Facilities subject to the security requirements of the Maritime Security Act must conduct an annual audit to determine if the facility is fully implementing their Facility Security Plan (FSP). The audit should cover elements associated with the FSP, the Facility Security Assessment (FSA), management of the facility's Transportation Worker Identification Card (TWIC) program, and response to changes in the MARSEC (MARitime SECurity) levels. In accordance with 33 CFR 105.415 (b), the audit must be crafted to review and assure compliance with the following requirements:
- The Facility Security Officer (FSO) must ensure an audit of the FSP is performed annually, beginning no later than one year from the initial date of approval, and attach a letter to the FSP certifying that the FSP meets the applicable requirements of this part.
- The FSP must be audited if there is a change in the facility's ownership or operator, or if there have been modifications to the facility, including but not limited to physical structure, emergency response procedures, security measures, or operations.
- Auditing the FSP as a result of modifications to the facility may be limited to those sections of the FSP affected by the facility modifications.
- Unless impracticable due to the size and nature of the company or the facility, personnel conducting internal audits of the security measures specified in the FSP or evaluating its implementation must:
- Have knowledge of methods for conducting audits and inspections, and security, control, and monitoring techniques;
- Not have regularly assigned security duties; and
- Be independent of any security measures being audited.
- If the results of an audit require amendment of either the FSAor FSP, the FSO must submit, in accordance with 105.410 of this subpart, the amendments to the cognizant Captain of the Portfor review and approval no later than 30 days after completion of the audit and a letter certifying that the amended FSP meets the applicable requirements of this part.
According to applicable rules, the FSP audit must be conducted by personnel not directly involved with facility security operations or duties. Some of the areas reviewed during the audit are:
- Security administration and organization of the facility - includes review of organizational elements tied to facility security, responsible personnel, etc.
- Personnel Training - typically assessed by reviewing training records for facility personnel, as well as contractors
- Drills and Exercises - review of quarterly drill records as well as annual exercise records
- Records and Documentation - records of incidents or breaches, security equipment maintenance logs, previous audits, declarations of security, changes in MARSEC level, etc.
- Response to Changes in MARSEC level - any records documenting actions associated with changes to the MARSEC level
- Communications - testing of communication channels
- Access Controls - visitor logs, key inventories, and effectiveness of the TWIC program
Typical FSP audit activities include the following.
- A visual inspection of the facility.
- A review of available records and documentation which includes:
- drills and exercises,
- Declaration of Security (DoS),
- guest register,
- contractors register,
- vehicle, and personnel screening logs.
- A representative sampling methodology is typically used to evaluate records that involved numerous documents; and
- Interviews of the Facility Security Officer (FSO) and the Alternate Facility Security Officer (AFSO).
The FSP audit is a comprehensive process encompassing many administrative and resource elements. Proper planning for the audit, including records and personnel availability, will go a long way in assuring the effectiveness and success of the audit.
For more information on FSP auditing services please contact Jose Orsini at (407) 982-2891, Ext. 1907 or the Trinity office nearest you by calling (800) 229-6655.