Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

e-CFR data is current as of July 1, 2020

Title 6Chapter I → Part 27


Title 6: Domestic Security


PART 27—CHEMICAL FACILITY ANTI-TERRORISM STANDARDS


Contents

Subpart A—General

§27.100   Purpose.
§27.105   Definitions.
§27.110   Applicability.
§27.115   Implementation.
§27.120   Designation of a coordinating official; Consultations and technical assistance.
§27.125   Severability.

Subpart B—Chemical Facility Security Program

§27.200   Information regarding security risk for a chemical facility.
§27.203   Calculating the screening threshold quantity by security issue.
§27.204   Minimum concentration by security issue.
§27.205   Determination that a chemical facility “presents a high level of security risk.”
§27.210   Submissions schedule.
§27.215   Security vulnerability assessments.
§27.220   Tiering.
§27.225   Site security plans.
§27.230   Risk-based performance standards.
§27.235   Alternative security program.
§27.240   Review and approval of security vulnerability assessments.
§27.245   Review and approval of site security plans.
§27.250   Inspections and audits.
§27.255   Recordkeeping requirements.

Subpart C—Orders and Adjudications

§27.300   Orders.
§27.305   Neutral adjudications.
§27.310   Commencement of adjudication proceedings.
§27.315   Presiding officers for proceedings.
§27.320   Prohibition on ex parte communications during proceedings.
§27.325   Burden of proof.
§27.330   Summary decision procedures.
§27.335   Hearing procedures.
§27.340   Completion of adjudication proceedings.
§27.345   Appeals.

Subpart D—Other

§27.400   Chemical-terrorism vulnerability information.
§27.405   Review and preemption of State laws and regulations.
§27.410   Third party actions.

   

Appendix A to Part 27—DHS Chemicals of Interest

Authority: 6 U.S.C. 624; Pub. L. 101-410, 104 Stat. 890, as amended by Pub. L. 114-74, 129 Stat. 599; Pub. L. 113-254, 128 Stat. 2898, as amended by Pub. L. 116-2, 133 Stat. 5.

Source: 72 FR 17729, Apr. 9, 2007, unless otherwise noted.

return arrow Back to Top

Subpart A—General

return arrow Back to Top

§27.100   Purpose.

The purpose of this part is to enhance the security of our Nation by furthering the mission of the Department as provided in 6 U.S.C. §111(b)(1) and by lowering the risk posed by certain chemical facilities.

return arrow Back to Top

§27.105   Definitions.

As used in this part:

A Commercial Grade (ACG) shall refer to any quality or concentration of a chemical of interest offered for commercial sale that a facility uses, stores, manufactures, or ships.

A Placarded Amount (APA) shall refer to the STQ for a sabotage and contamination chemical of interest, as calculated in accordance with §27.203(d).

Alternative Security Program or ASP shall mean a third-party or industry organization program, a local authority, state or Federal government program or any element or aspect thereof, that the Assistant Secretary has determined meets the requirements of this part and provides for an equivalent level of security to that established by this part.

Assistant Secretary shall mean the Assistant Secretary for Infrastructure Protection, Department of Homeland Security or his designee.

Chemical Facility or facility shall mean any establishment that possesses or plans to possess, at any relevant point in time, a quantity of a chemical substance determined by the Secretary to be potentially dangerous or that meets other risk-related criteria identified by the Department. As used herein, the term chemical facility or facility shall also refer to the owner or operator of the chemical facility. Where multiple owners and/or operators function within a common infrastructure or within a single fenced area, the Assistant Secretary may determine that such owners and/or operators constitute a single chemical facility or multiple chemical facilities depending on the circumstances.

Chemical of Interest shall refer to a chemical listed in appendix A to part 27.

Chemical Security Assessment Tool or CSAT shall mean a suite of four applications, including User Registration, Top-Screen, Security Vulnerability Assessment, and Site Security Plan, through which the Department will collect and analyze key data from chemical facilities.

Chemical-terrorism Vulnerability Information or CVI shall mean the information listed in §27.400(b).

Coordinating Official shall mean the person (or his designee(s)) selected by the Assistant Secretary to ensure that the regulations are implemented in a uniform, impartial, and fair manner.

Covered Facility or Covered Chemical Facility shall mean a chemical facility determined by the Assistant Secretary to present high levels of security risk, or a facility that the Assistant Secretary has determined is presumptively high risk under §27.200.

CUM 100g shall refer to the cumulative STQ of 100 grams for designated theft/diversion-CW/CWP chemicals and which is located in appendix A to part 27 as the entry for the STQ and Minimum Concentration of certain theft/diversion-CW/CWP chemicals.

Department shall mean the Department of Homeland Security.

Deputy Secretary shall mean the Deputy Secretary of the Department of Homeland Security or his designee.

Director of the Chemical Security Division or Director shall mean the Director of the Chemical Security Division, Office of Infrastructure Protection, Department of Homeland Security or any successors to that position within the Department or his designee.

General Counsel shall mean the General Counsel of the Department of Homeland Security or his designee.

Operator shall mean a person who has responsibility for the daily operations of a facility or facilities subject to this part.

Owner shall mean the person or entity that owns any facility subject to this part.

Present high levels of security risk and high risk shall refer to a chemical facility that, in the discretion of the Secretary of Homeland Security, presents a high risk of significant adverse consequences for human life or health, national security and/or critical economic assets if subjected to terrorist attack, compromise, infiltration, or exploitation.

Risk profiles shall mean criteria identified by the Assistant Secretary for determining which chemical facilities will complete the Top-Screen or provide other risk assessment information.

Screening Threshold Quantity or STQ shall mean the quantity of a chemical of interest, upon which the facility's obligation to complete and submit the CSAT Top-Screen is based.

Secretary or Secretary of Homeland Security shall mean the Secretary of the Department of Homeland Security or any person, officer or entity within the Department to whom the Secretary's authority under section 550 is delegated.

Security Issue shall refer to the type of risks associated with a given chemical. For purposes of this part, there are four main security issues:

(1) Release (including toxic, flammable, and explosive);

(2) Theft and diversion (including chemical weapons and chemical weapons precursors, weapons of mass effect, and explosives and improvised explosive device precursors),

(3) Sabotage and contamination, and

(4) Critical to government mission and national economy.

Terrorist attack or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist activity under 6 U.S.C. 101(15) or 18 U.S.C. 2331(5) or 8 U.S.C. 1182(a)(3)(B)(iii), including any incident or attempt that involves or would involve sabotage of chemical facilities or theft, misappropriation or misuse of a dangerous quantity of chemicals.

Tier shall mean the risk level associated with a covered chemical facility and which is assigned to a facility by the Department. For purposes of this part, there are four risk-based tiers, ranging from highest risk at Tier 1 to lowest risk at Tier 4.

Top-Screen shall mean an initial screening process designed by the Assistant Secretary through which chemical facilities provide information to the Department for use pursuant to §27.200 of these regulations.

Under Secretary shall mean the Under Secretary for National Protection and Programs, Department of Homeland Security or any successors to that position within the Department or his designee.

[72 FR 17729, Apr. 9, 2007, as amended at 72 FR 65418, Nov. 20, 2007]

return arrow Back to Top

§27.110   Applicability.

(a) This part applies to chemical facilities and to covered facilities as set out herein.

(b) This part does not apply to facilities regulated pursuant to the Maritime Transportation Security Act of 2002, Pub. L. 107-295, as amended; Public Water Systems, as defined by section 1401 of the Safe Drinking Water Act, Pub. L. 93-523, as amended; Treatment Works as defined in section 212 of the Federal Water Pollution Control Act, Pub. L. 92-500, as amended; any facility owned or operated by the Department of Defense or the Department of Energy, or any facility subject to regulation by the Nuclear Regulatory Commission.

return arrow Back to Top

§27.115   Implementation.

The Assistant Secretary may implement the section 550 program in a phased manner, selecting certain chemical facilities for expedited initial processes under these regulations and identifying other chemical facilities or types or classes of chemical facilities for other phases of program implementation. The Assistant Secretary has flexibility to designate particular chemical facilities for specific phases of program implementation based on potential risk or any other factor consistent with this part.

return arrow Back to Top

§27.120   Designation of a coordinating official; Consultations and technical assistance.

