6 CFR part 27

CFR-2022-title6-vol1-part27.pdf

Chemical Security Assessment Tool (CSAT)

6 CFR part 27

OMB: 1670-0007

Document [pdf]
Download: pdf | pdf
kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security
Technology, SAFETY Act/room 4320,
Department of Homeland Security,
Washington, DC 20528. Any person,
firm, or other entity that desires to
qualify as a Seller of an Approved
Product for Homeland Security under a
Block Certification shall complete only
such portions of the application referenced in § 25.9(a) as are specified in
such Block Certification and shall submit such application to the Department in accordance with § 9(a). Applicants seeking to be qualified Sellers of
an Approved Product for Homeland Security pursuant to a Block Certification will receive expedited review of
their applications and shall not be required to provide information with respect to the technical merits of the Approved Product for Homeland Security
that has received Block Certification.
Within 60 days (or such other period of
time as may be specified in the applicable Block Certification) after the receipt by the Department of a complete
application, the Under Secretary shall
take one of the following actions:
(i) Approve the application and notify the applicant in writing of such approval; or
(ii) Deny the application, and notify
the applicant in writing of such decision, including the reasons for such denial.
(2) If the application is approved,
commencing on the date of such approval, the applicant shall be deemed
to be a Seller under the applicable
Block Certification for all purposes
under the SAFETY Act, this part, and
such Block Certification. A Block Certification shall be valid and effective
for the same period of time for which
the related Block Designation is
issued. A Block Certification may be
renewed by the Under Secretary at his
own initiative or in response to an application for renewal submitted by a
qualified Seller under such Block Certification in accordance with § 25.9(g).
Except as otherwise specifically provided in this paragraph, a Block Certification shall be deemed to be a Certification for all purposes under the
SAFETY Act and this part.

Pt. 27

§ 25.10 Confidentiality and protection
of Intellectual Property.
(a) General. The Secretary, in consultation with the Office of Management and Budget and appropriate Federal law enforcement and intelligence
officials, and in a manner consistent
with existing protections for sensitive
or classified information, shall establish confidentiality procedures for safeguarding, maintenance and use of information submitted to the Department under this part. Such protocols
shall, among other things, ensure that
the Department will utilize all appropriate exemptions from the Freedom of
Information Act.
(b) Non-disclosure. Except as otherwise required by applicable law or regulation or a final order of a court of
competent jurisdiction, or as expressly
authorized in writing by the Under
Secretary, no person, firm, or other entity may:
(1) Disclose SAFETY Act Confidential Information (as defined above) to
any person, firm, or other entity, or
(2) Use any SAFETY Act Confidential
Information for his, her, or its own
benefit or for the benefit of any other
person, firm, or other entity, unless
the applicant has consented to the release of such SAFETY Act Confidential
Information.
(c) Legends. Any person, firm, or
other entity that submits data or information to the Department under
this part may place a legend on such
data or information indicating that the
submission constitutes SAFETY Act
Confidential Information. The absence
of such a legend shall not prevent any
data or information submitted to the
Department under this part from constituting or being considered by the
Department to constitute SAFETY Act
Confidential Information.

PART 27—CHEMICAL FACILITY
ANTI-TERRORISM STANDARDS
Subpart A—General
Sec.
27.100
27.105
27.110
27.115

Purpose.
Definitions.
Applicability.
Implementation.

223

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00233

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.100

6 CFR Ch. I (1–1–22 Edition)

27.120 Designation of a Coordinating Official; consultations and technical assistance.
27.125 Severability.

Subpart B—Chemical Facility Security
Program
27.200 Information regarding security risk
for a chemical facility.
27.203 Calculating the screening threshold
quantity by security issue.
27.204 Minimum concentration by security
issue.
27.205 Determination that a chemical facility ‘‘presents a high level of security
risk.’’
27.210 Submissions schedule.
27.215 Security vulnerability assessments.
27.220 Tiering.
27.225 Site security plans.
27.230 Risk-based performance standards.
27.235 Alternative security program.
27.240 Review and approval of security vulnerability assessments.
27.245 Review and approval of site security
plans.
27.250 Inspections and audits.
27.255 Recordkeeping requirements.

Subpart C—Orders and Adjudications
27.300 Orders.
27.305 Neutral adjudications.
27.310 Commencement of adjudication proceedings.
27.315 Presiding officers for proceedings.
27.320 Prohibition on ex parte communications during proceedings.
27.325 Burden of proof.
27.330 Summary decision procedures.
27.335 Hearing procedures.
27.340 Completion of adjudication proceedings.
27.345 Appeals.

Subpart D—Other
27.400 Chemical-terrorism vulnerability information.
27.405 Review and preemption of State laws
and regulations.
27.410 Third-party actions.
APPENDIX A TO PART 27—DHS CHEMICALS OF
INTEREST

kpayne on VMOFRWIN702 with $$_JOB

AUTHORITY: 6 U.S.C. 624; Pub. L. 101–410, 104
Stat. 890, as amended by Pub. L. 114–74, 129
Stat. 599; Pub. L. 113–254, 128 Stat. 2898, as
amended by Pub. L. 116–150, 134 Stat. 679.
SOURCE: 72 FR 17729, Apr. 9, 2007, unless
otherwise noted.

Subpart A—General
§ 27.100

Purpose.

The purpose of this part is to enhance the security of our Nation by
furthering the mission of the Department as provided in 6 U.S.C. 111(b)(1)
and by lowering the risk posed by certain chemical facilities.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41890, Aug. 4, 2021]

§ 27.105

Definitions.

As used in this part:
A Commercial Grade (ACG) shall refer
to any quality or concentration of a
chemical of interest offered for commercial sale that a facility uses, stores,
manufactures, or ships.
A Placarded Amount (APA) shall refer
to the screening threshold quantity
(STQ) for a sabotage and contamination chemical of interest, as calculated
in accordance with § 27.203(d).
Alternative Security Program or ASP
shall mean a third-party or industry
organization program, a local authority, State or Federal government program, or any element or aspect thereof,
that the Executive Assistant Director
has determined meets the requirements
of this part and provides for an equivalent level of security to that established by this part.
Associate Director for Chemical Security
shall mean the Associate Director for
Chemical Security, Infrastructure Security Division, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, or any
successors to that position within the
Department, or designee.
Chemical Facility or facility shall mean
any establishment that possesses or
plans to possess, at any relevant point
in time, a quantity of a chemical substance determined by the Secretary to
be potentially dangerous or that meets
other risk-related criteria identified by
the Department. As used herein, the
term chemical facility or facility shall
also refer to the owner or operator of
the chemical facility. Where multiple
owners and/or operators function within a common infrastructure or within a
single fenced area, the Executive Assistant Director may determine that

224

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00234

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security
such owners and/or operators constitute a single chemical facility or
multiple chemical facilities depending
on the circumstances.
Chemical of Interest shall refer to a
chemical listed in appendix A to part
27.
Chemical Security Assessment Tool or
CSAT shall mean a suite of applications through which the Department
will collect and analyze key data from
chemical facilities.
Chemical-terrorism Vulnerability Information (CVI) shall mean the information listed in § 27.400(b).
Coordinating Official shall mean the
person (or designee(s)) selected by the
Executive Assistant Director to ensure
that the regulations are implemented
in a uniform, impartial, and fair manner.
Covered Facility or Covered Chemical
Facility shall mean a chemical facility
determined by the Executive Assistant
Director to present high levels of security risk, or a facility that the Executive Assistant Director has determined
is presumptively high risk under
§ 27.200.
CUM 100g shall refer to the cumulative STQ of 100 grams for designated
Chemical Weapons (CW), located in appendix A to part 27 as the entry for the
STQ and Minimum Concentration of
certain Theft-CW/CWP chemicals.
Department shall mean the Department of Homeland Security.
Director shall mean the Director of
the Cybersecurity and Infrastructure
Security Agency, Department of Homeland Security, or any successors to
that position within the Department,
or designee.
Executive Assistant Director shall
mean the Executive Assistant Director
for the Infrastructure Security Division, Cybersecurity and Infrastructure
Security Agency, Department of Homeland Security, any successors to that
position within the Department, or
designee.
Office of the Chief Counsel shall mean
the Office of the Chief Counsel of the
Cybersecurity and Infrastructure Security Agency, Department of Homeland
Security, or any successors within the
Department.
Operator shall mean a person who has
responsibility for the daily operations

§ 27.105

of a facility or facilities subject to this
part.
Owner shall mean the person or entity that owns any facility subject to
this part.
Present high levels of security risk and
high risk shall refer to a chemical facility that, in the discretion of the Secretary of Homeland Security, presents
a high risk of significant adverse consequences for human life or health, national security, and/or critical economic assets if subjected to terrorist
attack, compromise, infiltration, or exploitation.
Risk profiles shall mean criteria identified by the Executive Assistant Director for determining which chemical
facilities will complete the Top-Screen
or provide other risk assessment information.
Screening Threshold Quantity or STQ
shall mean the quantity of a chemical
of interest, upon which the facility’s
obligation to complete and submit the
CSAT Top-Screen is based.
Secretary or Secretary of Homeland Security shall mean the Secretary of the
Department of Homeland Security or
any person, officer, or entity within
the Department to whom the Secretary’s authority under 6 U.S.C. 621 et
seq. is delegated.
Security Issue shall refer to the type
of risks associated with a given chemical. For purposes of this part, there
are four main security issues:
(1) Release (including toxic, flammable, and explosive);
(2) Theft and diversion (including
chemical weapons and chemical weapons precursors, weapons of mass effect,
and explosives and improvised explosive device precursors);
(3) Sabotage and contamination; and
(4) Critical to government mission
and national economy.
Terrorist attack or terrorist incident
shall mean any incident or attempt
that constitutes terrorism or terrorist
activity under 6 U.S.C. 101(16) or 18
U.S.C.
2331(5)
or
8
U.S.C.
1182(a)(3)(B)(iii), including any incident
or attempt that involves or would involve sabotage of chemical facilities or
theft, misappropriation, or misuse of a
dangerous quantity of chemicals.
Tier shall mean the risk level associated with a covered chemical facility

225

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00235

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.110

6 CFR Ch. I (1–1–22 Edition)

that is assigned to a facility by the Department. For purposes of this part,
there are four risk-based tiers, ranging
from highest risk at Tier 1 to lowest
risk at Tier 4.
Top-Screen shall mean an initial
screening process designed by the Executive Assistant Director through which
chemical facilities provide information
to the Department for use pursuant to
§ 27.200 of these regulations.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65418, Nov. 20, 2007; 86 FR 41890, Aug. 4,
2021]

§ 27.110

Applicability.

