Responsible Care® Security Code

Security is a top priority for America’s leading chemical producers. Responsible Care companies are leaders in chemical security and work closely with federal, state and local intelligence authorities to safeguard our communities.
After September 11, 2001, ACC members took the lead to enhance security against terrorism. Without waiting for government direction, the ACC Board of Directors adopted the Responsible Care Security Code to further enhance the security of our facilities, our communities and the essential products we produce.
The Responsible Care Security Code is recognized by local, state and federal governments as a model security program for chemical facilities and other U.S. industries. Through Responsible Care, ACC member companies have enhanced coordination, conducted training and safety drills, and shared important security information with local emergency response teams.
The Security Code predates federal security regulations and has served as a model for subsequent regulatory action under the Department of Homeland Security’s (DHS) Chemical Facility Anti-terrorism Standards program. In addition, through the SAFETY Act, DHS has recognized the Security Code as a Qualified Anti-Terrorism Technology, which provides ACC members and Responsible Care Partners with certain liability protections in the event of a terrorist action at their facilities.
HOW THE RESPONSIBLE CARE SECURITY CODE WORKS
Under the Security Code’s 13 management practices – which address facility, cyber and transportation/value chain security – companies must conduct comprehensive security vulnerability assessments (SVAs) and implement security enhancements under a strict timeline, using methods approved by nationally recognized security experts.  Companies also must obtain independent verification to prove they have made required physical site security measures identified during the SVA.
Prioritization and Assessment of Sites
Companies initially prioritize their facilities according to a four-tier system based on vulnerability and then conduct SVAs at all facilities.
Implementation of Security Measures
After completing the SVA process, companies implement security enhancements to control or mitigate identified risks to facility, cyber and value chain security, based on the 13 management practices.

• Protecting Information and Cyber-Security: Safeguarding information and process control systems is a critical component of sound security management and an essential part of the Security Code.
  
  
• Training, Drills and Guidance: Emergency preparedness is a hallmark of the Responsible Care initiative. Training, drills and guidance enhance security awareness and capabilities across the business of chemistry.
  
  
• Communications, Dialogue and Information Exchange: The Security Code emphasizes cooperation among chemical producers, customers, suppliers, and shippers and establishing and maintaining a constructive, consistent dialogue with government agencies.
  
  
• Response to Security Threats and Incidents: Companies evaluate, respond, report and communicate security threats as appropriate and have a process in place to respond to incidents and take corrective action.
  
  
• Continuous Improvement: The Security Code includes planning, establishing goals and objectives, monitoring progress and performance, analyzing trends, and developing and implementing corrective actions.
  
  
• Independent Review: Facilities undergo independent audits by third-party individuals and organizations to assure that necessary security enhancements are in place.

IMPLEMENTING THE SECURITY CODE
ACC tracks members’ and Partners’ implementation of the Security Code and publicly discloses their performance:

• In the last decade, Responsible Care companies have invested nearly $13 billion to enhance security at their facilities.
  
  
• ACC members and Responsible Care Partners implement the Security Code at more than 1,550 facilities nationwide.
  
  
• New members and Partners are required to implement the Security Code, conduct site security vulnerability assessments and make necessary security upgrades within three years of joining ACC.
  
  
• Each Responsible Care company’s Security Code implementation status is subject to review as part of ACC’s mandatory third-party, Responsible Care Management Systems® certification process.

Security Code implementation is monitored by ACC and companies that do not meet specific deadlines are held accountable, at the senior executive level, by a Board-level Responsible Care governance process.