How To Ensure Security At A Site Security Site



Similar documents
Physical Security for Drinking Water Facilities

Supply Chain Security Audit Tool - Warehousing/Distribution

How To Protect A Water System

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Security Tools. Forms. Physical Security Assessment Security Plan Template Traffic Control Plan Template

A Self-Audit of Your Current Campus Security Systems

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

Middleborough Police Electronic Security Narrative

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

1. Perimeter fencing or walls should enclose the vicinity around cargo handling and loading areas, as well as storage facilities.

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Home Security Assessment Checklist DATE

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security Alert

Does a fence or other type physical barrier define the perimeter of the facility?

Site Security Standards and Strategy

Physical Security Assessment Form

SITECATALYST SECURITY

Security Management Plan

C-TPAT Self-Assessment - Manufacturing & Warehousing

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

BKDconnect Security Overview

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Supplier Security Assessment Questionnaire

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

System Security Plan University of Texas Health Science Center School of Public Health

Powering the Cloud Desktop: OS33 Data Centers

HIPAA RISK ASSESSMENT

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Physical Security Checklist and Inventory

Seventh Avenue Inc. 1

Appendix G. Security management plan

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

Site security evaluation guide

Small Business IT Risk Assessment

City of Phoenix Water Services Department Security Enhancement Program

How To Write A Health Care Security Rule For A University

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

Understanding Sage CRM Cloud

File 6: Appendix A, 36 CFR 1234 (formally numbered as 36 CFR 1228 subpart K) Federal Facility Security Standards (version 2.0 issued May 15, 2014)

Global Supply Chain Security Recommendations

IBX Business Network Platform Information Security Controls Document Classification [Public]

Security Criteria for C-TPAT Foreign Manufacturers in English

IT - General Controls Questionnaire

Physical Protection Policy Sample (Required Written Policy)

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

Court Security Guidelines

Integrated Physical Security and Incident Management

TECHNICAL QUESTIONS AND ANSWERS ITN-DOT-14/ RM TAMPA OPERATIONS CENTER VIDEO SURVEILLANCE/SECURITY ACCESS SYSTEM

Integral Security Solution

Secure Data Center Operations Gilbert Held Payoff

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Elements of Physical Security Systems II: Intrusion Detection, Alarm Communication and Assessment, Delay, and Response

C-TPAT Importer Security Criteria

GMS GRAPHICAL MANAGEMENT SYSTEM

SECURITY IN TRUCKING

PCI Data Security and Classification Standards Summary

General Computer Controls

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Guidance Notes FSR 2014

Security-in-Depth 4/26/2013. Physical Security Webinar. DCO Meeting Room Navigation. Host: Danny Jennings

Secure, Scalable and Reliable Cloud Analytics from FusionOps

HIPAA Information Security Overview

BRANCH SECURITY REVIEW CHECKLIST

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Home Security Inspection

INCIDENT RESPONSE CHECKLIST

How to Solve the Most Persistent Problem in Perimeter Security Systems

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Intermec Security Letter of Agreement

DHHS Information Technology (IT) Access Control Standard

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

PHLOSOPHY OF SCHOOL SAFETY AND SECURITY SYSTEMS INTERDICIPLINARY DECISION MATRIX

SAP Cloud: Data Center Security SAP Cloud Data Center Strategy and Security Whitepaper

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

Hosted Testing and Grading

WESTERVILLE DIVISION OF POLICE Security Survey Checklist: Business

SUPPLIER SECURITY STANDARD

Introduction. Conducting a Security Review

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Supplier Information Security Addendum for GE Restricted Data

Information Technology Security Procedures

Statement of objective MALLS & MULTIPLEXES

Physical Security to mitigate Social Engineering Risks

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Nuclear Plant Security Systems

Conducting Security System Site Surveys

Transcription:

Facility XXXX Site Security Survey Date: 10/9-10/10/02 (A) Perimeter Security DELAY/DETER Site Boundary None of the critical facilities have protective Fence (Height and Construction) fences. Outriggers No Trespass Signage Vehicle Barriers Employee Gate Shared Gate Back Gate Geographic Barriers (i.e. water) Vegetation All critical facilities are surrounded by pavement with the exception of the PFP metering building. This building is on a golf course and grass is kept mowed Inside the Site Buildings Restricted Access Areas Fences and Walls Target Areas Enclosures around critical areas DETECTIOSSESSMENT Sensors Ð fence (security) The areas are kept locked or are in manned facilities LIGHTING Very poor lighting is present at facilities. Lighting Dark areas? Glare? is limited primarily to just over doorways. 1

NARRATIVE SUMMARY Ð Section A Perimeter Security Perimeter security is non-existent at all of the critical facilities. The only security measure at any of the facilities are a single locked door separating an intruder from the critical asset. Only at PFP main building are any full-time personnel present. 2