(a) This part applies to chemical facilities and to covered facilities as set
out herein; and
(b) This part does not apply to a facility that is excluded as set forth in 6
U.S.C. 621(4):
(1) A facility regulated under the
Maritime Transportation Security Act
of 2002 (Pub. L. 107–295; 116 Stat. 2064);
(2) A public water system, as that
term is defined in 42 U.S.C. 300f;
(3) A Treatment Works, as that term
is defined in 33 U.S.C. 1292;
(4) A facility owned or operated by
the Department of Defense or the Department of Energy; or
(5) A facility subject to regulation by
the Nuclear Regulatory Commission,
or by a State that has entered into an
agreement with the Nuclear Regulatory Commission under 42 U.S.C.
2021(b) to protect against unauthorized
access of any material, activity, or
structure licensed by the Nuclear Regulatory Commission.
[86 FR 41890, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

§ 27.115

Implementation.

The Executive Assistant Director
may implement this part in a phased
manner, selecting certain chemical facilities for expedited initial processes
under these regulations and identifying
other chemical facilities or types or
classes of chemical facilities for other
phases of program implementation.
The Executive Assistant Director has
flexibility to designate particular
chemical facilities for specific phases
of program implementation based on

potential risk or any other factor consistent with this part.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

§ 27.120 Designation of a Coordinating
Official; consultations and technical
assistance.
(a) The Executive Assistant Director
will designate a Coordinating Official
who will be responsible for ensuring
that these regulations are implemented
in a uniform, impartial, and fair manner.
(b) The Coordinating Official shall
provide guidance to covered facilities
regarding compliance with this part
and shall, as necessary and to the extent that resources permit, be available to consult and to provide technical assistance to an owner or operator who seeks such consultation or assistance.
(c) In order to initiate consultations
or seek technical assistance, a covered
facility shall submit a written request
for consultation or technical assistance
to the Coordinating Official or contact
the Department in any other manner
specified in any subsequent guidance.
Requests for consultation or technical
guidance do not serve to toll any of the
applicable timelines set forth in this
part.
(d) If a covered facility modifies its
facility, processes, or the types or
quantities of materials that it possesses, and believes that such changes
may impact the covered facility’s obligations under this part, the covered facility may request a consultation with
the Coordinating Official as specified
in paragraph (c).
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

§ 27.125

Severability.

If a court finds any portion of this
part to have been promulgated without
proper authority, the remainder of this
part will remain in full effect.

226

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00236

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security

Subpart B—Chemical Facility
Security Program

kpayne on VMOFRWIN702 with $$_JOB

§ 27.200 Information regarding security risk for a chemical facility.
(a) Information to determine security
risk. In order to determine the security
risk posed by chemical facilities, the
Secretary may, at any time, request
information from chemical facilities
that may reflect potential consequences of or vulnerabilities to a terrorist attack or incident, including
questions specifically related to the
nature of the business and activities
conducted at the facility; information
concerning the names, nature, conditions of storage, quantities, volumes,
properties, customers, major uses, and
other pertinent information about specific chemicals or chemicals meeting a
specific criterion; information concerning facilities’ security, safety, and
emergency response practices, operations, and procedures; information regarding incidents, history, funding, and
other matters bearing on the effectiveness of the security, safety, and emergency response programs, and other information as necessary.
(b) Obtaining information from facilities. (1) The Executive Assistant Director may seek the information provided
in paragraph (a) of this section by contacting chemical facilities individually
or by publishing a notice in the FEDERAL REGISTER seeking information
from chemical facilities that meet certain criteria, which the Department
will use to determine risk profiles.
Through any such individual or FEDERAL REGISTER notification, the Executive Assistant Director may instruct
such facilities to complete and submit
a Top-Screen process, which may be
completed through a secure Department Web site or through other means
approved by the Executive Assistant
Director.
(2) A facility must complete and submit a Top-Screen in accordance with
the schedule provided in § 27.210, the
calculation provisions in § 27.203, and
the minimum concentration provisions
in § 27.204 if it possesses any of the
chemicals listed in appendix A to this
part at or above the STQ for any applicable Security Issue.

§ 27.203

(3) Where the Department requests
that a facility complete and submit a
Top-Screen, the facility must designate a person who is responsible for
the submission of information through
the CSAT system and who attests to
the accuracy of the information contained in any CSAT submissions. Such
submitter must be an officer of the corporation or other person designated by
an officer of the corporation and must
be domiciled in the United States.
(c) Presumptively High-Risk Facilities.
(1) If a chemical facility subject to
paragraph (a) or (b) of this section fails
to provide information requested or
complete the Top-Screen within the
time frame provided in § 27.210, the Executive Assistant Director may, after
attempting to consult with the facility, reach a preliminary determination, based on the information then
available, that the facility presumptively presents a high level of security
risk. The Executive Assistant Director
shall then issue a notice to the entity
of this determination and, if necessary,
order the facility to provide information or complete the Top-Screen pursuant to these rules. If the facility then
fails to do so, it may be subject to civil
penalties pursuant to § 27.300, audit and
inspection under § 27.250, or, if appropriate, an order to cease operations
under § 27.300.
(2) If the facility deemed ‘‘presumptively high risk’’ pursuant to paragraph (c)(1) of this section completes
the Top-Screen, and the Department
determines that it does not present a
high level of security risk under
§ 27.205, its status as ‘‘presumptively
high risk’’ will terminate, and the Department will issue a notice to the facility to that effect.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65418, Nov. 20, 2007; 86 FR 41891, Aug. 4,
2021]

§ 27.203 Calculating
the
screening
threshold quantity by security
issue.
(a) General. In calculating whether a
facility possesses a chemical of interest that meets the STQ for any security issue, a facility need not include
chemicals of interest:
(1) Used as a structural component;

227

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00237

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

§ 27.203

6 CFR Ch. I (1–1–22 Edition)

(2) Used as products for routine janitorial maintenance;
(3) Contained in food, drugs, cosmetics, or other personal items used by
employees;
(4) In process water or non-contact
cooling water as drawn from environment or municipal sources;
(5) In air either as compressed air or
as part of combustion;
(6) Contained in articles, as defined
in 40 CFR 68.3;
(7) In solid waste (including hazardous waste) regulated under the Resource Conservation and Recovery Act,
42 U.S.C. 6901 et seq., except for the
waste described in 40 CFR 261.33; or
(8) In naturally occurring hydrocarbon mixtures prior to entry of the
mixture into a natural gas processing
plant or a petroleum refining process
unit. Naturally occurring hydrocarbon
mixtures include condensate, crude oil,
field gas, and produced water as defined
in 40 CFR 68.3.
(b) Release chemicals—(1) Release-toxic,
release-flammable, and release-explosive
chemicals. Except as provided in paragraphs (b)(2) and (b)(3), in calculating
whether a facility possesses an amount
that meets the STQ for release chemicals of interest, the facility shall only
include release chemicals of interest:
(i) In a vessel as defined in 40 CFR
68.3, in a underground storage facility,
or stored in a magazine as defined in 27
CFR 555.11;
(ii) In transportation containers used
for storage not incident to transportation, including transportation containers connected to equipment at a facility for loading or unloading and
transportation containers detached
from the motive power that delivered
the container to the facility;
(iii) Present as process intermediates, by-products, or materials produced incidental to the production of a
product if they exist at any given time;
(iv) In natural gas or liquefied natural gas stored in peak shaving facilities; and
(v) In gasoline, diesel, kerosene, or
jet fuel (including fuels that have flammability hazard ratings of 1, 2, 3, or 4,
as determined by using National Fire
Protection Association (NFPA) 704:
Standard System for the Identification
of the Hazards of Materials for Emer-

gency Response [2007 ed.], which is incorporated
by
reference
at
§ 27.204(a)(2)), stored in aboveground
tank farms, including tank farms that
are part of pipeline systems;
(2) Release-toxic, release-flammable,
and release-explosive chemicals. Except
as provided in paragraph (b)(2)(i), in
calculating whether a facility possesses an amount that meets the STQ
for release-toxic, release-flammable,
and release-explosive chemicals, a facility need not include release-toxic,
release-flammable, or release-explosive
chemicals of interest that a facility
manufactures, processes, or uses in a
laboratory at the facility under the supervision of a technically qualified individual as defined in 40 CFR 720.3.
(i) This exemption does not apply to
specialty chemical production; manufacture, processing, or use of substances in pilot plant scale operations;
or activities, including research and
development, involving chemicals of
interest conducted outside the laboratory.
(ii) [Reserved]
(3) Propane. In calculating whether a
facility possesses an amount that
meets the STQ for propane, a facility
need not include propane in tanks of
10,000 pounds or less.
(c) Theft and diversion chemicals. In
calculating whether a facility possesses an amount of a theft/diversion
chemical of interest that meets the
STQ, the facility shall only include
theft/diversion chemicals of interest in
a transportation packaging, as defined
in 49 CFR 171.8. Where a theft/diversion-CW chemical is designated by
‘‘CUM 100g,’’ a facility shall total the
quantity of all such designated chemicals in its possession to determine
whether the facility possesses theft/diversion-CW chemicals that meet or exceed the STQ of 100 grams.
(d) Sabotage and contamination chemicals. A facility meets the STQ for a
sabotage/contamination chemical of interest if it ships the chemical and is required to placard the shipment of that
chemical pursuant to the provisions of
subpart F of 49 CFR part 172.
[72 FR 65419, Nov. 20, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

