for security enhancements. In addition, the program
narrative should address the rail transit agency’s current prevention, detection and response
capabilities relative to improvised explosive devices (IEDs), as well as chemical,
biological, radiological and nuclear (CBRNE) devices, including sensors, canine units, etc.
•
Ensure that the rail transit agency has conducted a transit threat and vulnerability
assessment (either as outlined in The Public Transportation System Security and
Emergency Preparedness Planning Guide, published by the U.S. Department of
Transportation’s Federal Transit Administration, January 2003 or through the Security
Readiness Assessment conducted by the FTA, or through risk assessments that were
completed during the previous round of UASI Transit Security Grants or the risk
assessment completed as part of the G&T Mass Transit Technical Assistance Program).
These assessments must be provided to G&T.
•
Develop a Security and Emergency Preparedness Plan (SEPP), updated within the past
year, which addresses the requirements outlined in The Public Transportation System
Security and Emergency Preparedness Planning Guide. This plan must be provided to
G&T for the release of TSGP funds.
•
The program also includes a requirement that transit systems selected for funding
participate in a Regional Transit Security Working Group (RTSWG) for the purpose of
developing a Regional Transit Security Strategy (RTSS), and to develop regional
consensus on the expenditure of FY 2005 TSGP funds. The RTSWG must also include
representation from the state Emergency Management Agency and the state Department of
Public Safety, Division of Homeland Security and the local Urban Area Working Group
(UAWG). Other transit agencies whose systems intersect with the rail transit agency also
participate in the RTSWG process.
The focus of the regional transit system security strategy is on the detection of, response to,
prevention of and recovery from terrorist incidents. First and foremost is the threat of
improvised explosive devices and chemical, biological, radiological, nuclear, and explosive
devices. This strategy will work hand in hand with existing regional, state homeland
security, and urban area security initiative strategies, with particular emphasis on the transit
system. A significant aspect of this strategy will be on the development of relationships,
sharing of communications networks, tactical interoperable radio systems, shared
technology, equipment, training and exercises.
•
Other Elements: Public Awareness and Citizen Participation: Citizens are a critical
component of homeland security, and to have a fully prepared community, citizens must be
fully aware, trained, and practiced on how to detect, deter, prepare for, and respond to
emergency situations. Recent surveys indicate that citizens are concerned about the threats
facing the nation and are willing to participate to make their communities safer, yet most
Americans have low awareness of federal, state, and local emergency preparedness plans,
are not involved in local emergency drills, and are not adequately prepared at home.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
76
�Informed and engaged citizens are an essential component of homeland security and the
mission of Citizen Corps is to have everyone in America participate in making their
community safer, stronger, and better prepared. To achieve this, state, local and tribal
Citizen Corps Councils have formed nationwide to help educate and train the public, and to
develop citizen/volunteer resources to support local emergency responders, community
safety, and disaster relief.
In support of this mission, G&T is currently working with FTA to align the Citizen Corps
and Transit Watch programs. As part of this, all FY 2005 TSGP award recipients should
work with the applicable state and local Citizen Corps Councils to more fully engage
citizens through the following activities:
o Expand plans and task force memberships to address citizen participation.
o Develop or revise plans to integrate citizen/volunteer resources and participation,
and include advocates for increased citizen participation in task forces and advisory
councils.
o Awareness and outreach to inform and engage the public. Educate the public on
personal preparedness measures, terrorism awareness, alert and warning systems,
and state and local emergency plans via a range of community venues and
communication channels.
o Include citizens in training and exercises. Provide emergency preparedness and
response training for citizens, improve training for emergency responders to better
address special needs populations, and involve citizens in all aspects of emergency
preparedness exercises, including planning, implementation, and after action
review.
o Develop or expand programs that integrate citizen/volunteer support for the
emergency responder disciplines. Develop or expand Citizen Corps Programs into
the transit environment, including citizen participation in prevention and response
activities.
In addition, FY2005 TSGP award recipients should also take advantage of the public awareness
materials developed by FTA through Transit Watch. To facilitate this, reproduction of official
Transit Watch materials is an allowable expense as part of this program.
TSA REGULATIONS:
Under authority of 49 USC 40119, USDOT and TSA have jointly issued, at 49 CFR § 15 and 49
CFR § 1520 respectively, regulations for protection of sensitive security information (SSI),
applicable to all modes of transportation. The rail transit agency uses its legal department to
address SSI considerations, and, at the present time, does not need protections afforded by these
regulations.
In addition, the Transportation Security Administration (TSA) has required, per its security
directive RAILPAX-04-01 issued May 20, 2004, the designation of primary and alternate security
coordinators (SCs) for public mass transit rail operations. The rail transit agency has provided these
SCs to TSA.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
77
�The SCs serve as point-of-contact with TSA, such as rail security inspectors under TSA's Surface
Transportation Security Inspector (STSI) program. Pursuant to the DHS/G&Ts National
Infrastructure Protection Plan (NIPP) and DHS/TSA's Transportation Security Operational Plan
(TSOP), TSA has developed a Surface Transportation Security Inspector (STSI) Program (Rail), as
mandated by the Fiscal Year 2005 Homeland Security appropriations bill.
The STSI program will hire, train and deploy 100 TSA rail security compliance inspectors, to be
located in 19 cities. The cities were chosen for their proximity to major rail hubs, existing Federal
Railroad Administration (FRA) and Federal Transit Administration offices, and existing TSA
Aviation Operations Districts. In coordination with mass transit and passenger rail systems, the
TSA inspectors will: conduct security system evaluations; share security-related best practices
information; coordinate security threat advisories; and conduct inspections to ensure compliance
with security directives, such as TSA's security directive RAILPAX-04-01 issued May 20, 2004.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
78
�Appendix B: Acronyms
AVL
BASS
CBRNE
CCTV
COOP
CFR
CPTED
DHS U.S.
DOT U.S.
EMS
EOC
EOP
G&T
HSPD
IED
JTTF
NIMS
NTI
OCC
ODP
OSHA
POETE
RFGS
RTSS
SEPP
SOP
SSO
SSPP
TEW
TSA
UA
UAPOC
UASI
WMD
Automatic Vehicle Location
Behavioral Awareness Security Screening
Chemical, Biological, Radiological, Nuclear, Explosive (WMD)
Closed-Circuit Television
Continuity of Operations Plan
Code of Federal Regulations
Crime Prevention Through Environmental Design
Department of Homeland Security
Department of Transportation
Emergency Medical Services
Emergency Operations Center
Emergency Operations Plan
Office of Grants and Training
Homeland Security Presidential Directive
Improvised Explosive Device
Joint Terrorism Task Force (FBI)
National Incident Management System
National Transit Institute
Operations Control Center
Office for Domestic Preparedness
Occupational Safety and Health Administration
Plans, Organization, Equipment, Training/Procedures, and Exercises/Evaluation
Rail Fixed Guideway System
Regional Transit Security Strategy
Security and Emergency Preparedness Plan
Standard Operating Procedure
RFGS State Safety Oversight Agency
System Safety Program Plan
Terrorism Early-Warning System
Transportation Security Administration
Urban Area (for DHS/G&T administration of UASI program)
Regional UASI Point-of-Contact working group
Urban Areas Security Initiative
Weapons of Mass Destruction
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
79
�Appendix C: Definitions
Assessment - The evaluation and interpretation of measurements and other information to
provide a basis for decision-making.