(a) The Assistant Secretary will designate a Coordinating Official who will be responsible for ensuring that these regulations are implemented in a uniform, impartial, and fair manner.

(b) The Coordinating Official and his staff shall provide guidance to covered facilities regarding compliance with this part and shall, as necessary and to the extent that resources permit, be available to consult and to provide technical assistance to an owner or operator who seeks such consultation or assistance.

(c) In order to initiate consultations or seek technical assistance, a covered facility shall submit a written request for consultation or technical assistance to the Coordinating Official or contact the Department in any other manner specified in any subsequent guidance. Requests for consultation or technical guidance do not serve to toll any of the applicable timelines set forth in this part.

(d) If a covered facility modifies its facility, processes, or the types or quantities of materials that it possesses, and believes that such changes may impact the covered facility's obligations under this part, the covered facility may request a consultation with the Coordinating Official as specified in paragraph (c).

return arrow Back to Top

§27.125   Severability.

If a court finds any portion of this part to have been promulgated without proper authority, the remainder of this part will remain in full effect.

return arrow Back to Top

Subpart B—Chemical Facility Security Program

return arrow Back to Top

§27.200   Information regarding security risk for a chemical facility.

(a) Information to determine security risk. In order to determine the security risk posed by chemical facilities, the Secretary may, at any time, request information from chemical facilities that may reflect potential consequences of or vulnerabilities to a terrorist attack or incident, including questions specifically related to the nature of the business and activities conducted at the facility; information concerning the names, nature, conditions of storage, quantities, volumes, properties, customers, major uses, and other pertinent information about specific chemicals or chemicals meeting a specific criterion; information concerning facilities' security, safety, and emergency response practices, operations, and procedures; information regarding incidents, history, funding, and other matters bearing on the effectiveness of the security, safety and emergency response programs, and other information as necessary.

(b) Obtaining information from facilities. (1) The Assistant Secretary may seek the information provided in paragraph (a) of this section by contacting chemical facilities individually or by publishing a notice in the Federal Register seeking information from chemical facilities that meet certain criteria, which the Department will use to determine risk profiles. Through any such individual or Federal Register notification, the Assistant Secretary may instruct such facilities to complete and submit a Top-Screen process, which may be completed through a secure Department Web site or through other means approved by the Assistant Secretary.

(2) A facility must complete and submit a Top-Screen in accordance with the schedule provided in §27.210, the calculation provisions in §27.203, and the minimum concentration provisions in §27.204 if it possesses any of the chemicals listed in appendix A to this part at or above the STQ for any applicable Security Issue.

(3) Where the Department requests that a facility complete and submit a Top-Screen, the facility must designate a person who is responsible for the submission of information through the CSAT system and who attests to the accuracy of the information contained in any CSAT submissions. Such submitter must be an officer of the corporation or other person designated by an officer of the corporation and must be domiciled in the United States.

(c) Presumptively High Risk Facilities. (1) If a chemical facility subject to paragraph (a) or (b) of this section fails to provide information requested or complete the Top-Screen within the timeframe provided in §27.210, the Assistant Secretary may, after attempting to consult with the facility, reach a preliminary determination, based on the information then available, that the facility presumptively presents a high level of security risk. The Assistant Secretary shall then issue a notice to the entity of this determination and, if necessary, order the facility to provide information or complete the Top-Screen pursuant to these rules. If the facility then fails to do so, it may be subject to civil penalties pursuant to §27.300, audit and inspection under §27.250 or, if appropriate, an order to cease operations under §27.300.

(2) If the facility deemed “presumptively high risk” pursuant to paragraph (c)(1) of this section completes the Top-Screen, and the Department determines that it does not present a high level of security risk under §27.205, its status as “presumptively high risk” will terminate, and the Department will issue a notice to the facility to that effect.

[72 FR 17729, Apr. 9, 2007, as amended at 72 FR 65418, Nov. 20, 2007]

return arrow Back to Top

§27.203   Calculating the screening threshold quantity by security issue.

(a) General. In calculating whether a facility possesses a chemical of interest that meets the STQ for any security issue, a facility need not include chemicals of interest:

(1) Used as a structural component;

(2) Used as products for routine janitorial maintenance;

(3) Contained in food, drugs, cosmetics, or other personal items used by employees;

(4) In process water or non-contact cooling water as drawn from environment or municipal sources;

(5) In air either as compressed air or as part of combustion;

(6) Contained in articles, as defined in 40 CFR 68.3;

(7) In solid waste (including hazardous waste) regulated under the Resource Conservation and Recovery Act, 42 U.S.C. 6901 et. seq., except for the waste described in 40 CFR 261.33;

(8) in naturally occurring hydrocarbon mixtures prior to entry of the mixture into a natural gas processing plant or a petroleum refining process unit. Naturally occurring hydrocarbon mixtures include condensate, crude oil, field gas, and produced water as defined in 40 CFR 68.3.

(b) Release chemicals—(1) Release-toxic, release-flammable, and release-explosive chemicals. Except as provided in paragraphs (b)(2) and (b)(3), in calculating whether a facility possesses an amount that meets the STQ for release chemicals of interest, the facility shall only include release chemicals of interest:

(i) In a vessel as defined in 40 CFR 68.3, in a underground storage facility, or stored in a magazine as defined in 27 CFR 555.11;

(ii) In transportation containers used for storage not incident to transportation, including transportation containers connected to equipment at a facility for loading or unloading and transportation containers detached from the motive power that delivered the container to the facility;

(iii) Present as process intermediates, by-products, or materials produced incidental to the production of a product if they exist at any given time;

(iv) In natural gas or liquefied natural gas stored in peak shaving facilities; and

(v) In gasoline, diesel, kerosene or jet fuel (including fuels that have flammability hazard ratings of 1, 2, 3, or 4, as determined by using National Fire Protection Association (NFPA) 704: Standard System for the Identification of the Hazards of Materials for Emergency Response [2007 ed.], which is incorporated by reference at 27.204(a)(2)) stored in aboveground tank farms, including tank farms that are part of pipeline systems;

(2) Release-toxic, release-flammable, and release-explosive chemicals. Except as provided in paragraph (c)(2)(i), in calculating whether a facility possesses an amount that meets the STQ for release-toxic, release-flammable, and release-explosive chemicals, a facility need not include release-toxic, release-flammable, or release-explosive chemicals of interest that a facility manufactures, processes or uses in a laboratory at the facility under the supervision of a technically qualified individual as defined in 40 CFR 720.3.

(i) This exemption does not apply to specialty chemical production; manufacture, processing, or use of substances in pilot plant scale operations; or activities, including research and development, involving chemicals of interest conducted outside the laboratory.

(ii) [Reserved]

(3) Propane. In calculating whether a facility possesses an amount that meets the STQ for propane, a facility need not include propane in tanks of 10,000 pounds or less.

(c) Theft and diversion chemicals. In calculating whether a facility possesses an amount of a theft/diversion chemical of interest that meets the STQ, the facility shall only include theft/diversion chemicals of interest in a transportation packaging, as defined in 49 CFR 171.8. Where a theft/diversion-Chemical Weapons (CW) chemical is designated by “CUM 100g,” a facility shall total the quantity of all such designated chemicals in its possession to determine whether the facility possesses theft/diversion-CW chemicals that meet or exceed the STQ of 100 grams.

(d) Sabotage and contamination chemicals. A facility meets the STQ for a sabotage/contamination chemical of interest if it ships the chemical and is required to placard the shipment of that chemical pursuant to the provisions of subpart F of 49 CFR part 172.

[72 FR 65419, Nov. 20, 2007]

return arrow Back to Top

§27.204   Minimum concentration by security issue.