228

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00238

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security
§ 27.204 Minimum concentration by security issue.
(a) Release chemicals—(1) Release-toxic
chemicals. If a release-toxic chemical of
interest is present in a mixture, and
the concentration of the chemical is
equal to or greater than one percent
(1%) by weight, the facility shall count
the amount of the chemical of interest
in the mixture toward the STQ. If a release-toxic chemical of interest is
present in a mixture, and the concentration of the chemical is less than
one percent (1%) by weight of the mixture, the facility need not count the
amount of that chemical in the mixture in determining whether the facility possesses the STQ. Except for
oleum, if the concentration of the
chemical of interest in the mixture is
one percent (1%) or greater by weight,
but the facility can demonstrate that
the partial pressure of the regulated
substance in the mixture (solution)
under handling or storage conditions in
any portion of the process is less than
10 millimeters of mercury (mm Hg),
the amount of the substance in the
mixture in that portion of a vessel need
not be considered when determining
the STQ. The facility shall document
this partial pressure measurement or
estimate.
(2) Release-flammable chemicals. If a
release-flammable chemical of interest
is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and
the mixture has a NFPA flammability
hazard rating of 4, the facility shall
count the entire amount of the mixture
toward the STQ. Except as provided in
§ 27.203(b)(1)(v) for fuels that are stored
in aboveground tank farms (including
farms that are part of pipeline systems), if a release-flammable chemical
of interest is present in a mixture in a
concentration equal to or greater than
one percent (1%) by weight of the mixture, and the mixture has a NFPA
flammability hazard rating of 1, 2, or 3,
the facility need not count the mixture
toward the STQ. The flammability hazard ratings are defined in NFPA 704:
Standard System for the Identification
of the Hazards of Materials for Emergency Response [2007 ed.]. The Director
of the Federal Register approves the
incorporation by reference of this

§ 27.204

standard in accordance with 5 U.S.C.
552(a) and 1 CFR part 51. You may obtain a copy of the incorporated standard from the NFPA at 1 Batterymarch
Park, Quincy, MA 02169–7471 or http://
www.nfpa.org. You may inspect a copy
of the incorporated standard at the Department of Homeland Security, 1621
Kent Street, 9th Floor, Rosslyn, VA
(please call 703–235–0709 to make an appointment), or at the National Archives and Records Administration
(NARA). For information on the availability of material at NARA, call 202–
741–6030,
or
go
to
http://
www.archives.gov/federal_register/
code_of_federal_regulations/
ibr_locations.html. If a release-flammable chemical of interest is present
in a mixture, and the concentration of
the chemical is less than one percent
(1%) by weight, the facility need not
count the mixture in determining
whether the facility possesses the STQ.
(3) Release-explosive chemicals. For
each release-explosive chemical of interest, a facility shall count the total
quantity of all commercial grades of
the chemical of interest toward the
STQ, unless a specific minimum concentration is assigned in the Minimum
Concentration column of appendix A to
part 27, in which case the facility
should count the total quantity of all
commercial grades of the chemical at
the specified minimum concentration.
(b) Theft and diversion chemicals—(1)
Theft/Diversion-Chemical Weapons (CW)
and Chemical Weapons Precursors (CWP)
chemicals. Where a theft/diversion-CW/
CWP chemical of interest is not designated by ‘‘CUM 100g’’ in appendix A,
and the chemical is present in a mixture at or above the minimum concentration amount listed in the Minimum Concentration column of appendix A to part 27, the facility shall
count the entire amount of the mixture
toward the STQ.
(2) Theft/Diversion-Weapon of Mass Effect (WME) chemicals. If a theft/diversion-WME chemical of interest is
present in a mixture at or above the
minimum concentration amount listed
in the Minimum Concentration column
of appendix A to part 27, the facility
shall count the entire amount of the
mixture toward the STQ.

229

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00239

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.205

6 CFR Ch. I (1–1–22 Edition)

(3)
Theft/Diversion-Explosives/Improvised Explosive Device Precursor (EXP/
IEDP) chemicals. For each theft/diversion-EXP/IEDP chemical of interest, a
facility shall count the total quantity
of all commercial grades of the chemical toward the STQ, unless a specific
minimum concentration is assigned in
the Minimum Concentration column of
appendix A to part 27, in which case
the facility should count the total
quantity of all commercial grades of
the chemical at the specified minimum
concentration.
(c) Sabotage and contamination chemicals. For each sabotage and contamination chemical of interest, a facility
shall count the total quantity of all
commercial grades of the chemical toward the STQ.

kpayne on VMOFRWIN702 with $$_JOB

[72 FR 65419, Nov. 20, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

§ 27.205 Determination that a chemical
facility ‘‘presents a high level of security risk.’’
(a) Initial determination. The Executive Assistant Director may determine
at any time that a chemical facility
presents a high level of security risk
based on any information available (including any information submitted to
the Department under § 27.200) that, in
the Secretary’s discretion, indicates
the potential that a terrorist attack
involving the facility could result in
significant adverse consequences for
human life or health, national security, or critical economic assets. Upon
determining that a facility presents a
high level of security risk, the Department shall notify the facility in writing of such initial determination and
may also notify the facility of the Department’s preliminary determination
of the facility’s placement in a riskbased tier pursuant to § 27.220(a).
(b) Redetermination. If a covered facility previously determined to present a
high level of security risk has materially altered its operations, it may seek
a redetermination by filing a Request
for Redetermination with the Executive Assistant Director, and may request a meeting regarding the Request.
Within 45 calendar days of receipt of
such a Request, or within 45 calendar
days of a meeting under this paragraph, the Executive Assistant Direc-

tor shall notify the covered facility in
writing of the Department’s decision
on the Request for Redetermination.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

§ 27.210 Submissions schedule.
(a) Initial submission. The time frames
in paragraphs (a)(2) and (a)(3) of this
section also apply to covered facilities
that submit an Alternative Security
Program pursuant to § 27.235.
(1) Top-Screen. Facilities shall complete and submit a Top-Screen within
the following time frames:
(i) Unless otherwise notified, within
60 calendar days of November 20, 2007
for facilities that possess any of the
chemicals listed in appendix A at or
above the STQ for any applicable Security Issue, or within 60 calendar days
for facilities that come into possession
of any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue; or
(ii) Within the time frame provided
in any written notification from the
Department or specified in any subsequent FEDERAL REGISTER notice.
(2) Security Vulnerability Assessment.
Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within
the time frame specified in any subsequent FEDERAL REGISTER notice.
(3) Site Security Plan. Unless otherwise notified, a covered facility must
complete and submit a Site Security
Plan within 120 calendar days of written notification from the Department
or within the time frame specified in
any subsequent FEDERAL REGISTER notice.
(b) Resubmission schedule for covered
facilities. The timeframes in this subsection also apply to covered facilities
who submit an Alternative Security
Program pursuant to § 27.235.
(1) Top-Screen. Unless otherwise notified:
(i) Tier 1 and Tier 2 covered facilities
must complete and submit a new TopScreen no less than two years, and no
more than two years and 60 calendar
days, from the date of the Department’s approval of the facility’s most
recent Site Security Plan.

