CFATS Compliance

Originally implemented in 2007, the Chemical Facility Anti-Terrorism Standards (CFATS) is a Department of Homeland Security (DHS) regulatory program that addresses security at high-risk chemical facilities. DHS evaluates security risk based on three criteria: 

  • Consequence – anticipated result of a successful attack on a facility
  • Vulnerability – likelihood that an attack would be successful
  • Threat – intent and capability of an adversary attacking the facility 

DHS implements the CFATS program through a risk-tiering methodology for subject facilities. The CFATS program consists of first determining if a facility has chemicals of interest (COIs) that exceed the regulatory thresholds (applicability determination). If subject, the facility must prepare a Top-Screen Analysis (TSA), and potentially a Security Vulnerability Assessment (SVA) and Site Security Plan (SSP). DHS has an Expedited Approval Program to streamline SVAs and SSPs for lower risk facilities and allows facilities to develop Alternative Security Programs (ASP) as long as they meet all the SSP requirements.

Trinity assists with CFATS compliance, from applicability determination through DHS Compliance Inspection. Trinity has valuable experience in each critical step of the CFATS program. 

  • Conducting Applicability Determinations
    • Evaluating facility chemicals for CFATS applicability
    • Preparing threshold calculations for chemicals of interest
    • Preparing non-applicability determinations to document the facility’s compliance status
    • Evaluating alternatives to opt out of the CFATS reporting requirements 
  • Performing Top-Screen Analyses
    • Preparing a TSA using DHS’s Chemical Security Assessment Tool (CSAT)
    • Providing CSAT and Chemical-terrorism Vulnerability Information (CVI) training guidance
    • Ensuring reporting consistency with other safety and environmental programs (e.g., RMP, PSM, Tier II, Toxic Release Inventory, etc.), including CFATS implications for these other programs 
  • Preparing Security Vulnerability Assessments using CSAT
    • Characterizing critical assets
    • Assessing internal, external, and internally-assisted threats
    • Identifying potential security vulnerabilities and existing countermeasures
    • Assessing risk of an attack
    • Analyzing countermeasures and evaluating additional measures to lower risk 
  • Developing Site Security Plans using CSAT
    • Addressing each vulnerability identified in the SVA
    • Evaluating the 18 risk-based performance standards (as applicable) and developing cost-effective strategies for compliance with these standards 
  • Preparing for and assisting with DHS Authorization and Compliance Inspections 
  • Maintaining CFATS Compliance
    • Updating existing TSAs, SVAs, and SSPs
    • Conducting mock DHS Authorization and Compliance Inspections 

For assistance with CFATS applicability determinations or TSA, SVA, and SSP reporting requirements, contact Mr. Jose Orsini at (407) 982-2891 or, or Mr. Taylor Wilson at (913) 894-4500 or