ChemLock: Conducting a Chemical Security Self-Assessment

Related topics:
Chemical Security, Critical Infrastructure Security and Resilience

Whether a small business or an international company, everyone who interacts with dangerous chemicals has a role to play in understanding the risk and taking collective action to prevent chemicals from being weaponized by terrorists. The ChemLock program provides recommendations on how to systematically review and assess a facility security plan. For more information on developing a security plan, see the ChemLock Security Plan webpage.

Assessing a Security Plan

Periodically reviewing and assessing the security measures in a facility’s security plan is a critical component in maintaining an effective security plan. Assessments should:

  • Ensure the plan meets its goals and is effective.
  • Confirm that all the information is up to date.
  • Identify security gaps and corresponding mitigation measures.
  • Review the implementation of additional planned measures.
  • Incorporate any changes as necessary to existing security measures.
  • Identify and remove obsolete measures that are no longer necessary.
  • Review relevant policies, plans, and procedures, such as roles and responsibilities, password procedures, reporting procedures for suspicious activity and security incidents, and response measures to an incident or hazard.

CISA encourages facilities to review their security plan on an annual basis as personnel, processes, policies, and procedures can change over time.

Self-Assessment Checklist

Below is a self-assessment checklist that a facility can use by itself or in conjunction with a security plan template described in ChemLock: Secure Your Chemicals. Using five security goals, the checklist helps facility personnel identify gaps in security measures so that any vulnerabilities can be addressed. If a security gap is found, the facility can identify steps and develop timelines to resolve those identified gaps.

ChemLock: Chemical Security Self-Assessment Template(DOCX, 46.05 KB )

If you would like assistance with conducting an assessment of your current chemical security measures and security plan, CISA has chemical security experts around the country that can come on site to help you conduct a security assessment and provide tailored suggestions for ways to enhance your chemical security posture.

In addition, conducting an exercise is a great way to test your security plan and assess your response and security measures. The ChemLock program can help you by either facilitating a live tailored tabletop exercise or providing CISA Tabletop Exercise Packages (CTEPs) that you can download and use as desired. Visit the ChemLock Exercises webpage to learn more.

Request ChemLock Services
On-Site Assessments and Assistance icon

ChemLock On-Site Assessments and Assistance

CISA's ChemLock program can provide on-site assistance and assessments that help facilities identify the security risks their on-site chemicals present and offer scalable, tailored suggestions for security measures that will best enhance their security posture.
ChemLock Exercises icon

ChemLock Exercises

Using extensive knowledge of chemical security best practices, the ChemLock program provides no-cost services and resources to help you test your response and security plans for a wide variety of scenarios.
Request ChemLock Services
Chemlock logo

ChemLock Security Plan

The ChemLock chemical security plan guidance document and template can be used as an example of a holistic security plan to assess or enhance your chemical security plan.

ChemLock Security Plan

ChemLock Security Goals

Your security plan should address these security goals that address a variety of different threats and hazards. Learn more about the ChemLock security goals.

ChemLock Detection Security Goal

ChemLock: Detection Security Goal

Detection is the ability to identify potential attacks or precursors to an attack and to communicate that information as appropriate. Learn more about the detection security goal that can enhance your facility's chemical security posture.
ChemLock Delay Security Goal

ChemLock: Delay Security Goal

Delay includes limiting access to your facility or assets to reduce the likelihood of an adversary successfully breaching the perimeter or assets and allowing sufficient time to initiate a response to the attack. Learn more about the delay security goal.
ChemLock Response Security Goal

ChemLock: Response Security Goal

Response includes the capability to communicate, report, and manage the appropriate reaction(s) to potential attacks and/or adversary actions, and/or to reduce the effect of security-related events. Learn more about how response measures enhance your chemical security posture.
ChemLock Policies, Plans, and Procedures Security Goal

ChemLock: Policies, Plans, and Procedures Security Goal

Policies, plans, and procedures ensure you have the capability to manage your facility security plan, including the development of processes that support security plan implementation and oversight. Learn more about this security goal that enhances your chemical security posture.

Contact Information

For more information or questions, please email ChemLock@cisa.dhs.gov.

NOTE: Participation in any portion of CISA's ChemLock program does not replace any reporting or compliance requirements under CISA's Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR part 27). Some ChemLock activities may fulfill CFATS requirements, depending on your specific security plan. Contact local CISA Chemical Security personnel or visit the CFATS webpage to learn more about CFATS regulatory requirements.