(a) Release chemicals—(1) Release-toxic chemicals. If a release-toxic chemical of interest is present in a mixture, and the concentration of the chemical is equal to or greater than one percent (1%) by weight, the facility shall count the amount of the chemical of interest in the mixture toward the STQ. If a release-toxic chemical of interest is present in a mixture, and the concentration of the chemical is less than one percent (1%) by weight of the mixture, the facility need not count the amount of that chemical in the mixture in determining whether the facility possesses the STQ. Except for oleum, if the concentration of the chemical of interest in the mixture is one percent (1%) or greater by weight, but the facility can demonstrate that the partial pressure of the regulated substance in the mixture (solution) under handling or storage conditions in any portion of the process is less than 10 millimeters of mercury (mm Hg), the amount of the substance in the mixture in that portion of a vessel need not be considered when determining the STQ. The facility shall document this partial pressure measurement or estimate.

(2) Release-flammable chemicals. If a release-flammable chemical of interest is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and the mixture has a National Fire Protection Association (NFPA) flammability hazard rating of 4, the facility shall count the entire amount of the mixture toward the STQ. Except as provided in §27.203(b)(1)(v) for fuels that are stored in aboveground tank farms (including farms that are part of pipeline systems), if a release-flammable chemical of interest is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and the mixture has a National Fire Protection Association (NFPA) flammability hazard rating of 1, 2, or 3, the facility need not count the mixture toward the STQ. The flammability hazard ratings are defined in NFPA 704: Standard System for the Identification of the Hazards of Materials for Emergency Response [2007 ed.]. The Director of the Federal Register approves the incorporation by reference of this standard in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You may obtain a copy of the incorporated standard from the National Fire Protection Association at 1 Batterymarch Park, Quincy, MA 02169-7471 or http://www.nfpa.org. You may inspect a copy of the incorporated standard at the Department of Homeland Security, 1621 Kent Street, 9th Floor, Rosslyn VA (please call 703-235-0709) to make an appointment or at the or at the National Archives and Records Administration (NARA). For information on the availability of material at NARA, call 202-741-6030, or go to http://www.archives.gov/federal__register/code__of__federal__regulations/ibr__locations.html. If a release-flammable chemical of interest is present in a mixture, and the concentration of the chemical is less than one percent (1%) by weight, the facility need not count the mixture in determining whether the facility possesses the STQ.

(3) Release-explosive chemicals. For each release-explosive chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical of interest toward the STQ, unless a specific minimum concentration is assigned in the Minimum Concentration column of appendix A to part 27, in which case the facility should count the total quantity of all commercial grades of the chemical at the specified minimum concentration.

(b) Theft and diversion chemicals. (1) Theft/Diversion-Chemical Weapons (CW) and Chemical Weapons Precursors (CWP Chemicals: Where a theft/diversion-CWC/CWP chemical of interest is not designated by “CUM 100g” in appendix A, and the chemical is present in a mixture at or above the minimum concentration amount listed in the Minimum Concentration column of appendix A to part 27, the facility shall count the entire amount of the mixture toward the STQ.

(2) Theft/Diversion-Weapon of Mass Effect (WME) Chemicals: If a theft/diversion-WME chemical of interest is present in a mixture at or above the minimum concentration amount listed in the Minimum Concentration column of appendix A to part 27, the facility shall count the entire amount of the mixture toward the STQ.

(3) Theft/diversion-Explosives/Improvised Explosive Device Precursor (EXP/IEDP) chemicals. For each theft/diversion-EXP/IEDP chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical toward the STQ, unless a specific minimum concentration is assigned in the Minimum Concentration column of appendix A to part 27, in which case the facility should count the total quantity of all commercial grades of the chemical at the specified minimum concentration.

(c) Sabotage and contamination chemicals. For each sabotage/contamination chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical toward the STQ.

[72 FR 65419, Nov. 20, 2007]

return arrow Back to Top

§27.205   Determination that a chemical facility “presents a high level of security risk.”

(a) Initial determination. The Assistant Secretary may determine at any time that a chemical facility presents a high level of security risk based on any information available (including any information submitted to the Department under §27.200) that, in the Secretary's discretion, indicates the potential that a terrorist attack involving the facility could result in significant adverse consequences for human life or health, national security or critical economic assets. Upon determining that a facility presents a high level of security risk, the Department shall notify the facility in writing of such initial determination and may also notify the facility of the Department's preliminary determination of the facility's placement in a risk-based tier pursuant to §27.220(a).

(b) Redetermination. If a covered facility previously determined to present a high level of security risk has materially altered its operations, it may seek a redetermination by filing a Request for Redetermination with the Assistant Secretary, and may request a meeting regarding the Request. Within 45 calendar days of receipt of such a Request, or within 45 calendar days of a meeting under this paragraph, the Assistant Secretary shall notify the covered facility in writing of the Department's decision on the Request for Redetermination.

return arrow Back to Top

§27.210   Submissions schedule.

(a) Initial submission. The timeframes in paragraphs (a)(2) and (a)(3) of this section also apply to covered facilities that submit an Alternative Security Program pursuant to §27.235.

(1) Top-Screen. Facilities shall complete and submit a Top-Screen within the following time frames:

(i) Unless otherwise notified, within 60 calendar days of November 20, 2007 for facilities that possess any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue, or within 60 calendar days for facilities that come into possession of any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue; or

(ii) Within the time frame provided in any written notification from the Department or specified in any subsequent Federal Register notice.

(2) Security Vulnerability Assessment. Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.

(3) Site Security Plan. Unless otherwise notified, a covered facility must complete and submit a Site Security Plan within 120 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.

(b) Resubmission schedule for covered facilities. The timeframes in this subsection also apply to covered facilities who submit an Alternative Security Program pursuant to §27.235.

(1) Top-Screen. Unless otherwise notified, Tier 1 and Tier 2 covered facilities must complete and submit a new Top-Screen no less than two years, and no more than two years and 60 calendar days, from the date of the Department's approval of the facility's Site Security Plan; and Tier 3 and Tier 4 covered facilities must complete and submit a Top-Screen no less than 3 years, and no more than 3 years and 60 calendar days, from the date of the Department's approval of the facility's Site Security Plan.

(2) Security Vulnerability Assessment. Unless otherwise notified and following a Top-Screen resubmission pursuant to paragraph (b)(1) of this section, a covered facility must complete and submit a new Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.

(3) Site Security Plan. Unless otherwise notified and following a Security Vulnerability Assessment resubmission pursuant to paragraph (b)(2) of this section , a covered facility must complete and submit a new Site Security Plan within 120 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.

(c) The Assistant Secretary retains the authority to modify the schedule in this part as needed. The Assistant Secretary may shorten or extend these time periods based on the operations at the facility, the nature of the covered facility's vulnerabilities, the level and immediacy of security risk, or for other reasons. If the Department alters the time periods for a specific facility, the Department will do so in written notice to the facility.

(d) If a covered facility makes material modifications to its operations or site, the covered facility must complete and submit a revised Top-Screen to the Department within 60 days of the material modification. In accordance with the resubmission requirements in §27.210(b)(2) and (3), the Department will notify the covered facility as to whether the covered facility must submit a revised Security Vulnerability Assessment, Site Security Plan, or both.

[72 FR 17729, Apr. 9, 2007, as amended at 72 FR 65420, Nov. 20, 2007]

return arrow Back to Top

§27.215   Security vulnerability assessments.

(a) Initial assessment. If the Assistant Secretary determines that a chemical facility is high-risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability Assessment shall include:

(1) Asset Characterization, which includes the identification and characterization of potential critical assets; identification of hazards and consequences of concern for the facility, its surroundings, its identified critical asset(s), and its supporting infrastructure; and identification of existing layers of protection;

(2) Threat Assessment, which includes a description of possible internal threats, external threats, and internally-assisted threats;

(3) Security Vulnerability Analysis, which includes the identification of potential security vulnerabilities and the identification of existing countermeasures and their level of effectiveness in both reducing identified vulnerabilities and in meeting the applicable Risk-Based Performance Standards;

(4) Risk Assessment, including a determination of the relative degree of risk to the facility in terms of the expected effect on each critical asset and the likelihood of a success of an attack; and

(5) Countermeasures Analysis, including strategies that reduce the probability of a successful attack or reduce the probable degree of success, strategies that enhance the degree of risk reduction, the reliability and maintainability of the options, the capabilities and effectiveness of mitigation options, and the feasibility of the options.

(b) Except as provided in §27.235, a covered facility must complete the Security Vulnerability Assessment through the CSAT process, or through any other methodology or process identified or issued by the Assistant Secretary.

