CFATS Risk-Based Performance Standard (RBPS) 9 – Response


RBPS 9 – Response is the performance standard that addresses the development and exercising of an emergency plan to respond to security incidents with the assistance of local law enforcement and first responders.

Appropriately trained personnel should prepare for and be able to respond to and recover from security incidents such as a fire, aerial release, or other loss of containment of a chemical of interest (COI) at a chemical facility covered under the Chemical Facility Anti-Terrorism Standards (CFATS) program. Planning and training are important to ensure that facility personnel, onsite security, law enforcement, and first responders are ready to respond to the consequences of a security incident, and to report external and internal security incidents in a timely manner.

Security Response vs. Emergency Response

It is important not to confuse a “security response,” which is intended to engage and neutralize adversaries, with the broader “emergency response,” which follows an attack and attempts to reduce the severity of the event. The initial “security response” has tactical considerations, whereas the “emergency response” relates to containing the damage and mitigating the consequences of a security incident. CFATS-covered facilities should address both security response and emergency response in their emergency plan.

Having established relationships, lines of communications, and plans in place can assist in reducing the impact of these security incidents that might include:

  • Theft or diversion of a COI
  • Onsite fire, explosion, or release of a COI
  • Loss of containment of a COI

Security Measures for Response

Facilities should consider security measures that involve a response from not only designated facility emergency response personnel, but all facility personnel, as well as local law enforcement and other offsite emergency responders that include:

  • Identifying hazards.
  • Planning an effective response.
  • Identifying the number of responders needed.
  • Identifying the response skills needed for different types of adversary events.
  • Equipping and training response personnel to maximize their efficiency and knowledge of a site.

Crisis Management Plan

One of the most important elements for a successful response to an incident is a well-thought-out, documented crisis management plan, upon which the relevant individuals have been trained.

Crisis management plans should contain strategies for responding to different types of security incidents, including:

  • Contingency plans
  • Continuity of operations plans
  • Emergency response
  • Evacuation
  • Notification control and contact requirements
  • Post-incident security (e.g. post-terrorist attack, security incident, accident, hurricane, or other natural disaster)
  • Security response

Crisis management plans generally include documented agreements with off-site responders, including:

  • Ambulance/medical support
  • Environmental restoration support
  • Explosive device disposal support
  • Firefighting support
  • Hazardous spill/recovery support
  • Marine support

Training, Drills, and Exercises

The best plans are of limited value in a crisis if the individuals responsible to respond are not prepared to do so. Training, drills, and exercises (such as tabletop and full-scale exercises) play a vital role in maximizing and testing the efficiency of the response plan to a security incident. Involving local first responders when preparing the plan and conducting drills improves responder understanding of the facility’s layout and of hazards associated with the facility. The first time that local law enforcement or responders actually access the facility should not be the day of an incident.

Contact Information

Information provided is derived from the CFATS RBPS Guidance. For additional information on RBPS 9 and all other RBPS, please visit the RBPS webpage.

For more information on the CFATS program, please contact CFATS@hq.dhs.gov.

Was this document helpful?  Yes  |  Somewhat  |  No