Assets - People, information, and property for which the public transportation system is
responsible as legal owner, employer, or service provider.
Capabilities Assessment - A formal evaluation, conducted by the public transportation
system, to identify the status of its security and emergency preparedness activities. This
activity enables the system to determine its existing capacity to: (1) Reduce the threat of
crime and other intentional acts, (2) Recognize, mitigate, and resolve incidents that occur in
service and on system property, (3) Protect passengers, employees, emergency responders,
and the environment during emergency operations, and (4) Support community response to
a major event.
Consequences - The severity of impact and probability of loss for a given threat scenario.
Consequences may be measured in qualitative or quantitative terms.
Countermeasures - Those activities taken to reduce the likelihood that a specific threat
will result in harm. Countermeasures typically include the deployment and training of
personnel, the implementation of procedures, the design or retrofit of facilities and
vehicles; the use of specialized equipment, the installation of alarms/warning devices and
supporting monitoring systems; and communications systems and protocols.
Critical Assets - A sub-category of assets whose loss has the greatest consequences for
people and the ability of the system to sustain service. These assets may require higher or
special protection.
Critical Infrastructure - Systems and assets, whether physical or virtual, so vital to the
United States that the incapacity or destruction of such systems and assets would have a
debilitating impact on security, national economic security, national public health or safety,
or any combination of those matters. (USA Patriot Act of 2001, 42 U.S.C. § 5195(e),
incorporated by reference into the Homeland Security Act of 2002, 6 U.S.C. § 101).
Department of Homeland Security (DHS) - U.S. government agency created by the
Homeland Security Act of 2002 (Pub. L. 107-296). Includes Transportation Security
Administration (TSA), and within the Office of the Secretary of DHS, the Office for
Domestic Preparedness (ODP), which is now referred to as the Department of Homeland
Security, Preparedness Directorate, Office of Grants and Training (G&T). TSA's authority
includes regulation and oversight of security measures for all modes of transportation in the
United States. G&T's functions include coordinating emergency preparedness efforts at all
levels of government.
Emergency - A condition, situation or occurrence of a serious nature, developing suddenly
and unexpectedly, and requiring immediate action.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
80
�Emergency Operations Center (EOC) - The physical location at which the coordination
of information and resources to support domestic incident management activities normally
takes place.
Emergency Operations Plan (EOP) - The formal plan that documents the transportation
system’s program for emergency preparedness and response.
Emergency Preparedness - Plans, organization, equipment, training/procedures, and
exercises/evaluation, for preparedness to perform the prevention, detection, response and
recovery capabilities applicable to mass transit employees and operations during
catastrophic natural disasters, or terrorist attacks, appropriately coordinated/integrated with
emergency response/management jurisdictions in the transit agency's service area.
Emergency Responder - Federal, state, and local public safety, law enforcement,
emergency response, emergency medical (including hospital emergency facilities), and
related personnel, agencies, and authorities.
Evacuation - Organized, phased, and supervised withdrawal, dispersal, or removal of
civilians from dangerous or potentially dangerous areas, and their reception and care in safe
areas.
Event - A planned, non-emergency activity. ICS can be used as the management system
for a wide range of events, e.g., parades, concerts, or sporting events.
Federal Transit Administration (FTA) - The agency of the U.S. Department of
Transportation which administers the federal program of financial assistance to public
transit.
Hazard also Hazardous Condition - Any real or potential condition that can cause injury,
illness, or death; damage to or loss of a system, equipment or property; or damage to the
environment.
Hazard Severity Catastrophic - A hazard severity category defined as “Category I” failure condition
that could result in a large number of serious injuries and/or fatalities, and/or
significant loss of system capability.
Critical - A hazard severity category defined as “Category II” failure condition that
could result in severe injury to one or more persons, and/or significant system
damage.
Marginal - A hazard severity category defined as "Category III”, failure conditions
that could result in minor injury, minor occupational illness, or minor system
damage.
Negligible - A hazard severity category defined as "Category IV” failure conditions
that cause less than minor injuries, illness, or system damage.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
81
�Hazard Threat Probability – The probability a hazard or threat will occur. Probability
may be expressed in quantitative or qualitative terms and the ranking system is as follows:
(a) frequent, (b) probable, (c) occasional, (d) remote, (e) improbable, and (f) impossible.
Hazard Resolution – The analysis and subsequent actions taken to reduce, to the lowest
level practical, the risk associated with an identified hazard.
Homeland Security Presidential Directives (HSPDs) - instruments for communicating
presidential decisions about the national security policies of the United States and
implementations thereof.
Incident – An occurrence or event, natural or human-caused, which requires an emergency
response to protect life or property.
Incident Command System (ICS) - A standardized on-scene emergency management
concept specifically designed to provide for the adoption of an integrated organizational
structure that reflects the complexity and demands of single or multiple incidents, without
being hindered by jurisdictional boundaries. ICS is the combination of facilities,
equipment, personnel, procedures, and communications operating within a common
organizational structure, designed to aid in the management of resources during incidents.
Incident Commander (IC) - The individual responsible for all incident activities,
including the development of strategies and tactics and the ordering and the release of
resources. The IC has overall authority and responsibility for conducting incident
operations and is responsible for the management of all incident operations at the incident
site.
Injury – Injury to a person requiring medical attention necessitating transport to a medical
facility by ambulance or police vehicle for medical treatment.
Investigation - The process used to determine the causal and contributing factors of an
accident or hazard, so that actions can be identified to prevent recurrence.
Management Loss Control - An element of the system safety and security management
function that evaluates the effects of potential hazards/threats considering acceptance,
control, or elimination with respect to the expenditure of available resources.
Mitigation - The activities designed to reduce or eliminate risks to persons or property or
to lessen the actual or potential effects or consequences of an incident. Mitigation measures
may be implemented prior to, during, or after an incident. Mitigation measures are often
informed by lessons learned from prior incidents. Mitigation involves ongoing actions to
reduce exposure to, probability of, or potential loss from hazards.
Multi-jurisdictional Incident - An incident requiring action from multiple agencies that
each have jurisdiction to manage certain aspects of an incident. In ICS, these incidents will
be managed under Unified Command.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
82
�Mutual-Aid Agreement - Written agreement between agencies and/or jurisdictions that
they will assist one another on request, by furnishing personnel, equipment, and/or
expertise in a specified manner.
National Incident Management System - A system mandated by HSPD-5 pursuant to the
Homeland Security Act of 2002, that provides a consistent nationwide approach for federal,
state, local, and tribal governments; the private-sector, and nongovernmental organizations
to work effectively and efficiently together to prepare for, respond to, and recover from
domestic incidents, regardless of cause, size, or complexity. To provide for interoperability
and compatibility among federal, state, local, and tribal capabilities, the NIMS includes a
core set of concepts, principles, and terminology. HSPD-5 identifies these as the ICS;
multi-agency coordination systems; training; identification and management of resources
(including systems for classifying types of resources); qualification and certification; and
the collection, tracking, and reporting of incident information and incident resources.
National Infrastructure Protection Plan (NIPP): A DHS/TSA-issued plan, mandated by
HSPD-7 pursuant to the Homeland Security Act of 2002, for protection of critical
infrastructure in the United States. The plan designates TSA as the sector-specific federal
agency responsible for transportation critical infrastructure protection. In 2005, TSA is
developing a Transportation Security Operational Plan (TSOP) that (1) will describe
responsibilities and program milestones for securing critical transportation infrastructure in
areas of domain awareness, prevention, protection, response, and recovery; and (2) will
provide transportation owner/operators with guidance to develop or enhance their
respective security plans.