(c) Covered facilities must submit a Security Vulnerability Assessment to the Department in accordance with the schedule provided in §27.210.

(d) Updates and revisions. (1) A covered facility must update and revise its Security Vulnerability Assessment in accordance with the schedule provided in §27.210.

(2) Notwithstanding paragraph (d)(1) of this section, a covered facility must update, revise or otherwise alter its Security Vulnerability Assessment to account for new or differing modes of potential terrorist attack or for other security-related reasons, if requested by the Assistant Secretary.

return arrow Back to Top

§27.220   Tiering.

(a) Preliminary determination of risk-based tiering. Based on the information the Department receives in accordance with §§27.200 and 27.205 (including information submitted through the Top-Screen process) and following its initial determination in §27.205(a) that a facility presents a high level of security risk, the Department shall notify a facility of the Department's preliminary determination of the facility's placement in a risk-based tier.

(b) Confirmation or alteration of risk-based tiering. Following review of a covered facility's Security Vulnerability Assessment, the Assistant Secretary shall notify the covered facility of its final placement within a risk-based tier, or for covered facilities previously notified of a preliminary tiering, confirm or alter such tiering.

(c) The Department shall place covered facilities in one of four risk-based tiers, ranging from highest risk facilities in Tier 1 to lowest risk facilities in Tier 4.

(d) The Assistant Secretary may provide the facility with guidance regarding the risk-based performance standards and any other necessary guidance materials applicable to its assigned tier.

return arrow Back to Top

§27.225   Site security plans.

(a) The Site Security Plan must meet the following standards:

(1) Address each vulnerability identified in the facility's Security Vulnerability Assessment, and identify and describe the security measures to address each such vulnerability;

(2) Identify and describe how security measures selected by the facility will address the applicable risk-based performance standards and potential modes of terrorist attack including, as applicable, vehicle-borne explosive devices, water-borne explosive devices, ground assault, or other modes or potential modes identified by the Department;

(3) Identify and describe how security measures selected and utilized by the facility will meet or exceed each applicable performance standard for the appropriate risk-based tier for the facility; and

(4) Specify other information the Assistant Secretary deems necessary regarding chemical facility security.

(b) Except as provided in §27.235, a covered facility must complete the Site Security Plan through the CSAT process, or through any other methodology or process identified or issued by the Assistant Secretary.

(c) Covered facilities must submit a Site Security Plan to the Department in accordance with the schedule provided in §27.210.

(d) Updates and revisions. (1) When a covered facility updates, revises or otherwise alters its Security Vulnerability Assessment pursuant to §27.215(d), the covered facility shall make corresponding changes to its Site Security Plan.

(2) A covered facility must also update and revise its Site Security Plan in accordance with the schedule in §27.210.

(e) A covered facility must conduct an annual audit of its compliance with its Site Security Plan.

return arrow Back to Top

§27.230   Risk-based performance standards.

(a) Covered facilities must satisfy the performance standards identified in this section. The Assistant Secretary will issue guidance on the application of these standards to risk-based tiers of covered facilities, and the acceptable layering of measures used to meet these standards will vary by risk-based tier. Each covered facility must select, develop in their Site Security Plan, and implement appropriately risk-based measures designed to satisfy the following performance standards:

(1) Restrict area perimeter. Secure and monitor the perimeter of the facility;

(2) Secure site assets. Secure and monitor restricted areas or potentially critical targets within the facility;

(3) Screen and control access. Control access to the facility and to restricted areas within the facility by screening and/or inspecting individuals and vehicles as they enter, including,

(i) Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate an attack or actions having serious negative consequences for the population surrounding the facility; and

(ii) Measures implementing a regularly updated identification system that checks the identification of facility personnel and other persons seeking access to the facility and that discourages abuse through established disciplinary measures;

(4) Deter, detect, and delay. Deter, detect, and delay an attack, creating sufficient time between detection of an attack and the point at which the attack becomes successful, including measures to:

(i) Deter vehicles from penetrating the facility perimeter, gaining unauthorized access to restricted areas or otherwise presenting a hazard to potentially critical targets;

(ii) Deter attacks through visible, professional, well maintained security measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or reduced value targets;

(iii) Detect attacks at early stages, through countersurveillance, frustration of opportunity to observe potential targets, surveillance and sensing systems, and barriers and barricades; and

(iv) Delay an attack for a sufficient period of time so to allow appropriate response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning;

(5) Shipping, receipt, and storage. Secure and monitor the shipping, receipt, and storage of hazardous materials for the facility;

(6) Theft and diversion. Deter theft or diversion of potentially dangerous chemicals;

(7) Sabotage. Deter insider sabotage;

(8) Cyber. Deter cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Process Control Systems (PCS), Industrial Control Systems (ICS), critical business system, and other sensitive computerized systems;

(9) Response. Develop and exercise an emergency plan to respond to security incidents internally and with assistance of local law enforcement and first responders;

(10) Monitoring. Maintain effective monitoring, communications and warning systems, including,

(i) Measures designed to ensure that security systems and equipment are in good working order and inspected, tested, calibrated, and otherwise maintained;

(ii) Measures designed to regularly test security systems, note deficiencies, correct for detected deficiencies, and record results so that they are available for inspection by the Department; and

(iii) Measures to allow the facility to promptly identify and respond to security system and equipment failures or malfunctions;

(11) Training. Ensure proper security training, exercises, and drills of facility personnel;

(12) Personnel surety. Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and as appropriate, for unescorted visitors with access to restricted areas or critical assets, including,

(i) Measures designed to verify and validate identity;

(ii) Measures designed to check criminal history;

(iii) Measures designed to verify and validate legal authorization to work; and

(iv) Measures designed to identify people with terrorist ties;

(13) Elevated threats. Escalate the level of protective measures for periods of elevated threat;

(14) Specific threats, vulnerabilities, or risks. Address specific threats, vulnerabilities or risks identified by the Assistant Secretary for the particular facility at issue;

(15) Reporting of significant security incidents. Report significant security incidents to the Department and to local law enforcement officials;

(16) Significant security incidents and suspicious activities. Identify, investigate, report, and maintain records of significant security incidents and suspicious activities in or near the site;

(17) Officials and organization. Establish official(s) and an organization responsible for security and for compliance with these standards;

(18) Records. Maintain appropriate records; and

(19) Address any additional performance standards the Assistant Secretary may specify.

(b) [Reserved]

return arrow Back to Top

§27.235   Alternative security program.

(a) Covered facilities may submit an Alternate Security Program (ASP) pursuant to the requirements of this section. The Assistant Secretary may approve an Alternate Security Program, in whole, in part, or subject to revisions or supplements, upon a determination that the Alternate Security Program meets the requirements of this part and provides for an equivalent level of security to that established by this part.

(1) A Tier 4 facility may submit an ASP in lieu of a Security Vulnerability Assessment, Site Security Plan, or both.

(2) Tier 1, Tier 2, or Tier 3 facilities may submit an ASP in lieu of a Site Security Plan. Tier 1, Tier 2, and Tier 3 facilities may not submit an ASP in lieu of a Security Vulnerability Assessment.

(b) The Department will provide notice to a covered facility about the approval or disapproval, in whole or in part, of an ASP, using the procedure specified in §27.240 if the ASP is intended to take the place of a Security Vulnerability Assessment or using the procedure specified in §27.245 if the ASP is intended to take the place of a Site Security Plan.

return arrow Back to Top

§27.240   Review and approval of security vulnerability assessments.

(a) Review and approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of §27.215, including Alternative Security Programs submitted pursuant to §27.235.

(b) If a Security Vulnerability Assessment does not satisfy the requirements of §27.215, the Department will provide the facility with a written notification that includes a clear explanation of deficiencies in the Security Vulnerability Assessment. The facility shall then enter further consultations with the Department and resubmit a sufficient Security Vulnerability Assessment by the time specified in the written notification provided by the Department under this section. If the resubmitted Security Vulnerability Assessment does not satisfy the requirements of §27.215, the Department will provide the facility with written notification (including a clear explanation of deficiencies in the SVA) of the Department's disapproval of the SVA.

return arrow Back to Top

§27.245   Review and approval of site security plans.

