PIA_DHS-NPPD-PIA-018(b)

Privacy Impact Assessment Update
for the

Chemical Facility Anti-Terrorism
Standards (CFATS) Personnel Surety
Program
DHS/NPPD/PIA-018(b)
November 10, 2015
Contact Point
David Wulf
Office of Infrastructure Protection
National Protection and Programs Directorate
(703) 603-4778
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 1

Abstract
The Department of Homeland Security (DHS) National Protection and Programs
Directorate (NPPD) is updating the Chemical Facility Anti-Terrorism Standards (CFATS)
Personnel Surety Program’s Privacy Impact Assessment (PIA) to account for changes to the
program since the publication of the program’s most recent PIA Update on May 1, 2014. The
changes addressed in this PIA Update are primarily changes to the Chemical Security
Assessment Tool Personnel Surety application and statutory requirements of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of 2014.

Overview
On December 18, 2014, the President signed into law the Protecting and Securing
Chemical Facilities from Terrorist Attacks Act of 2014 (also referred to as “the CFATS Act of
2014”). 1 The CFATS Act of 2014 reauthorized the CFATS program for four years and added
provisions related to CFATS to the Homeland Security Act of 2002, as amended. 2 These
amendments to the Homeland Security Act of 2002 3 affirmed that the Department must
implement a Personnel Surety Program for high-risk chemical facilities to comply with RiskBased Performance Standard (RBPS) 12(iv) of CFATS. 4
The CFATS program is a non-prescriptive, security-based regulatory program designed
to reduce the risk of terrorism at high-risk chemical facilities. Pursuant to regulations set forth in
6 CFR Part 27, DHS collects information from chemical facilities in order to determine if a
facility is high-risk. If a facility is determined to be high-risk, the facility must implement a DHS
approved Site Security Plan (SSP) or Alternative Security Program (ASP).
Under the CFATS program, Congress required the Department to establish RBPS for
high-risk chemical facilities. DHS promulgated 18 RBPS under CFATS, including RBPS 12 –
Personnel Surety, which requires high-risk chemical facilities to perform appropriate background
checks on, and ensure appropriate credentials for, facility personnel, and as appropriate, for
unescorted visitors with access to restricted areas or critical assets. 5
The CFATS Personnel Surety Program provides the capability for high-risk chemical
facilities to meet the RBPS 12 – Personnel Surety requirements by ensuring that all affected
1

Pub. L. No. 113-254.
Section 2 of the CFATS Act of 2014 added a new Title XXI to the Homeland Security Act of 2002. Title XXI
contains new sections numbered 2101 through 2109. Citations to the Homeland Security Act of 2002 throughout this
document reference those sections of Title XXI. In addition to being found in amended versions of the Homeland
Security Act of 2002, those sections of Title XXI can also be found in section 2 of the CFATS Act of 2014, or in 6
U.S.C. §§ 621-629.
3
The CFATS Act of 2014 specifically adds section 2102(d)(2) to the Homeland Security Act of 2002. That section
requires the Department to implement a Personnel Surety Program.
4
The specific requirement of RBPS 12(iv) is found at 6 CFR § 27.230(a)(12)(iv).
5
See 6 CFR § 27.230(a)(12).
2

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 2

individuals 6 are recurrently vetted against the Federal Bureau of Investigation’s (FBI) Terrorist
Screening Database (TSDB). 7 This PIA Update addresses specific changes to the Chemical
Security Assessment Tool (CSAT) Personnel Surety application since the publication of the
program’s most recent PIA Update on May 1, 2014. 8 This PIA Update also reflects statutory
requirements associated with the CFATS Act of 2014. A brief description for each specific area
addressed by this PIA Update is provided below.