National Response Plan - A DHS/G&T-issued plan, mandated by HSPD-5 pursuant to the
Homeland Security Act of 2002, that integrates federal domestic prevention, preparedness,
response, and recovery plans into one all-discipline, all-hazards plan.
National Preparedness Goal and National Preparedness Plan - A DHS/G&T-issued
plan, mandated by HSPD-8 pursuant to the Homeland Security Act of 2002, that provides a
consistent nationwide approach and objectives for federal, state, local, and tribal
governments to develop plans, organization, equipment, training/procedures, and
exercises/evaluation, for preparedness to perform the prevention, detection, response and
recovery capabilities (as specified in the DHS/G&T-issued Target Capabilities List) during
catastrophic natural disasters or terrorist attacks (particularly as specified in the DHS/G&Tissued National Planning Scenarios).
Office of Domestic Preparedness (ODP) - see Department of Homeland Security (DHS)
Office of Grants and Training (G&T) – see Department of Homeland Security (DHS)
Off-Peak Period - The period between the morning and evening peak periods when travel
activity is generally lower and less transit service is scheduled.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
83
�Park and Ride Lot - Designated parking areas for automobile drivers who then board
transit vehicles from these locations.
Peak Period - Morning and afternoon time periods when transit riding is heaviest.
Preparedness - The range of deliberate, critical tasks and activities necessary to build,
sustain, and improve the operational capability to prevent, protect against, respond to, and
recover from domestic incidents.
Prevention - Actions to avoid an incident or to intervene to stop an incident from
occurring. Prevention involves actions to protect lives and property. It involves applying
intelligence and other information to a range of activities that may include such
countermeasures as deterrence operations; heightened inspections; improved surveillance
and security operations; investigations to determine the full nature and source of the threat;
public health and agricultural surveillance and testing processes; immunizations, isolation,
or quarantine; and, as appropriate, specific law enforcement operations aimed at deterring,
preempting, interdicting, or disrupting illegal activity and apprehending potential
perpetrators and bringing them to justice.
Procedures - Established and documented methods to perform a series of tasks.
Public Information Officer - A member of ICS Command Staff responsible for
interfacing with the public and media or with other agencies with incident-related
information requirements.
Public Transit System - An organization that provides transportation services owned,
operated, or subsidized by any municipality, county, regional authority, state, or other
governmental agency, including those operated or managed by a private management firm
under contract to the government agency owner.
Recovery - The development, coordination, and execution of service- and site-restoration
plans; the reconstitution of government operations and services; individual, private sector,
nongovernmental, and public-assistance programs to provide housing and to promote
restoration; long-term care and treatment of affected persons; additional measures for
social, political, environmental, and economic restoration; evaluation of the incident to
identify lessons learned; post-incident reporting; and development of initiatives to mitigate
the effects of future incidents.
Response - Activities that address the short-term, direct effects of an incident. Response
includes immediate actions to save lives, protect property, and meet basic human needs.
Response also includes the execution of emergency operations plans and of mitigation
activities designed to limit the loss of life, personal injury, property damage, and other
unfavorable outcomes. As indicated by the situation, response activities include applying
intelligence and other information to lessen the effects or consequences of an incident;
increased security operations; continuing investigations into the nature and source of the
threat; on-going public health and agricultural surveillance and testing processes;
immunizations, isolation, or quarantine; and specific law enforcement operations aimed at
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
84
�preempting, interdicting, or disrupting illegal activity, and apprehending actual perpetrators
and bringing them to justice.
Redundancy - The existence of more than one means of accomplishing a given function.
Ridership - The number of rides taken by people using a public transportation system in a
given time period.
Risk Assessment –
Initial Risk Index - The index of the worst credible consequences resulting from the
hazard.
Residual Risk Index - The index of the worst credible consequences resulting from
the hazard once corrective actions have been implemented.
Safety - Freedom from harm resulting from unintentional acts or circumstances.
Safety Certification - An element of the System Safety Program that documents the
functional working of the System Safety Program, and provides a documented database
from which to validate the active processes necessary to produce a safe system, ready for
revenue service. Used primarily on new systems and expansions of operational properties.
Scenario Analysis - An interpretive methodology that encourages role-playing by
transportation personnel, emergency responders, and contractors to brainstorm ways to
attack the system. This analysis uses the results of threat analysis, paired with the system’s
list of critical assets. Transportation personnel use this analysis to identify the capabilities
required to support specific types of attacks. This activity promotes awareness and
highlights those activities that can be preformed to recognize, prevent, and mitigate the
consequences of attacks.
Security - Freedom from harm resulting from intentional acts or circumstances.
Security Breach - An unforeseen event or occurrence which endangers life or property and
may result in the loss of services or system equipment.
Security Threat - Any intentional action with the potential to cause harm in the form of
death, injury, destruction, disclosure, interruption of operations, or denial of services.
Sensitive Security Information (SSI) - Information as described at 49 CFR § 1520.5 / 49
CFR § 15.5. SSI is information obtained or developed in the conduct of security activities,
the disclosure of which would be detrimental to transportation safety. SSI includes: security
program plans, security and vulnerability assessments, threat information, incident
response plans, security directives and measures, security inspection or investigative
information, security screening information or procedures, specifications for devices for
detection of weapons or destructive devices or substances, specifications for
communications equipment used for transportation security, and critical infrastructure
information (see Critical Infrastructure).
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
85
�System - A composite of people (employees, passengers, others), property (facilities and
equipment), environment (physical, social, institutional), and procedures (standard
operating, emergency operating, and training) which are integrated to perform a specific
operational function in a specific environment.
System Security - The application of operating, technical, and management techniques and
principles to the security aspects of a system throughout its life to reduce threats and
vulnerabilities to the most practical level through the most effective use of available
resources. System Security Program is the combined tasks and activities of system security
management and system security analysis that enhance operational effectiveness by
satisfying the security requirements in a timely and cost-effective manner through all
phases of a system life cycle. System Security Management is an element of management
that defines the system security requirements and ensures the planning, implementation,
and accomplishments of system security tasks and activities.
System Security Program Plan - a document developed and adopted by a transit agency
describing its security policies, objectives, responsibilities, and procedures.
Terrorism - Under the Homeland Security Act of 2002, terrorism is activity that involves
an act dangerous to human life or potentially destructive of critical infrastructure or key
resources and is a violation of the criminal laws of the United States or of any state or other
subdivision of the United States in which it occurs and is intended to intimidate or coerce
the civilian population or influence a government or affect the conduct of a government by
mass destruction, assassination, or kidnapping.
Threat - An indication of possible violence, harm, or danger. Any real or potential
condition that can cause injury or death to passengers or employees of damage to or loss of
transit equipment, property, and/or facilities.
Threat and Vulnerability Assessment: An evaluation performed to consider the
likelihood that a specific threat will endanger the system, and to prepare recommendations
for the elimination or mitigation of all threats with attendant vulnerabilities that meet predetermined thresholds. Critical elements of these assessments include:
Threat Analysis - Defines the level or degree of the threats against a specific facility
by evaluating the intent, motivation, and possible tactics of those who may carry
them out.