230

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00240

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security

kpayne on VMOFRWIN702 with $$_JOB

(ii) Tier 3 and Tier 4 covered facilities must routinely complete and submit a Top-Screen no less than three
years, and no more than three years
and 60 calendar days, from the date of
the Department’s approval of the facility’s most recent Site Security Plan.
(2) Security Vulnerability Assessment.
Unless otherwise notified and following
a Top-Screen resubmission pursuant to
paragraph (b)(1) of this section, a covered facility must complete and submit
a new Security Vulnerability Assessment within 90 calendar days of written notification from the Department
or within the time frame specified in
any subsequent FEDERAL REGISTER notice.
(3) Site Security Plan. Unless otherwise notified and following a Security
Vulnerability Assessment resubmission
pursuant to paragraph (b)(2) of this section, a covered facility must complete
and submit a new Site Security Plan
within 120 calendar days of written notification from the Department or
within the time frame specified in any
subsequent FEDERAL REGISTER notice.
(c) The Executive Assistant Director
retains the authority to modify the
schedule in this part as needed. The
Executive Assistant Director may
shorten or extend these time periods
based on the operations at the facility,
the nature of the covered facility’s
vulnerabilities, the level and immediacy of security risk, or for other reasons. If the Department alters the time
periods for a specific facility, the Department will do so in written notice
to the facility.
(d) If a covered facility makes material modifications to its operations or
site, the covered facility must complete and submit a revised Top-Screen
to the Department within 60 days of
the material modification. In accordance with the resubmission requirements in § 27.210(b)(2) and (3), the Department will notify the covered facility as to whether the covered facility
must submit a revised Security Vulnerability Assessment, Site Security Plan,
or both.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65420, Nov. 20, 2007; 86 FR 41891, Aug. 4,
2021]

§ 27.215

§ 27.215 Security vulnerability assessments.
(a) Initial assessment. If the Executive
Assistant Director determines that a
chemical facility is high risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability Assessment shall include:
(1) Asset Characterization, which includes the identification and characterization of potential critical assets;
identification of hazards and consequences of concern for the facility,
its surroundings, its identified critical
asset(s), and its supporting infrastructure; and identification of existing layers of protection;
(2) Threat Assessment, which includes a description of possible internal threats, external threats, and internally-assisted threats;
(3) Security Vulnerability Analysis,
which includes the identification of potential security vulnerabilities and the
identification of existing countermeasures and their level of effectiveness in both reducing identified
vulnerabilities and in meeting the applicable risk-based performance standards;
(4) Risk Assessment, including a determination of the relative degree of
risk to the facility in terms of the expected effect on each critical asset and
the likelihood of a success of an attack; and
(5) Countermeasures Analysis, including strategies that reduce the
probability of a successful attack or reduce the probable degree of success,
strategies that enhance the degree of
risk reduction, the reliability and
maintainability of the options, the capabilities and effectiveness of mitigation options, and the feasibility of the
options.
(b) Except as provided in § 27.235, a
covered facility must complete the Security
Vulnerability
Assessment
through the CSAT process, or through
any other methodology or process identified or issued by the Executive Assistant Director.
(c) Covered facilities must submit a
Security Vulnerability Assessment to
the Department in accordance with the
schedule provided in § 27.210.
(d) Updates and revisions. (1) A covered facility must update and revise its

231

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00241

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.220

6 CFR Ch. I (1–1–22 Edition)

Security Vulnerability Assessment in
accordance with the schedule provided
in § 27.210.
(2) Notwithstanding paragraph (d)(1)
of this section, a covered facility must
update, revise, or otherwise alter its
Security Vulnerability Assessment to
account for new or differing modes of
potential terrorist attack or for other
security-related reasons, if requested
by the Executive Assistant Director.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41891, Aug. 4, 2021]

§ 27.220

Tiering.

(a) Preliminary determination of riskbased tiering. Based on the information
the Department receives in accordance
with §§ 27.200 and 27.205 (including information submitted through the TopScreen process) and following its initial determination in § 27.205(a) that a
facility presents a high level of security risk, the Department shall notify
a facility of the Department’s preliminary determination of the facility’s
placement in a risk-based tier.
(b) Confirmation or alteration of riskbased tiering. Following review of a covered facility’s Security Vulnerability
Assessment, the Executive Assistant
Director shall notify the covered facility of its final placement within a riskbased tier, or for covered facilities previously notified of a preliminary
tiering, confirm or alter such tiering.
(c) The Department shall place covered facilities in one of four risk-based
tiers, ranging from highest risk facilities in Tier 1 to lowest risk facilities in
Tier 4.
(d) The Executive Assistant Director
may provide the facility with guidance
regarding the risk-based performance
standards and any other necessary
guidance materials applicable to its assigned tier.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

§ 27.225

Site security plans.

(a) The Site Security Plan must meet
the following standards:
(1) Address each vulnerability identified in the facility’s Security Vulnerability Assessment, and identify and
describe the security measures to address each such vulnerability;

(2) Identify and describe how security
measures selected by the facility will
address the applicable risk-based performance standards and potential
modes of terrorist attack including, as
applicable, vehicle-borne explosive devices, water-borne explosive devices,
ground assault, or other modes or potential modes identified by the Department;
(3) Identify and describe how security
measures selected and utilized by the
facility will meet or exceed each applicable performance standard for the appropriate risk-based tier for the facility; and
(4) Specify other information the Executive Assistant Director deems necessary regarding chemical facility security.
(b) Except as provided in § 27.235, a
covered facility must complete the
Site Security Plan through the CSAT
process, or through any other methodology or process identified or issued by
the Executive Assistant Director.
(c) Covered facilities must submit a
Site Security Plan to the Department
in accordance with the schedule provided in § 27.210.
(d) Updates and revisions. (1) When a
covered facility updates, revises, or
otherwise alters its Security Vulnerability
Assessment
pursuant
to
§ 27.215(d), the covered facility shall
make corresponding changes to its Site
Security Plan.
(2) A covered facility must also update and revise its Site Security Plan
in accordance with the schedule in
§ 27.210.
(e) A covered facility must conduct
an annual audit of its compliance with
its Site Security Plan.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.230 Risk-based
performance
standards.
(a) Covered facilities must satisfy the
performance standards identified in
this section. The Executive Assistant
Director will issue guidance on the application of these standards to riskbased tiers of covered facilities, and
the acceptable layering of measures
used to meet these standards will vary
by risk-based tier. Each covered facility must select, develop in their Site

232

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00242

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security
Security Plan, and implement appropriately risk-based measures designed
to satisfy the following performance
standards:
(1) Restrict area perimeter. Secure and
monitor the perimeter of the facility;
(2) Secure site assets. Secure and monitor restricted areas or potentially
critical targets within the facility;
(3) Screen and control access. Control
access to the facility and to restricted
areas within the facility by screening
and/or inspecting individuals and vehicles as they enter, including,
(i) Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate
an attack or actions having serious
negative consequences for the population surrounding the facility; and
(ii) Measures implementing a regularly updated identification system
that checks the identification of facility personnel and other persons seeking access to the facility and that discourages abuse through established disciplinary measures;
(4) Deter, detect, and delay. Deter, detect, and delay an attack, creating sufficient time between detection of an
attack and the point at which the attack becomes successful, including
measures to:
(i) Deter vehicles from penetrating
the facility perimeter, gaining unauthorized access to restricted areas or
otherwise presenting a hazard to potentially critical targets;
(ii) Deter attacks through visible,
professional, well maintained security
measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or
reduced value targets;
(iii) Detect attacks at early stages,
through countersurveillance, frustration of opportunity to observe potential targets, surveillance and sensing
systems, and barriers and barricades;
and
(iv) Delay an attack for a sufficient
period of time so to allow appropriate
response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning;
(5) Shipping, receipt, and storage. Secure and monitor the shipping, receipt,

§ 27.230

and storage of hazardous materials for
the facility;
(6) Theft and diversion. Deter theft or
diversion of potentially dangerous
chemicals;
(7) Sabotage. Deter insider sabotage;
(8) Cyber. Deter cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA)
systems, Distributed Control Systems
(DCS), Process Control Systems (PCS),
Industrial Control Systems (ICS), critical business system, and other sensitive computerized systems;
(9) Response. Develop and exercise an
emergency plan to respond to security
incidents internally and with assistance of local law enforcement and first
responders;
(10) Monitoring. Maintain effective
monitoring, communications and warning systems, including,
(i) Measures designed to ensure that
security systems and equipment are in
good working order and inspected, tested, calibrated, and otherwise maintained;
(ii) Measures designed to regularly
test security systems, note deficiencies, correct for detected deficiencies, and record results so that
they are available for inspection by the
Department; and
(iii) Measures to allow the facility to
promptly identify and respond to security system and equipment failures or
malfunctions;
(11) Training. Ensure proper security
training, exercises, and drills of facility personnel;
(12) Personnel surety. Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and as appropriate, for
unescorted visitors with access to restricted areas or critical assets, including,
(i) Measures designed to verify and
validate identity;
(ii) Measures designed to check
criminal history;
(iii) Measures designed to verify and
validate legal authorization to work;
and
(iv) Measures designed to identify
people with terrorist ties;