Reason for the PIA Update
The reason for this PIA Update is to address several specific improvements and updates
to the CFATS Personnel Surety Program since the publication of a PIA Update for the program
on May 1, 2014. A detailed explanation follows:

1. To account for changes to the CSAT Personnel Surety application process
Implementation and System Access
The Department will publish a Notice of Implementation to inform high-risk chemical
facilities regulated under CFATS of the implementation of the change to CFATS Personnel
Surety Program discussed below. DHS will then individually notify high-risk chemical facilities
regarding when the Department will expect each to begin implementing RBPS 12(iv) in
accordance with its SSP or ASP.
Upon notification from the Department, facilities will access the CSAT Personnel Surety
application through CSAT using their existing usernames and passwords. 9 Within the CSAT
Personnel Surety application, there are two mechanisms to add user accounts. The first method is
to invite an existing CSAT user to an assigned role and the second is to create an account for a
new user who currently does not have a CSAT account. User accounts are only created for
individuals responsible for adding affected individuals (Authorizers and Personal Surety (PS)
Submitters) in the CSAT Personnel Surety application.

6

Affected individuals are individuals that are subject to screening for terrorist ties under the CFATS program. These
individuals are: (1) facility personnel who have or are seeking access, either unescorted or otherwise, to restricted
areas or critical assets; or (2) unescorted visitors who have or are seeking access to restricted areas or critical assets.
Individual high-risk facilities may choose to classify contractors as either “facility personnel” or as “visitors.” This
is a facility-specific determination and is based on individual facility security protocols, operational requirements,
and business practices.
7
See DOJ/FBI – 019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
8
See DHS/NPPD/PIA-018(a) Chemical Facilities and Anti-Terrorism Standards Personnel Surety Program, Initial
Implementation, available at www.dhs.gov/privacy.
9
For more information on CSAT, see DHS/NPPD/PIA-009 - Chemical Facility Anti-Terrorism Standards (CFATS),
available at www.dhs.gov/privacy.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 3

User Roles and Responsibilities
There are two roles to which users are assigned in the CSAT Personnel Surety
application: Authorizer and PS Submitter. These user roles have been established within the
CSAT Personnel Surety application to ensure access control regarding the submission of
information about affected individuals.
Managing Groups
The Department provides high-risk chemical facilities with wide latitude in assigning
user roles to align with their business operations and the business operations of third parties that
provide services to facilities. The CSAT Personnel Surety application allows Authorizers to
assign employees and third-party designees to submit information about affected individuals
directly to the Department on behalf of high-risk chemical facilities.
User Defined Fields
To further provide high-risk chemical facilities and their designee(s) the ability to
manage their data submissions, the Department provides Authorizers with the ability to create
User Defined Fields (UDF). UDFs may be used by a high-risk chemical facility or its designee(s)
to assign each record of an affected individual a unique designation or number (e.g., employee
ID number, employee/contractor status) that is meaningful to the high-risk chemical facility.
Entering this information into the CSAT Personnel Surety application is voluntary, and is
intended solely to enable high-risk chemical facilities and their designee(s) to search, sort, and
manage the electronic records they submit. Although UDF information is available to the
Department, it will not be used for the vetting of affected individuals against the TSDB.
Reporting
As described in the previous PIA Update published on May 1, 2014, high-risk chemical
facilities have the ability to generate PDF reports for the purpose of ensuring that information
about affected individuals submitted by or on behalf of the facility has been appropriately
submitted to DHS. These reports are no longer customizable as stated in the previous PIA
Update.
System Alerts
The Department provides high-risk chemical facilities, and their designee(s), 10 with the
ability to create an alert within the CSAT Personnel Surety application that can notify them when
the Department has received information about an affected individual(s), under Option 1—direct
vetting, or Option 2—use of vetting conducted under other DHS programs. These alerts replace
the “verifications of receipt” described in the original May 4, 2011 PIA. 11 Additional
10

Third parties or organizations employing affected individuals who provide services to high-risk chemical
facilities.
11
See DHS/NPPD/PIA-018 Chemical Facilities and Anti-Terrorism Standards Personnel Surety, available at
www.dhs.gov/privacy.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 4

information about alerts may be found later in this document and in the CSAT Personnel Surety
Application User Guide. 12
Web Service
The Department offers a web service to high-risk chemical facilities (or their designee(s))
as an option for submitting information about affected individuals. The web service consists of a
direct connection through which affected individual data can be transmitted from a high-risk
chemical facility to the Department’s CSAT Personnel Surety application. The web service
provides high-risk chemical facilities with an automated process for submitting information to
the Department in an effort to minimize the burden on high-risk chemical facilities.

