Baseline Assessment and Security Enhancement Review Chec
Public Transportation Baseline Assessment for Security Enhancement (BASE) Program
Public Transportation BASE Instrument.xlsx
BASE Review
OMB: 1652-0061
Document [xlsx]
Download: xlsx | pdf
Agency Profile
Field Office
Checklist
OMRR
SP Addendum
RA Addendum
Overview
SSI Cover SheetAgency Profile
Field Office
Checklist
OMRR
SP Addendum
RA Addendum
Sheet 1: SSI Cover Sheet
|
|||||||||
Sheet 2: Agency Profile
Sheet 3: Field Office
Sheet 4: Checklist
| Baseline Assessment & Security Enhancement Review Checklist | STSI Inspector: | 0 | |||||||||
| Telephone: | 0 | ||||||||||
| <<Agency Name>> | Completed: | <<date>> | |||||||||
| Description | Findings | Verification | References | ||||||||
| Section |
|
|
|
Justification | Regulatory Reference | TSF # | Other Documents | ||||
| MANAGEMENT AND ACCOUNTABILITY | |||||||||||
| 1.000 | Establish Written System Security Plans (SSPs) and Emergency Response Plans (ERPs) | ||||||||||
| 1.100 | System Security Plan (SSP) | ||||||||||
|
|
Does the transit agency have a System Security Plan (SSP)? | FTA SEPP Chapter 3 | |||||||||
| 1.102 | Does the SSP identify the goals and objectives for the security program? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 1.103 | Does a written policy statement exist that endorses and adopts the policies and procedures of the SSP that is approved and signed by top management, including the agency's chief executive? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 1.104 | Is the SSP separate from the agency’s System Safety Program Plan (SSPP)? | ||||||||||
| 1.105 | Do the Security and Emergency Response Plans address protection and response for critical underwater tunnels, underground stations/ tunnels and critical systems, where applicable? | T1 | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | ||||||||
| 1.106 | Does the SSP contain or reference other documents establishing procedures for the management of security incidents by the operations control center? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 1.107 | Does the SSP contain or reference other documents establishing plans, procedures, or protocols for responding to security events with external agencies (such as law enforcement, local EMA, fire departments, etc.)? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 1.108 | Does the SSP contain or reference other documents that establish protocols addressing specific threats from (i) Improvised Explosive Devices (IED) and (ii) Weapons of Mass Destruction (chemical, biological, radiological hazards)? | ||||||||||
| 1.109 | Are visible, random security measures integrated into security plans to introduce unpredictability into security activities for deterrent effect? | T3 | |||||||||
| 1.110 | Does the SSP include provisions requiring that security be addressed in extensions, major projects, new vehicles and equipment procurement and other capital projects, and including integration with the transit agency’s safety certification process? | FTA SEPP, Chapter 8 & FTA Resource Toolkit, Appendix G | |||||||||
| 1.111 | Does the SSP include or reference other documents adopting Crime Prevention Through Environmental Design (CPTED) principles as part of the agency's engineering practices? | FTA Security Design Considerations | |||||||||
| 1.112 | Does the SSP require an annual review? | FTA Resource Toolkit, Appendix G | |||||||||
| 1.113 | Does the transit agency produce periodic reports reviewing its progress in meeting its SSP goals and objectives? | FTA Resource Toolkit, Appendix G | |||||||||
| 1.114 | Has an annual review of the SSP been performed and documented in the preceding 12 months? | ||||||||||
| 1.115 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | FTA Resource Toolkit, Appendix G | |||||||
| 1.116 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | ||||||||
| 1.117 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | ||||||||
| 1.200 | Emergency Response Plan (ERP) | a | |||||||||
| 1.201 | Does the transit agency have an Emergency Response Plan (ERP)? | ||||||||||
| 1.202 | Does a written policy statement exist that endorses and adopts the policies and procedures of the ERP that is approved and signed by top management, including the agency's chief executive? | ||||||||||
| 1.203 | Does the ERP require an annual review to determine if it needs to be updated? | ||||||||||
| 1.204 | Has an annual review of the ERP been performed and documented in the preceding 12 months? | ||||||||||
| 1.205 | Does the ERP include a process or review provision to ensure coordination with the rail transit agency’s SSPP and SSP? | ||||||||||
| 1.206 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | ||||||||
| 1.207 | Does the ERP contain or reference other documents establishing plans, procedures, or protocols for responding to emergency events with external agencies (such as law enforcement, local EMA, fire departments, etc.)? | ||||||||||
| 1.208 | Does the ERP contain or reference other documents that establish procedures for the management of emergency events, including those to be employed by the operations control center? | FTA Resource Toolkit, Appendix G | |||||||||
| 1.209 | Does the ERP contain or reference other documents to provide for Continuity of Operations while responding to emergency events? | TCRP/NCHRP Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies | |||||||||
| 1.210 | Does the agency have a written Business Recovery Plan to guide restoration of facilities and services following an emergency event? | ||||||||||
| 1.211 | Does the agency have a written Business Continuity Plan and COOP to guide restoration of facilities and services following an emergency event? | ||||||||||
| 1.212 | Does the agency have a back-up operations control center capability? | ||||||||||