233

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00243

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.235

6 CFR Ch. I (1–1–22 Edition)

(13) Elevated threats. Escalate the
level of protective measures for periods
of elevated threat;
(14) Specific threats, vulnerabilities, or
risks.
Address
specific
threats,
vulnerabilities or risks identified by
the Executive Assistant Director for
the particular facility at issue;
(15) Reporting of significant security incidents. Report significant security incidents to the Department and to local
law enforcement officials;
(16) Significant security incidents and
suspicious activities. Identify, investigate, report, and maintain records of
significant security incidents and suspicious activities in or near the site;
(17) Officials and organization. Establish official(s) and an organization responsible for security and for compliance with these standards;
(18) Records. Maintain appropriate
records; and
(19) Address any additional performance standards the Executive Assistant
Director may specify.
(b) [Reserved]

kpayne on VMOFRWIN702 with $$_JOB

[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.235 Alternative security program.
(a) Covered facilities may submit an
Alternative Security Program (ASP)
pursuant to the requirements of this
section. The Executive Assistant Director may approve an ASP, in whole, in
part, or subject to revisions or supplements, upon a determination that the
ASP meets the requirements of this
part and provides for an equivalent
level of security to that established by
this part.
(1) A Tier 4 facility may submit an
ASP in lieu of a Security Vulnerability
Assessment, Site Security Plan, or
both.
(2) Tier 1, Tier 2, or Tier 3 facilities
may submit an ASP in lieu of a Site
Security Plan. Tier 1, Tier 2, and Tier
3 facilities may not submit an ASP in
lieu of a Security Vulnerability Assessment.
(b) The Department will provide notice to a covered facility about the approval or disapproval, in whole or in
part, of an ASP, using the procedure
specified in § 27.240 if the ASP is intended to take the place of a Security
Vulnerability Assessment or using the

procedure specified in § 27.245 if the
ASP is intended to take the place of a
Site Security Plan.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.240 Review and approval of security vulnerability assessments.
(a) Review and approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of
§ 27.215, including ASPs submitted pursuant to § 27.235.
(b) If a Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will
provide the facility with a written notification that includes a clear explanation of deficiencies in the Security
Vulnerability Assessment. The facility
shall then enter further consultations
with the Department and resubmit a
sufficient Security Vulnerability Assessment by the time specified in the
written notification provided by the
Department under this section. If the
resubmitted Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will
provide the facility with written notification (including a clear explanation of
deficiencies in the Security Vulnerability Assessment) of the Department’s disapproval of the Security Vulnerability Assessment.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.245 Review and approval of site
security plans.
(a) Review and approval. (1) The Department will review, and either approve or disapprove, all Site Security
Plans that satisfy the requirements of
§ 27.225, including ASPs submitted pursuant to § 27.235.
(i) The Department will review Site
Security Plans through a two-step
process. Upon receipt of the Site Security Plan from the covered facility, the
Department will review the documentation and make a preliminary determination as to whether it satisfies
the requirements of § 27.225. If the Department finds that the requirements
are satisfied, the Department will issue
a Letter of Authorization to the covered facility.

234

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00244

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security
(ii) Following issuance of the Letter
of Authorization, the Department will
inspect the covered facility in accordance with § 27.250 for purposes of determining compliance with the requirements of this part.
(iii) If the Department approves the
Site Security Plan in accordance with
§ 27.250, the Department will issue a
Letter of Approval to the facility, and
the facility shall implement the approved Site Security Plan.
(2) The Department will not disapprove a Site Security Plan submitted
under this part based on the presence
or absence of a particular security
measure. The Department may disapprove a Site Security Plan that fails
to satisfy the risk-based performance
standards established in § 27.230.
(b) When the Department disapproves
a preliminary Site Security Plan
issued prior to inspection or a Site Security Plan following inspection, the
Department will provide the facility
with a written notification that includes a clear explanation of deficiencies in the Site Security Plan. The
facility shall then enter further consultations with the Department and resubmit a sufficient Site Security Plan
by the time specified in the written notification provided by the Department
under this section. If the resubmitted
Site Security Plan does not satisfy the
requirements of § 27.225, the Department will provide the facility with
written notification (including a clear
explanation of deficiencies in the Site
Security Plan) of the Department’s disapproval of the Site Security Plan.

kpayne on VMOFRWIN702 with $$_JOB

[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.250 Inspections and audits.
(a) Authority. In order to assess compliance with the requirements of this
part, authorized Department officials
may enter, inspect, and audit the property,
equipment,
operations,
and
records of covered facilities.
(b) Following preliminary approval of
a Site Security Plan in accordance
with § 27.245, the Department will inspect the covered facility for purposes
of determining compliance with the requirements of this part.
(1) If after the inspection, the Department determines that the requirements

§ 27.250

of § 27.225 have been met, the Department will issue a Letter of Approval to
the covered facility.
(2) If after the inspection, the Department determines that the requirements
of § 27.225 have not been met, the Department will proceed as directed by
§ 27.245(b) in ‘‘Review and Approval of
Site Security Plans.’’
(c) Time and manner. Authorized Department officials will conduct audits
and inspections at reasonable times
and in a reasonable manner. The Department will provide covered facility
owners and/or operators with 24-hour
advance notice before inspections, except
(1) If the Director or Executive Assistant Director determines that an inspection without such notice is warranted by exigent circumstances and
approves such inspection; or
(2) If any delay in conducting an inspection might be seriously detrimental to security, and the Associate
Director for Chemical Security determines that an inspection without notice is warranted, and approves an inspector to conduct such inspection.
(d) Inspectors. Inspections and audits
are conducted by personnel duly authorized and designated for that purpose as ‘‘inspectors’’ by the Secretary
or the Secretary’s designee.
(1) An inspector will, on request,
present his or her credentials for examination, but the credentials may not be
reproduced by the facility.
(2) An inspector may administer
oaths and receive affirmations, with
the consent of any witness, in any matter.
(3) An inspector may gather information by reasonable means including,
but not limited to, interviews, statements, photocopying, photography, and
video- and audio-recording. All documents, objects, and electronically
stored information collected by each
inspector during the performance of
that inspector’s duties shall be maintained for a reasonable period of time
in the files of the Department of Homeland Security maintained for that facility or matter.
(4) An inspector may request forthwith access to all records required to

235

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00245

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.255

6 CFR Ch. I (1–1–22 Edition)

be kept pursuant to § 27.255. An inspector shall be provided with the immediate use of any photocopier or other
equipment necessary to copy any such
record. If copies can not be provided
immediately upon request, the inspector shall be permitted immediately to
take the original records for duplication and prompt return.
(e) Confidentiality. In addition to the
protections provided under Chemicalterrorism Vulnerability Information in
§ 27.400, information received in an
audit or inspection under this section,
including the identity of the persons
involved in the inspection or who provide information during the inspection,
shall remain confidential under the investigatory file exception, or other appropriate exception, to the public disclosure requirements of 5 U.S.C. 552.
(f) Guidance. The Executive Assistant
Director shall issue guidance identifying appropriate processes for such inspections, and specifying the type and
nature of documentation that must be
made available for review during inspections and audits.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

§ 27.255

Recordkeeping requirements.

(a) Except as provided in § 27.255(b),
the covered facility must keep records
of the activities as set out below for at
least three years and make them available to the Department upon request.
A covered facility must keep the following records:
(1) Training. For training, the date
and location of each session, time of
day and duration of session, a description of the training, the name and
qualifications of the instructor, a
clear, legible list of attendees to include the attendee signature, at least
one other unique identifier of each
attendee receiving the training, and
the results of any evaluation or testing;
(2) Drills and exercises. For each drill
or exercise, the date held, a description
of the drill or exercise, a list of participants, a list of equipment (other than
personal equipment) tested or employed in the exercise, the name(s) and
qualifications of the exercise director,
and any best practices or lessons

learned, which may improve the Site
Security Plan;
(3) Incidents and breaches of security.
Date and time of occurrence, location
within the facility, a description of the
incident or breach, the identity of the
individual to whom it was reported,
and a description of the response;
(4) Maintenance, calibration, and testing of security equipment. The date and
time, name and qualifications of the
technician(s) doing the work, and the
specific security equipment involved
for each occurrence of maintenance,
calibration, and testing;
(5) Security threats. Date and time of
occurrence, how the threat was communicated, who received or identified
the threat, a description of the threat,
to whom it was reported, and a description of the response;
(6) Audits. For each audit of a covered
facility’s Site Security Plan (including
each audit required under § 27.225(e)) or
Security Vulnerability Assessment, a
record of the audit, including the date
of the audit, results of the audit,
name(s) of the person(s) who conducted
the audit, and a letter certified by the
covered facility stating the date the
audit was conducted; and
(7) Letters of Authorization and Approval. All Letters of Authorization
and Approval from the Department,
and documentation identifying the results of audits and inspections conducted pursuant to § 27.250.
(b) A covered facility must retain
records of submitted Top-Screens, Security Vulnerability Assessments, Site
Security Plans, and all related correspondence with the Department for
at least six years and make them available to the Department upon request.
(c) To the extent necessary for security purposes, the Department may request that a covered facility make
available records kept pursuant to
other Federal programs or regulations.
(d) Records required by this section
may be kept in electronic format. If
kept in an electronic format, they
must be protected against unauthorized access, deletion, destruction,
amendment, and disclosure.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

236

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00246

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security

Subpart C—Orders and
Adjudications

kpayne on VMOFRWIN702 with $$_JOB

§ 27.300

Orders.