2. To address programmatic changes resulting from the Protecting and Securing
Chemical Facilities from Terrorist Attacks Act of 2014.
Additional Option for Compliance with RBPS 12(iv)
The Department now recognizes an additional program option for compliance with RBPS
12(iv) above and beyond the three program options offered previously.
Option 4 – Visual Verification Of Credentials Conducting Periodic Vetting: A high-risk
chemical facility may satisfy its obligation to identify individuals with terrorist ties using any
federal screening program that periodically vets individuals against the TSDB if: (a) the federal
screening program issues a credential or document, (b) the affected individual presents the highrisk chemical facility with the credential or document, and (c) the high-risk chemical facility
verifies that the credential or document is current in accordance with its SSP. 13 The covered
facility will address in its SSP or ASP the measures it will take to verify that the credential is
current, including visual inspection.
Less Frequent Submission of Information
The CFATS Act of 2014 eliminated the requirement for facilities to provide updated
information by stating that high-risk chemical facilities are only required to submit information
about an affected individual to the Department once. The Department continues to require
facilities to provide timely and accurate information on affected individuals to DHS as part of
Options 1 and 2. However, because high-risk chemical facilities or their designees are no longer
required to update information that changes after initial submission, it is important that
individuals are made aware that they are able to contact the Department directly in the event that
a high-risk chemical facility is either unable or unwilling to submit updated information to the
Department.

12
13

The CSAT Personnel Surety Application User Guide can be found at www.dhs.gov/chemicalsecurity.
This requirement is derived from section 2102(d)(2)(B)(i)(II)(bb) of the Homeland Security Act.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 5

Privacy Impact Analysis
In each of the below sections consider how the system has changed and what impact it
has on the below fair information principles. In some cases there may be no changes and indicate
as such.

Authorities and Other Requirements
The Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014
(December 18, 2014), amends the Homeland Security Act of 2002 to reauthorize the CFATS
program and authorizes the program for four years.

Characterization of the Information
The data collected under the CFATS Personnel Surety Program has not changed since the
publication of the program’s original PIA. The program collects biographic information, such as
name, date of birth, citizenship, and gender or unique credential information (required); and
optional information such as aliases, place of birth, or Redress Number. 14
Additional Option for Compliance with RBPS 12(iv)
NPPD has added an additional option for a high-risk chemical facility to comply with
RBPS 12(iv). Specifically, NPPD added Option 4 – Visual Verification of Credentials
Conducting Periodic Vetting, which is described below. Options 1 through 3 have also been
included in this document to provide context for the reader.
As discussed in the PIA Update published on May 1, 2014, a high-risk chemical facility
has a number of options under the CFATS Personnel Surety Program to comply with RBPS
12(iv):
• Option 1 – Direct Vetting: High-risk chemical facilities (or their designee(s)) may
submit information to NPPD about an affected individual to be compared against
identifying information of known or suspected terrorists contained in the TSDB,
which is maintained by the Department of Justice (DOJ), FBI’s Terrorist Screening
Center (TSC). 15
• Option 2 – Use of Vetting Conducted under Other DHS Programs: High-risk
chemical facilities (or their designee(s)) may submit information to NPPD about an
affected individual’s enrollment in the Transportation Security Administration
14

For a complete list of required and optional data for Options 1 and 2, please refer to the original PIA published on
May 4, 2011. See DHS/NPPD/PIA-018 Chemical Facilities and Anti-Terrorism Standards Personnel Surety,
available at www.dhs.gov/privacy.
15
For more information about the TSDB, see DOJ/FBI – 019 Terrorist Screening Records System, 72 FR 47073
(August 22, 2007).