Threat Probability - The probability a threat will occur at a specific facility during
its life cycle (typically quantified as 25 years), for example:
Frequent: Event will occur within the system’s lifecycle.
Probable: Expect event to occur within the system’s lifecycle.
Occasional: Circumstances expected for that event; it may or may not occur
within the system’s lifecycle.
Remote: Possible but unlikely to occur within the system’s lifecycle.
Improbable: Event will not occur within the system’s lifecycle.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
86
�Threat Severity - A qualitative measure of the worst possible consequences of a specific
threat in a specific facility:
Category 1 - Catastrophic: May cause death or loss of a significant component of
the transit system, or significant financial loss.
Category 2 - Critical: May cause severe injury, severe illness, major transit system
damage, or major financial loss.
Category 3 - Marginal: May cause minor injury or transit system damage, or
financial loss.
Category 4 - Negligible: Will not result in injury, system damage, or financial loss.
Threat Resolution - The analysis and subsequent action taken to reduce the risks
associated with an identified threat to the lowest practical level.
Transportation Security Administration (TSA) - see Department of Homeland Security
(DHS).
Unified Command - An application of ICS used when there is more than one agency with
incident jurisdiction or when incidents cross political jurisdictions. Agencies work together
through the designated members of the UC, often the senior person from agencies and/or
disciplines participating in the UC, to establish a common set of objectives and strategies
and a single IAP.
Unsafe Condition or Act - Any condition or act which endangers life or property.
Urban Area Security Initiative (UASI) - A security grant assistance program of the U.S.
Department of Homeland Security (DHS), administered through the Office of Grants and
Training. UASI provides grant assistance to address the unique planning equipment
training and exercise needs of identified high-risk urban areas (UAs), ports and mass transit
agencies, and to assist them in building an enhanced capability to prevent, respond to, and
recover from acts of terrorism.
Vulnerability - Characteristics of passengers, employees, vehicles, and/or facilities which
increase the probability of a security breach.
Vulnerability Analysis: The systematic identification of physical, operational and
structural components within transportation facilities and vehicles that can be taken
advantage of to carry out a threat. This includes vulnerabilities in the design and
construction of a given transit facility or vehicle, in its technological systems, and in the
way it is operated (e.g., security procedures and practices or administrative and
management controls). Vulnerability analysis identifies specific weaknesses with respect to
how they may invite and permit a threat to be accomplished.
Program Requirements for System Security and Emergency Preparedness Plan (SEPP)
87
�Appendix H: State Oversight Agency System Security Program
Plan Checklist
�Checklist for Reviewing the System Security and Emergency Preparedness Plan
Rail Transit Agency (RTA) ___________________________________________________________________________
State Oversight Agency Reviewer ___________________________
#
1.
1.1
1.2
CHECKLIST
ITEM
Policy
Statement
Purpose
Goals and
Objectives
Date __ _______________
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
•
A policy statement should be developed for the System
Security and Emergency Preparedness Plan.
•
The policy statement should describe the authority that
establishes the SEPP, including statutory requirements
and the rail transit agency’s relationship with the
oversight agency.
•
The policy statement is signed and endorsed by the rail
transit agency’s chief executive.
•
The SEPP should identify the purpose of the security
program endorsed by the agency’s chief executive.
•
The SEPP should introduce the concept of “system
security.”
•
The SEPP introduces the concept of “emergency
preparedness.”
•
The SEPP should identify the goals of the SEPP
program endorsed by the agency’s chief executive.
•
The SEPP should identify the objectives of the SEPP
program endorsed by the agency’s chief executive.
1.3
Scope
•
Describe the scope of the SEPP and Program.
1.4
Security and
Law
Enforcement
•
Describe the security and law enforcement functions
that manage and support implementation of the SEPP.
1.5
Management
Authority and
Legal Aspects
•
Describe the authority which oversees the operation and
management of the rail transit agency, including its
security/police function.
1
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Security and Emergency Preparedness Plan
#
CHECKLIST
ITEM
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
1.6
Government
Involvement
•
Describe how the SEPP interfaces with local, state and
federal authorities to ensure security and emergency
preparedness for the system.
1.7
Security
Acronyms and
Definitions
•
Provide a listing of acronyms and definitions used in the
SEPP.
2.1
Background
and History
A description of the agency including general overview,
a brief history and scope of rail transit services provided.
2.2
Organizational
Structure
•
Organizational charts showing the lines of authority and
responsibility as they relate to security and emergency
preparedness.
2.3
Human
Resources
•
Provide a categorization and break-down of all
employees and contractors who work for/on the rail
transit agency.
2.4
Passengers
•
Provide a description of the rail transit agency’s
ridership.
2.5
Services and
Operations
•
Describe the rail transit agency’s operations and
services.
2.6
Operating
Environment
•
Describe the rail transit agency’s operating environment.
2.7
Integration
with Other
Plans
•
Describe how the SEPP integrates with other plans and
programs maintained by the rail transit agency.
2.8
Current
Security
Conditions
•
Description of the current security conditions at the rail
transit agency and the types of security incidents
experienced by the transit system and their frequency of
occurrence.
2.9
Capabilities
and Practices
•
Summary description of methods and procedures,
devices, and systems utilized to prevent or minimize
security breaches, including passenger education,
campaigns, delay, detection, and assessment devices,
and others that may be applicable.
2
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Security and Emergency Preparedness Plan
#
CHECKLIST
ITEM
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
3.1
Responsibility
for Mission
Statement
•
Identification of the person(s) responsible for
establishing a transit system security and emergency
preparedness policy and for developing and approving
the SEPP.
3.2
Management
of the SEPP
Program
•
Identification of the person(s) with overall responsibility
for transit security and emergency preparedness,
including day-to-day operations, SEPP-related internal
communications, liaison with external organizations, and
identifying and resolving SEPP-related concerns.
3.3
Division of
Security
Responsibility
•
Listing of SEPP-related responsibilities of the personnel
who work within the transit agency security/police
function.
•
Listing of SEPP-related responsibilities of other
departments/functions, including their relationship to the
security/police function.
•
Listing of security-related responsibilities for other (nonsecurity/police) rail transit agency employees, including
their relationship to the employee’s other duties.
•
A SEPP Program Roles and Responsibilities Matrix
should be developed showing interfaces with other
transit system departments/functions and the key
reports or actions required.
•
The responsibilities of external agencies for supporting
SEPP development and implementation should be
identified.
•
The committees developed by the rail transit agency to
address security issues should be identified.
4.1
Planning
•
Identification of SEPP activities and programs in place
at the rail transit agency to support planning for system
security and emergency preparedness.
4.2
Organization
•
Identification of the organization of SEPP-related
activities and programs and the ability to coordinate with
external response agencies.
3
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Security and Emergency Preparedness Plan
#
CHECKLIST
ITEM
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
4.3
Equipment
•
Description of the equipment used to support
implementation of the SEPP program.
4.4
Training and
Procedures
•
Description of SEPP-related training and procedures
available to ensure employee proficiency.
4.5
Exercises and
Evaluation
•
Description of SEPP-related activities to ensure the
conduct of emergency exercises and evaluation.
5.1
Threat and
Vulnerability
Identification
•
Description of the rail transit agency’s activities to
identify security and terrorism-related threats and
vulnerabilities.
5.2
Threat and
Vulnerability
Assessment
•
Description of the rail transit agency’s activities to
assess the likely impacts of identified threats and
vulnerabilities on the system and to identify particular
vulnerabilities which require resolution.
