Homeland Security Rivers Edge P
"
( > U.S. Department O~.
Homeland Security
United States
Coast Guard
Commadant
United States Coast Guard
2100 Second Street. S.W.
Washington. DC 20593-0001
Staff Symbol: G-MPS
Phone: (202) 267-0495
Fax: (202) 267-0506
t(Q)\P1f
16000
Date: 4/24/2004
MISLE Activity #: 1990772
FIN#: SYS 1 00065040
BVID #: 01560
Rivers Edge Plaza
348 Bell St.
Dubuque, IA 52001
Dear Michael C. Van Milligen
We have completed a Stage II review of your submitted facility security plan for Rivers Edge Plaza.
Unfortunately, your plan does not meet the requirements of Title 33 Code of Federal Regulations
(CFR) Part 105. Enclosed is a summary of the insufficient or missing elements(s) in your plan. It is
recommended that changes to your plan be bold, in a different font or color from the original and a
copy of this letter be included to expedite your plan review. Once these items have been addressed to
our satisfaction, we will forward your plan to the cognizant Captain of the Port. These deficiencies
must be corrected and resubmitted no later than 20 days from the date this letter is received:
National FSP Review Center
Mailstop Q6
6601 College Blvd
Overland Park, KS 66211
Attn: Security Officer
We have established the MTSA-ISPS Help desk website at www.uscg.millhq/g-mImp/mtsa.shtml, to
assist you in correcting your plan. The website has important information regarding implementation of
the International Ship and Port Facility Security (ISPS) Code. You are reminded that all facilities must
be operating on July 1,2004 under a Coast Guard approved MSTA Facility Security Plan.
Should you have any further questions concerning your facility security plan review, please contact the
National Facility Security Plan Review Center via email (nfsprc@bv.com), fax (913-458-4700) or call
(l-866-FSP-USCG). If you need a copy of your FSP, please fax your request to 913-458-4700.
Sincerely,
~~
. ~
--
R. T. Teubner
Lieutenant Commander, U.S. Coast Guard
National Facility Security Program Manager
By direction of the Chief, Vessel & Facility Security (G-MPS)
ZZ :5 m üZ tJdV i¡O
Security Sensitive Informution (Wkenfilled out)
United States Coast Guard
STAGE 2 - USCG SECURITY PLAN$ (FSP) APPROVAL FORM (passenger Ferry Facilities)
Tracking No.: 01560-SYS100065040-2-0 OPFAC No.: 08-33201
Facility Name Rivers Edge Plaza Facility Type: PF
Team Leader: BRADY BUZICK FIN: SYS 1 00065040
Explanation of Deficiency
General Facility Security Assessment does not address all of the regulation requirements but is generally
acceptable; due to low consequence ofthe facility. Drills & Exercises does not meet the
regulations but generally acceptable for this type of facility.
In accordance with 33CFR, 105.405 a Facility Security Plan (FSP) must describe, in detail, procedures and
policies that will be implemented to meet or exceed each requirement of this regulation. A Facility Security
Plan must provide sufficient detail and organization to function as a reference document to be used by
present and future security personnel to ensure the implementation of all aspects of the plan. In addition,
the plan must contain sufficient detail to facilitate USCG review and verification of implemented
procedures. Re-statement of Regulation 33CFR does not constitute a legitimate FSP.
.
.
.
.
.
.
.
.
.
.
.
Refer to Stage 2 Review Form in the USCG "Navigation and Vessel Inspection Circular" (NVIC)(Enciosure
4b at http://www.uscg.mil/hq/g-mInviclNVIC_03-03.pdf) for guidance on type of information and level of
detail required for an approved FSP. Note keywords; procedures, measures, techniques, means and
policy.
When specific security regulations do not apply to a facility or its operation, the FSP should briefiy state
why the regulation is not applicable.
A description of your facility including number of employees, facility physical size, a brief description of
facility operations and the types of vessels visiting your facility would be beneficial to the FSP review
process and applicability of regulation requirements.
105.200(b)(2): FSP does not designate an FSO or does not indicate a method for contacting the FSO, at
anytime (24 hours), as required by 105.400(a)(1). 24 Hour contact method to the FSO must be stated.