(a) Orders generally. When the Executive Assistant Director determines
that a facility is in violation of any of
the requirements of this part, the Executive Assistant Director may take
appropriate
action
including
the
issuance of an appropriate Order.
(b) Orders Assessing Civil Penalty and
Orders to Cease Operations. (1) Where
the Executive Assistant Director determines that a facility is in violation of
an Order issued pursuant to paragraph
(a) of this section, the Executive Assistant Director may enter an Order
Assessing Civil Penalty, Order to Cease
Operations, or both.
(2) Following the issuance of an
Order by the Executive Assistant Director pursuant to paragraph (b)(1) of
this section, the facility may enter further consultations with the Department.
(3) Where the Assistant Secretary determines that a facility is in violation
of an Order issued pursuant to paragraph (a) of this section and issues an
Order Assessing Civil Penalty pursuant
to paragraph (b)(1) of this section, a
chemical facility is liable to the United
States for a civil penalty of not more
than $25,000 for each day during which
the violation continues, if the violation
of the Order occurred on or before November 2, 2015, or $35,905 for each day
during which the violation of the Order
continues, if the violation occurred
after November 2, 2015.
(c) Procedures for Orders. (1) At a minimum, an Order shall be signed by the
Executive Assistant Director, shall be
dated, and shall include:
(i) The name and address of the facility in question;
(ii) A listing of the provision(s) that
the facility is alleged to have violated;
(iii) A statement of facts upon which
the alleged instances of noncompliance
are based;
(iv) A clear explanation of deficiencies in the facility’s chemical security program, including, if applicable,
any deficiencies in the facility’s Security Vulnerability Assessment, Site Security Plan, or both;

§ 27.305

(v) A statement indicating what action(s) the facility must take to remedy the instance(s) of noncompliance;
and
(vi) The date by which the facility
must comply with the terms of the
Order.
(2) The Executive Assistant Director
may establish procedures for the
issuance of Orders.
(d) A facility must comply with the
terms of the Order by the date specified
in the Order unless the facility has
filed a timely Notice of Application for
Review under § 27.310.
(e) Where a facility or other person
contests the determination of the Executive Assistant Director to issue an
Order, a chemical facility may seek an
adjudication pursuant to § 27.310.
(f) An Order issued under this section
becomes final agency action when the
time to file a Notice of Application for
Review under § 27.310 has passed without such a filing or upon the conclusion of adjudication or appeal proceedings under this subpart.
[72 FR 17729, Apr. 9, 2007, as amended at 81
FR 43001, July 1, 2016; 82 FR 8579, Jan. 27,
2017; 83 FR 13834, Apr. 2, 2018; 84 FR 13508,
Apr. 5, 2019; 85 FR 36478, June 17, 2020; 86 FR
41892, Aug. 4, 2021; 86 FR 57539, Oct. 18, 2021]

§ 27.305

Neutral adjudications.

(a) Any facility or other person who
has received a Finding pursuant to
§ 27.230(a)(12)(iv), a Determination pursuant to § 27.245(b), or an Order pursuant to § 27.300 is entitled to an adjudication, by a neutral adjudications officer, of any issue of material fact relevant to any administrative action
that deprives that person of a cognizable interest in liberty or property.
(b) A neutral adjudications officer
appointed pursuant to § 27.315 shall
issue an Initial Decision on any material factual issue related to a Finding
pursuant to § 27.230(a)(12)(iv), a Determination pursuant to § 27.245, or an
Order pursuant to § 27.300 before any
such administrative action is reviewed
on appeal pursuant to § 27.345.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

237

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00247

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

§ 27.310

6 CFR Ch. I (1–1–22 Edition)

§ 27.310 Commencement of adjudication proceedings.
(a) Proceedings instituted by facilities
or other persons. A facility or other person may institute proceedings to review a determination by the Executive
Assistant Director:
(1)
Finding,
pursuant
to
the
§ 27.230(a)(12)(iv), that an individual is a
potential security threat;
(2) Disapproving a Site Security Plan
pursuant to § 27.245(b); or
(3) Issuing an Order pursuant to
§ 27.300(a) or (b).
(b) Procedure for applications by facilities or other persons. A facility or other
person may institute Proceedings by
filing a Notice of Application for Review specifying that the facility or
other person requests a Proceeding to
review a determination specified in
paragraph (a) of this section.
(1) An Applicant institutes a Proceeding by filing a Notice of Application for Review.
(2) An Applicant must file a Notice of
Application for Review within seven
calendar days of notification to the facility or other person of the Executive
Assistant Director’s Finding, Determination, or Order.
(3) The Applicant shall file and simultaneously serve each Notice of Application for Review and all subsequent
filings on the Executive Assistant Director and the Office of the Chief Counsel.
(4) An Order is stayed from the timely filing of a Notice of Application for
Review until the Presiding Officer
issues an Initial Decision, unless the
Secretary has lifted the stay due to exigent circumstances pursuant to paragraph (d) of this section.
(5) The Applicant shall file and serve
an Application for Review within 14
calendar days of the notification to the
facility or other person of the Executive Assistant Director’s Finding, Determination, or Order.
(6) Each Application for Review shall
be accompanied by all legal memoranda, other documents, declarations,
affidavits, and other evidence supporting the position asserted by the
Applicant.
(c) Response. The Executive Assistant
Director, through the Office of the
Chief Counsel, shall file and serve a Re-

sponse, accompanied by all legal
memoranda, other documents, declarations, affidavits, and other evidence
supporting the position asserted by the
Executive Assistant Director within 14
calendar days of the filing and service
of the Application for Review and all
supporting papers.
(d) Procedural modifications. The Secretary may, in exigent circumstances
(as determined in his or her sole discretion):
(1) Lift any stay applicable to any
Order under § 27.300;
(2) Modify the time for a response;
(3) Rule on the sufficiency of Applications for Review; or
(4) Otherwise modify these procedures with respect to particular matters.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.315 Presiding officers for proceedings.
(a) Immediately upon the filing of
any Application for Review, the Secretary shall appoint an attorney, who
is employed by the Department and
who has not performed any investigative or prosecutorial function with respect to the matter, to act as a neutral
adjudications officer or Presiding Officer for the compilation of a factual
record and the recommendation of an
Initial Decision for each Proceeding.
(b) Notwithstanding paragraph (a) of
this section, the Secretary may appoint one or more attorneys who are
employed by the Department and who
do not perform any investigative or
prosecutorial function with respect to
this subpart, to serve, generally, in the
capacity as Presiding Officer(s) for
such matters pursuant to such procedures as the Secretary may hereafter
establish.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.320 Prohibition on ex parte communications during proceedings.
(a) At no time after the designation
of a Presiding Officer for a Proceeding
and prior to the issuance of a Final Decision pursuant to § 27.345 with respect
to a facility or other person, shall the
appointed Presiding Officer, or any person who will advise that official in the

238

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00248

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security
decision on the matter, discuss ex
parte the merits of the proceeding with
any interested person outside the Department, with any Department official who performs a prosecutorial or investigative function in such proceeding
or a factually related proceeding, or
with any representative of such person.
(b) If, after appointment of a Presiding Officer and prior to the issuance
of a Final Decision pursuant to § 27.345
with respect to a facility or other person, the appointed Presiding Officer, or
any person who will advise that official
in the decision on the matter, receives
from or on behalf of any party, by
means of an ex parte communication,
information that is relevant to the decision of the matter and to which other
parties have not had an opportunity to
respond, a summary of such information shall be served on all other parties, who shall have an opportunity to
reply to the ex parte communication
within a time set by the Presiding Officer.
(c) The consideration of classified information or CVI pursuant to an in
camera procedure does not constitute a
prohibited ex parte communication for
purposes of this subpart.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.325

Burden of proof.

The Executive Assistant Director
bears the initial burden of proving the
facts necessary to support the challenged administrative action at every
proceeding instituted under this subpart.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

§ 27.330

Summary decision procedures.

(a) The Presiding Officer appointed
for each Proceeding shall immediately
consider whether the summary adjudication of the Application for Review
is appropriate based on the Application
for Review, the Response, and all the
supporting filings of the parties pursuant to §§ 27.310(b)(5) and 27.310(c).
(1) The Presiding Officer shall
promptly issue any necessary scheduling order for any additional briefing
of the issue of summary adjudication

§ 27.335

on the Application for Review and Response.
(2) The Presiding Officer may conduct scheduling conferences and other
proceedings that the Presiding Officer
determines to be appropriate.
(b) If the Presiding Officer determines that there is no genuine issue of
material fact and that one party or the
other is entitled to a decision as a matter of law, then the record shall be
closed and the Presiding Officer shall
issue an Initial Decision on the Application for Review pursuant to § 27.340.
(c) If a Presiding Officer determines
that any factual issues require the
cross-examination of one or more witnesses or other proceedings at a hearing, the Presiding Officer, in consultation with the parties, shall promptly
schedule a hearing to be conducted pursuant to § 27.335.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

§ 27.335 Hearing procedures.
(a) Any hearing shall be held as expeditiously as possible at the location
most conducive to a prompt presentation of any necessary testimony or
other proceedings.
(1) Videoconferencing and teleconferencing may be used where appropriate
at the discretion of the Presiding Officer.
(2) Each party offering the affirmative testimony of a witness shall
present that testimony by declaration,
affidavit, or other sworn statement
submitted in advance as ordered by the
Presiding Officer.
(3) Any witness presented for further
examination shall be asked to testify
under an oath or affirmation.
(4) The hearing shall be recorded verbatim.
(b)(1) A facility or other person may
appear and be heard on his or her own
behalf or through any counsel of his or
her choice who is qualified to possess
CVI.
(2) A facility or other person individually, or through counsel, may offer
relevant and material information including written direct testimony,
which he or she believes should be considered in opposition to the administrative action, or which may bear on
the sanction being sought.