| 2.000 | Define Roles and Responsibilities for Security and Emergency Management | a | |||||||||
| 2.100 | System Security Plan (SSP) | a | |||||||||
| 2.101 | Does the SSP establish and assign responsibility for implementation of the security program to a Senior Manager who is a "direct report" to the agency's Chief Executive Officer? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.102 | Has the agency established lines of delegated authority/succession of security responsibilities and, if so, has that information been distributed to agency managers? | ||||||||||
| 2.103 | Are roles and responsibilities for security and/or law enforcement personnel assigned by title and/or position established in the SSP or other documents? | ||||||||||
| 2.104 | Are security-related roles and responsibilities for non-security and/or law enforcement personnel (i.e., operators, conductors, maintenance workers and station attendants) established in the SSP or other documents? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.105 | Do senior staff and middle management conduct security meetings on a regular basis to review recommendations for changes to plans and processes? | T2 | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | ||||||||
| 2.106 | Does a Security Review Committee (or other designated group) regularly review security incident reports, trends, and program audit findings? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.107 | Are informational briefings with appropriate personnel held whenever security protocols, threat levels, or protective measures are updated or as security conditions warrant? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.108 | Have appropriate reference guides or other written instructions or procedures been distributed to transit employees to implement the requirements of the SSP? | FTA SEPP, Chapter 6 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.109 | Has the agency appointed a Primary and Alternate Security Coordinator to serve as its primary and immediate 24-hr contact for intelligence and security-related contact with TSA and are the names of those Coordinators on file with TSA OSPIE office correct? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G | |||||||||
| 2.110 | Does the agency maintain a record of security related incidents that are reported within the agency? | ||||||||||
| 2.200 | Emergency Response Plan (ERP) | a | |||||||||
| 2.201 | Does the ERP establish and assign responsibility for implementation of the security program to a Senior Manager who is a "direct report" to the agency's Chief Executive Officer? | FTA Critical Incident Management Guidelines & TCRP Public Transportation | |||||||||
| 2.202 | Are emergency response roles and responsibilities for all departments identified in the ERP or other supporting documents? | ||||||||||
| 2.203 | Are roles and responsibilities for front-line personnel (i.e. system law enforcement, system security officials, train or vehicle operators, conductors, station attendants, maintenance workers) described in the system's Emergency Response Plan (ERP)? | T5 | |||||||||
| 2.204 | Has the ERP been distributed to appropriate departments in the organization? | FTA Resource Toolkit, Appendix G | |||||||||
| 2.205 | Have appropriate reference guides or other written instructions or procedures been distributed to transit employees to implement the requirements of the ERP? | FTA Critical Incident Management Guidelines & TCRP Public Transportation Emergency Mobilization and Emergency Operations Guide | |||||||||
| 2.206 | Are senior staff and middle management ERP coordination meetings held on a regular basis? | ||||||||||
| 2.207 | Are informational briefings with appropriate personnel held whenever emergency response protocols are substantially changed or updated? | ||||||||||
| 2.208 | Does the agency use National Fire Protection Association (NFPA) Standard 130 or equivalent local codes to evaluate fire/life safety in station design or modification (including fire detection systems, firewalls and flame-resistant materials, back-up powered emergency lighting, defaults in turnstile and other systems supporting emergency exists, and pre-recorded public announcements)? | ||||||||||
| 3 | Ensure that operations and maintenance supervisors, forepersons and managers are held accountable for security issues under their control | a | |||||||||
| 3.101 | Do managers and supervisors routinely provide information to front-line personnel regarding security and emergency response issues? | FTA SEPP, Chapter 6 & FTA Resource Toolkit, Appendix G | |||||||||
| 3.102 | Are regular supervisor, manager, and/or foreperson security review and coordination briefings held? If so, detail frequency and subjects covered in the justification. | FTA SEPP, Chapter 6 & FTA Resource Toolkit, Appendix G | |||||||||
| 3.103 | Does the agency have a program for confirming that personnel have a working knowledge of security protocols? If so, summarize program in the justification. | FTA SEPP, Chapter 6 & FTA Resource Toolkit, Appendix G | |||||||||
| 3.104 | Are managers and/or supervisors required to debrief front-line employees regarding their involvement in or management of any security or emergency incidents? | ||||||||||
| 4.000 | Coordinate Security and Emergency Management Plan(s) with local and regional agencies | a | |||||||||
| 4.101 | Have Mutual Aid agreements been established between the transit agency and entities in the area that would be called upon to supplement the agency's resources in the event of an emergency event? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendix G. The security section of the SSPP "should also specify how state and local law enforcement and security personnel interface and work together, and how the parties communicate and share jurisdictions." | |||||||||