105.200(b)(8): FSP does not specify owner/operator is responsible for notifying facility personnel and
implementation of security measures required for a new MARSEC Level. Security measures must be
implemented within 12 hours of MARSEC Level increase notification.
1 05.200(b)(1 0): FSP does not specify owner/operator is responsible for reporting all breaches of security
and security incidents to the National Response Center (NRC). FSP must identify one or more of the
means listed in 33 CFR, Part 101, for reporting to the NRC.
105.205(a)(3): FSP does not specifically state the FSO shall retain designated FSO responsibilities
although other individuals may perform specific tasks.
105.205(c)(1): Ensuring Facility Security Assessments are conducted is not listed in the FSP as a FSO
responsibility.
105.205(c)(2): Ensuring FSP development, revision and implementation is not listed in the FSP as a FSO
responsibility.
105.205(c)(3): Ensuring an annual audit is conducted, and if necessary that the FSA and FSP are updated,
is not listed in the FSP as a FSO responsibility.
105.205(c)(4): Ensuring the FSP is exercised per 33 CFR 105.220 is not listed in the FSP as a FSO
responsibility.
105.205(c)(5): Ensuring regular security inspections of the facility are conducted, is not listed in the FSP as
a FSO responsibility.
105.205(c)(6): Ensure security awareness and vigilance of all facility personnel is not listed in the FSP as a
FSO responsibility.
105.205(c)(7): Ensuring adequate training of personnel performing security duties is not listed in the FSP
as a FSO responsibility.
Monday, April 26, 2004
Security Sensitive Information (When filled out)
Page 1
Tracking No.:
Facility Name
Team Leader:
Security Sensitive Information (When filled ouV
United States Coast Guard
STAGE 2 - USCG SECURITY PLANS (FSP) APPROVAL FORM (passenger Ferry Facilities)
01560-SYS100065040-2-0
Rivers Edge Plaza
BRADY BUZICK
OPFAC No.:
Facility Type:
FIN:
08-33201
PF
SYS100065040
Explanation of Deficiency
. 105.205(c)(8): Ensuring occurrences that threaten the security of the facility are recorded and reported to
the owner or operator is not listed in the FSP as a FSO responsibility.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
105.205(c)(9): Ensuring the maintenance of records is not listed in the FSP as a FSO responsibility.
1 05.205(c)(1 0): Ensuring preparation and submission of reports required by this partis not listed in the
FSP as a FSO responsibility.
105.205(c)(11): Ensuring execution of any required Declarations of Security with Masters or Vessel
Security Officers is not listed in the FSP as a FSO responsibility.
105.205(c)(12): Ensuring coordination of security services in accordance with the FSP is notlisted in the
FSP as a FSO responsibility.
105.205(c)(13): Ensuring that security equipment is properly operated, tested, calibrated and maintained is
not listed in the FSP as a FSO responsibility.
105.205(c)(14): Ensuring the recording and reporting of attainment changes in MARSEC Levels is not
listed in the FSP as a FSO responsibility.
105.205(c)(15): Ensuring Vessel Security Officers receive assistance, when requested, in confirming the
identity of visitors and service providers seeking to board the vessel thru the facility is not listed in the FSP
as a FSO responsibility.
105.205(c)(16): Ensuring notification of law enforcement personnel and other emergency responders, to
permit a timely response to any transportation security incident, is not listed in the FSP as a FSO
responsibility.
105.205(c)(17): Ensuring the FSP is submitted to the COTP for approval as well as informing the COTP of
any plans to change the facility are not listed in the FSP as FSO responsibilities.
105.205(c)(18): Ensuring facility personnel are briefed of changes in security conditions at the facility is not
listed in the FSP as a FSO responsibility.
105.225(a): Records should be kept at one location and location should be identified in the plan. FSP does
not direct the FSO to keep records of activities listed in 33CFR, 105.225(b) for at least 2 years and to make
them available to the USCG upon request.
1 05.225(b): FSP does not detail how records required by this regulation and which are stored in electronic
format, are to be protected against unauthorized deletion, destruction or amendment.