(a) Review and approval. (1) The Department will review and approve or disapprove all Site Security Plans that satisfy the requirements of §27.225, including Alternative Security Programs submitted pursuant to §27.235.

(i) The Department will review Site Security Plans through a two-step process. Upon receipt of Site Security Plan from the covered facility, the Department will review the documentation and make a preliminary determination as to whether it satisfies the requirements of §27.225. If the Department finds that the requirements are satisfied, the Department will issue a Letter of Authorization to the covered facility.

(ii) Following issuance of the Letter of Authorization, the Department will inspect the covered facility in accordance with §27.250 for purposes of determining compliance with the requirements of this part.

(iii) If the Department approves the Site Security Plan in accordance with §27.250, the Department will issue a Letter of Approval to the facility, and the facility shall implement the approved Site Security Plan.

(2) The Department will not disapprove a Site Security Plan submitted under this part based on the presence or absence of a particular security measure. The Department may disapprove a Site Security Plan that fails to satisfy the risk-based performance standards established in §27.230.

(b) When the Department disapproves a preliminary Site Security Plan issued prior to inspection or a Site Security Plan following inspection, the Department will provide the facility with a written notification that includes a clear explanation of deficiencies in the Site Security Plan. The facility shall then enter further consultations with the Department and resubmit a sufficient Site Security Plan by the time specified in the written notification provided by the Department under this section. If the resubmitted Site Security Plan does not satisfy the requirements of §27.225, the Department will provide the facility with written notification (including a clear explanation of deficiencies in the SSP) of the Department's disapproval of the SSP.

return arrow Back to Top

§27.250   Inspections and audits.

(a) Authority. In order to assess compliance with the requirements of this part, authorized Department officials may enter, inspect, and audit the property, equipment, operations, and records of covered facilities.

(b) Following preliminary approval of a Site Security Plan in accordance with §27.245, the Department will inspect the covered facility for purposes of determining compliance with the requirements of this part.

(1) If after the inspection, the Department determines that the requirements of §27.225 have been met, the Department will issue a Letter of Approval to the covered facility.

(2) If after the inspection, the Department determines that the requirements of §27.225 have not been met, the Department will proceed as directed by §27.245(b) in “Review and Approval of Site Security Plans.”

(c) Time and manner. Authorized Department officials will conduct audits and inspections at reasonable times and in a reasonable manner. The Department will provide covered facility owners and/or operators with 24-hour advance notice before inspections, except

(1) If the Under Secretary or Assistant Secretary determines that an inspection without such notice is warranted by exigent circumstances and approves such inspection; or

(2) If any delay in conducting an inspection might be seriously detrimental to security, and the Director of the Chemical Security Division determines that an inspection without notice is warranted, and approves an inspector to conduct such inspection.

(d) Inspectors. Inspections and audits are conducted by personnel duly authorized and designated for that purpose as “inspectors” by the Secretary or the Secretary's designee.

(1) An inspector will, on request, present his or her credentials for examination, but the credentials may not be reproduced by the facility.

(2) An inspector may administer oaths and receive affirmations, with the consent of any witness, in any matter.

(3) An inspector may gather information by reasonable means including, but not limited to, interviews, statements, photocopying, photography, and video- and audio-recording. All documents, objects and electronically stored information collected by each inspector during the performance of that inspector's duties shall be maintained for a reasonable period of time in the files of the Department of Homeland Security maintained for that facility or matter.

(4) An inspector may request forthwith access to all records required to be kept pursuant to §27.255. An inspector shall be provided with the immediate use of any photocopier or other equipment necessary to copy any such record. If copies can not be provided immediately upon request, the inspector shall be permitted immediately to take the original records for duplication and prompt return.

(e) Confidentiality. In addition to the protections provided under CVI in §27.400, information received in an audit or inspection under this section, including the identity of the persons involved in the inspection or who provide information during the inspection, shall remain confidential under the investigatory file exception, or other appropriate exception, to the public disclosure requirements of 5 U.S.C. 552.

(f) Guidance. The Assistant Secretary shall issue guidance identifying appropriate processes for such inspections, and specifying the type and nature of documentation that must be made available for review during inspections and audits.

return arrow Back to Top

§27.255   Recordkeeping requirements.

(a) Except as provided in §27.255(b), the covered facility must keep records of the activities as set out below for at least three years and make them available to the Department upon request. A covered facility must keep the following records:

(1) Training. For training, the date and location of each session, time of day and duration of session, a description of the training, the name and qualifications of the instructor, a clear, legible list of attendees to include the attendee signature, at least one other unique identifier of each attendee receiving the training, and the results of any evaluation or testing.

(2) Drills and exercises. For each drill or exercise, the date held, a description of the drill or exercise, a list of participants, a list of equipment (other than personal equipment) tested or employed in the exercise, the name(s) and qualifications of the exercise director, and any best practices or lessons learned which may improve the Site Security Plan;

(3) Incidents and breaches of security. Date and time of occurrence, location within the facility, a description of the incident or breach, the identity of the individual to whom it was reported, and a description of the response;

(4) Maintenance, calibration, and testing of security equipment. The date and time, name and qualifications of the technician(s) doing the work, and the specific security equipment involved for each occurrence of maintenance, calibration, and testing;

(5) Security threats. Date and time of occurrence, how the threat was communicated, who received or identified the threat, a description of the threat, to whom it was reported, and a description of the response;

(6) Audits. For each audit of a covered facility's Site Security Plan (including each audit required under §27.225(e)) or Security Vulnerability Assessment, a record of the audit, including the date of the audit, results of the audit, name(s) of the person(s) who conducted the audit, and a letter certified by the covered facility stating the date the audit was conducted.

(7) Letters of Authorization and Approval. All Letters of Authorization and Approval from the Department, and documentation identifying the results of audits and inspections conducted pursuant to §27.250.

(b) A covered facility must retain records of submitted Top-Screens, Security Vulnerability Assessments, Site Security Plans, and all related correspondence with the Department for at least six years and make them available to the Department upon request.

(c) To the extent necessary for security purposes, the Department may request that a covered facility make available records kept pursuant to other Federal programs or regulations.

(d) Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized access, deletion, destruction, amendment, and disclosure.

return arrow Back to Top

Subpart C—Orders and Adjudications

return arrow Back to Top

§27.300   Orders.

(a) Orders generally. When the Assistant Secretary determines that a facility is in violation of any of the requirements of this part, the Assistant Secretary may take appropriate action including the issuance of an appropriate Order.

(b) Orders Assessing Civil Penalty and Orders to Cease Operations. (1) Where the Assistant Secretary determines that a facility is in violation of an Order issued pursuant to paragraph (a) of this section, the Assistant may enter an Order Assessing Civil Penalty, Order to Cease Operations, or both.

(2) Following the issuance of an Order by the Assistant Secretary pursuant to paragraph (b)(1) of this section, the facility may enter further consultations with Department.

(3) Where the Assistant Secretary determines that a facility is in violation of an Order issued pursuant to paragraph (a) of this section and issues an Order Assessing Civil Penalty pursuant to paragraph (b)(1) of this section, a chemical facility is liable to the United States for a civil penalty of not more than $25,000 for each day during which the violation continues, if the violation of the Order occurred on or before November 2, 2015, or $35,486 for each day during which the violation of the Order continues, if the violation occurred after November 2, 2015.

(c) Procedures for Orders. (1) At a minimum, an Order shall be signed by the Assistant Secretary, shall be dated, and shall include:

(i) The name and address of the facility in question;

(ii) A listing of the provision(s) that the facility is alleged to have violated;

(iii) A statement of facts upon which the alleged instances of noncompliance are based;

(iv) A clear explanation of deficiencies in the facility's chemical security program, including, if applicable, any deficiencies in the facility's Security Vulnerability Assessment, Site Security Plan, or both; and

(v) A statement, indicating what action(s) the chemical must take to remedy the instance(s) of noncompliance; and

(vi) The date by which the facility must comply with the terms of the Order.

(2) The Assistant Secretary may establish procedures for the issuance of Orders.

(d) A facility must comply with the terms of the Order by the date specified in the Order unless the facility has filed a timely Notice for Application for Review under §27.310.