| 4.102 | Does the agency participate in a regional Emergency Management Working Group or similar regional coordinating body for emergency preparedness and response? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.103 | Have regional incident management protocols been shared with the agency and incorporated into the agency's ERP? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.104 | Have agency resources been appropriately identified and provided to the regional EMA? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.105 | Does the agency have a designated point-of-contact or liaison with the local/regional Emergency Operations Center (EOC)? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.106 | Does the agency send a representative to the local/regional EOC, should it be activated? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.107 | Does the agency have information sharing capabilities with the regional/local EOC (i.e., contacts, procedures, resource inventories, etc.)? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.108 | Has the agency developed internal incident management protocols that comply with the National Response Plan and the National Incident Management System? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.109 | Have the agency's emergency response protocols been shared with the EMA and appropriate first responder agencies? | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 4.110 | Has the transit system tested its communications systems for interoperability with appropriate emergency response agencies? | T5 | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 4.111 | If the agency's communications systems are NOT inter-operable with appropriate emergency response agencies, have alternate communication protocols been established? Describe the alternate communication protocols in the justification. | FTA SEPP, Chapter 3 & FTA Resource Toolkit, Appendices E & G | |||||||||
| SECURITY AND EMERGENCY RESPONSE TRAINING | a | ||||||||||
| 5.000 | Establish and Maintain a Security and Emergency Training Program | a | |||||||||
| 5.101 | Is initial training provided to all new agency employees regarding security orientation/awareness? | T4 | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 5.102 | Is annual refresher training provided regarding security orientation/awareness to Senior Management staff, managers and supervisors? | T4 | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 5.103 | Is annual refresher training provided regarding security orientation/awareness to managers and supervisors? | T4 | |||||||||
| 5.104 | Is annual refresher training provided regarding security orientation/awareness to front-line employees? | T4 | |||||||||
| 5.105 | Is ongoing advanced security training focused on job function provided at least annually? | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.106 | Is initial training provided to all new transit employees regarding emergency response? | T4 | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 5.107 | Is annual refresher training provided regarding emergency response to Senior Management staff, supervisors, and managers? | T4 | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 5.108 | Is annual refresher training provided regarding emergency response to Managers and Supervisors? | T4 | |||||||||
| 5.109 | Is annual refresher training provided regarding emergency response to front-line Employees? | T4 | |||||||||
| 5.110 | Have agency employees received general training on Incident Command System (ICS) procedures in accordance with National Incident Management System at least annually? | T4 | |||||||||
| 5.111 | Has ICS and NIMS training appropriate to the position been provided to Senior Management staff, supervisors, and managers at least annually? | ||||||||||
| 5.112 | Has ICS and NIMS training appropriate to the position been provided to managers and supervisors at least annually? | ||||||||||
| 5.113 | Has ICS and NIMS training appropriate to the position been provided to front-line employees at least annually? | ||||||||||
| 5.114 | Has the agency developed a program and provided annual training on its own incident response protocols? | ||||||||||
| 5.115 | as training on the agency's incident response protocols appropriate to the position been provided to Senior Management staff, managers and supervisors at least annually? | T4 | |||||||||
| 5.116 | Has training on the agency's incident response protocols appropriate to the position been provided to managers and supervisors? | T4 | |||||||||
| 5.117 | Has training on the agency's incident response protocols appropriate to the position been provided to front-line employees at least annually? | T4 | |||||||||
| 5.118 | Has the transit system implemented an annual training program for personnel regarding response to terrorism, including (i) Improvised Explosive Devices and ii) Weapons of Mass Destruction (chemical, biological, radiological, nuclear)? If so, summarize the relevant programs in the justification. | T4 | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | ||||||||
| 5.119 | Has training focused on IEDs and WMDs appropriate to the position been provided to Senior Management staff, managers, and supervisors at least annually? | ||||||||||
| 5.120 | Has training focused on IEDs and WMDs appropriate to the position been provided to manager and supervisors? | ||||||||||
| 5.121 | Has training focused on IEDs and WMDs appropriate to the position been provided to front-line employees at least annually? | ||||||||||