105.225(b)(1): FSP does not identify procedures for keeping records of each security training session
including duration of session, description of training and list of attendees.
105.225(b)(2): FSP does not identify procedures for keeping records of each drill or exercise including date
held, description of drill or exercise, list of participants and lessons learned.
105.225(b)(3): FSP does not identify procedures for keeping records of each incident or breach of security
including date & time, location in facility, description of breach or incident, to whom it was reported and
description of response.
105.225(b)(4): FSP does notidentify procedures for keeping records of each change in MARSEC Level,
including date & time of notification received and time of compliance with additional requirements.
105.225(b)(5): FSP does not identify procedures for keeping records of each occurrence of security system
equipment maintenance including date & time and specific security equipment involved.
Monday, April 26, 2004
Security Sensitive Informution {When filled ouV
Page 2
Tracking No.:
Facility Name
Team Leader:
Secur;ty Sensït;ve Information (When filled out)
United States Coast Guard
STAGE 2 - USCG SECURITY PLANS (FSP) APPROVAL FORM (Passenger Ferry Facilities)
01560-SYS100065040-2-0
Rivers Edge Plaza
BRADY BUZICK
OPFAC No.:
Facility Type:
FIN:
08-33201
PF
SYS 1 00065040
Explanation of Deficiency
. 105.225(b)(6): FSP does not identify procedures for keeping records of each security threat including date
& time, how threat was communicated, who received/identified the threat, threat description, to whom it
was reported, and response description.
.
.
.
.
.
.
.
.
.
.
.
.
.
105.225(b)(7): FSP does not identify procedures for keeping records of each single-visit DoS and a copy of
each continuing DoS for at least 90 days after end of effective period.
105.225(b)(8): FSP does not identify procedures for keeping records of each annuai audit including a letter
certified by the FSO stating the date of audit completion.
105.225(c): FSP does not include procedures for protecting records, required by 33CFR, 105.225(b), from
unauthorized access or disclosure.
105.230(b)(2): FSP references a Threat Assessment Program Manual that has not been provided for
review, without this manual Section 5 is found to be unsatisfactory. FSP does not direct facility owner or
operator to ensure all additional security measures will be implemented within 12 hours of an increase in
MARSEC Level.
105.230(b)(3):FSP references a Threat Assessment Program Manual that has not been provided for
review, without this manual Section 5 is found to be unsatisfactory. Upon an increase in MARSEC Level,
FSP does not direct owner/operator to ensure the facility reports compliance or noncompliance, to the
COTP. Additional security measures are to be implemented within 12 hours ofthe level increase.
105.230(d): FSP references a Threat Assessment Program Manual that has not been provided for review,
without this manual Section 5 is found to be unsatisfactory. FSP does not identify procedures for informing
the COTP and obtaining approval prior to interfacing with a vessel or continuing operations when the
facility is not capable of operating in compliance with the FSP.
105.230(e): FSP references a Threat Assessment Program Manual that has not been provided for review,
without this manual Section 5 is found to be unsatisfactory. FSP does not identify procedures to ensure
facility operates in compliance with MARSEC Level 3 and additional measures which may include
waterborne patrol, armed personnel to control access, or examination of structures for threats.
105.245(b)(2): Upon arrival of a cruise ship or manned vessel carrying Certain Dangerous Cargo in bulk,
the FSP does not ensure or identify procedures for the FSO and Master, VSO, or their representatives, to
sign the written DoS.
105.245(c): FSP does not require the DoS to be signed and implemented prior to vessel embarking or
disembarking and transfer of cargo or vessel stores.
105.245(d): FSP does not require, at MARSEC Levels 2 and 3, that the facility FSO sign and implement
DoSs with interfacing manned vesseis subject to 33CFR, 104.
105.415(b)(1): FSP does not state the FSO will ensure an audit ofthe FSP will be performed annually or
when a change of facility ownership occurs.
105.415(b)(4)(i): FSP does not describe the required experience and knowledge ievel of personnel who
conduct FSP audits.
105.415(b): FSP does not define a process or procedure for submitting FSP amendments resulting from an
audit.