239

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00249

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

§ 27.340

6 CFR Ch. I (1–1–22 Edition)

(3) The facility or other person individually, or through counsel, may conduct such cross-examination as may be
specifically allowed by the Presiding
Officer for a full determination of the
facts.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41892, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

§ 27.340 Completion of adjudication
proceedings.
(a) The Presiding Officer shall close
and certify the record of the adjudication promptly upon the completion of:
(1) Summary judgment proceedings,
(2) A hearing, if necessary,
(3) The submission of post hearing
briefs, if any are ordered by the Presiding Officer, and
(4) The conclusion of oral arguments,
if any are permitted by the Presiding
Officer.
(b) The Presiding Officer shall issue
an Initial Decision based on the certified record, and the decision shall be
subject to appeal pursuant to § 27.345.
(c) An Initial Decision shall become a
final agency action on the expiration of
the time for an Appeal pursuant to
§ 27.345.
§ 27.345 Appeals.
(a) Right to appeal. A facility or any
person who has received an Initial Decision under § 27.340(b) has the right to
appeal to the Director acting as a neutral appeals officer.
(b) Procedure for appeals. (1) The Executive Assistant Director, a facility or
other person, or a representative on behalf of a facility or person, may institute an Appeal by filing a Notice of Appeal with the office of the Department
hereinafter designated by the Secretary.
(2) The Executive Assistant Director,
a facility, or other person must file a
Notice of Appeal within seven calendar
days of the service of the Presiding Officer’s Initial Decision.
(3) The Appellant shall file with the
designated office and simultaneously
serve each Notice of Appeal and all
subsequent filings on the Office of the
Chief Counsel.
(4) An Initial Decision is stayed from
the timely filing of a Notice of Appeal
until the Director issues a Final Decision, unless the Secretary lifts the stay

due to exigent circumstances pursuant
to § 27.310(d).
(5) The Appellant shall file and serve
a Brief within 28 calendar days of the
notification of the service of the Presiding Officer’s Initial Decision.
(6) The Appellee shall file and serve
its Opposition Brief within 28 calendar
days of the service of the Appellant’s
Brief.
(c) The Director may provide for an
expedited appeal for appropriate matters.
(d) Ex parte communications. (1) At no
time after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of
this section and prior to the issuance
of a Final Decision on an Appeal pursuant to paragraph (f) of this section
with respect to a facility or other person shall the Director, his or her designee, or any person who will advise
that official in the decision on the matter, discuss ex parte the merits of the
proceeding with any interested person
outside the Department, with any Department official who performs a prosecutorial or investigative function in
such proceeding or a factually related
proceeding, or with any representative
of such person.
(2) If, after the filing of a Notice of
Appeal pursuant to paragraph (b)(1) of
this section and prior to the issuance
of a Final Decision on an Appeal pursuant to paragraph (f) of this section
with respect to a facility or other person, the Director, his or her designee,
or any person who will advise that official in the decision on the matter, receives from or on behalf of any party,
by means of an ex parte communication, information that is relevant to
the decision of the matter and to which
other parties have not had an opportunity to respond, a summary of such
information shall be served on all other
parties, who shall have an opportunity
to reply to the ex parte communication
within a time set by the Director or his
or her designee.
(3) The consideration of classified information or CVI pursuant to an in
camera procedure does not constitute a
prohibited ex parte communication for
purposes of this subpart.
(e) A facility or other person may
elect to have the Director participate
in any mediation or other resolution

240

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00250

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security
process by expressly waiving, in writing, any argument that such participation has compromised the Appeal process.
(f) The Director shall issue a Final
Decision and serve it upon the parties.
A Final Decision made by the Director
constitutes final agency action.
(g) The Secretary may establish procedures for the conduct of Appeals pursuant to this section.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41893, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

Subpart D—Other
§ 27.400 Chemical-terrorism
vulnerability information.
(a) Applicability. This section governs
the maintenance, safeguarding, and
disclosure of information and records
that constitute Chemical-terrorism
Vulnerability Information (CVI), as defined in § 27.400(b). The Secretary shall
administer this section consistent with
6 U.S.C. 621 et seq., including appropriate sharing with Federal, State, and
local officials.
(b) Chemical-terrorism vulnerability information. In accordance with 6 U.S.C.
623, the following information, whether
transmitted verbally, electronically, or
in written form, shall constitute CVI:
(1) Security Vulnerability Assessments under § 27.215;
(2) Site Security Plans under § 27.225;
(3) Documents relating to the Department’s review and approval of Security
Vulnerability Assessments and Site Security Plans, including Letters of Authorization, Letters of Approval, and
responses thereto; written notices; and
other documents developed pursuant to
§ 27.240 or § 27.245;
(4) Alternative Security Programs
under § 27.235;
(5) Documents relating to inspection
or audits under § 27.250;
(6) Any records required to be created
or retained under § 27.255;
(7) Sensitive portions of orders, notices, or letters under § 27.300;
(8) Information developed pursuant
to §§ 27.200 and 27.205; and
(9) Other information developed for
chemical facility security purposes
that the Secretary, in his or her discretion, determines is similar to the information
protected
in
§ 27.400(b)(1)

§ 27.400

through (8) and thus warrants protection as CVI.
(c) Covered persons. Persons subject to
the requirements of this section are:
(1) Each person who has a need to
know CVI, as specified in § 27.400(e); and
(2) Each person who otherwise receives or gains access to what they
know or should reasonably know constitutes CVI.
(d) Duty to protect information. A covered person must:
(1) Take reasonable steps to safeguard CVI in that person’s possession
or control, including electronic data,
from unauthorized disclosure. When a
person is not in physical possession of
CVI, the person must store it in a secure container, such as a safe, that
limits access only to covered persons
with a need to know;
(2) Disclose, or otherwise provide access to, CVI only to persons who have
a need to know;
(3) Refer requests for CVI by persons
without a need to know to the Executive Assistant Director;
(4) Mark CVI as specified in § 27.400(f);
(5) Dispose of CVI as specified in
§ 27.400(k);
(6) If a covered person receives a
record or verbal transmission containing CVI that is not marked as specified in § 27.400(f), the covered person
must:
(i) Mark the record as specified in
§ 27.400(f) of this section; and
(ii) Inform the sender of the record
that the record must be marked as
specified in § 27.400(f); or
(iii) If received verbally, make reasonable efforts to memorialize such information and mark the memorialized
record as specified in § 27.400(f) of this
section, and inform the speaker of any
determination that such information
warrants CVI protection.
(7) When a covered person becomes
aware that CVI has been released to
persons without a need to know (including a covered person under
§ 27.400(c)(2)), the covered person must
promptly inform the Executive Assistant Director; and
(8) In the case of information that is
CVI and also has been designated as
Protected Critical Infrastructure Information under 6 U.S.C. 133, any covered

241

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00251

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

§ 27.400

6 CFR Ch. I (1–1–22 Edition)

person in possession of such information must comply with the disclosure
restrictions and other requirements applicable to such information under 6
U.S.C. 133 and any implementing regulations.
(e) Need to know. (1) A person, including a State or local official, has a need
to know CVI in each of the following
circumstances:
(i) When the person requires access to
specific CVI to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(ii) When the person needs the information to receive training to carry out
chemical facility security activities
approved,
accepted,
funded,
recommended, or directed by the Department.
(iii) When the information is necessary for the person to supervise or
otherwise manage individuals carrying
out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(iv) When the person needs the information to provide technical or legal
advice to a covered person, who has a
need to know the information, regarding chemical facility security requirements of Federal law.
(v) When the Department determines
that access is required under § 27.400(h)
or § 27.400(i) in the course of a judicial
or administrative proceeding.
(2) Federal employees, contractors, and
grantees. (i) A Federal employee has a
need to know CVI if access to the information is necessary for performance of
the employee’s official duties.
(ii) A person acting in the performance of a contract with or grant from
the Department has a need to know
CVI if access to the information is necessary to performance of the contract
or grant. Contractors or grantees may
not further disclose CVI without the
consent of the Executive Assistant Director.
(iii) The Department may require
that non-Federal persons seeking access to CVI complete a non-disclosure
agreement before such access is granted.
(3) Background check. The Department may make an individual’s access

to the CVI contingent upon satisfactory completion of a security background check or other procedures and
requirements for safeguarding CVI that
are satisfactory to the Department.
(4) Need to know further limited by the
Department. For some specific CVI, the
Department may make a finding that
only specific persons or classes of persons have a need to know.
(5) Nothing in § 27.400(e) shall prevent
the Department from determining, in
its discretion, that a person not otherwise listed in § 27.400(e) has a need to
know CVI in a particular circumstance.
(f) Marking of paper records. (1) In the
case of paper records containing CVI, a
covered person must mark the record
by placing the protective marking conspicuously on the top, and the distribution limitation statement on the bottom, of:
(i) The outside of any front and back
cover, including a binder cover or folder, if the document has a front and
back cover;
(ii) Any title page; and
(iii) Each page of the document.
(2) Protective markings. The protective
marking is: CHEMICAL-TERRORISM
VULNERABILITY INFORMATION.
(3) Distribution limitation statement.
The distribution limitation statement
is: WARNING: This record contains
Chemical-terrorism Vulnerability Information controlled by 6 CFR 27.400.
Do not disclose to persons without a
‘‘need to know’’ in accordance with 6
CFR 27.400(e). Unauthorized release
may result in civil penalties or other
action. In any administrative or judicial proceeding, this information shall
be treated as classified information in
accordance with 6 CFR 27.400(h) and (i).
(4) Other types of records. In the case
of non-paper records that contain CVI,
including motion picture films, videotape recordings, audio recordings, and
electronic and magnetic records, a covered person must clearly and conspicuously mark the records with the protective marking and the distribution
limitation statement such that the
viewer or listener is reasonably likely
to see or hear them when obtaining access to the contents of the record.

