Poultry Processing Plants and Anti-Terrorism Regulations
The Department of Homeland Security (DHS) promulgated regulations in 2007 for the purpose of preventing access by terrorists to chemical facilities that manufacture, store or use chemicals of interest (COI). The regulations are titled “Chemical Facility Anti-Terrorism Standards” and can be found at 6 C.F.R. Part 27.
Poultry processing companies are subject to these regulations when they store and/or use certain chemicals in sufficient quantities. The COIs that will trigger coverage under the regulations include, among others:
COI |
Minimum Concentration (%) |
Screening Threshold Quantities (in pounds) |
Ammonia (anhydrous) |
1 |
10,000 |
Chlorine |
1 (or 9.77) |
2,500 (or 500) |
Each poultry processing company that stores and/or uses COIs in the concentrations and quantities stated in the regulations is a chemical facility and is required to adopt and implement policies and procedures to reduce the risk of release or theft of COIs and the risk of sabotage/contamination involving COIs. DHS has published a 194-page book titled “Risk-Based Performance Standards Guidance—Chemical Facility Anti-Terrorism Standards—May 2009” (Guidance) that recommends the policies and procedures for chemical facilities to adopt.
The Guidance identifies eighteen risk-based performance standards that a chemical facility must satisfy:
(1) Restrict Area Perimeter. Secure and monitor the perimeter of the facility;
(2) Secure Site Assets. Secure and monitor restricted areas or potentially critical targets within the facility;
(3) Screen and Control Access. Control access to the facility and to restricted areas within the facility by screening and/or inspecting individuals and vehicles as they enter, including:
- (i) Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate an attack or actions having serious negative consequences for the population surrounding the facility; and
- (ii) Measures implementing a regularly updated identification system that checks the identification of facility personnel and other persons seeking access to the facility and that discourages abuse through established disciplinary measures;
(4) Deter, Detect, and Delay. Deter, detect, and delay an attack, creating sufficient time between detection of an attack and the point at which the attack becomes successful, including measures to:
- (i) Deter vehicles from penetrating the facility perimeter, gaining unauthorized access to restricted areas or otherwise presenting a hazard to potentially critical targets;
- (ii) Deter attacks through visible, professional, well-maintained security measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or reduced-value targets;
- (iii) Detect attacks at early stages, through counter-surveillance, frustration of opportunity to observe potential targets, surveillance and sensing systems, and barriers and barricades; and
- (iv) Delay an attack for a sufficient period of time to allow appropriate response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning;
(5) Shipping, Receipt, and Storage. Secure and monitor the shipping, receipt, and storage of hazardous materials for the facility;
(6) Theft and Diversion. Deter theft or diversion of potentially dangerous chemicals;
(7) Sabotage. Deter insider sabotage;
(8) Cyber. Deter cyber sabotage, including by preventing unauthorized on-site or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCSs), Process Control Systems (PCSs), Industrial Control Systems (ICSs); critical business systems; and other sensitive computerized systems;
(9) Response. Develop and exercise an emergency plan to respond to security incidents internally and with the assistance of local law enforcement and first responders;
(10) Monitoring. Maintain effective monitoring, communications, and warning systems, including:
- (i) Measures designed to ensure that security systems and equipment are in good working order and inspected, tested, calibrated, and otherwise maintained;
- (ii) Measures designed to regularly test security systems, note deficiencies, correct for detected deficiencies, and record results so that they are available for inspection by the Department; and
- (iii) Measures to allow the facility to promptly identify and respond to security system and equipment failures or malfunctions;
(11) Training. Ensure proper security training, exercises, and drills of facility personnel;
(12) Personnel Surety. Perform appropriate background checks on and ensure appropriate credentials for facility personnel (including employees and contractors), and, as appropriate, for unescorted visitors with access to restricted areas or critical assets, including:
- (i) Measures designed to verify and validate identity;
- (ii) Measures designed to check criminal history;
- (iii) Measures designed to verify and validate legal authorization to work; and
- (iv) Measures designed to identify people with terrorist ties;
(13) Elevated Threats. Escalate the level of protective measures for periods of elevated threat;
(14) Specific Threats, Vulnerabilities, or Risks. Address specific threats, vulnerabilities, or risks identified by the Assistant Secretary for the particular facility at issue;
(15) Reporting of Significant Security Incidents. Report significant security incidents to the Department and to local law enforcement officials;
(16) Significant Security Incidents and Suspicious Activities. Identify, investigate, report, and maintain records of significant security incidents and suspicious activities in or near the site;
(17) Officials and Organization. Establish official(s) and an organization responsible for security and for compliance with these standards; and
(18) Records. Maintain appropriate records.
Comments
The Guidance recognizes that each chemical facility needs some discretion in what measures to adopt and that the measures implemented will vary with each situation. For example, doing background checks on visitors may be impractical, but the facility could make sure that visitors do not have access to restricted areas or critical assets or that visitors are escorted when allowed access to restricted areas or critical assets. If a facility has contractors who have access to the restricted areas or critical assets of the facility, the facility may need to complete the background check process or require proof that the contractor has completed the process for workers assigned to such areas of the facility. Many poultry processing plants already use Form I-9 and E-Verify procedures. Compliance with the regulations will require the facility to conduct a criminal background check on employees who will have access to the restricted areas or critical assets, which also may require compliance with the Fair Credit Reporting Act procedures. Because poultry processing plants are deemed Level 3 facilities, they are not yet required to implement measures designed to identify terrorist ties.
If DHS determines that a chemical facility is violating the regulations, DHS may issue an order (1) imposing a civil penalty of up to $25,000 for each day the violation continues, (2) requiring the facility to cease operations, or (3) both. Although we are aware of one poultry facility currently being audited under these provisions, the media has not reported to-date any heavy penalties being assessed against poultry facilities for violations.
The regulations and Guidance raise many other issues that poultry processing companies should evaluate.
Questions? Need more information? Contact Jim Hughes (jlh@wimlaw.com) or call 404-365-0900.