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 6

(TSA) Transportation Worker Identification Credential (TWIC) Program; TSA
Hazardous Materials Endorsement (HME) Program; or the U.S. Customs and Border
Protection (CBP) NEXUS, Secure Electronic Network for Travelers Rapid
Inspection (SENTRI), Free and Secure Trade (FAST), and Global Entry Trusted
Traveler Programs (Trusted Traveler Program). Each of those programs conducts
recurring vetting, which is equivalent to the terrorist ties vetting conducted under
Option 1.
• Option 3 – Electronic Verification of TWIC: High-risk chemical facilities may
electronically verify and validate an affected individual’s TWIC through the use of
TWIC readers (or other technology that is periodically updated with revoked card
information), rather than submitting information about the affected individual to
NPPD.
• Option 4 – Visual Verification of Credentials Conducting Periodic Vetting: A highrisk chemical facility may satisfy its obligation under 6 CFR § 27.230(a)(12)(iv) to
identify individuals with potential terrorist ties using any federal screening program
that periodically vets individuals against the TSDB if: (a) the federal screening
program issues a credential or document, (b) the high-risk chemical facility is
presented a credential or document by the affected individual, and (c) the high-risk
chemical facility verifies the credential or document is current in accordance with its
SSP or ASP. The covered facility will address in its SSP or ASP the measures it will
take to verify that the credential is current, including but not necessarily limited to
visual inspection.
Option 4 also allows high-risk chemical facilities to visually verify an affected
individual’s credentials or documents from certain federal screening programs and does not
require the credentials, documents, or information to be submitted to the Department. Therefore,
there is no additional privacy risk to the current collection of information.
As described in the original PIA, high-risk chemical facilities may propose alternative or
supplemental options in their SSPs or ASPs. NPPD will assess the adequacy of alternative or
supplemental options on a facility-by-facility basis in the course of evaluating each facility’s SSP
or ASP. 16 If there are any changes to the options for complying with RBPS 12(iv), the PIA will
be updated, as appropriate.
Less Frequent Submission of Information
The CFATS Act of 2014 eliminated the requirement for high-risk chemical facilities to
provide updated information by stating that high-risk chemical facilities only have to submit
16

High-risk chemical facilities have wide latitude in how they choose to comply with RBPS 12(iv). The choice will
likely be based on how the facility has established its operational and business processes, which will vary from
facility to facility. Facilities have the ability to leverage any of the options described in this document by NPPD,
propose an alternative, or use a combination of options.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 7

information about an affected individual to the Department one time. Although the Department
continues to strongly encourage high-risk chemical facilities to update records as appropriate, it
is important that individuals are made aware that they are able to contact the Department directly
in the event that a high-risk chemical facility does not, or cannot provide updated information to
the Department. Procedures for accessing and/or correcting information can be found in the
original CFATS Personnel Surety PIA, 17 published on May 4, 2011, or in DHS/NPPD-002
CFATS Personnel Surety Program System of Records. 18
Privacy Risk: There is a privacy risk that high-risk chemical facilities and the
Department may rely on inaccurate information since facilities are no longer required to
regularly update the individuals’ information.
Mitigation: This risk is partially mitigated. Facilities are strongly encouraged to continue
to submit updates to the Department despite the lack of a statutory obligation to do so. The
Department also continues to offer traditional avenues for individuals to access and correct
records maintained about them. These are described in the DHS/NPPD-002 CFATS Personnel
Surety Program System of Records, as well as in the notices provided to individuals by facilities
(Attachments 1 and 2 to this PIA Update).

Uses of the Information
Although the uses of the information collected under the CFATS Personnel Surety
Program have not changed, the Department has included User Defined Fields in the CSAT
Personnel Surety application as an additional tool for facilities to employ.
User Defined Fields
User Defined Fields (UDF) may be used by a high-risk chemical facility or its
designee(s) to assign each record of an affected individual a unique designation or number (e.g.,
employee ID number, employee/contractor status) that is meaningful to the high-risk chemical
facility. Entering this information into the CSAT Personnel Surety application is voluntary, and
is intended solely to enable high-risk chemical facilities and their designee(s) to search through,
sort, and manage the electronic records they submit. DHS strongly discourages the use of UDFs
for the collection of sensitive personally identifiable information (SPII) such as an affected
individual’s Social Security number by displaying the following text in the CSAT Personnel
Surety application:
The User Defined Field text boxes are provided for storing any information desired by
the facility (e.g., employee ID number, employee/contractor status) to manage the
17

See DHS/NPPD/PIA-018 Chemical Facilities and Anti-Terrorism Standards Personnel Surety, available at
www.dhs.gov/privacy
18
See DHS/NPPD-002 – Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records,
79 FR 28752 (May 19, 2014), available at http://www.gpo.gov/fdsys/pkg/FR-2014-05-19/html/2014-11431.htm

