Security Vulnerability Analysis (SVA)

Process Advisory Services offers comprehensive SVA services. We are certified by the Center for Chemical Process Safety (CCPS) of AIChE to lead full facility analyses, including characterization, threat assessment, vulnerabilities, and countermeasures.

PAS can also review your current SVA for completeness, and for compliance with the American Chemistry Council's Responsible Care Security Code of Practice, which calls for third party validation. Call us for a no-obligation discussion of your facility's current and desired level of security.

29CFR(sooner or later?) – Security Vulnerability Analysis (SVA)

Just as OSHA PSM and EPA RMP have dramatically changed the way that companies review and record their process activities around hazardous chemical accident scenarios, SVA has now become a growing priority for companies nationwide, and may yet become the next hazardous chemical safety regulation. Simply (perhaps over-simply) put, SVA is a body of hazard recognition and reduction methodologies similar to PSM hazard reviews, with the key exception that the initiating act is deliberate, not accidental.

Conducting a successful facility SVA requires more than just a grounding in process hazard analysis techniques, however. It requires: a facility characterization to understand the attractiveness of the potential target and the goals of a deliberate act against the site; a threat assessment, including whether the threat originates internally or externally; an analysis of the specific vulnerabilities of the site due to location, layout, and accessibility; and the review and recommendation of countermeasures to reduce the facility's vulnerability to attack.

While legislation does not yet exist to compel companies to conduct security vulnerability analyses, such legislation has been proposed (the "Corzine bill") and defeated. While that bill was a well-intentioned attempt to formalize and oversee SVA activities, it was defeated primarily because it would have placed an unnecessarily onerous burden on companies to modify their processes to reduce overall vulnerability. However, just as OSHA administers PSM and EPA oversees RMP, it is reasonable to assume that SVA will continue to be scrutinized and politicized, and ultimately legislated, most probably under the auspices of the Department of Homeland Security.

SVAs conducted in advance of any promulgated legislation would most likely be grandfathered in a manner similar to the PHAs that were grandfathered when OSHA PSM came into effect. But existing SVAs will only be treated that way if they were conducted and conform to an industry-standard methodology (see the ACC Responsible Care Security Code of Practice), such as the one devised by CCPS and utilized by Process Advisory Services.