| 5.122 | Do law enforcement/security department personnel at the agency receive specialized training in counter-terrorism annually? Summarize program in the justification. | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.123 | Do law enforcement/security department personnel at the agency receive specialized training supporting their incident management and emergency response roles at least annually? Summarize program in the justification. | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.124 | Does the agency have an established program to monitor employee training and to schedule employees for training as needed? | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.125 | Does the agency have a system that records and tracks personnel training for all security-related courses (including initial, annual, periodic and other)? | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.126 | Does the transit agency have a system that records and tracks personnel training for emergency response courses (including initial, periodic and other)? | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.127 | Does the agency have a program to regularly review and update security awareness and emergency response training materials? | FTA SEPP, Chapter 7 & FTA Resource Toolkit, Appendices E & G | |||||||||
| 5.128 | Are all appropriate personnel notified via briefings, email, voicemail, or signage of changes in threat condition, protective measures or the employee watch programs? | T4 | |||||||||
| 5.129 | Do the agency's security awareness and emergency response training programs cover response and recovery operations in critical facilities and infrastructure? If so, summarize relevant provisions of program in the justification. | T1 | |||||||||
| 5.130 | Has the agency provided training to regional first responders (law enforcement agencies, firefighters, and emergency medical response teams) to enable them to operate in critical facilities and infrastructure? | T1 | |||||||||
| 5.131 | Does training of transit system law enforcement and/or security personnel integrate the concept and employment of visible, random security measures? | T3 | |||||||||
| 5.132 | Has the agency implemented a program to annually train or orient first responders (law enforcement, firefighters, emergency medical teams) and other potential supporting assets (e.g., TSA regional personnel for VIPR exercises)on railroad familiarization? | T4 | |||||||||
| NATIONAL TERRORISM ADVISORY SYSTEM (NTAS) | a | ||||||||||
| 6.000 | Establish plans and protocols to respond to the DHS National Terrorism Advisory System (NTAS). | a | |||||||||
| 6.101 | Does the SSP contain or reference other documents identifying incremental actions (imminent or elevated) to be implemented for a NTAS threat? | FTA Protective Measures | |||||||||
| 6.102 | Does the agency have actionable operational response protocols for the specific threat scenarios from NTAS? | T2 | FTA Protective Measures | ||||||||
| 6.103 | Has the agency provided annual training and/or instruction focused on job function regarding the incremental activities to be performed by employees? | ||||||||||
| PUBLIC AWARENESS | a | ||||||||||
| 7.000 | Implement and reinforce a Public Security and Emergency Awareness program: | a | |||||||||
| 7.101 | Has the transit agency developed and implemented a public security and emergency awareness program? | FTA’s Transit Watch | |||||||||
| 7.102 | Does the agency provide active public outreach for security awareness and emergency preparedness (e.g., Transit Watch, “If You See Something, Say Something”, message boards, brochures, channel cards, posters, fliers)? | T6 | FTA’s Transit Watch | ||||||||
| 7.103 | Is the above consistent with agency's overall announcement program? | T6 | |||||||||
| 7.104 | Are general security awareness and emergency preparedness messages included in public announcement messages at stations and on board vehicles? | T6 | |||||||||
| 7.105 | Are passengers urged to report unattended property, suspicious behavior, and security concerns to uniformed crew members, law enforcement or security personnel, and/or a contact telephone number? If so, summarize the type of materials used and content in the justification. | T6 | |||||||||
| 7.106 | Does the transit agency use Transit Watch materials in its security and emergency awareness program? | ||||||||||
| 7.107 | Does the agency have an appropriate mechanism in place for passengers to communicate an (e.g., 1-800 number, smart phone applications, social media, etc.) that can be called or used to report security concerns? If so, is this information indicated in public awareness materials and messages? | T6 | FTA’s Transit Watch | ||||||||
| 7.108 | Does the agency issue public service announcements or press releases to local media (e.g. newspaper, radio, television, social media, QRC codes, and/or apps for smart phones) regarding security and emergency protocols? | FTA’s Transit Watch | |||||||||
| 7.109 | Does the agency issue public service announcements or press releases to local media (e.g. newspaper, radio and/or television) regarding security and emergency protocols? | T6 | FTA’s Transit Watch | ||||||||
| 7.110 | Does the transit agency conduct a volunteer training program for non-employees to aid with system evacuations and emergency response? | FTA’s Transit Watch | |||||||||
| 7.111 | Does the transit agency conduct an outreach program to enlist members of the public as security awareness volunteers, similar to Neighborhood Watch programs? | ||||||||||
| 7.112 | Do public awareness materials and/or messages inform passengers on the means to evacuate safely from transit vehicles and underwater/underground facilities? | T1 | |||||||||
| 7.113 | Does the system integrate randomness and unpredictability into its security activities to enhance deterrent effect? | T3 | |||||||||
| 7.114 | Does the agency track and monitor customer complaints reported by passengers? | ||||||||||
| ESTABLISH A RISK ASSESSMENT AND INFORMATION SHARING PROCESS | a | ||||||||||