Monday, April 26. 2004
Security Sensitive Informanon (When filled ouO
Page 3
"
(' U.S. Department O~.
Homeland Security
United States
Coast Guard
Commadant
United States Coast Guard
2100 Second Street, S.W.
Washington. DC 20593-0001
Staff Symbol: G-MPS
Phone: (202) 267-0495
Fax: (202) 267-0506
t(Q)\P1f
16000
Date: 4/24/2004
MISLE Activity #: 1990772
FIN#: SYSI00065040
BVID #: 01560
Rivers Edge Plaza
348 Bell St.
Dubuque, IA 52001
Dear Michael C. Van Milligen
We have completed a Stage II review of your submitted facility security plan for Rivers Edge Plaza.
Unfortunately, your plan does not meet the requirements of Title 33 Code of Federal Regulations
(CFR) Part 105. Enclosed is a summary of the insufficient or missing elements(s) in your plan. It is
recommended that changes to your plan be bold, in a different font or color from the original and a
copy of this letter be included to expedite your plan review. Once these items have been addressed to
our satisfaction, we will forward your plan to the cognizant Captain of the Port. These deficiencies
must be corrected and resubmitted no later than 20 days from the date this letter is received:
National FSP Review Center
Mailstop Q6
6601 College Blvd
Overland Park, KS 66211
Attn: Security Officer
We have established the MTSA-ISPS Help desk website at www.uscg.millhq/g-mImp/mtsa.shtml, to
assist you in correcting your plan. The website has important information regarding implementation of
the International Ship and Port Facility Security (ISPS) Code. You are reminded that all facilities must
be operating on July 1, 2004 under a Coast Guard approved MSTA Facility Security Plan.
Should you have any further questions concerning your facility security plan review, please contact the
National Facility Security Plan Review Center via email (nfsprc@bv.com), fax (913-458-4700) or call
(1-866-FSP-USCG). If you need a copy of your FSP, please fax your request to 913-458-4700.
Sincerely,
~~
---
R. T. Teubner
Lieutenant Commander, U.S. Coast Guard
National Facility Security Program Manager
By direction of the Chief, Vessel & Facility Security (G-MPS)
22 :5 !!~ gZ I1dV ;,0
Tracking No.:
Facility Name
Team Leader:
Security Sensitive Information (When filled out)
United States Coast Guard
STAGE 2 - USCG SECURITY PLANS (FSP) APPROVAL FORM (Passenger Ferry Facilities)
01560-SYS100065040-2-0
Rivers Edge Plaza
BRADY BUZICK
08-33201
PF
SYS100065040
OPFAC No.:
Facility Type:
FIN:
Explanation of Deficiency
General Facility Security Assessment does not address ail of the regulation requirements but is generaily
acceptable; due to low consequence of the facility. Driils & Exercises does not meet the
regulations but generaily acceptable for this type of facility.
In accordance with 33CFR, 105.405 a Facility Security Plan (FSP) must describe, in detail, procedures and
policies that will be implemented to meet or exceed each requirement of this regulation. A Facility Security
Plan must provide sufficient detail and organization to function as a reference document to be used by
present and future security personnel to ensure the implementation of all aspects of the plan. In addition,
the plan must contain sufficient detail to facilitate USCG review and verification of implemented
procedures. Re-statement of Regulation 33CFR does not constitute a legitimate FSP.
.
.
.
.
.
.
.
.
.
.
.
Refer to Stage 2 Review Form in the USCG "Navigation and Vessel Inspection Circular" (NVIC)(Enclosure
4b at http://www.uscg.mil/hq/g-m/nviclNVIC_O3-03.pdf)forguidance on type of information and level of
detail required for an approved FSP. Note keywords; procedures, measures, techniques, means and
policy.
When specific security regulations do not apply to a facility or its operation, the FSP should briefiy state
why the regulation is not applicable.
A description of your facility including number of employees, facility physical size, a brief description of
facility operations and the types of vessels visiting your facility would be beneficial to the FSP review
process and applicability of regulation requirements.
105.200(b)(2): FSP does not designate an FSO or does not indicate a method for contacting the FSO, at
anytime (24 hours), as required by 105.400(a)(1). 24 Hour contact method to the FSO must be stated.