5.3
Threat and
Vulnerability
Resolution
•
Description of how response strategies (both short- or
long-term strategies) are developed for prioritized
vulnerabilities, including the decision process used to
determine whether to eliminate, mitigate, or accept
security problems.
6.1
Required
Tasks for
Goals and
Objectives
•
Identification of tasks to be performed to implement the
goals and supporting objectives required to implement
the SEPP.
6.2
Task
Schedule
•
General schedule with specific milestones for
implementation of the security program, threat and
vulnerability analyses, staff security training, and regular
program reviews during the implementation process.
6.3
Evaluation
•
Description of the types of internal management reviews
to be conducted, the frequencies of the reviews, and the
person(s) responsible.
4
PAGE
REF.
COMMENTS
�Checklist for Reviewing the System Security and Emergency Preparedness Plan
#
CHECKLIST
ITEM
PLAN REQUIREMENTS
INCLUDED
Does the PLAN contain or provide for the following:
Yes — No
7.1
Initiation of
SEPP
Revisions
•
Description of process used to initiate revisions to the
security plan, gather input for the revisions, procedures
for updating the security plan, and identification of
responsible person(s).
7.2
Review
Process
•
Description of the process used to review and revise the
security plan as necessary, including frequency of
reviews, and responsible person(s).
7.3
Implement
Modifications
•
Description of process used to communicate and
disseminate new and revised procedures and other
elements of the security plan to appropriate transit
agency staff.
5
PAGE
REF.
COMMENTS
�Appendix I: Checklist for Reviewing Rail Transit Agency
Accident Investigation Reports and Supporting
Documentation
�Summary Checklist for Reviewing Rail Transit Agency Accident
Investigation Reports and Supporting Documentation
SAFETY AND SECURITY OVERSIGHT PROGRAM
CHECKLIST FOR REVIEWING RTA INVESTIGATION REPORTS
Rail Transit Agency:
Date Submitted:
____________________________________
Event Date/Description:
_____________________________________
Reviewer(s):
____________________________________
_____________________________________
Investigation Report
Summary
Comment
Facts/Sequence of Events
Location of reportable event and/or
hazard
Injuries to persons
Other damage
Operator information
Train information, including method of
operation
Weather conditions
Other environmental factors
Fire
Tests and research
Other information
Analysis
Are analytic methods and results
identified?
Does analysis support inferences and
guide judgment by validity,
consistency and logic?
Have facts, conditions, circumstances
and inferences been properly
reviewed and evaluated?
Were people, procedures, equipment,
facilities, and environmental factors
considered in the analysis?
Recommendations
Are they feasible and supported by
findings?
Are they itemized/specific enough to
facilitate corrective actions?
1
�SAFETY AND SECURITY OVERSIGHT PROGRAM
CHECKLIST FOR REVIEWING RTA INVESTIGATION REPORTS
Rail Transit Agency:
Date Submitted:
____________________________________
Event Date/Description:
_____________________________________
Reviewer(s):
____________________________________
_____________________________________
Investigation Report
Are they directed toward correcting a
particular area and assigned to
specific individuals and/or
departments for action?
Do they establish specific target dates
on a schedule for implementation or
completion?
Appendices
Supporting documentation
Drawings, photographs
Interviews
Other (specify)
Comment
This Investigation Report is:
_____ Approved
_____ Not approved, additional requirements specified below
Comments/Requirements:
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
Reviewed By:
Date:
____________________________________
Approved By:
_____________________________________
Date:
____________________________________
_____________________________________
2
�Detailed Checklist for Reviewing Rail Transit Agency Accident
Investigation Reports and Supporting Documentation
Overview
This checklist identifies a set of activities that should have been performed by the RTA in
conducting an investigation of accidents meeting thresholds specified by SOA. Since
each accident may be different, the tasks and procedures detailed in this checklist will not
necessarily be applied to, nor required for, every RTA accident investigation. In applying
this checklist, SOA staff should carefully assess which elements of the checklist are
applicable to the particular investigation, and address only those elements.
Review Elements
Notification:
1) Did the RTA notify SOA of the accident within the required two-hour timeframe?
Yes
Notes:
No
Partially
2) Was the RTA Initial Notification complete, and did it address the required points of
information?
Yes
Notes:
No
Partially
3) Was the RTA’s internal notification process appropriately applied, ensuring that all
RTA personnel who needed to be informed of the accident were so notified?
Yes
Notes:
No
Partially
Initial Response:
4) Upon notification of an accident, did responsible modal supervisory personnel respond
to the scene and establish, as necessary, the RTA’s on-site Incident Management
Organization or Incident Command (IC)?
Yes
Notes:
No
Partially
3
�5) Did the responsible modal supervisory personnel coordinate appropriately with the onsite Incident Command established by outside emergency responders and become a
resource to the emergency responder Incident Commander?
Yes
Notes:
No
Partially
6) If appropriate, did the RTA implement its Emergency Operations Plan and/or
emergency response procedures to manage the accident?
Yes
Notes:
No
Partially
Investigator in Charge:
7) Did the RTA designate an Investigator in Charge (IIC) to conduct the investigation in
accordance with the RTA’s SSPP and Accident/Incident Investigation Procedure?
Yes
Notes:
No
Partially
8) Upon notification of an accident/incident meeting RTA investigation thresholds, did
the IIC respond to the scene in a timely manner?
Yes
Notes:
No
Partially
9) While on-scene, did the IIC have sufficient authority to initiate, coordinate, and
conduct an independent on-site investigation of the accident?
Yes
Notes:
No
Partially
10) Did the RTA support the IIC with an accident investigation team?
Yes
Notes:
No
Partially
4
�11) Upon arriving on the scene, did the IIC serve as the point of contact/communication
with any responding regulatory agency, including SOA?
Yes
Notes:
No
Partially
Accident Scene:
12) If not in conflict with any authority having jurisdiction, did the IIC secure the scene
in order to preserve site conditions and evidence to ensure accurate data development?
Yes
Notes:
No
Partially
13) Did the IIC follow the RTA’s designated procedure for securing the scene?
Yes
Notes:
No
Partially
14) Did the IIC coordinate with the RTA on-scene response to obtain, as needed,
technical assistance/expertise in conducting required post accident/incident assessments
of vehicles, infrastructures, physical plant, and/or equipment?
Yes
Notes:
No
Partially
15) What specific technical assistance/expertise did the IIC request at the scene from
RTA personnel? Examples of technical assistance/expertise include, as applicable,
inspection, testing, and operational assessment of the following: signals, track, power,
communications, and vehicle and equipment.
Notes:
16) If the IIC requested technical assistance/expertise, did the IC ensure that the required
technical assets are made available and deployed to the scene in a timely manner?
Yes
Notes:
No
Partially
5
�17) Did the IIC meet his or her objectives when initially responding to an accident scene?
Objectives specified in RTA procedures include: securing the scene to ensure safety and
prevent a second accident, preserving short term and long term physical evidence,
developing a preliminary sequence of events to determine what happened, and identifying
employees, passengers, and other eyewitnesses to obtain preliminary statements and
contact information.
Yes
Notes:
No
Partially
18) Did the RTA response effectively ensure that short term information, which becomes
quickly perishable as an accident scene is recovered (e.g. equipment or obstructions are
moved or re-arranged, equipment controls are repositioned, witnesses “disappear”, etc.),
was documented to the greatest extent possible?
