ChemLock: Chemical Product Stewardship
At every juncture in the chemical supply chain—manufacture, distribution, storage, transportation, and consumption—dangerous chemicals are at risk of theft, contamination, or misuse. To mitigate the risk of dangerous chemicals being weaponized at any point in the supply chain, CISA's ChemLock program recommends that chemical manufacturers, distributors, and retailers—as one part of a holistic security plan—consider implementing a product stewardship program. This may include a “know-your-customer” program, inventory management, in-transit tracking of chemicals, shipment confirmation, and receipt confirmation, among others.
Product Stewardship
Product stewardship is a product-centered approach to the protection of dangerous materials so that manufacturers, distributors, retailers, and consumers share responsibility for reducing the potential for theft, contamination, or misuse of such chemicals for nefarious purposes.
Good product stewardship allows an organization to always know where its product is located. Elements of a good product stewardship program may include:
- Strict vehicle identification, entry authorization, shipping, and control procedures that are tested regularly
- Procedures for handling the arrival of an unknown carrier at the facility, including the staging of a vehicle and its driver until both the driver and the load are vetted and approved
- Confirmation from the facility employee who is responsible for a given shipment that the shipment is expected and approved
- Advance planning and approval of inbound and outbound shipments of dangerous materials
- An active, documented “know-your-customer” program
- Proper identification checks and verification of transactions for customer pickup of dangerous materials
- An audit procedure with appropriate redundancies in place for all shipping, receiving, and delivery of dangerous materials
Download this customizable chemical inventory template to help manage your own chemical inventory.
Know-Your-Customer Program
Stealing or diverting chemicals is not the only way that nefarious actors can procure dangerous chemicals—they can also use legitimate means, such as purchasing those chemicals. Developing a “know-your-customer” program ensures that a chemical is purchased by, delivered to, or received from a known, approved individual or entity and helps prevent the misuse of dangerous materials.
A “know-your-customer” program may include a policy of refusing to sell dangerous materials to those who do not meet the pre-established customer qualification criteria set up by your organization, such as:
- Verification and/or evaluation of the customer’s onsite security
- Verification that shipping addresses are valid business locations
- Confirmation of financial status
- Establishment of normal business-to-business payment terms and methods (e.g., not allowing cash sales)
- Verification of product end-use
Reporting Suspicious Activity
Suspicious activity is any observed behavior that could indicate terrorism or terrorism-related crime (e.g.,
chemical purchase inquiries from unknown buyers, cash purchase, requests for unusual chemicals or quantity,
etc.). Building a process for reporting suspicious activity is an important component of a holistic security plan.
When reporting suspicious activity, remember to include who or what you saw, when you saw it, where it occurred, and why the behavior is suspicious.
Other Chemical Security Considerations
ChemLock: Chemical Security Considerations for No-Notice Events
ChemLock: Chemical Security on a Budget
ChemLock: Conducting a Chemical Security Self-Assessment
ChemLock: Reporting Suspicious Activity and Security Incidents
ChemLock Security Plan
To help facilities develop a security plan or evaluate an existing plan, CISA has developed a guidance document and security plan template that you can download and customize for your facility.
Additional Resources
ChemLock: Reporting Suspicious Activities and Incidents
As one part of a holistic chemical security plan, the ChemLock program encourages facilities with dangerous chemicals to establish a suspicious activity and security incident reporting process.
ChemLock Exercises
ChemLock Exercises can help facilities test a security plan by either facilitating a live tailored tabletop exercise or providing CISA Tabletop Exercise Packages (CTEPs) that facilities can download and use as needed.
ChemLock Training
CISA offers live, on-demand training to assist owners, operators, and facility personnel with understanding the threats that chemicals pose and what security measures can be put into place to reduce the risk of dangerous chemicals being weaponized.
Insider Threat Mitigation
A holistic insider threat mitigation program combines physical security, personnel awareness, and information centric principles.
Bomb-Making Materials Awareness Program (BMAP)
BMAP focuses on restricting access by malicious actors to explosive precursor chemicals and other materials via outreach, training and awareness with private and public sector stakeholders.
Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI)
This initiative provides law enforcement with another tool to help prevent terrorism and other related criminal activity by establishing a national capacity for gathering, documenting, processing, analyzing, and sharing SAR information.
Federal Bureau of Investigation's Weapons of Mass Destruction (WMD) Directorate
WMD is the FBI's lead for coordinating the integration of FBI policy, investigations, intelligence, and preventive countermeasures related to WMD.
Contact Information
For more information or questions, please email ChemLock@cisa.dhs.gov.
NOTE: Participation in any portion of CISA's ChemLock program does not replace any reporting or compliance requirements under CISA's Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR part 27). Some ChemLock activities may fulfill CFATS requirements, depending on your specific security plan. Contact local CISA Chemical Security personnel or visit the CFATS webpage to learn more about CFATS regulatory requirements.