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 8

exchange of electronic records between a high-risk chemical facility’s information
systems and the CSAT Personnel Surety application. The Department strongly
discourages the use of an affected individual’s Social Security Number to manage the
exchange of electronic records between a high-risk chemical facility’s information
systems and the CSAT Personnel Surety application.
Privacy Risk: The information submitted via UDFs poses a privacy risk in that the
Department may receive additional information, including SPII, which is not necessary for
vetting affected individuals against the TSDB.
Mitigation: This risk is partially mitigated. This information is collected by high-risk
chemical facilities for tracking purposes to note status of records assigned to individuals and the
risk is mitigated by the Department not using this information for the vetting of affected
individuals against the TSDB.
Web Service
In addition to the CSAT Personnel Surety application, the Department offers a web
service to high-risk chemical facilities (or their designee(s)) as a method for submitting
information about affected individuals via Option 1 or Option 2. The web service consists of a
direct connection through which affected individual’s data can be transmitted, from a high-risk
chemical facility, to the Department’s CSAT Personnel Surety application. A high-risk chemical
facility is required to conform to a standard set of security requirements and agree to standard
rules of behavior in order to employ the Department’s web service.
Privacy Risk: There is a privacy risk that information may be inappropriately accessed
during the new web service submission process.
Mitigation: The risk of inappropriate access via the web service is mitigated by requiring
facilities to conform to a standard set of security requirements (e.g., encrypted connections and
access controls), and agree to standard rules of behavior in order to employ the Department’s
web service. Use of the web service is completely voluntary.

Notice
Notice of Implementation and System Access
Concurrent with this PIA Update, the Department is publishing a Notice of
Implementation to inform high-risk chemical facilities regulated under CFATS of the
implementation of the CFATS Personnel Surety Program. High-risk chemical facilities will be
individually notified when the Department will expect each to begin implementing RBPS 12(iv)
in accordance with its SSP or ASP. Upon notification from the Department, Authorizers
identified for each high-risk chemical facility will access the CSAT Personnel Surety application
through CSAT using their existing usernames and passwords.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 9

Revised sample Privacy Act Statement for high-risk chemical facilities opting to
implement Options 1 and/or 2
As described in the May 1, 2014 PIA Update, high-risk chemical facilities and their
designee(s) must provide notice to affected individuals prior to submitting any PII to NPPD. The
requirements for the notice have not changed. In Attachment 1 of the previous PIA Update,
NPPD provided a sample notice, which high-risk chemical facilities may choose to use to
provide notice to affected individuals under Option 1 and Option 2. In this second PIA Update,
NPPD has further revised the sample to clarify access and correction procedures. 19
Revised sample Privacy Notice for high-risk chemical facilities opting to implement
Options 3 and/or 4
A high-risk chemical facility will not submit information to NPPD if the high-risk
chemical facility opts to implement Option 3 or new Option 4. A high-risk chemical facility that
opts to implement these options, if authorized or approved in its SSP or ASP, should provide
notice to the affected individuals whose credentials or documents are being used. Although
Options 3 and 4 allow high-risk chemical facilities to comply with RBPS 12(iv) without
submitting information to NPPD, DHS believes that appropriate notice should still be given to
those individuals so that they know their credential is now being used to comply with 6 CFR §
27.230(a)(12)(iv). A sample notice is attached to this PIA. 20
Because NPPD is providing additional forms of notice, and because the individuals
participating in the CSAT program have not changed, there are no new privacy risks associated
with notice.

Data Retention by the project
There have been no changes to data retention practices since the original PIA, published
on May 4, 2011.

Information Sharing
This document provides an update regarding NPPD sharing information with a high-risk
chemical facility, through system alerts and the high-risk chemical facility’s ability to generate
PDF reports from CSAT, for the purposes of providing status updates and ensuring that
information on all affected individuals submitted by or on behalf of the high-risk chemical
facility has been appropriately submitted to DHS.

