RESPONSIBLE CARE®

SECURITY CODE

Daniel Roczniak

Senior Director, Responsible CareAmerican Chemistry Council

June 2010

Security CodePresentation Topics

• Background– Why a Security Code?– Public concerns addressed by the code.

• Key Focus areas of the Code• Link to other Codes• Benefits of implementing the Security Code• Questions and Answers

Security Code Why a Security Code?

• Code was a result of attacks on New York and Washington on September 11, 2001.

• Industry realized that it must act collectively to enhance security of its facilities, supply chains and cyber assets.

• Be pro-active rather than wait for federal and state government to develop security plans.

• Code development took six months with adoption in June 2002.

• All ACC members and Partners required to implement the Code in their operations.

Security Code Public Concerns Addressed

• Physical security of manufacturing locations.– Potential terrorist attacks.– Other types of violence which could impact local

populations.• Security of product in the supply chain.– Diversion of products.– Sabotage of products.

• Securing cyber assets– Prevent hacking to disrupt operations.– Unauthorized purchase/diversion of product.

Security Code Key Elements

• Management Commitment (Policy)– Senior management engagement– Security policies

• Analysis of Threats and Vulnerabilities (Plan)– Use of accepted risk-based Site Vulnerability Assessment methodology.– Cooperation with supply-chain Partners.

• Implementation of Security Measures (Do)– Documents– Training/Drills– Communications and Information Exchange– Response Plans

Security Code Key Elements

• Evaluation Process (Check)– Internal Auditing– Third-party verification of site security

• Review (Act)– Management of Change– Continuous Improvement Commitment

Code has 13 specific elements which companies implement.

Security Code Links to Other Codes

• Security Code

• Distribution Code– Supply Chain Assessments– Training, Drills, Guidance– Response to threats– Audits

• CAER Code– Stakeholder Dialogue– Information Exchange– Training/Drills

• Process Safety Code– Vulnerability Assessments– Management of Change– Implementation of Security Measures

• Product Stewardship Code - Supply Chain Assessments - Communications, Info exchange

Security CodeRequirements for ACC Companies

• Companies rank their manufacturing sites in tiers 1-4• Conduct Site Vulnerability Assessments (SVAs) and

identify necessary physical enhancements.• Third-party verifies implementation of site

enhancements.• Companies report Code implementation progress to

ACC after 18 months. Implementation must be complete after 36 months.

• Annual affirmation that code is being implemented.

Security CodeBenefits

• ACC was able to establish model for site security which provided inputs for state and federal laws and regulations.

• Strengthened existing supply chain relationships creating greater efficiencies.

• ACC companies were able to take advantage of provisions in laws recognizing existing security programs.

• Public concerns were addressed through proactive implementation.

• Strengthened industry-government relationships.