49 CFR 172.802 – Components of a security plan
(a) The security plan must include an assessment of transportation security risks for shipments of the hazardous materials listed in § 172.800, including site-specific or location-specific risks associated with facilities at which the hazardous materials listed in § 172.800 are prepared for transportation, stored, or unloaded incidental to movement, and appropriate measures to address the assessed risks. Specific measures put into place by the plan may vary commensurate with the level of threat at a particular time. At a minimum, a security plan must include the following elements:
(1) Personnel security. Measures to confirm information provided by job applicants hired for positions that involve access to and handling of the hazardous materials covered by the security plan. Such confirmation system must be consistent with applicable Federal and State laws and requirements concerning employment practices and individual privacy.
(2) Unauthorized access. Measures to address the assessed risk that unauthorized persons may gain access to the hazardous materials covered by the security plan or transport conveyances being prepared for transportation of the hazardous materials covered by the security plan.
(3) En route security. Measures to address the assessed security risks of shipments of hazardous materials covered by the security plan en route from origin to destination, including shipments stored incidental to movement.
(b) The security plan must also include the following:
(1) Identification by job title of the senior management official responsible for overall development and implementation of the security plan;
(2) Security duties for each position or department that is responsible for implementing the plan or a portion of the plan and the process of notifying employees when specific elements of the security plan must be implemented; and
(3) A plan for training hazmat employees in accordance with § 172.704 (a)(4) and (a)(5) of this part.
(c) The security plan, including the transportation security risk assessment developed in accordance with paragraph (a) of this section, must be in writing and must be retained for as long as it remains in effect. The security plan must be reviewed at least annually and revised and/or updated as necessary to reflect changing circumstances. The most recent version of the security plan, or portions thereof, must be available to the employees who are responsible for implementing it, consistent with personnel security clearance or background investigation restrictions and a demonstrated need to know. When the security plan is updated or revised, all employees responsible for implementing it must be notified and all copies of the plan must be maintained as of the date of the most recent revision.
(d) Each person required to develop and implement a security plan in accordance with this subpart must maintain a copy of the security plan (or an electronic file thereof) that is accessible at, or through, its principal place of business and must make the security plan available upon request, at a reasonable time and location, to an authorized official of the Department of Transportation or the Department of Homeland Security.