19
20

See Attachment 1.
See Attachment 2.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 10

System Alerts
The verifications of receipt described in the original PIA from May 4, 2011, were
considered official correspondence from DHS, and therefore would have qualified as Chemicalterrorism Vulnerability Information (CVI). 21 The system alerts referenced in this PIA Update,
however, are not considered CVI.
The Department provides high-risk chemical facilities and their designees with the ability
to create an alert within the CSAT Personnel Surety application that can notify them when the
Department has received information about an affected individual(s) under Option 1 or Option 2.
Further, the Department allows high-risk chemical facilities the ability to view the status (e.g.,
that the Department was unable to verify an affected individual under the TWIC Program) of
records about affected individuals associated with their facility within the CSAT Personnel
Surety application.
The system provides the following alerts to inform Authorizers and PS Submitters of the
various status updates pertaining to records. These alerts can be tailored within the CSAT
Personnel Surety application based on the user’s preference. The five statuses include:
• Record-Submitted: This alert is triggered when a user submits a record under Option
1.
• Record-Verification Pending: This alert is triggered when a user submits a record
under Option 2 and the record is “pending verification” by DHS.
• Record-Verified: This alert is triggered when DHS verifies a record submitted under
Option 2 (i.e., its status changes from “Pending Verification” to “Verified”).
• Record-No Longer Verified: This alert is triggered when a previously verified record
submitted under Option 2 is no longer able to be verified by DHS (i.e., its status
changes from “Verified” to “No Longer Verified”).
• Record-Not Verified: This alert is triggered when DHS does not verify a record
submitted under Option 2 (i.e., its status changes from “Pending Verification” to
“Not Verified”).
For more information on system alerts, please reference the CSAT Personnel Surety application
User Guide at www.dhs.gov/chemicalsecurity.
Reporting
As described in the previous PIA Update published on May 1, 2014, high-risk chemical
facilities have the ability to generate PDF reports for the purpose of ensuring that information
about affected individuals submitted by, or on behalf of, the high-risk chemical facility has been
21

For more information about CVI, see 6 CFR § 27.400 and the CVI Procedural Manual at
http://www.dhs.gov/xlibrary/assets/chemsec_cvi_proceduresmanual.pdf.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 11

appropriately submitted to DHS under Option 1 or Option 2. The reports are not customizable
and include affected individual’s first name, middle name, last name, gender (if submitted), date
of birth, date added, and status. These PDF reports are partial copies of the official Government
record of the information that the high-risk chemical facility or its designee has provided to the
Department. Specifically, these PDF reports provide information about affected individuals
submitted to the Department as well as a status of enrollment in other DHS programs if the
record was submitted under Option 2. These reports are not generated by DHS and are only for
internal use by high-risk chemical facilities or their designee(s). These PDF reports contain SPII,
and as discussed in the last PIA update, are marked with the following banner:
WARNING: This document contains sensitive personally identifiable information and is
subject to the Privacy Act of 1974, 5 U.S.C. § 552a. This document, and any information
copied or removed from it, (1) must not be disclosed or shared with individuals unless
they have a need-to-know, and (2) must be protected as stated in the DHS CSAT
Personnel Surety application Rules of Behavior.

Redress
The procedures for accessing and/or correcting information have not changed and can be
found in the original CFATS Personnel Surety PIA, 22 published on May 4, 2011, or in
DHS/NPPD-002 CFATS Personnel Surety Program System of Records. 23

Auditing and Accountability
There have been no changes to auditing procedures since the original PIA, published on
May 4, 2011. Established security controls are in place to limit access based on user roles and
responsibilities, need to know, least privilege, and separation of duties. Rules governing a user’s
access to the system are applied by the system automatically, based on the user’s assigned role.
User Roles
The user role structure has been altered within the CSAT Personnel Surety Application,
resulting in the creation of two user roles: Authorizers and PS Submitters. The Authorizer can
submit information about affected individuals, create and manage groups, and add or remove PS
Submitters. The Authorizer is able to view, edit, and input data pertaining to all users under
his/her purview within the system. The PS Submitter role is created by Authorizers and can be
held by high-risk chemical facility employees or third-party individuals (vendors, contractors,

22

See DHS/NPPD/PIA-018 Chemical Facilities and Anti-Terrorism Standards Personnel Surety, available at
www.dhs.gov/privacy.
23
See DHS/NPPD-002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records,
79 FR 28752 (May 19, 2014), available at http://www.gpo.gov/fdsys/pkg/FR-2014-05-19/html/2014-11431.htm.