| 8.000 | Establish and use a Risk Management Process to assess and manage threats, vulnerabilities and consequences | a | |||||||||
| 8.101 | Does the agency have a risk assessment process approved by its management, for managing threats and vulnerabilities? If so, summarize the process in the justification. | T2 | FTA’s SEPP, Chapter 5, FTA’s Resource Toolkit Appendix G | ||||||||
| 8.102 | Has the agency identified facilities and systems it considers to be its critical assets? | ||||||||||
| 8.103 | Has the agency had an internal or external risk or vulnerability assessment on its critical assets within the past 3 years? Specify the dates of the most recent assessments and the entity(ies) that conducted the assessment(s). | T2 | |||||||||
| 8.104 | Based on the results of question 9.103, has a Risk Assessment, analyzing threat, vulnerability, & consequence, been conducted for critical assets and infrastructure, and systems within the past 3 years? Have management and staff responsible for the risk assessment process been properly trained to manage the process? | T1 | |||||||||
| 8.105 | Has the system implemented procedures to limit and monitor authorized access to underground and underwater tunnels? If so, summarize procedures in the justification. | T2 | |||||||||
| 8.106 | Are security investments prioritized using information developed in the risk assessment process? | ||||||||||
| 8.107 | Has the date of the most recent vulnerability assessment been provided to TSA at [email protected]? | ||||||||||
| 8.108 | Upon request, has TSA been provided access to the agency's vulnerability assessments, Security Plan and related documents? | T1 | |||||||||
| 9.000 | Establish and use an information sharing process for threat and intelligence information | a | |||||||||
| 9.101 | Does the agency have a formalized process and procedures for reporting and exchange of threat and intelligence information with Federal, State, and/or local law enforcement agencies? | ||||||||||
| 9.102 | Does the system report threat and intelligence information directly to FBI Joint Terrorism Task Force (JTTF) or other regional anti-terrorism task force? | T2 | |||||||||
| 9.103 | Does the system have a protocol to report threats or significant security concerns to appropriate law enforcement authorities, and TSA's Transportation Security Operations Center (TSOC)? | T2 | |||||||||
| 9.104 | Does the agency routinely receive threat and intelligence information directly from any Federal government agency, State Homeland Security Office, Regional or State Intelligence Fusion Center, PT-ISAC, or other transit agencies? | ||||||||||
| 9.105 | Does the agency report their NTD security data to FTA as required by 49 CFR 659? | ||||||||||
| DRILLS AND EXERCISES | a | ||||||||||
| 10.000 | Conduct Tabletop and Functional Drills | a | |||||||||
| 10.101 | Does the agency’s System Safety Program Plan (SSPP) contain or reference a document describing the process used by the agency to develop an approved, coordinated schedule for all emergency management program activities, including local/regional emergency planning and participation in exercises and drills? | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | |||||||||
| 10.102 | Does the agency’s SSPP or SSP describe or reference how the agency performs its emergency planning responsibilities and requirements regarding emergency drills and exercises? | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | |||||||||
| 10.103 | Does the agency evaluate its emergency preparedness by using annual field exercises, tabletop exercises, and/or drills? If so, please summarize the exercise events held in the past year. | T5 | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | ||||||||
| 10.104 | Does the agency's SSPP or a related document include a requirement for annual field exercises, tabletops and drills? | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | |||||||||
| 10.105 | Does the agency’s SSPP or SSP describe or reference how the agency documents the results of its emergency preparedness evaluations (i.e., briefings, after action reports and implementation of findings)? | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | |||||||||
| 10.106 | Does the agency’s SSPP or a related document describe or reference its program for providing employee training on emergency response protocols and procedures? | FTA’s SEPP, Chapter 7, FTA’s Resource Toolkit Appendices E & G | |||||||||
| 10.107 | Does the agency participate as an active player in full-scale, regional exercises held at least annually? | ||||||||||
| 10.108 | In the last year, has the agency conducted and/or participated in a drill, tabletop exercise, and/or field exercise including scenarios involving (i) IED's and (ii) WMD (chemical, biological, radiological, nuclear) with other transit agencies and first responders (e.g., NTAS scenarios)? | T5 | |||||||||
| 10.109 | In the last year, has the agency reviewed results and prepared after-action reports to assess performance and develop lessons learned for all drills, tabletop, and/or field exercises? | T5 | TCRP/NCHRP Guidelines for Transportation Emergency Training Exercises | ||||||||
| 10.110 | In the last 12 months, has the agency updated plans, protocols and processes to incorporate after-action report recommendations/findings and corrective actions? If so, summarize the actions taken in the justification. | T5 | TCRP/NCHRP Guidelines for Transportation Emergency Training Exercises | ||||||||
| 10.111 | Has the agency established metrics to assess its performance during emergency exercises and to measure improvements? | ||||||||||
| 10.112 | Does the system conduct drills and exercises of its security and emergency response plans to test capabilities of i) employees and ii) first responders to operate effectively in underwater/underground infrastructure? | T1 | |||||||||
