Tag Archives: and Chemical Facility Anti-Terrorism

Chemical Vulnerability and Anti-Terrorism


This entry was posted by on .

CVI and CFAT information are regulated by DHS and relate to Chemical Vulnerability Information and Chemical Facility Anti-Terrorism. If your company has CVI responsibilities, how are you managing access to the information and assets in your organization by vendors, visitors, technicians, and security staff?

Without a solid visitor management approach, you end up in a situation where people who are knowledgeable of significant vulnerabilities may not have been trained on how to handle that information. Get CVI certified, register all your vendors with this certification, and know how, when, and where they touch your critical CVI.

Chemical Vulnerability Information or CVI is information that is intended to be protected by DHS directive. Companies that handle chemicals, be it for manufacturing, food production, or other purposes, have an obligation to protect this information. With that obligation comes a need for companies to have a way to ensure they can prove that the information is protected, and to follow certain procedures in order to ensure their employees, contractors, and vendors also protect this information.

The first step in dealing with CVI is to cover the basic handling instructions. DHS has provided documents and training to ensure that these practices are carried out in a timely and organized manner. The actual practices are: 

        • Storage of CVI
        • Marking of CVI
        • Transmission of CVI
        • Responsibilities when in transit with CVI
        • Destruction of CVI

The DHS directive in 6CFR S 27.400 (e) (3) indicates that DHS provided CVI Training is necessary and appropriate for anyone who will access, use, store, mark, transmit, mange, or destroy this information. Thankfully, this training is publicly available, free, and not too difficult for individuals to acquire. By going to this link http://www.dhs.gov/training-chemical-terrorism-vulnerability-information, staff, contractors, consultants, or other individuals at your organization can take this training.

These staff members should report to the organization that they have had training, and provide their certification number. That information should be stored, and used to ensure that exposure to this kind of information is managed effectively. If you have new vendors or contractors that visit your site, you should prevent access to areas that will expose this information, or access to the actual assets that are protected, if the individual has not had this training.

Using a tool like the Alert Enterprise Guardian Express and Visitor Management, you can manage visitor access, check your HR systems, or even store certification numbers for staff, ensuring that your CVI is protected. Having a fully audited workflow, individuals can be approved once credentials have been validated, ensuring that you are proactively meeting the CVI and CFAT standards put forth by DHS.

If you would like to better understand how Alert Enterprise can help you to protect your CVI assets, and also manage your overall security posture and risk, please contact us to discuss.

As provided by 6 CFR S 27.400(e) (3), DHS has determined that, except under emergency or exigent circumstances, successful completion of DHS-provided CVI training is a necessary and appropriate condition for any individual’s access to CVI. DHS reserves the right under 6 CFR S 27.400(e)(2) (iii) to require non-disclosure agreements in the future, as appropriate, as a condition for becoming an Authorized User or otherwise obtaining access to CVI. 

From <http://www.dhs.gov/handling-chemical-terrorism-vulnerability-information read more