(e) Where a facility or other person contests the determination of the Assistant Secretary to issue an Order, a chemical facility may seek an adjudication pursuant to §27.310.

(f) An Order issued under this section becomes final agency action when the time to file a Notice of Application of Review under §27.310 has passed without such a filing or upon the conclusion of adjudication or appeal proceedings under this subpart.

[72 FR 17729, Apr. 9, 2007, as amended at 81 FR 43001, July 1, 2016; 82 FR 8579, Jan. 27, 2017; 83 FR 13834, Apr. 2, 2018; 84 FR 13508, Apr. 5, 2019; 85 FR 36478, June 17, 2020]

return arrow Back to Top

§27.305   Neutral adjudications.

(a) Any facility or other person who has received a Finding pursuant to §27.230(a)(12)(iv), a Determination pursuant to §27.245(b), or an Order pursuant to §27.300 is entitled to an adjudication, by a neutral adjudications officer, of any issue of material fact relevant to any administrative action which deprives that person of a cognizable interest in liberty or property.

(b) A neutral adjudications officer appointed pursuant to §27.315 shall issue an Initial Decision on any material factual issue related to a Finding pursuant to §27.230(a)(12)(iv), a Determination pursuant to §27.245, or an Order pursuant to §27.300 before any such administrative action is reviewed on appeal pursuant to §27.345.

return arrow Back to Top

§27.310   Commencement of adjudication proceedings.

(a) Proceedings instituted by facilities or other persons. A facility or other person may institute proceedings to review a determination by the Assistant Secretary:

(1) Finding, pursuant to the §27.230(a)(12)(iv), that an individual is a potential security threat;

(2) Disapproving a Site Security Plan pursuant to §27.245(b); or

(3) Issuing an Order pursuant to §27.300(a) or (b).

(b) Procedure for applications by facilities or other persons. A facility or other person may institute Proceedings by filing a Notice of Application for Review specifying that the facility or other person requests a Proceeding to review a determination specified in paragraph (a) of this section.

(1) An Applicant institutes a Proceeding by filing a Notice of Application for Review with the office of the Department hereinafter designated by the Secretary.

(2) An Applicant must file a Notice of Application for Review within seven calendar days of notification to the facility or other person of the Assistant Secretary's Finding, Determination, or Order.

(3) The Applicant shall file and simultaneously serve each Notice of Application for Review and all subsequent filings on the Assistant Secretary and the General Counsel.

(4) An Order is stayed from the timely filing of a Notice of Application for Review until the Presiding Officer issues an Initial Decision, unless the Secretary has lifted the stay due to exigent circumstances pursuant to paragraph (d) of this section.

(5) The Applicant shall file and serve an Application for Review within fourteen calendar days of the notification to the facility or other person of the Assistant Secretary's Finding, Determination, or Order.

(6) Each Application for Review shall be accompanied by all legal memoranda, other documents, declarations, affidavits, and other evidence supporting the position asserted by the Applicant.

(c) Response. The Assistant Secretary, through the Office of General Counsel, shall file and serve a Response, accompanied by all legal memoranda, other documents, declarations, affidavits and other evidence supporting the position asserted by the Assistant Secretary within fourteen calendar days of the filing and service of the Application for Review and all supporting papers.

(d) Procedural modifications. The Secretary may, in exigent circumstances (as determined in his sole discretion):

(1) Lift any stay applicable to any Order under §27.300;

(2) Modify the time for a response;

(3) Rule on the sufficiency of Applications for Review; or

(4) Otherwise modify these procedures with respect to particular matters.

return arrow Back to Top

§27.315   Presiding officers for proceedings.

(a) Immediately upon the filing of any Application for Review, the Secretary shall appoint an attorney, who is employed by the Department and who has not performed any investigative or prosecutorial function with respect to the matter, to act as a neutral adjudications officer or Presiding Officer for the compilation of a factual record and the recommendation of an Initial Decision for each Proceeding.

(b) Notwithstanding paragraph (a) of this section, the Secretary may appoint one or more attorneys who are employed by the Department and who do not perform any investigative or prosecutorial function with respect to this subpart, to serve generally in the capacity as Presiding Officer(s) for such matters pursuant to such procedures as the Secretary may hereafter establish.

return arrow Back to Top

§27.320   Prohibition on ex parte communications during proceedings.

(a) At no time after the designation of a Presiding Officer for a Proceeding and prior to the issuance of a Final Decision pursuant to §27.345 with respect to a facility or other person, shall the appointed Presiding Officer, or any person who will advise that official in the decision on the matter, discuss ex parte the merits of the proceeding with any interested person outside the Department, with any Department official who performs a prosecutorial or investigative function in such proceeding or a factually related proceeding, or with any representative of such person.

(b) If, after appointment of a Presiding Officer and prior to the issuance of a Final Decision pursuant to §27.345 with respect to a facility or other person, the appointed Presiding Officer, or any person who will advise that official in the decision on the matter, receives from or on behalf of any party, by means of an ex parte communication, information which is relevant to the decision of the matter and to which other parties have not had an opportunity to respond, a summary of such information shall be served on all other parties, who shall have an opportunity to reply to the ex parte communication within a time set by the Presiding Officer.

(c) The consideration of classified information or CVI pursuant to an in camera procedure does not constitute a prohibited ex parte communication for purposes of this subpart.

return arrow Back to Top

§27.325   Burden of proof.

The Assistant Secretary bears the initial burden of proving the facts necessary to support the challenged administrative action at every proceeding instituted under this subpart.

return arrow Back to Top

§27.330   Summary decision procedures.

(a) The Presiding Officer appointed for each Proceeding shall immediately consider whether the summary adjudication of the Application for Review is appropriate based on the Application for Review, the Response, and all the supporting filings of the parties pursuant to §§27.310(b)(5) and 27.310(c).

(1) The Presiding Officer shall promptly issue any necessary scheduling order for any additional briefing of the issue of summary adjudication on the Application for Review and Response.

(2) The Presiding Officer may conduct scheduling conferences and other proceedings that the Presiding Officer determines to be appropriate.

(b) If the Presiding Officer determines that there is no genuine issue of material fact and that one party or the other is entitled to decision as a matter of law, then the record shall be closed and the Presiding Officer shall issue an Initial Decision on the Application for Review pursuant to §27.340.

(c) If a Presiding Officer determines that any factual issues require the cross-examination of one or more witnesses or other proceedings at a hearing, the Presiding Officer, in consultation with the parties, shall promptly schedule a hearing to be conducted pursuant to §27.335.

return arrow Back to Top

§27.335   Hearing procedures.

(a) Any hearing shall be held as expeditiously as possible at the location most conducive to a prompt presentation of any necessary testimony or other proceedings.

(1) Videoconferencing and teleconferencing may be used where appropriate at the discretion of the Presiding Officer.

(2) Each party offering the affirmative testimony of a witness shall present that testimony by declaration, affidavit, or other sworn statement submitted in advance as ordered by the Presiding Officer.

(3) Any witness presented for further examination shall be asked to testify under an oath or affirmation.

(4) The hearing shall be recorded verbatim.

(b)(1) A facility or other person may appear and be heard on his own behalf or through any counsel of his choice who is qualified to possess CVI.

(2) A facility of other person individually, or through counsel, may offer relevant and material information including written direct testimony which he believes should be considered in opposition to the administrative action or which may bear on the sanction being sought.

(3) The facility or other person individually, or through counsel, may conduct such cross-examination as may be specifically allowed by the Presiding Officer for a full determination of the facts.

return arrow Back to Top

§27.340   Completion of adjudication proceedings.

(a) The Presiding Officer shall close and certify the record of the adjudication promptly upon the completion of:

(1) Summary judgment proceedings,

(2) A hearing, if necessary,

(3) The submission of post hearing briefs, if any are ordered by the Presiding Officer, and

(4) The conclusion of oral arguments, if any are permitted by the Presiding Officer.

(b) The Presiding Officer shall issue an Initial Decision based on the certified record, and the decision shall be subject to appeal pursuant to §27.345.