Yes
Notes:
No
Partially
Accident Photography:
19) Upon arrival on the accident scene, did the IIC arrange to have the scene
photographed as soon as possible from a “panoramic” view, preferably before the
accident scene is restored?
Yes
Notes:
No
Partially
20) Did this panorama view include camera photographic shots of the involved vehicle(s)
in full view, nearby infrastructure features, and any evident significant obstructions,
objects, or conditions?
Yes
Notes:
No
Partially
21) Were accident scene photographs taken using a ‘4 point compass’ method?
Yes
Notes:
No
Partially
6
�22) Was the entire scene photographed from multiple vantage points?
Yes
Notes:
No
Partially
23) Did the photographer attempt to provide sufficient depth-of-field to show relative
positioning of objects and subjects for later comparison with diagrams?
Yes
Notes:
No
Partially
24) Did the photographer arrange to have specific objects or subjects photographed as
soon as possible from both normal periphery and close-up views, preferably before the
accident scene was restored?
Yes
Notes:
No
Partially
25) Did the photographer attempt to ensure appropriate depth-of-field to sufficiently
record subject material?
Yes
Notes:
No
Partially
26) Did the photographer attempt to include, as appropriate: (1) each vehicle involved,
exterior four sides, including number, (2) each vehicle involved, interior compartment,
(3) each vehicle involved, operating control compartment, (4) resting position of wheels
if off track, including evidence of sanding, (5) all visible points of vehicle damage, (6)
evidence of wheel marks on rail, (7) all visible points of infrastructure damage, (8) any
visibly evident contributing obstructions, objects, or conditions, (9) position of casualties,
if stationary, and (10) any other subject that appears out of the ordinary?
Yes
Notes:
No
Partially
7
�Initial Documentation:
27) Was initial documentation prepared for the investigation, including: (1) the location
of the accident, (2) the date of occurrence, (3) the time of occurrence, (4) the time of
arrival of IIC, supervisory staff, and responders, (4) the visibility conditions at the scene
(dawn, day, dusk, dark), (5) the weather at the scene (clear, cloudy, rainy, foggy,
snowing, sleeting), and (6) the approximate temperature at the scene?
Yes
Notes:
No
Partially
28) Was eyewitness information obtained at the scene as quickly as possible? Information
should include: (1) witness name, address, telephone number, (2) witness category
(employee, passenger, bystander), (3) status of witness (observer or principal involved in
accident) and (4) brief description or account of what was or was not observed.
Yes
Notes:
No
Partially
29) Was the damage and condition of the vehicle(s) documented appropriately, including
monetary damage estimate? Elements to be considered may include: (1) car body
condition (visible damage), (2) positions of all operator controls (controller & brake
handles, headlight and other switches, air gauge readings, etc.), (3) wheels, axles, trucks,
and/or sanders, (4) brake systems – friction, electric (dynamic), track, (5) door positions
or other entry/exit location conditions, and (6) headlights, marker lights, indicator lights
status.
Yes
Notes:
No
Partially
30) Was evidence appropriately documented relative to vehicle travel/speed to include, as
a minimum, the following: (1) ensure event log data (where in service) is secured, (2)
identify wheel marks on track, (3) identify evidence of sanding, (4) identify evidence
indicating area of contact/collision, (4) determine line-of-sight distances, and (6) ensure
arrangement to secure recorded communication data?
Yes
Notes:
No
Partially
8
�31) Were damage to and condition of the infrastructure and environmental conditions
appropriately documented, including monetary damage estimate? Items to consider
include the following: (1) damage (observable) to track, signals, bridges, structures,
buildings, other infrastructure equipment or machinery, (2) damage (observable) to
crossing protection apparatus, if relevant, (3) roadway approaches, visible pedestrian
approaches (unauthorized or otherwise), if relevant, (4) evidence (observable) of recent
environmental alteration (washout, landslide, etc.), (5) evidence (observable) of recent
miscreant alteration (vandalism), and (6) point of derailment, collision, or other incident.
Yes
Notes:
No
Partially
Sketch of Accident Scene:
32) Was the scene sketched, as appropriate, regarding the relative location of track(s),
vehicle(s), signals, equipment, apparatus, buildings, bridges, other structures? Include
noteworthy landmark features, such as roadways, waterways, pathways, flora, etc.?
Yes
Notes:
No
Partially
33) Was the diagram alignment relative to geographic north?
Yes
Notes:
No
Partially
34) Were points of reference indelibly marked in the field (e.g. paint or chalk markings)?
Yes
Notes:
No
Partially
35) Was correlation of points of reference documented with regard to resting positions of
objects or subjects?
Yes
Notes:
No
Partially
9
�36) Were “feet” used as a standard unit of measure?
Yes
Notes:
No
Partially
Casualty Information:
37) Was the status of all known casualties documented?
Yes
Notes:
No
Partially
38) Did this include: (1) total number of injuries, (2) total number of fatalities, (3)
identification of emergency response units that treated or transported casualties, and (4)
identification of hospitals where casualties were transported?
Yes
Notes:
No
Partially
Drug and Alcohol Testing:
39) The RTA is mandated by 49 CFR Part 655, “Prevention of Alcohol Misuse and
Prohibited Drug Use in Transit Operations,” to conduct toxicological testing based upon
regulatory requirements, collective bargaining agreements, or standard policy. Did RTA
field supervisory personnel make appropriate determinations regarding which employees,
if any, were subject to testing based upon the criteria?
Yes
Notes:
No
Partially
40) Did the RTA identify the authorization to conduct the test, and the type of test that
was required? Authorization and type includes the following: (1) FTA (For Cause, Post
Accident), (2) FRA (For Cause, Post Accident), (3) RTA (For Cause, Post Accident), and
(4) Local or Regional Police.
Yes
Notes:
No
Partially
10
�Off-Scene Accident Investigation:
41) Once the accident scene had been recovered, did the RTA IIC pursue the three
objectives specified in RTA procedures for accident investigation data development: (1)
to collect remaining applicable non-perishable data, (2) to conduct interim research and
analysis of all collected data to date to reconstruct the event, and (3) to determine
probable cause and contributing factors?
Yes
Notes:
No
Partially
42) In the aftermath of an accident, long term information that is non-perishable must be
collected (e.g. operational speeds and conditions, maintenance and inspection records,
damage estimates, etc.) The primary task of off-site data collection is to coordinate
documentation to support evaluation of system, vehicle, and employee performance. Did
the IIC coordinate needed post-accident research and analysis with all support
departments and independent outside agencies?
Yes
Notes:
No
Partially
43) Did the IIC arrange for providing specialized technical support within the respective
discipline(s) and/or departments?
Yes
Notes:
No
Partially
Off-Scene Vehicle Investigation:
44) Did the IIC arrange to conduct and/or document post-accident inspections/tests on
vehicles as needed to determine if pre-existing conditions contributed to the accident?
Applicable components to be tested may include, as a minimum, the following: (1)
operator controls, (2) wheels/axles/trucks/sanders, (3) braking systems friction, electric
(dynamic), track, (4) on-board signal/speed control systems, (5) communication system,
(6) lights, and (7) whistle/horn/gong.
Yes
Notes:
No
Partially
11
�45) Were all applicable engineering specifications and drawings obtained to support the
investigation?
