(a) Each OCS facility owner or operator must ensure that the OCS facility operates in compliance with the requirements of this part.
(b) For each OCS facility, the OCS facility owner or operator must:
(1) Define the security organizational structure for each OCS facility and provide each person exercising security duties or responsibilities within that structure the support needed to fulfill those obligations;
(2) Designate in writing, by name or title, a Company Security Officer (CSO) and a Facility Security Officer (FSO) for each OCS facility and identify how those officers can be contacted at any time;
(3) Ensure that a Facility Security Assessment (FSA) is conducted;
(4) Ensure the development and submission for approval of a Facility Security Plan (FSP);
(5) Ensure that the OCS facility operates in compliance with the approved FSP;
(6) Ensure that the TWIC Program is properly implemented as set forth in this subchapter, including:
(i) Ensuring that only individuals who hold a TWIC and are authorized to be in the secure area are permitted to escort; and
(ii) Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted.
(7) Ensure that adequate coordination of security issues takes place between OCS facilities and vessels, including the execution of a Declaration of Security (DoS) as required by this part;
(8) Ensure, within 12 hours of notification of an increase in MARSEC level, implementation of the additional security measures required by the FSP for the new MARSEC level;
(9) Ensure all breaches of security and security incidents are reported in accordance with the requirements in part 101 of this subchapter;
(10) Ensure consistency between security requirements and safety requirements;
(11) Inform OCS facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC;
(12) Ensure that protocols consistent with § 101.550 of this subchapter, for dealing with individuals requiring access who report a lost, damaged, or stolen TWIC, or who have applied for and not yet received a TWIC, are in place; and
(13) If applicable, ensure that protocols consistent with § 106.262 of this part, for dealing with newly hired employees who have applied for and not yet received a TWIC, are in place.