(c) An Initial Decision shall become a final agency action on the expiration of the time for an Appeal pursuant to §27.345.

return arrow Back to Top

§27.345   Appeals.

(a) Right to appeal. A facility or any person who has received an Initial Decision under §27.340(b) has the right to appeal to the Under Secretary acting as a neutral appeals officer.

(b) Procedure for appeals. (1) The Assistant Secretary, a facility or other person, or a representative on behalf of a facility or person, may institute an Appeal by filing a Notice of Appeal with the office of the Department hereinafter designated by the Secretary.

(2) The Assistant Secretary, a facility, or other person must file a Notice of Appeal within seven calendar days of the service of the Presiding Officer's Initial Decision.

(3) The Appellant shall file with the designated office and simultaneously serve each Notice of Appeal and all subsequent filings on the General Counsel.

(4) An Initial Decision is stayed from the timely filing of a Notice of Appeal until the Under Secretary issues a Final Decision, unless the Secretary lifts the stay due to exigent circumstances pursuant to §27.310(d).

(5) The Appellant shall file and serve a Brief within 28 calendar days of the notification of the service of the Presiding Officer's Initial Decision.

(6) The Appellee shall file and serve its Opposition Brief within 28 calendar days of the service of the Appellant's Brief.

(c) The Under Secretary may provide for an expedited appeal for appropriate matters.

(d) Ex parte communications. (1) At no time after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of this section and prior to the issuance of a Final Decision on an Appeal pursuant to paragraph (f) of this section with respect to a facility or other person shall the Under Secretary, his designee, or any person who will advise that official in the decision on the matter, discuss ex parte the merits of the proceeding with any interested person outside the Department, with any Department official who performs a prosecutorial or investigative function in such proceeding or a factually related proceeding, or with any representative of such person.

(2) If, after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of this section and prior to the issuance of a Final Decision on an Appeal pursuant to paragraph (f) of this section with respect to a facility or other person, the Under Secretary, his designee, or any person who will advise that official in the decision on the matter, receives from or on behalf of any party, by means of an ex parte communication, information which is relevant to the decision of the matter and to which other parties have not had an opportunity to respond, a summary of such information shall be served on all other parties, who shall have an opportunity to reply to the ex parte communication within a time set by the Under Secretary or his designee.

(3) The consideration of classified information or CVI pursuant to an in camera procedure does not constitute a prohibited ex parte communication for purposes of this subpart.

(e) A facility or other person may elect to have the Under Secretary participate in any mediation or other resolution process by expressly waiving, in writing, any argument that such participation has compromised the Appeal process.

(f) The Under Secretary shall issue a Final Decision and serve it upon the parties. A Final Decision made by the Under Secretary constitutes final agency action.

(g) The Secretary may establish procedures for the conduct of Appeals pursuant to this section.

return arrow Back to Top

Subpart D—Other

return arrow Back to Top

§27.400   Chemical-terrorism vulnerability information.

(a) Applicability. This section governs the maintenance, safeguarding, and disclosure of information and records that constitute Chemical-terrorism Vulnerability Information (CVI), as defined in §27.400(b). The Secretary shall administer this section consistent with section 550(c) of the Homeland Security Appropriations Act of 2007, including appropriate sharing with Federal, State and local officials.

(b) Chemical-terrorism vulnerability information. In accordance with section 550(c) of the Department of Homeland Security Appropriations Act of 2007, the following information, whether transmitted verbally, electronically, or in written form, shall constitute CVI:

(1) Security Vulnerability Assessments under §27.215;

(2) Site Security Plans under §27.225;

(3) Documents relating to the Department's review and approval of Security Vulnerability Assessments and Site Security Plans, including Letters of Authorization, Letters of Approval and responses thereto; written notices; and other documents developed pursuant to §27.240 or §27.245;

(4) Alternate Security Programs under §27.235;

(5) Documents relating to inspection or audits under §27.250;

(6) Any records required to be created or retained under §27.255;

(7) Sensitive portions of orders, notices or letters under §27.300;

(8) Information developed pursuant to §§27.200 and 27.205; and

(9) Other information developed for chemical facility security purposes that the Secretary, in his discretion, determines is similar to the information protected in §27.400(b)(1) through (8) and thus warrants protection as CVI.

(c) Covered persons. Persons subject to the requirements of this section are:

(1) Each person who has a need to know CVI, as specified in §27.400(e);

(2) Each person who otherwise receives or gains access to what they know or should reasonably know constitutes CVI.

(d) Duty to protect information. A covered person must—

(1) Take reasonable steps to safeguard CVI in that person's possession or control, including electronic data, from unauthorized disclosure. When a person is not in physical possession of CVI, the person must store it in a secure container, such as a safe, that limits access only to covered persons with a need to know;

(2) Disclose, or otherwise provide access to, CVI only to persons who have a need to know;

(3) Refer requests for CVI by persons without a need to know to the Assistant Secretary;

(4) Mark CVI as specified in §27.400(f);

(5) Dispose of CVI as specified in §27.400(k);

(6) If a covered person receives a record or verbal transmission containing CVI that is not marked as specified in §27.400(f), the covered person must—

(i) Mark the record as specified in §27.400(f) of this section; and

(ii) Inform the sender of the record that the record must be marked as specified in §27.400(f); or

(iii) If received verbally, make reasonable efforts to memorialize such information and mark the memorialized record as specified in §27.400(f) of this section, and inform the speaker of any determination that such information warrants CVI protection.

(7) When a covered person becomes aware that CVI has been released to persons without a need to know (including a covered person under §27.400(c)(2)), the covered person must promptly inform the Assistant Secretary.

(8) In the case of information that is CVI and also has been designated as critical infrastructure information under section 214 of the Homeland Security Act, any covered person in possession of such information must comply with the disclosure restrictions and other requirements applicable to such information under section 214 and any implementing regulations.

(e) Need to know. (1) A person, including a State or local official, has a need to know CVI in each of the following circumstances:

(i) When the person requires access to specific CVI to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.

(ii) When the person needs the information to receive training to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.

(iii) When the information is necessary for the person to supervise or otherwise manage individuals carrying out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.

(iv) When the person needs the information to provide technical or legal advice to a covered person, who has a need to know the information, regarding chemical facility security requirements of Federal law.

(v) When the Department determines that access is required under §27.400(h) or §27.400(i) in the course of a judicial or administrative proceeding.

(2) Federal employees, contractors, and grantees. (i) A Federal employee has a need to know CVI if access to the information is necessary for performance of the employee's official duties.

(ii) A person acting in the performance of a contract with or grant from the Department has a need to know CVI if access to the information is necessary to performance of the contract or grant. Contractors or grantees may not further disclose CVI without the consent of the Assistant Secretary.

(iii) The Department may require that non-Federal persons seeking access to CVI complete a non-disclosure agreement before such access is granted.

(3) Background check. The Department may make an individual's access to the CVI contingent upon satisfactory completion of a security background check or other procedures and requirements for safeguarding CVI that are satisfactory to the Department.

(4) Need to know further limited by the Department. For some specific CVI, the Department may make a finding that only specific persons or classes of persons have a need to know.

(5) Nothing in §27.400(e) shall prevent the Department from determining, in its discretion, that a person not otherwise listed in §27.400(e) has a need to know CVI in a particular circumstance.

(f) Marking of paper records. (1) In the case of paper records containing CVI, a covered person must mark the record by placing the protective marking conspicuously on the top, and the distribution limitation statement on the bottom, of—

(i) The outside of any front and back cover, including a binder cover or folder, if the document has a front and back cover;

(ii) Any title page; and

(iii) Each page of the document.

(2) Protective marking. The protective marking is: CHEMICAL-TERRORISM VULNERABILITY INFORMATION.

(3) Distribution limitation statement. The distribution limitation statement is: WARNING: This record contains Chemical-terrorism Vulnerability Information controlled by 6 CFR 27.400. Do not disclose to persons without a “need to know” in accordance with 6 CFR 27.400(e). Unauthorized release may result in civil penalties or other action. In any administrative or judicial proceeding, this information shall be treated as classified information in accordance with 6 CFR 27.400(h) and (i).