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 12

etc.). PS Submitters can enter information about affected individuals and are only able to view
information about affected individuals that they have submitted in the system.
Managing Groups
The CSAT Personnel Surety application has been designed to provide flexibility for
Authorizers when establishing a group structure for their organization. This flexibility provides
high-risk chemical facilities the ability to create groups that directly align with their business
structure. The group structure also ensures access control so that PS Submitters are only able to
view affected individuals’ data within their assigned group(s). Only individuals assigned to the
corporate group are able to see affected individuals’ data submitted under other groups. An
individual must be a facility employee to be assigned to the corporate group. For further
information about group structure and managing groups, reference the CSAT Personnel Surety
Application User Guide at www.dhs.gov/chemicalsecurity.

Responsible Official
David Wulf
Director, Infrastructure Security Compliance Division
Office of Infrastructure Protection, National Protection and Programs Directorate
Department of Homeland Security

Approval Signature
Original signed and on file with the DHS Privacy Office
________________________________
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 13

ATTACHMENT 1
Sample Privacy Act Notice to Individuals Regarding a High-Risk Chemical
Facility’s Compliance with 6 CFR § 27.230(a)(12)(iv) and Participation in The CFATS
Personnel Surety Program
This is a sample Privacy Act notice, which high-risk chemical facilities or their
designee(s) may choose to use to provide required notice to affected individuals. DHS may
review notices for adequacy, as appropriate, under CFATS. This updated notice replaces the
sample notice that was published as Attachment 1 in the previous PIA on May 1, 2014.
(To be provided by a high-risk chemical facility to affected individuals prior to the
submission of PII to DHS under Option 1 and Option 2 for purposes of compliance with 6
CFR § 27.230(a)(12)(iv))
The Department of Homeland Security (DHS) requires [INSERT NAME OF CFATS
COVERED FACILITY] to comply with DHS Chemical Facility Anti-Terrorism Standards
(CFATS) program requirements to identify affected individuals with terrorist ties. [INSERT
NAME OF CFATS COVERED FACILITY] has opted to comply with this requirement by
collecting and submitting the personally identifiable information (PII) of affected individuals to
DHS for the purpose of comparing that PII against information pertaining to known and
suspected terrorists maintained by the Federal Government in the Terrorist Screening Database
(TSDB). Affected individuals are: (1) facility personnel (e.g., employees and contractors) with
access, or seeking access, (unescorted or otherwise) to restricted areas or critical assets; and (2)
unescorted visitors with access, or seeking access, to restricted areas or critical assets. Affected
individuals will undergo recurrent vetting against the TSDB.
In certain cases, DHS may request that [INSERT NAME OF CFATS COVERED
FACILITY] collect and submit additional information (e.g., visa information) about affected
individuals in order to clarify data errors or to resolve potential matches (e.g., in a situation in
which an affected individual has a common name, additional information could assist DHS in
distinguishing that individual from known or suspected terrorists with similar names). Such
requests will not imply, and should not be construed to indicate, that an individual has been
confirmed as a match to the TSDB.
DHS conducts CFATS Personnel Surety Program activities pursuant to section 2102 of
the Homeland Security Act of 2002, and section 27.230(a)(12)(iv) of the Chemical Facility AntiTerrorism Standards (CFATS).
DHS may share information provided by [INSERT NAME OF CFATS COVERED
FACILITY, AND THEIR DESIGNEE(S) (IF APPLICABLE)] about you with law enforcement
or intelligence agencies under its Privacy Act System of Records Notice published in the Federal
Register. To view this System of Records Notice (Department of Homeland Security/National
Protection and Programs Directorate-002 Chemical Facility Anti-Terrorism Standards Personnel