Yes
Notes:
No
Partially
46) Was the prior maintenance history of vehicle(s) or component(s) involved in the
accident researched to determine if any significant conditions or performance levels
existed prior to the accident?
Yes
Notes:
No
Partially
47) Were RTA procedures appropriately followed in accessing this information?
Yes
Notes:
No
Partially
48) Was systems performance data (inspections/tests, maintenance history) compared
with prescribed engineering limits/specifications to determine if there were any
contributing factors to the accident?
Yes
Notes:
No
Partially
49) Were vehicle damage and repair costs verified?
Yes
Notes:
No
Partially
50) Was event log data recovered from the vehicle to determine actual vehicle
performance prior to and at the time of the event?
Yes
Notes:
No
Partially
12
�51) Was recorded radio or other communication data recovered to determine if flow of
information was of significance?
Yes
Notes:
No
Partially
Off-Scene Infrastructure Investigation:
52) Were timely post-accident inspections/tests on infrastructure conducted as needed to
determine if pre-existing conditions contributed to the accident? This activity might have
included tests for: (1) track structure, (2) traction power system, (3) signal systems, (4)
routing systems, (5) buildings and other structures, (6) bridges, (7) grade crossing
protection apparatus, and (8) other equipment or machinery.
Yes
Notes:
No
Partially
53) Was data recovered from any off-vehicle event recorders such as signal system event
recorders or other software driven records systems?
Yes
Notes:
No
Partially
54) Was the prior maintenance history of all systems involved in the accident researched
to determine if any conditions/performance levels existed prior to the accident?
Yes
Notes:
No
Partially
55) Were designed RTA procedures followed in accessing this information?
Yes
Notes:
No
Partially
56) Was systems performance data (inspections/tests, maintenance history) compared
against prescribed engineering limits/specifications to determine if there were any
contributing factors to the accident?
Yes
Notes:
No
Partially
13
�57) Were infrastructure damage and repair costs verified?
Yes
Notes:
No
Partially
Off-Scene Operating Procedures/Instructions Investigation:
58) Were all applicable operating instructions identified for the location of accident?
These include, but are not limited to, the following: (1) maximum authorized speed and
speed restrictions, (2) operating signs and locations, (3) wayside signal locations and
aspects capable of being displayed, (4) bulletins or other special operating orders in effect
at time of accident, (5) automatic signal systems in effect (train control, cab signals,
interlockings, automatic block, etc.), and (6) any special operating conditions.
Yes
Notes:
No
Partially
59) Were applicable federal and state rules/regulations obtained and researched to
determine compliance and effect on accident dynamics? As applicable, these should
include, at a minimum, the following: (1) motor vehicle code, (2) operating standards and
practices, (3) equipment standards, (4) qualification/certification level requirements, (5)
inspection/maintenance standards, and (6) safety standards and practices.
Yes
Notes:
No
Partially
Off-Scene Interviews:
60) Were detailed face-to-face interviews conducted as needed to determine sequence of
events leading up to and at time of the accident? If possible, these interviews should have
been tape recorded and supported by a signature from interviewee attesting to the
accuracy of the statement.
Yes
Notes:
No
Partially
14
�61) At a minimum, did interviews include: crew members, other employees directly or
indirectly involved in the sequence of events, non-employee accident principals,
passengers and bystander witnesses?
Yes
Notes:
No
Partially
62) Was interview data obtained from other independent sources (i.e., law enforcement)?
Yes
Notes:
No
Partially
63) Were applicable reports obtained from operators and supervisors for the
investigation?
Yes
Notes:
No
Partially
64) Were other applicable reports of investigation obtained from outside agencies and
law enforcement?
Yes
Notes:
No
Partially
Off-Scene Employee Records Review:
65) Were employee records researched for performance history or incidents relating to
accident dynamics? These records should include, but are not limited to, the following:
(1) operating and safety practices compliance, (2) qualification/certification levels and
experience, (3) training and continuing education history, (4) accident/incident history,
(5) toxicological and medical history, and (6) attendance/discipline history.
Yes
Notes:
No
Partially
15
�66) Were employee hours of service before the accident researched and documented?
This should include the following: (1) time employee reported for duty, (2) elapsed time
from on-duty time until time of accident, (3) break periods before accident, (4) available
off-duty hours before reporting for assignment, (5) number of consecutive days worked
prior to day of accident, and (6) nature of off-duty activity prior to accident.
Yes
Notes:
No
Partially
67) Was the employee’s fitness for duty researched and documented? This should include
the following: (1) visual acuity, (2) pre-existing medical conditions, and (3) consumption
of prescription/non-prescription medication.
Yes
Notes:
No
Partially
68) Were all aspects of employee performance considered comparative to operating
conditions, vehicle and infrastructure conditions, and human physical limitations?
Yes
Notes:
No
Partially
Off-Scene Casualty Investigation:
69) Were hospitals contacted to verify casualties?
Yes
Notes:
No
Partially
70) Was the following information obtained: number of casualties, identities of
casualties, and severity of casualties (injuries vs. fatalities [include Medical Examiner
reports])?
Yes
Notes:
No
Partially
16
�Off-Scene Trespasser Investigation:
71) Was additional research conducted for trespasser events?
Yes
Notes:
No
Partially
72) Did the RTA investigate reports prepared by law enforcement agencies related to
indications of suicide or foul play?
Yes
Notes:
No
Partially
73) Did the RTA obtain and review Medical Examiner toxicological reports?
Yes
Notes:
No
Partially
74) Comparison of research data to event log and communication data to determine
performance level?
Yes
Notes:
No
Partially
Analysis of Collected Investigation Information:
75) Did the RTA IIC document vehicle, infrastructure, or operating conditions that could
have contributed to casualties, or increased severity of same?
Yes
Notes:
No
Partially
76) Did the RTA IIC obtain results of post-accident toxicological testing?
Yes
Notes:
No
Partially
17
�77) Did the RTA IIC obtain determination of toxicological significance, if available?
Yes
Notes:
No
Partially
78) As considered relevant, did the RTA IIC reconstruct the accident dynamics and
sequence of events based upon all data from on-site investigation and off-site research?
Yes
Notes:
No
Partially
79) Did the RTA IIC establish facts that were contributory to the accident?
Yes
Notes:
No
Partially
80) Did RTA IIC fact-finding identify the following: actual vehicle performance, actual
infrastructure performance, actual employee performance, performance data or
mathematical calculations to determine vehicle speeds and/or impacts, scale
drawings/diagrams, and photographic evidence?
Yes
Notes:
No
Partially
81) Once the readily obtainable information for the investigation was assembled, did the
ICC ensure that all existing evidence was evaluated prior to making a general
determination as to the contributing factors and probable cause of the accident?
Yes
Notes:
No
Partially
82) In determining the contributing factors and probable cause of the accident, is it clear
that the RTA IIC and/or the RTA accident team reviewed the following: initial accident
report, operator and supervisor reports, interview reports, technical reports (vehicle,
infrastructure, other), outside agency reports, data contained on employee records, handwritten statements, event log data, radio/communication tapes and/or transcripts, maps,
drawings, or diagrams, and photographs or videos?
Yes
Notes:
No
Partially
18
�Investigation Report and Corrective Action Plan
83) Did the RTA IIC prepare a draft report detailing the data and analysis to support a
determination of cause and recommended corrective action, where needed?