(4) Other types of records. In the case of non-paper records that contain CVI, including motion picture films, videotape recordings, audio recording, and electronic and magnetic records, a covered person must clearly and conspicuously mark the records with the protective marking and the distribution limitation statement such that the viewer or listener is reasonably likely to see or hear them when obtaining access to the contents of the record.

(g) Disclosure by the Department—In general. (1) Except as otherwise provided in this section, and notwithstanding the Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, records containing CVI are not available for public inspection or copying, nor does the Department release such records to persons without a need to know.

(2) Disclosure of Segregatable Information under the Freedom of Information Act and the Privacy Act. If a record is marked to signify both CVI and information that is not CVI, the Department, on a proper Freedom of Information Act or Privacy Act request, may disclose the record with the CVI redacted, provided the record is not otherwise exempt from disclosure under the Freedom of Information Act or Privacy Act.

(h) Disclosure in administrative enforcement proceedings. (1) The Department may provide CVI to a person governed by section 550, and his counsel, in the context of an administrative enforcement proceeding of section 550 when, in the sole discretion of the Department, as appropriate, access to the CVI is necessary for the person to prepare a response to allegations contained in a legal enforcement action document issued by the Department.

(2) Security background check. Prior to providing CVI to a person under §27.400(h)(1), the Department may require the individual or, in the case of an entity, the individuals representing the entity, and their counsel, to undergo and satisfy, in the judgment of the Department, a security background check.

(i) Disclosure in judicial proceedings. (1) In any judicial enforcement proceeding of section 550, the Secretary, in his sole discretion, may, subject to §27.400(i)(1)(i), authorize access to CVI for persons necessary for the conduct of such proceedings, including such persons' counsel, provided that no other persons not so authorized shall have access to or be present for the disclosure of such information.

(i) Security background check. Prior to providing CVI to a person under §27.400(i)(1), the Department may require the individual to undergo and satisfy, in the judgment of the Department, a security background check.

(ii) [Reserved]

(2) In any judicial enforcement proceeding of section 550 where a person seeks to disclose CVI to a person not authorized to receive it under paragraph (i)(1) of this section, or where a person not authorized to receive CVI under paragraph (i)(1) of this section seeks to compel its disclosure through discovery, the United States may make an ex parte application in writing to the court seeking authorization to—

(i) Redact specified items of CVI from documents to be introduced into evidence or made available to the defendant through discovery under the Federal Rules of Civil Procedure;

(ii) Substitute a summary of the information for such CVI; or

(iii) Substitute a statement admitting relevant facts that the CVI would tend to prove.

(3) The court shall grant a request under paragraph (i)(2) of this section if, after in camera review, the court finds that the redacted item, stipulation, or summary is sufficient to allow the defendant to prepare a defense.

(4) If the court enters an order granting a request under paragraph (i)(2) of this section, the entire text of the documents to which the request relates shall be sealed and preserved in the records of the court to be made available to the appellate court in the event of an appeal.

(5) If the court enters an order denying a request of the United States under paragraph (i)(2) of this section, the United States may take an immediate, interlocutory appeal of the court's order in accordance with 18 U.S.C. 2339B(f)(4), (5). For purposes of such an appeal, the entire text of the documents to which the request relates, together with any transcripts of arguments made ex parte to the court in connection therewith, shall be maintained under seal and delivered to the appellate court.

(6) Except as provided otherwise at the sole discretion of the Secretary, access to CVI shall not be available in any civil or criminal litigation unrelated to the enforcement of section 550.

(7) Taking of trial testimony—

(i) Objection—During the examination of a witness in any judicial proceeding, the United States may object to any question or line of inquiry that may require the witness to disclose CVI not previously found to be admissible.

(ii) Action by court—In determining whether a response is admissible, the court shall take precautions to guard against the compromise of any CVI, including—

(A) Permitting the United States to provide the court, ex parte, with a proffer of the witness's response to the question or line of inquiry; and

(B) Requiring the defendant to provide the court with a proffer of the nature of the information that the defendant seeks to elicit.

(iii) Obligation of defendant—In any judicial enforcement proceeding, it shall be the defendant's obligation to establish the relevance and materiality of any CVI sought to be introduced.

(8) Construction. Nothing in this subsection shall prevent the United States from seeking protective orders or asserting privileges ordinarily available to the United States to protect against the disclosure of classified information, including the invocation of the military and State secrets privilege.

(j) Consequences of violation. Violation of this section is grounds for a civil penalty and other enforcement or corrective action by the Department, and appropriate personnel actions for Federal employees. Corrective action may include issuance of an order requiring retrieval of CVI to remedy unauthorized disclosure or an order to cease future unauthorized disclosure.

(k) Destruction of CVI. (1) The Department of Homeland Security. Subject to the requirements of the Federal Records Act (5 U.S.C. 105), including the duty to preserve records containing documentation of a Federal agency's policies, decisions, and essential transactions, the Department destroys CVI when no longer needed to carry out the agency's function.

(2) Other covered persons—(i) In general. A covered person must destroy CVI completely to preclude recognition or reconstruction of the information when the covered person no longer needs the CVI to carry out security measures under paragraph (e) of this section.

(ii) Exception. Section 27.400(k)(2) does not require a State or local government agency to destroy information that the agency is required to preserve under State or local law.

return arrow Back to Top

§27.405   Review and preemption of State laws and regulations.

(a) As per current law, no law, regulation, or administrative action of a State or political subdivision thereof, or any decision or order rendered by a court under state law, shall have any effect if such law, regulation, or decision conflicts with, hinders, poses an obstacle to or frustrates the purposes of this regulation or of any approval, disapproval or order issued there under.

(1) Nothing in this part is intended to displace other federal requirements administered by the Environmental Protection Agency, U.S. Department of Justice, U.S. Department of Labor, U.S. Department of Transportation, or other federal agencies.

(2) [Reserved]

(b) State law, regulation or administrative action defined. For purposes of this section, the phrase “State law, regulation or administrative action” means any enacted law, promulgated regulation, ordinance, administrative action, order or decision, or common law standard of a State or any of its political subdivisions.

(c) Submission for review. Any chemical facility covered by these regulations and any State may petition the Department by submitting a copy of a State law, regulation, or administrative action, or decision or order of a court for review under this section.

(d) Review and opinion—(1) Review. The Department may review State laws, administrative actions, or opinions or orders of a court under State law and regulations submitted under this section, and may offer an opinion whether the application or enforcement of the State law or regulation would conflict with, hinder, pose an obstacle to or frustrate the purposes of this part.

(2) Opinion. The Department may issue a written opinion on any question regarding preemption. If the question was submitted under subsection (c) of this part, the Assistant Secretary will notify the affected chemical facility and the Attorney General of the subject State of any opinion under this section.

(3) Consultation with States. In conducting a review under this section, the Department will seek the views of the State or local jurisdiction whose laws may be affected by the Department's review.

return arrow Back to Top

§27.410   Third party actions.

(a) Nothing in this part shall confer upon any person except the Secretary a right of action, in law or equity, for any remedy including, but not limited to, injunctions or damages to enforce any provision of this part.

(b) An owner or operator of a chemical facility may petition the Assistant Secretary to provide the Department's view in any litigation involving any issues or matters regarding this part.

return arrow Back to Top

   

return arrow Back to Top

Appendix A to Part 27—DHS Chemicals of Interest

eCFR graphic er20no07.008.gif

View or download PDF

eCFR graphic er20no07.009.gif

View or download PDF

eCFR graphic er20no07.010.gif

View or download PDF

eCFR graphic er20no07.011.gif

View or download PDF

eCFR graphic er20no07.012.gif

View or download PDF

eCFR graphic er20no07.013.gif

View or download PDF

eCFR graphic er20no07.014.gif

View or download PDF

eCFR graphic er20no07.015.gif

View or download PDF

eCFR graphic er20no07.016.gif

View or download PDF

eCFR graphic er20no07.017.gif

View or download PDF

eCFR graphic er20no07.018.gif

View or download PDF

eCFR graphic er20no07.019.gif

View or download PDF

eCFR graphic er20no07.020.gif

View or download PDF

eCFR graphic er20no07.021.gif

View or download PDF

[72 FR 65420, Nov. 20, 2007]

return arrow Back to Top

Need assistance?