ChemLock: Conducting a Chemical Security Self-Assessment
Whether a small business or an international company, everyone who interacts with dangerous chemicals has a role to play in understanding the risk and taking collective action to prevent chemicals from being weaponized by terrorists. The ChemLock program provides recommendations on how to systematically review and assess a facility security plan. For more information on developing a security plan, see the ChemLock Security Plan webpage.
Assessing a Security Plan
Periodically reviewing and assessing the security measures in a facility’s security plan is a critical component in maintaining an effective security plan. Assessments should:
- Ensure the plan meets its goals and is effective.
- Confirm that all the information is up to date.
- Identify security gaps and corresponding mitigation measures.
- Review the implementation of additional planned measures.
- Incorporate any changes as necessary to existing security measures.
- Identify and remove obsolete measures that are no longer necessary.
- Review relevant policies, plans, and procedures, such as roles and responsibilities, password procedures, reporting procedures for suspicious activity and security incidents, and response measures to an incident or hazard.
CISA encourages facilities to review their security plan on an annual basis as personnel, processes, policies, and procedures can change over time.
Self-Assessment Checklist
Below is a self-assessment checklist that a facility can use by itself or in conjunction with a security plan template described in ChemLock: Secure Your Chemicals. Using five security goals, the checklist helps facility personnel identify gaps in security measures so that any vulnerabilities can be addressed. If a security gap is found, the facility can identify steps and develop timelines to resolve those identified gaps.
If you would like assistance with conducting an assessment of your current chemical security measures and security plan, CISA has chemical security experts around the country that can come on site to help you conduct a security assessment and provide tailored suggestions for ways to enhance your chemical security posture.
In addition, conducting an exercise is a great way to test your security plan and assess your response and security measures. The ChemLock program can help you by either facilitating a live tailored tabletop exercise or providing CISA Tabletop Exercise Packages (CTEPs) that you can download and use as desired. Visit the ChemLock Exercises webpage to learn more.
ChemLock On-Site Assessments and Assistance
ChemLock Exercises
ChemLock Security Plan
The ChemLock chemical security plan guidance document and template can be used as an example of a holistic security plan to assess or enhance your chemical security plan.
ChemLock Security Goals
Your security plan should address these security goals that address a variety of different threats and hazards. Learn more about the ChemLock security goals.
ChemLock: Detection Security Goal
ChemLock: Delay Security Goal
ChemLock: Response Security Goal
ChemLock: Policies, Plans, and Procedures Security Goal
Contact Information
For more information or questions, please email ChemLock@cisa.dhs.gov.
NOTE: Participation in any portion of CISA's ChemLock program does not replace any reporting or compliance requirements under CISA's Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR part 27). Some ChemLock activities may fulfill CFATS requirements, depending on your specific security plan. Contact local CISA Chemical Security personnel or visit the CFATS webpage to learn more about CFATS regulatory requirements.