(B) Access Controls / Systems ACCESS/EGRESS POINTS Personnel Ð Employee Vehicle Portal Personnel Ð Contractor Vehicle Portal No control, open roadway to parking Contractors use employee parking areas Vehicle portal No control, open roadway to parking Visitor Control Personnel access / control Vehicle access / control Confidentiality Agreements ID Checks Employees Badges issued? Displayed at all times? Photo? Visitors Visitor badge issued? Locked exterior door on smaller buildings, operating personnel at PFP main building No control, open roadway to parking Badges issued but not worn Displayed at all times? Reconciliation of visitor badges? issued Vendors ID checked or badge issued Contractors ID checked or badge Chemical delivery driver ACCESS CARDS Type of System - None System 1 System 2 Card Technology None Accountability None Card Access Areas None Card Distribution None 3

INTRUSION DETECTION Fence Sensors, Door and Hatch Sensors, Motion Detection None installed Monitored by service provider or internally? Response capability KEY CONTROL Accountability There is no key accountability HR Dir Safety/Security Mgr Plant Manager Other: Are keys signed in and out? Keys are Requested from? Keys are Reproduced by? Key Log? Secured doors noted Unsecured doors noted Ð if yes, where? Supervisor Keys are freely reproduced by any locksmith in town SIGNAGE AT ENTRANCE Weapons Policy Subject to Search CONTRABAND DETECTION Searches X-ray, metal or other detection Prohibited articles (i.e. weapons) PARKING Locations? Inside or outside the Parking is in uncontrolled areas. perimeter or protected area? There are no parking controls Controls / restrictions TRAFFIC FLOW Access prohibited or restricted within the site or facilities 4

NARRATIVE SUMMARY Ð Section B Access Controls The only security measure at any of the facilities are a single locked door separating an intruder from the critical asset. Only at PFP main building are any full-time personnel present. (C) Security Force Management GUARD SERVICE Type of Guards Proprietary Contract Armed Unarmed Stationary Mobile Guard Contractor Company Guard Supervisor(s) Guard Staffing / Shifts Guard Locations Means of Communication Silent Alarm Hand held radio Telephone Other: Pager Direct lines to monitoring station Direct lines to LLEAs Guard Equipment Training Weapons Flashlight Other: EMT Other: Post Orders? Daily Log? Incident Reports? Conduct Safety Briefings? Evacuation Procedures? Bomb Threat Procedures? Contact with Local Law Enforcement? NARRATIVE SUMMARY Ð Section C Security Force Management There is no force management in place 5

(D) Video Surveillance System CAMERAS Number of Cameras A single PTZ camera is in place at the CS reservoir Type of Cameras Color Black & White Color Camera Coverage PTZ Stationary PTZ MONITORS Number of Monitors Monitors by a private service during the day, police at night Type of Monitors Color Black & White Single Screen Quad Screen Continuous Time Delay Quality of Coverage Ð Daylight poor Quality of Coverage Ð Night Extremely poor RECORD CAPABILITY Type of Recording Analog Digital Real Time Delayed Motion Continuous Color Black & White Tape Changes Hourly Daily Weekly Tape Storage / Rotation Daily Weekly Monthly Tape Accountability Guards Security Mgr Other: NARRATIVE SUMMARY Ð Section D Video Surveillance System The video surveillance is so poorly situated for protection of critical assets that it is unlikely to aid in detection or assessment. The single camera is more likely to be used at night to apprehend drug deales. 6

(E) Information Security Yes No Comments Locations of Fax Machines and Printers Ð secured? SCADA Network Access Ð modems connected to LAN workstations Not at this time but planned for future Computer file storage No storage kept Laptop Security Ð locks Library file storage Ð secured room/cabinets Lab Notebook storage Ð secured? Mail distribution and control Ð secured? NARRATIVE SUMMARY Ð Section E Information Security Information security at the plant is accomplished by connecting on-line only when the SCADA contractor calls and requests that the telephone line be switched on. The Contractor uswes a password to take control of the system for diagnostic work and downloads. No confidential material is kept on plant PCÕs. (F) SCADA Control System COMMUNICATIONS By modem Link to an external off-site system By modem Encryption Lock and sensor communications rooms Supervised lines Authentication Redundant systems COMMERCIAL HARDWARE AND SOFTWARE Current security patches Strong password Audits Monitor unusual use APPLICATION SOFTWARE Configuration control Trusted source Documentation 7

Thorough testing PARAMETER DATA Validate value and effect Configuration control Read only Authenticate write privilege SUPPORT INFRASTRUCTURE UPS Automatic switch to backup Environmental controls SECURITY INTRUSION DETECTION PFP buildings CS buildings Monitoring and Response capability NARRATIVE SUMMARY Ð Section F SCADA Control System Ð Security Intrusion Detection Security is controlled by disconnecting telephone line to system (G) Other Yes No Comments PROCESS SAFETY FEATURES Fail-Safe valves Sensors and Indicators Limit switches Relief or check valves Manual or Automatic Shutoffs Alarms and procedures Emergency Air Supply Emergency Power Diesel back-up for pump power. Rupture Disks Flow-limiting Equipment Inhibitor addition Process Area monitors Perimeter monitors MITIGATION FEATURES (ACTIVE, PASSIVE) OTHER AREAS TO CONSIDER 8

NARRATIVE SUMMARY Ð Section G Other 9