| 10.113 | Does the transit system integrate local and regional first responders (law enforcement, firefighters, emergency medical teams) in drills, tabletop exercises, and/or field exercises? If so, summarize each joint event and state when it took place. | T5 | |||||||||
| 11.000 | Developing a Comprehensive Cyber Security Strategy | a | |||||||||
| 11.101 | Has the agency conducted a risk assessment to identify operational control and communication/business enterprise IT assets and potential vulnerabilities? | FTA’s SEPP, Chapter 6, FTA’s Resource Toolkit Appendix G | |||||||||
| 11.102 | Has the agency implemented protocols to ensure that all IT facilities (e.g., data centers, server rooms, etc) and equipment are properly secured to guard against internal or external threats or attacks? | FTA’s SEPP, Chapter 6, FTA’s Resource Toolkit Appendix G | |||||||||
| 11.103 | Has a written strategy been developed and integrated into the overall security program to mitigate the cyber risk identified? | ||||||||||
| 11.104 | Does the agency have a designated representative to secure the internal network through appropriate access controls for employees, a strong authentication (i.e., password) policy, encrypting sensitive data, and employing network security infrastructure (example: firewalls, intrusion detection systems, IT security audits, antivirus, etc)? | FTA’s SEPP, Chapter 6, FTA’s Resource Toolkit Appendix G | |||||||||
| 11.105 | Does the agency ensure that recurring cyber security training reinforces security roles, responsibilities, and duties of employees at all levels to protect against and recognize cyber threats? | FTA’s SEPP, Chapter 6, FTA’s Resource Toolkit Appendix G | |||||||||
| 11.106 | Has the agency established a cyber-incident response and reporting protocol? | FTA’s SEPP, Chapter 7 | |||||||||
| 11.107 | Is the agency aware of and using available resources (e.g., standards, PT-ISAC, US CERT, National Cyber Security Communication and Integration Center, etc)? | ||||||||||
| FACILITY SECURITY AND ACCESS CONTROLS | a | ||||||||||
| 12.000 | Control Access to Security Critical Facilities with ID badges for all visitors, employees and contractors | a | |||||||||
| 12.101 | Have assets and facilities requiring restricted access been identified? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.102 | Are ID badges or other measures employed to restrict access to facilities not open to the public? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.103 | Has the transit agency developed and implemented procedures to monitor, update and document access control (e.g. card key, ID badges, keys, safe combinations, etc.)? | T2 | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | ||||||||
| 12.104 | Does the agency have procedures to issue ID badges for visitors and contractors? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.105 | Does the agency require escorts for visitors accessing non-public areas? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.106 | Is CCTV equipment installed in transit agency facilities? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.107 | Is CCTV equipment protecting critical assets interfaced with an access control system? | ||||||||||
| 12.108 | Is CCTV equipment installed on transit vehicles? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.109 | Are Crime Prevention through Environmental Design (CPTED) and technology (e.g., CCTV, access control, intrusion detection, bollards, etc) incorporated into design criteria for all new and/or existing capital projects? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.110 | Based on the risk assessment, does the agency use fencing, barriers, and/or intrusion detection to protect against unauthorized entry into stations, facilities, and other identified critical assets? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.111 | Has the system implemented protective measures to secure high risk/high consequence assets and systems identified in risk assessments? Examples of protective measures include but are not limited to CCTV, intrusion detection systems, smart camera technology, fencing, enhanced lighting, access control, LE patrols, K-9s, protection of ventilation systems. If protective measures for this infrastructure are employed, summarize type and location in in the justification. | T2 | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | ||||||||
| 12.112 | Does the transit agency monitor a network of security, fire, duress, intrusion, utility and internal 911 alarm systems? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.113 | Are emergency call boxes provided for passengers? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.114 | Do transit agency personnel administer an automated employee access control system and perform corrective analysis of security breaches? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.115 | Does the agency have policies and procedures for screening of mail and/or outside deliveries? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.116 | Have locks, bullet resistant materials and anti-fragmentation materials been installed/used at critical locations? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.117 | Does the agency use National Fire Protection Association (NFPA) Standard 130 or equivalent to evaluate fire/life safety in station design or modification (including fire detection systems, firewalls and flame-resistant materials, back-up powered emergency lighting, defaults in turnstile and other systems supporting emergency exists, and pre-recorded public announcements)? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.118 | Is directional signage with adequate lighting provided in a consistent manner in all stations, both to provide orientation and to support emergency evacuation? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.119 | Are gates and locks used on all facility doors to prevent unauthorized access? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.120 | Are keys controlled through an established program managed by the security/police function? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.121 | Are gates and locks also used to close down system facilities after operating hours? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.122 | Do transit vehicles have radios, silent alarms, and/or passenger communication systems? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.123 | Does the transit agency use graffiti-resistant/etch-resistant materials for walls, ceilings, and windows? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.124 | Are Uninterruptible Power Supply (UPS) or redundant power sources provided for safety and security of critical equipment, such as but not limited to: exit and platform lighting; parking lot lighting; ancillary space and shop lighting; intrusion detection (alarmed rooms and spaces, fare collection equipment, etc.); fire detection, alarm and suppression systems; public address (shop and public areas); call-for-aid telephones; CCTV; emergency trip stations; vital train control functions; etc.? | FTA’s SEPP, Chapter 8 & Resource Toolkit, Appendix G | |||||||||
| 12.125 | At passenger stations at which a vulnerability assessment has identified a significant risk, and to the extent practicable, has the owner/operator removed trash receptacles and other non-essential receptacles or containers (with the exception of bomb resistant receptacles or clear plastic containers) from the platform areas of passenger terminals and stations? | ||||||||||
| 12.126 | Does the agency employ specific protective measures for all critical infrastructure (e.g., tunnels, bridges, stations, control centers, etc) identified through the risk assessment particularly at access points and ventilation infrastructure in place and maintained in optimal condition? Examples of protective measures include, but are not limited to, CCTV, intrusion detection systems, smart camera technology, fencing, lighting, access control, law enforcement patrols, canine patrols, physical protection for ventilation systems. If protective measures for this infrastructure are employed, summarize type and location in the justification. | ||||||||||
| 12.127 | Does the agency have or utilize explosive detection canine teams, either maintained by the system or made available from other law enforcement agencies? If so, has the system implemented procedures for reporting of and response to positive reactions by the canine? | T1 | |||||||||
| 12.128 | Is there a process in place, with necessary training provided to personnel, to ensure that in service rail cars are inspected at regular periodic intervals for suspicious or unattended items? Specify type and frequency of inspections. | ||||||||||
| 12.129 | Is there a process in place, with necessary training provided to personnel, to ensure that all critical infrastructure are inspected at regular periodic intervals for suspicious or unattended items? Specify type and frequency of inspections. | ||||||||||
| 13.000 | Conduct Physical Security Inspections | a | |||||||||
| 13.101 | Does the agency conduct frequent inspections of key facilities, stations, terminals, trains and vehicles, or other critical assets for persons, materials, and items that do not belong? | T1 | |||||||||
| 13.102 | Has the transit agency established procedures for inspecting/sweeping vehicles and stations to identify and manage suspicious items, based on HOT characteristics (hidden, obviously suspicious, not typical) or equivalent system? | FTA’s SEPP, Chapter 6 & Resource Toolkit, Appendix G | |||||||||
| 13.103 | Has the transit agency developed a form or quick reference guide for operations and personnel for the conduct of pre-trip, post-trip, and within trip inspections? | FTA’s SEPP, Chapter 6 & Resource Toolkit, Appendix G | |||||||||
| 13.104 | Has the transit agency developed a form or quick reference guide for station attendants and others regarding station and facility inspections? | FTA’s SEPP, Chapter 6 & Resource Toolkit, Appendix G | |||||||||
| 13.105 | Does the system document the results of inspections and implement any changes to policies and procedures or implement corrective actions, based on the findings? | T2 | |||||||||
| 13.106 | Does the agency conduct frequent inspections of access points, ventilation systems, and the interior of underground/underwater assets and systems for indications of suspicious activity? | T2 | |||||||||
| 13.107 | Does the system integrate randomness and unpredictability into its security activities to enhance deterrent effect? | ||||||||||
| BACKGROUND INVESTIGATIONS | a | ||||||||||
| 14.000 | Conduct Background Investigations of Employees and Contractors | a | |||||||||
| 14.101 | Does the agency conduct background investigations (i.e., criminal history and motor vehicle records) on all new front-line operations and maintenance employees, and employees with access to sensitive security information, facilities and systems? | T2 | |||||||||
| 14.102 | To the extent allowed by agency policy or law, does the agency conduct background investigations on contractors, including vendors, with access to critical facilities, sensitive security systems, and sensitive security information? | T2 | |||||||||
| 14.103 | Has counsel for the agency reviewed the process for conducting employee background investigations to confirm that procedures are consistent with applicable statutes and regulations? | ||||||||||
| 14.104 | Is the background investigation process documented? | ||||||||||