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 14

Surety Program System of Records) and for more information on DHS privacy policies, please
see the DHS Privacy Office website at http://www.dhs.gov/privacy.
DHS may also share your information and information about you with [INSERT NAME
OF CFATS COVERED FACILITY, AND THEIR DESIGNEE(S) (IF APPLICABLE)].
Please note that DHS will not make available certain information about you that was not
supplied by [INSERT NAME OF CFATS COVERED FACILITY, AND THEIR DESIGNEE(S)
(IF APPLICABLE)], but may provide credential status to [INSERT NAME OF CFATS
COVERED FACILITY, AND THEIR DESIGNEE(S) (IF APPLICABLE)] for affected
individuals whose information was submitted by them to electronically verify and validate
enrollment in a Trusted Traveler Program, the HME Program, or the TWIC Program.
ACCESS & CORRECTIONS:
If you would like access to the information provided by [INSERT NAME OF CFATS
COVERED FACILITY, AND THEIR DESIGNEE(S) (IF APPLICABLE)] about you, you may
contact [INSERT CONTACT NAME & NUMBER OR EXPLAIN INTERNAL PROCEDURE].
If your information contains errors, you should inform [INSERT NAME OF CFATS COVERED
FACILITY].
If [INSERT NAME OF CFATS COVERED FACILITY, AND THEIR DESIGNEE(S)
(IF APPLICABLE)] is either unable or unwilling to update or correct your information, you may
also write to the NPPD Freedom of Information Act (FOIA) Officer at 245 Murray Lane SW,
Washington, D.C. 20528-0380, to obtain access to your information, and if necessary to correct
inaccurate or erroneous information. The requirements for filing such a request may be found at
6 CFR § 5.21(d) or accessed from the DHS Privacy Office website at http://www.dhs.gov/foia.
REDRESS:
If you believe that the information submitted by [INSERT NAME OF CFATS
COVERED FACILITY AND OF THEIR DESIGNEE(S) (IF APPLICABLE)] has been
improperly matched by DHS to the identity of a known or suspected terrorist, you may write to
the NPPD FOIA Officer at 245 Murray Lane SW, Washington, D.C. 20528-0380. You may also
request an administrative adjudication under CFATS. 24

24

See 6 CFR § 27.310(a)(1).

Privacy Impact Assessment Update
DHS/NPPD/PIA-018(b) CFATS Personnel Surety Program
Page 15

ATTACHMENT 2
Sample Notice to an Individual Whose Credential Is Being Verified For Purposes of
Compliance with 6 CFR § 27.230(a)(12)(iv) and Participation in The CFATS Personnel
Surety Program
Prior to verifying an affected individual’s credential or document for purposes of
compliance with 6 CFR § 27.230(a)(12)(iv), a high-risk chemical facility should provide notice
to affected individuals informing them that their credential or document will now be used for
compliance with 6 CFR § 27.230(a)(12)(iv).
(To be provided by a high-risk chemical facility to affected individuals prior to
verifying an affected individual’s credential under Option 3 and Option 4 for purposes of
compliance with 6 CFR § 27.230(a)(12)(iv))
Notice to individuals regarding the use of [INSERT CREDENTIAL OR DOCUMENT]
under the Chemical Facility Anti-Terrorism Standards (CFATS) Personnel Surety Program:
The Department of Homeland Security (DHS) requires [INSERT NAME OF CFATS
COVERED FACILITY] to comply with the DHS Chemical Facility Anti-Terrorism Standards
(CFATS) program requirement to identify affected individuals with terrorist ties. [INSERT
NAME OF CFATS COVERED FACILITY] has opted to comply with this requirement by
verifying [INSERT CREDENTIAL OR DOCUMENT]. Affected individuals are: (1) facility
personnel (e.g., employees and contractors) with access, or seeking access, (unescorted or
otherwise) to restricted areas or critical assets; and (2) unescorted visitors with access, or seeking
access, to restricted areas or critical assets. If your [INSERT CREDENTIAL OR DOCUMENT]
is successfully verified, no information about you will be submitted to DHS under the CFATS
Personnel Surety Program. If your [INSERT CREDENTIAL OR DOCUMENT] cannot be
successfully verified, [INSERT NAME OF CFATS COVERED FACILITY] will [DESCRIBE
THE PROCEDURES THAT THE FACILITY HAS AGREED TO UNDERTAKE IN ITS ASP
OR SSP IN THIS SITUATION].
DHS conducts CFATS Personnel Surety Program activities pursuant to section 2102 of
the Homeland Security Act of 2002, and section 27.230(a)(12)(iv) of CFATS.