Yes
Notes:
No
Partially
84) Was the draft report completed within the timeframe specified by the SOA and the
RTA SSPP and Accident Investigation Procedure?
Yes
Notes:
No
Partially
85) Did the draft report contain the following sections: Executive Summary, Sequence of
Events, (prior to the accident/incident, the accident/incident, subsequent to the
accident/incident), Findings/Analysis, Conclusions, Probable Cause, Contributory
Causes, and Recommendations?
Yes
Notes:
No
Partially
86) Did the RTA IIC and/or RTA accident team coordinate with affected departments to
draft a corrective action plan for implementing recommendations specified in the draft
accident investigation report?
Yes
Notes:
No
Partially
87) Did the RTA prepare a corrective action plan for all recommendations developed
following an accident/incident investigation?
Yes
Notes:
No
Partially
19
�88) Did the RTA corrective action plan contain the following information: activity to
meet objectives of the plan, responsible department/individual for plan implementation
and task activity, scheduled completion dates, estimated cost, required follow-up, process
to ensure that recommendation is implemented, and process to ensure that
recommendation does not result in other safety issues?
Yes
Notes:
No
Partially
89) Did the RTA prepare an internal status report of corrective action plan activity and
completion status?
Yes
Notes:
No
Partially
90) Did the RTA provide this report to the senior manager of each part of the RTA
organization responsible for implementation of the corrective action?
Yes
Notes:
No
Partially
91) Did the RTA schedule a follow-up review to check that the corrective actions have
been implemented?
Yes
Notes:
No
Partially
92) Does the RTA have a verification process in place to ensure that departments and/or
individuals designated as the responsible party for specific action plan objectives have
completed the assigned tasks?
Yes
Notes:
No
Partially
20
�Protocol for Maintaining Evidence:
93) For this investigation, did the RTA establish a protocol to retain, secure, and store
physical evidence and documentation developed pursuant to investigations for future
criminal, tort, or other action? Issues that may be addressed include: (1) chain of custody
procedure, (2) validation of photographs/videotapes and control center tapes, (3) physical
evidence retention procedure, and (4) procedure for destructive/non-destructive testing.
Yes
Notes:
No
Partially
94) Has the RTA established a system for archiving and indexing the evidence collected
for the investigation?
Yes
Notes:
No
Partially
Evaluation of Emergency Response to Accident:
95) If applicable, did the RTA conduct an after action briefing on the RTA’s emergency
response to the accident?
Yes
Notes:
No
Partially
96) If applicable, did the RTA prepare a formal after action report documenting its
response to the accident?
Yes
Notes:
No
Partially
97) If applicable, was this after action report made available to the SOA as part of the
accident investigation report or as another submission?
Yes
Notes:
No
Partially
21
�Appendix J: Sample Three-Year Safety and Security Review
Checklist
�Sample Three-Year Safety and Security Review Checklist
SOA:
RAIL TRANSIT AGENCY:
1.0 Policy Statement & Authority for System
Safety Program Plan
2.0 Description of Purpose, Goals and
Objectives for System Safety Program
Plan
ITEM
1.1
1.2
1.3
2.1
2.2
2.3
2.4
2.5
2.4
2.5
ITEM DESCRIPTION
DATE OF REVIEW:
Page 1 of 20
SOA Three-Year
Safety and Security
Review
Checklist
SOA Reviewers:
1 2
3
Reference
Criteria
Method of
Verification
Safety policy clearly stated and disseminated.
• SSPP established as an operating
document
• Policy statement clearly defined and
approved by top management
• Signed by CEO / GM / Board
Authority to develop transit system identified.
• Legislation cited
• Federal, state & local statutes noted
• Meets accepted industry standards
Authority to establish and implement SSPP
clearly defined.
• Purpose of SSPP
• Designated staff / department
Purpose of SSPP defined.
Policy Statement
Document Review,
Interview
Policy Statement
Document Review,
Interview
Policy Statement
Document Review,
Interview
SSPP, Section 2.1
Safety philosophy of organization defined.
• System-wide safety program established
• Framework for implementation of safety
policies and related goals / objectives
Goals are identified to ensure that the SSPP
fulfills its purpose.
• Stated management responsibilities are
identified for the safety program to ensure
that the goals and objectives are achieved.
Safety Program goals clearly stated.
• Goals long-term, meaningful, realizable
• Endorsed by management
System safety function coordinates with other
RTA departments/functions to develop goals.
Objectives are identified to monitor and assess
the achievement of goals.
Stated management responsibilities are
identified for the safety program to ensure that
the goals and objectives are achieved.
SSPP, Section 2.1
Document Review,
Interview
Document Review,
Interview
SSPP, Section 2.2
Document Review,
Interview
SSPP, Section 2.2
Document Review,
Interview
SSPP, Section 2.2
Document Review,
Interview
Document Review,
Interview
Document Review,
Interview
SSPP, Section 2.3
SSPP, Section 2.3
Notes
COLUMN DEFINITIONS:
1 – Meets Criteria
2 – Does Not Meet Criteria (See Supplemental Form)
3 – Partially Meets Criteria, Improvement Needed (See Supplemental Form)
1
�Sample Three-Year Safety and Security Review Supplemental Form
SOA:
Item
No.
RAIL TRANSIT AGENCY:
SSPP/System Security Plan Section:
SOA Reviewers:
DATE OF REVIEW:
Supplemental
Form
RTA Participants:
Acceptance Criteria:
Requirement:
Finding:
Recommendation:
Prepared by:__________________________________
Date:______________________________
2
�Appendix K: Sample Certification that Rail Transit Agency
System Safety Program Plan and System Security Plan
Have Been Developed, Reviewed, and Approved
�Initial Submission
[Certification that Required System Safety Program Plan and System
Security Plan from Each Affected Rail Transit Agency Have Been
Developed, Reviewed, and Approved]
Date ___________________
United States Department of Transportation
Federal Transit Administration
Office of Safety and Security
400 7th Street, S.W.
Washington, D.C. 20590
I, [Insert Name], [Insert Title], certify that [Name of State Oversight Agency] has
required, received and reviewed a System Safety Program Plan and a System Security
Plan from each rail transit agency within the State of [Insert Name of State]’s
jurisdiction. These rail transit agencies include: [Insert Name of Affected Rail Transit
Agency] and [Insert Name of Affected Rail Transit Agency].
I further certify that the System Safety Program Plans and System Security Plans
received from [Insert Name of Affected Rail Transit Agency] and [Insert Name of
Affected Rail Transit Agency] have been approved by [Name of State Oversight Agency]
as compliant with the requirements specified in 49 CFR Part 659 (Rail Fixed Guideway
Systems; State Safety Oversight Rule, April 29, 2005) and the requirements identified in
the [Name of State Oversight Agency]’s Program Standard and Referenced Procedures.
As further evidence of this certification, attached to this letter please find the [Name of
State Oversight Agency]’s completed System Safety Program Plan and System Security
Plan Review Checklists for [Insert Name of Affected Rail Transit Agency] and [Insert
Name of Affected Rail Transit Agency].
Should you have any questions or require any additional information, please do not
hesitate to contact me at [Insert phone number and email address].
Signed: _____________________________________________________
(Name and Title)
�
| File Type | application/pdf |
| File Title | Microsoft Word - Resource Toolkit -- Body.doc |
| Author | asingleton |
| File Modified | 2012-04-25 |
| File Created | 2006-03-20 |