242

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00252

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security
(g) Disclosure by the Department—(1)
In general. Except as otherwise provided in this section, and notwithstanding the Freedom of Information
Act (5 U.S.C. 552), the Privacy Act (5
U.S.C. 552a), and other laws, records
containing CVI are not available for
public inspection or copying, nor does
the Department release such records to
persons without a need to know.
(2) Disclosure of Segregable Information
under the Freedom of Information Act
and the Privacy Act. If a record is
marked to signify both CVI and information that is not CVI, the Department, on a proper Freedom of Information Act or Privacy Act request, may
disclose the record with the CVI redacted, provided the record is not otherwise exempt from disclosure under
the Freedom of Information Act or Privacy Act.
(h) Disclosure in administrative enforcement proceedings. (1) The Department
may provide CVI to a person governed
by 6 U.S.C. 621 et seq., and his or her
counsel, in the context of an administrative enforcement proceeding of 6
U.S.C. 621 et seq. when, in the sole discretion of the Department, as appropriate, access to the CVI is necessary
for the person to prepare a response to
allegations contained in a legal enforcement action document issued by
the Department.
(2) Security background check. Prior to
providing CVI to a person under
§ 27.400(h)(1), the Department may require the individual or, in the case of
an entity, the individuals representing
the entity, and their counsel, to undergo and satisfy, in the judgment of the
Department, a security background
check.
(i) Disclosure in judicial proceedings.
(1) In any judicial enforcement proceeding of 6 U.S.C. 621 et seq., the Secretary, in his or her sole discretion,
may, subject to § 27.400(i)(1)(i), authorize access to CVI for persons necessary
for the conduct of such proceedings, including such persons’ counsel, provided
that no other persons not so authorized
shall have access to or be present for
the disclosure of such information.
(i) Security background check. Prior to
providing CVI to a person under
§ 27.400(i)(1), the Department may require the individual to undergo and

§ 27.400

satisfy, in the judgment of the Department, a security background check.
(ii) [Reserved]
(2) In any judicial enforcement proceeding under 6 U.S.C. 621 et seq. where
a person seeks to disclose CVI to a person not authorized to receive it under
paragraph (i)(1) of this section, or
where a person not authorized to receive CVI under paragraph (i)(1) of this
section seeks to compel its disclosure
through discovery, the United States
may make an ex parte application in
writing to the court seeking authorization to:
(i) Redact specified items of CVI from
documents to be introduced into evidence or made available to the defendant through discovery under the Federal Rules of Civil Procedure;
(ii) Substitute a summary of the information for such CVI; or
(iii) Substitute a statement admitting relevant facts that the CVI would
tend to prove.
(3) The court shall grant a request
under paragraph (i)(2) of this section if,
after in camera review, the court finds
that the redacted item, stipulation, or
summary is sufficient to allow the defendant to prepare a defense.
(4) If the court enters an order granting a request under paragraph (i)(2) of
this section, the entire text of the documents to which the request relates
shall be sealed and preserved in the
records of the court to be made available to the appellate court in the event
of an appeal.
(5) If the court enters an order denying a request of the United States
under paragraph (i)(2) of this section,
the United States may take an immediate, interlocutory appeal of the
court’s order in accordance with 18
U.S.C. 2339B(f)(4), (5). For purposes of
such an appeal, the entire text of the
documents to which the request relates, together with any transcripts of
arguments made ex parte to the court
in connection therewith, shall be maintained under seal and delivered to the
appellate court.
(6) Except as provided otherwise at
the sole discretion of the Secretary, access to CVI shall not be available in
any civil or criminal litigation unrelated to the enforcement under 6 U.S.C.
621 et seq..

243

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00253

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

kpayne on VMOFRWIN702 with $$_JOB

§ 27.405

6 CFR Ch. I (1–1–22 Edition)

(7) Taking of trial testimony—(i) Objection. During the examination of a witness in any judicial proceeding, the
United States may object to any question or line of inquiry that may require
the witness to disclose CVI not previously found to be admissible.
(ii) Action by court. In determining
whether a response is admissible, the
court shall take precautions to guard
against the compromise of any CVI, including—
(A) Permitting the United States to
provide the court, ex parte, with a proffer of the witness’s response to the
question or line of inquiry; and
(B) Requiring the defendant to provide the court with a proffer of the nature of the information that the defendant seeks to elicit.
(iii) Obligation of defendant. In any judicial enforcement proceeding, it shall
be the defendant’s obligation to establish the relevance and materiality of
any CVI sought to be introduced.
(8) Construction. Nothing in this subsection shall prevent the United States
from seeking protective orders or asserting privileges ordinarily available
to the United States to protect against
the disclosure of classified information, including the invocation of the
military and State secrets privilege.
(j) Consequences of violation. Violation
of this section is grounds for a civil
penalty and other enforcement or corrective action by the Department, and
appropriate personnel actions for Federal employees. Corrective action may
include issuance of an order requiring
retrieval of CVI to remedy unauthorized disclosure or an order to cease future unauthorized disclosure.
(k) Destruction of CVI. (1) The Department of Homeland Security. Subject to
the requirements of the Federal
Records Act (codified at 44 U.S.C. 3101
et seq. and 3301 et seq.), including the
duty to preserve records containing
documentation of a Federal agency’s
policies, decisions, and essential transactions, the Department destroys CVI
when no longer needed to carry out the
agency’s function.
(2) Other covered persons—(i) In general. A covered person must destroy
CVI completely to preclude recognition
or reconstruction of the information
when the covered person no longer

needs the CVI to carry out security
measures under paragraph (e) of this
section.
(ii) Exception. Section 27.400(k)(2)
does not require a State or local government agency to destroy information
that the agency is required to preserve
under State or local law.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41893, Aug. 4, 2021]

§ 27.405 Review and preemption of
State laws and regulations.
(a) As per current law, no law, regulation, or administrative action of a
State or political subdivision thereof,
or any decision or order rendered by a
court under State law, shall have any
effect if such law, regulation, or decision conflicts with, hinders, poses an
obstacle to, or frustrates the purposes
of this regulation or of any approval,
disapproval, or order issued there
under.
(1) Nothing in this part is intended to
displace other federal requirements administered by the Environmental Protection Agency, U.S. Department of
Justice, U.S. Department of Labor,
U.S. Department of Transportation, or
other federal agencies.
(2) [Reserved]
(b) State law, regulation, or administrative action defined. For purposes of
this section, the phrase ‘‘State law,
regulation, or administrative action’’
means any enacted law, promulgated
regulation, ordinance, administrative
action, order, decision, or common law
standard of a State or any of its political subdivisions.
(c) Submission for review. Any chemical facility covered by these regulations and any State may petition the
Department by submitting a copy of a
State law, regulation, administrative
action, decision, or order of a court for
review under this section.
(d) Review and opinion—(1) Review.
The Department may review State
laws, administrative actions, opinions,
or orders of a court under State law
and regulations submitted under this
section, and may offer an opinion
whether the application or enforcement of the State law or regulation
would conflict with, hinder, pose an obstacle to, or frustrate the purposes of
this part.

244

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00254

Fmt 8010

Sfmt 8010

Q:\06\6V1.TXT

PC31

Office of the Secretary, Homeland Security
(2) Opinion. The Department may
issue a written opinion on any question
regarding preemption. If the question
was submitted under subsection (c) of
this part, the Executive Assistant Director will notify the affected chemical
facility and the Attorney General of
the subject State of any opinion under
this section.
(3) Consultation with States. In conducting a review under this section,
the Department will seek the views of
the State or local jurisdiction whose
laws may be affected by the Department’s review.

§ 27.410

§ 27.410
Third-party actions.

(a) Nothing in this part shall confer
upon any person except the Secretary a
right of action, in law or equity, for
any remedy including, but not limited
to, injunctions or damages to enforce
any provision of this part.
(b) An owner or operator of a chemical facility may petition the Executive Assistant Director to provide the
Department’s view in any litigation involving any issues or matters regarding this part.
[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41894, Aug. 4, 2021]

kpayne on VMOFRWIN702 with $$_JOB

[72 FR 17729, Apr. 9, 2007, as amended at 86
FR 41893, Aug. 4, 2021]

245

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00255

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

Pt. 27, App. A

6 CFR Ch. I (1–1–22 Edition)

246

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00256

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.008

kpayne on VMOFRWIN702 with $$_JOB

APPENDIX A TO PART 27—DHS CHEMICALS OF INTEREST

Pt. 27, App. A

247

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00257

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.009

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

248

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00258

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.010

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Pt. 27, App. A

249

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00259

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.011

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

250

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00260

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.012

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Pt. 27, App. A

251

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00261

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.013

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

252

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00262

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.014

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Pt. 27, App. A

253

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00263

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.015

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

254

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00264

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.016

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Pt. 27, App. A

255

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00265

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.017

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

256

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00266

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.018

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Pt. 27, App. A

257

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00267

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.019

kpayne on VMOFRWIN702 with $$_JOB

Office of the Secretary, Homeland Security

6 CFR Ch. I (1–1–22 Edition)

258

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00268

Fmt 8010

Sfmt 8006

Q:\06\6V1.TXT

PC31

ER20NO07.020

kpayne on VMOFRWIN702 with $$_JOB

Pt. 27, App. A

Office of the Secretary, Homeland Security

Pt. 27, App. A

259

VerDate Sep<11>2014

16:58 Jun 09, 2022

Jkt 256011

PO 00000

Frm 00269

Fmt 8010

Sfmt 8026

Q:\06\6V1.TXT

PC31

ER20NO07.021

kpayne on VMOFRWIN702 with $$_JOB

[72 FR 65420, Nov. 20, 2007]


File Typeapplication/pdf
File Modified2022-08-29
File Created2022-08-29

© 2024 OMB.report | Privacy Policy