RBPS 9 – Response is the performance standard that addresses the development and exercising of an emergency plan to respond to security incidents with the assistance of local law enforcement and first responders.
Appropriately trained personnel should prepare for and be able to respond to and recover from security incidents such as a fire, aerial release, or other loss of containment of a chemical of interest (COI) at a chemical facility covered under the Chemical Facility Anti-Terrorism Standards (CFATS) program. Planning and training are important to ensure that facility personnel, onsite security, law enforcement, and first responders are ready to respond to the consequences of a security incident, and to report external and internal security incidents in a timely manner.
- Read or download the CFATS RBPS Guidance
- Read or download the RBPS 9 – Response Fact Sheet
- The Cybersecurity and Infrastructure Security Agency (CISA) Gateway is a repository of critical infrastructure tools and information—including certain CFATS data on a geospatial map—that improves coordination between federal, state, and local governments, and community stakeholders to prevent, prepare for, and respond to chemical incidents. For more information on who can access CFATS data on the CISA Gateway, visit the CFATS and Executive Order 13650 webpage or download the CFATS and CISA Gateway Fact Sheet.
Security Response vs. Emergency Response
It is important not to confuse a “security response,” which is intended to engage and neutralize adversaries, with the broader “emergency response,” which follows an attack and attempts to reduce the severity of the event. The initial “security response” has tactical considerations, whereas the “emergency response” relates to containing the damage and mitigating the consequences of a security incident. CFATS-covered facilities should address both security response and emergency response in their emergency plan.
Having established relationships, lines of communications, and plans in place can assist in reducing the impact of these security incidents that might include:
- Theft or diversion of a COI
- Onsite fire, explosion, or release of a COI
- Loss of containment of a COI
Security Measures for Response
Facilities should consider security measures that involve a response from not only designated facility emergency response personnel, but all facility personnel, as well as local law enforcement and other offsite emergency responders that include:
- Identifying hazards.
- Planning an effective response.
- Identifying the number of responders needed.
- Identifying the response skills needed for different types of adversary events.
- Equipping and training response personnel to maximize their efficiency and knowledge of a site.
Crisis Management Plan
One of the most important elements for a successful response to an incident is a well-thought-out, documented crisis management plan, upon which the relevant individuals have been trained.
Crisis management plans should contain strategies for responding to different types of security incidents, including:
- Contingency plans
- Continuity of operations plans
- Emergency response
- Notification control and contact requirements
- Post-incident security (e.g. post-terrorist attack, security incident, accident, hurricane, or other natural disaster)
- Security response
Crisis management plans generally include documented agreements with off-site responders, including:
- Ambulance/medical support
- Environmental restoration support
- Explosive device disposal support
- Firefighting support
- Hazardous spill/recovery support
- Marine support
Training, Drills, and Exercises
The best plans are of limited value in a crisis if the individuals responsible to respond are not prepared to do so. Training, drills, and exercises (such as tabletop and full-scale exercises) play a vital role in maximizing and testing the efficiency of the response plan to a security incident. Involving local first responders when preparing the plan and conducting drills improves responder understanding of the facility’s layout and of hazards associated with the facility. The first time that local law enforcement or responders actually access the facility should not be the day of an incident.