| 14.105 | Is the criteria for background investigations based on employee type (senior management staff, law enforcement officers, managers/supervisors, operators, maintenance, safety/security sensitive, contractor, etc.) and/or responsibility and access documented? | ||||||||||
| DOCUMENT CONTROL | a | ||||||||||
| 15.000 | Control Access to documents of security critical systems and facilities | a | |||||||||
| 15.101 | Does the agency keep documentation of its security critical systems, such as tunnels, bridges, HVAC systems and intrusion alarm detection systems (i.e. plans, schematics, etc.) protected from unauthorized access? | T2 | |||||||||
| 15.102 | Has the agency designated a department/person responsible for administering the access control policy with respect to agency documents? | ||||||||||
| 15.103 | Does the security review committee (or other designated group) review document control practices, assess compliance applicable procedures, and identify discrepancies and necessary corrective action? | ||||||||||
| 16.000 | Process for handling and access to Sensitive Security Information (SSI) | a | |||||||||
| 16.101 | Does the agency have a documented policy for identifying and controlling the distribution of and access to documents it considers to be Sensitive Security Information (SSI) pursuant to 49 CFR Part 15 or 1520? | ||||||||||
| 16.102 | Does the agency have a documented policy for proper handling, control, and storage of documents labeled as or otherwise determined to be Sensitive Security Information (SSI) pursuant to 49 CFR Part 15 or 1520? | ||||||||||
| 16.103 | Are employees who may be provided SSI materials per 49 CFR Part 15 or 1520) familiar with the documented policy for the proper handling of such materials? | 49 CFR Parts 15 and 1520 | |||||||||
| 16.104 | Have employees provided access to SSI material per 49 CFR Part 15 or 1520 received training on proper labeling, handling, dissemination, and storage (such as through the TSA on-line SSI training program)? | ||||||||||
| SECURITY PROGRAM AUDITS | a | ||||||||||
| 17.000 | Audit Program | a | |||||||||
| 17.101 | Has the agency established a schedule for conducting its internal security audit process? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.102 | Does the SSP contain a description of the process used by the agency to audit its implementation of the SSP over the course of the agency's published schedule? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.103 | Has the transit agency established checklists and procedures to govern the conduct of its internal security audit process? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.104 | Is the transit agency complying with its internal security audit schedule? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.105 | Is each internal security audit documented in a written report, which includes evaluation of the adequacy and effectiveness of the SSP element and applicable implementing procedures audited, needed corrected actions, needed recommendations, an implementation schedule for corrective actions and status reporting? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.106 | In the last 12 months, has the Security Review Committee (or other designated group) addressed the findings and recommendations from the internal security audits, and updated plans, protocols and processes as necessary? | FTA Resource Toolkit, Appendices E and G | |||||||||
| 17.107 | Does the transit agency’s internal security audit process ensure that auditors are independent from those responsible for the activity being audited? | ||||||||||
| 17.108 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.23 (e) & § 659.27(a) | |||||||
| 17.109 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27(e) | |||||||
| 17.110 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27 (c) | |||||||
| 17.111 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27 (f) | |||||||
| 17.112 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27 (g) | |||||||
| 17.113 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27 (g) | |||||||
| 17.114 | N/A Not Governed By 49 CFR Part 659 | 4 | N/A | § 659.27 (h) | FTA Resource Toolkit, Appendices E and G | ||||||
| Should be 0 if all Line Items were rated | 195 | 0 | 0 | Total SPs and RAs | |||||||
| 0 | # of 0,1 and 2 | ||||||||||
| 0 | This should be 0 if the # of RAs match the # of ratings ≤ 2 | ||||||||||
Sheet 5: OMRR
Sheet 6: SP Addendum
| <<Agency Name>> | ||||||||
| Smart Security Practice Addendums (SP) | ||||||||
| Instructions: For each item identified as a possible "Smart Practice", copy the cells in columns A thru D from the referenced line item in the "Checklist" into the "<<copy and paste from checklist>> line below, then provide a description of the program or practice. For additional entries, copy and paste additional rows. For additional entries, copy and paste additional rows. | EXAMPLE | |||||||
| Item | Description | Score | SP | Item | Description | Score | SP | |
| <<copy and paste from checklist>> | 1.101 | Does Amtrak have a System Security Plan (SSP)? | 4 | X | ||||
| Smart Security Practice Description | Smart Security Practice Description | |||||||
| <<Enter SP here>> | Amtrak's SSP is wonderful and should be a model for all transit systems. | |||||||
| Item | Description | Score | SP | |||||
| <<copy and paste from checklist>> | ||||||||
| Smart Security Practice Description | ||||||||
| <<Enter SP here>> | ||||||||
| Item | Description | Score | SP | |||||
| <<copy and paste from checklist>> | ||||||||
| Smart Security Practice Description | ||||||||
| <<Enter SP here>> | ||||||||
| Total SPs | 0 | |||||||
Sheet 7: RA Addendum
| File Type | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |
© 2024 OMB.report | Privacy Policy