Protecting Chemical Plants from Catastrophic Failures, Part 2

A look at the 13 security management practices that can be applied to your facility


Some of the strategies for effectively implementing security measures include: establishing clear responsibility for site security coordination and for implementing the security enhancement measures; establishing a realistic implementation schedule; allocating the necessary resources; and confirming that measures have been put in place and are working appropriately.

4. Information and Cyber Security

Assuring the security of information and information systems helps protect a company's electronic systems, process controls, telecommunications, and management and commerce functions. Information security also helps deprive potential adversaries of information that might help them in their actions against a company.

The objective of cyber-security practices is to protect the confidentiality, integrity, and availability of information; ensure the safety and operational effectiveness of process controls; and prevent information from being used that could compromise the physical security practices of companies. To be most effective, these controls should protect technology, processes and people.

Cyber-security risk assessment should be coordinated with the physical security assessment and includes: evaluating connections between internal networks and the Internet or other company networks; creating policies and practices for upgrading antivirus software; and developing access control policies and practices, including remote access and wireless communications.

Unless you have the internal expertise, seriously consider hiring an outside IT security consultant to assist in the assessment.

5. Documentation

Documentation of a company's security programs, processes and procedures helps to institutionalize your security program so that security will not falter as security employees leave the company. It also assures that the program outlasts the person who developed it.

Documentation of security measures tends to increase compliance; rules are generally followed more closely when someone is looking and keeping records. Documentation of security performance, violations, successes and failures also helps security staff to determine various security measures that may need to be strengthened.

Last, complete and accurate documentation of a company's security program facilitates a smooth transition to third-party certification of the company's security program.

6. Security Program Training and Drills

When establishing a training program, strive to create a culture where training is a routine, expected practice. Consider using both internal and external resources to ensure the best training is received. Reinforce training with e-mailed security reminders or post security tips on the company intranet.

Conduct drills to test the effectiveness of security measures and training programs. Evaluate these drills and make use of the lessons learned to continuously improve the program.

7. Communications, Dialogue and Information Exchange

Communication is key to a successful security program. By communicating security policies, concerns and measures to employees, contractors and visitors, they will more likely adhere to those policies and notice and report security-related incidents.

Building a partnership with law enforcement officials and other responders can increase the effectiveness of support. Also, once regular lines of communication are established, local responders are more likely to provide advance notice of threats and relevant developments.

Providing information about your security program to the community can foster understanding that will benefit everyone. Sharing information also can reduce tension between communities and companies, can open the door to constructive dialogue, and may lead to improved site security.

8. Response to Security Threats