105.200(b)(8): FSP does not specify owner/operator is responsible for notifying facility personnel and
implementation of security measures required for a new MARSEC Level. Security measures must be
implemented within 12 hours of MARSEC Level increase notification.
1 05.200(b)(1 0): FSP does not specify owner/operator is responsible for reporting all breaches of security
and security incidents to the National Response Center (NRC). FSP must identify one or more of the
means listed in 33 CFR, Part 101, for reporting to the NRC.
105.205(a)(3): FSP does not specifically state the FSO shail retain designated FSO responsibilities
although other individuais may perform specific tasks.
105.205(c)(1): Ensuring Facility Security Assessments are conducted is not iisted in the FSP as a FSO
responsibility.
105.205(c)(2): Ensuring FSP development, revision and impiementation is not listed in the FSP as a FSO
responsibility.
105.205(c)(3): Ensuring an annual audit is conducted, and if necessary that the FSA and FSP are updated,
is not listed in the FSP as a FSO responsibility.
105.205(c)(4): Ensuring the FSP is exercised per 33 CFR 105.220 is not listed in the FSP as a FSO
responsibility.
105.205(c)(5): Ensuring regular security inspections of the facility are conducted, is not listed in the FSP as
a FSO responsibility.
105.205(c)(6): Ensure security awareness and vigilance of all facility personnel is not listed in the FSP as a
FSO responsibility.
105.205(c)(7): Ensuring adequate training of personnel performing security duties is not listed in the FSP
as a FSO responsibility.
Monday, April 26, 2004
Security Sensitive Informution {When filled ouQ
Page 1
Tracking No.:
Facility Name
Team Leader:
. .
Security Sensitive Information (When filled out)
United States Coast Guard
STAGE 2 - USCG SECURITY PLANS (FSP) APPROVAL FORM (passenger Ferry Facilities)
01560-SYS100065040-2-0
Rivers Edge Plaza
BRADY BUZICK
OPFAC No.:
Facility Type:
FIN:
08-33201
PF
SYS100065040
Explanation of Deficiency
. 105.205(c)(8): Ensuring occurrences that threaten the security of the facility are recorded and reported to
the owner or operator is not listed in the FSP as a FSO responsibility.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
105.205(c)(9): Ensuring the maintenance of records is not listed in the FSP as a FSO responsibility.
105.205(c)(10): Ensuring preparation and submission of reports required by this part is not listed in the
FSP as a FSO responsibility.
105.205(c)(11): Ensuring execution of any required Deciarations of Security with Masters or Vessel
Security Officers is not listed in the FSP as a FSO responsibility.
105.205(c)(12): Ensuring coordination of security services in accordance with the FSP is not listed in the
FSP as a FSO responsibility.
105.205(c)(13): Ensuring that security equipment is properly operated, tested, calibrated and maintained is
not listed in the FSP as a FSO responsibility.
105.205(c)(14): Ensuring the recording and reporting of attainment changes in MARSEC Levels is not
listed in the FSP as a FSO responsibility.
105.205(c)(15): Ensuring Vessel Security Officers receive assistance, when requested, in confirming the
identity of visitors and service providers seeking to board the vessel thru the facility is not listed in the FSP
as a FSO responsibility.
105.205(c)(16): Ensuring notification of law enforcement personnel and other emergency responders, to
permit a timely response to any transportation security incident, is not listed in the FSP as a FSO
responsibility.
105.205(cX17): Ensuring the FSP is submitted to the COTP for approval as well as informing the COTP of
any plans to change the facility are not listed in the FSP as FSO responsibilities.
105.205(c)(18): Ensuring facility personnel are briefed of changes in security conditions at the facility is not
listed in the FSP as a FSO responsibility.
105.225(a): Records should be kept at one location and location should be identified in the plan. FSP does
not direct the FSO to keep records of activities iisted in 33CFR, 1 05.225(b) for at least 2 years and to make
them available to the USCG upon request.
105.225(b): FSP does not detail how records required by this regulation and which are stored in eleclronic
format, are to be protected against unauthorized deletion, destruction or amendment.
105.225(b)(1): FSP does not identify procedures for keeping records of each security training session
including duration of session, description of training and list of attendees.
105.225(b)(2): FSP does not identify procedures for keeping records of each drill or exercise including date
held, description of drill or exercise, list of participants and lessons learned.
105.225(b)(3): FSP does not identify procedures for keeping records of each incident or breach of security
including date & time, location in facility, description of breach or incident, to whom it was reported and
description of response.
105.225(b)(4): FSP does not identify procedures for keeping records of each change in MARSEC Level,
including date & time of notification received and time of compliance with additional requirements.
105.225(b)(5): FSP does not identify procedures for keeping records of each occurrence of security system
equipment maintenance including date & time and specific security equipment involved.
Monday, April 26, 2004
Security Sensitive Information (When filled out)
Page 2
Security Sensitive Information (When filled out)
United States Coast Guard
STAGE 2 - USCG SECURITY PLANS (FSP) APPROVAL FORM (passenger Ferry Facilities)
Tracking No.: 01560-SYS100065040-2-Q OPFAC No.: 08-33201
Facility Name Rivers Edge Plaza Facility Type: PF
Team Leader: BRADY BUZICK FIN: SYS100065040
Explanation of Deficiency
. 1 05.225(b )(6): FSP does not identify procedures for keeping records of each security threat including date
& time, how threat was communicated, who received/identified the threat, threat description, to whom it
was reported, and response description.
.
.
.
.
.
.
.
.
.
.
.
.
.
105.225(b)(7): FSP does not identify procedures for keeping records of each single-visit DoS and a copy of
each continuing DoS for at least 90 days after end of effective period.
1 05.225(b )(8): FSP does not identify procedures for keeping records of each annuai audit including a letter
certified by the FSO stating the date of audit completion.
105.225(c): FSP does not include procedures for protecting records, required by 33CFR, 105.225(b), from
unauthorized access or disclosure.
1 05.230(b )(2): FSP references a Threat Assessment Program Manual that has not been provided for
review, without this manual Section 5 is found to be unsatisfactory. FSP does not direct facility owner or
operator to ensure all additional security measures will be implemented within 12 hours of an increase in
MARSEC Level.
105.230(b)(3):FSP references a Threat Assessment Program Manual that has not been provided for
review, without this manual Section 5 is found to be unsatisfactory. Upon an increase in MARSEC Level,
FSP does not direct owner/operator to ensure the facility reports compliance or noncompliance, to the
COTP. Additional security measures are to be implemented within 12 hours of the level increase.
105.230(d): FSP references a Threat Assessment Program Manual that has not been provided for review,
without this manual Section 5 is found to be unsatisfactory. FSP does not identify procedures for informing
the COTP and obtaining approval prior to interfacing with a vessel or continuing operations when the
facility is not capable of operating in compliance with the FSP.
105.230(e): FSP references a Threat Assessment Program Manual that has not been provided forreview,
without this manual Section 5 is found to be unsatisfactory. FSP does not identify procedures to ensure
facility operates in compliance with MARSEC Level 3 and additional measures which may include
waterborne patrol, armed personnel to control access, or examination of structures for threats.
105.245(b)(2): Upon arrival of a cruise ship or manned vessel carrying Certain Dangerous Cargo in bulk,
the FSP does not ensure or identify procedures for the FSO and Master, VSO, or their representatives, to
sign the written DoS.
105.245(c): FSP does not require the DoS to be signed and implemented prior to vessel embarking or
disembarking and transfer of cargo or vessel stores.
105.245(d): FSP does not require, at MARSEC Levels 2 and 3, that the facility FSO sign and implement
DoSs with interfacing manned vessels subject to 33CFR, 104.
105.415(b)(1): FSP does not state the FSO will ensure an audit of the FSPwili be performed annually or
when a change of facility ownership occurs.
105.415(b)(4)(i): FSP does not describe the required experience and knowledge ievel of personnel who
conduct FSP audits.
1 05.415(b): FSP does not define a process or procedure for submitiing FSP amendments resulting from an
audit.
Monday, April 26. 2004
Seeurity Sensitive Information (When filled out)
Page 3