Surface and Intermodal Security – Oversight Program Description and Delivery

Fiscal Year 2017-2018

Table of Contents

• Executive summary
• Introduction
  • Program overview: direct oversight activities
• Other oversight activities
  • Quality control
• Operating context
  • Risks and planning assumptions
• Initiatives to strengthen oversight
  • Modernization efforts: changes to the Transportation Security Information System
  • Risk-based planning
  • Multi-year planning
  • Time standards
  • International Bridges and Tunnels MOU Management Committee
• Oversight delivery in 2017 to 2018
• Organizational contact information
• Annex A: Definitions

Executive summary

This report documents Transport Canada's oversight activities in Surface and Intermodal Security for fiscal year 2017 to 2018.

Key areas in oversight planning for 2017 to 2018 will be:

• rail freight yards
• rail passenger stations
• international Bridges and Tunnels

This year, the Surface and Intermodal Security Group will transition from a voluntary Memorandum of Understanding (MOU) (2007 Transport Canada-Railway Association of Canada MOU on Railway Security) to a regulatory framework. Two new security regulations are being developed, one for the security of transporting dangerous goods by rail and the other for passenger rail security.

Introducing the new regulations requires two new oversight programs, followed closely by a review of the MOU oversight program.

Oversight of the MOU will continue in 2017 to 2018. We will also include an education, outreach and awareness component to support the new regulations.

Railway shippers will now be subject to the regulations for the security of transporting dangerous goods by rail, as well as additional railway carriers not previously subject to security requirements under the MOU on railway security. For this reason, SIMS inspectors will visit railway shipping facilities and railway carriers to educate them on the new requirements.

Introduction

Program overview: direct oversight activities

Transport Canada's Surface and Intermodal Security (SIMS) program is part of the Intermodal Surface, Security and Emergency Preparedness Directorate.

SIMS works with stakeholders to help enhance the security of surface transportation, including rail and international bridges and tunnels in Canada. This is done through risk-based planning and oversight activities.

In 2017 and 2018, transportation security inspectors will:

• visit and assess rail freight yards and passenger rail stations to ensure they meet Transport Canada requirements set out in the TC-RAC MOU
• ensure railway companies and international bridge and tunnel owners and operators conduct risk assessments, and have a security plan in place to address identified risks
• ensure companies have a security awareness program for on-site employees and contractors
• confirm that MOU signatories have a process for reporting and responding to threats and incidents
• verify that railway companies and international bridge and tunnel operators conduct exercises to test the emergency management parts of their security plan

Other oversight activities

Quality control

Regional managers do quality control checks on oversight information recorded in the Transportation Security Information System (TSIS). Every quarter, they will do at least one quality control check on each inspector who reports to them.

Operating context

To help enhance railway security across Canada, Transport Canada and the Railway Association of Canada have an MOU on railway security.

For international bridges and tunnels, Transport Canada has individual MOUs with owners and operators.

Under these MOUs (rail, bridges and tunnels), signatories are required to:

• conduct risk assessments
• develop security plans
• implement a training, security and awareness program
• conduct exercises
• report security incidents to Transport Canada

SIMS will continue in 2017 and 2018 to work with MOU signatories to address gaps and inefficiencies in security, and build on improvements to date.

SIMS is developing regulations for rail carriers and shippers under the Transportation of Dangerous Goods Act, 1992 to enhance security of the transportation of dangerous by rail in Canada. The proposed regulations would partially align with the U.S. Hazmat Rail Security Regulations. They were developed in consultation with industry, with preliminary consultations between 2011 and 2013.

Risks and planning assumptions

SIMS uses a risk-based approach to oversight planning. Risks are prioritized using a number of factors for each rail site to be inspected.

In fiscal year 2016 to 2017, SIMS changed its inspection plan when the Integrated Terrorism Assessment Centre set the threat level for passenger rail to “MEDIUM”.

Passenger rail and urban transit are easy terrorist targets due to high passenger volume and their open nature. For this reason, SIMS Operations increased the number of planned inspections at passenger rail facilities. As well, SIMS inspectors did more monitoring activities on passenger rail lines and facilities. This will continue in 2017 to 2018.

Initiatives to strengthen oversight

The SIMS program has several strategic initiatives in place to strengthen oversight planning, delivery and reporting. They include:

• Modernization efforts: changes to the Transportation Security Information System (TSIS)
• Risk-based planning
• Multi-year planning
• Time standards
• International bridges and tunnels

Modernization efforts: changes to the Transportation Security Information System

The Transportation Security Information System (TSIS) is the central repository of inspection results for SIMS. This system has a new component that streamlines planning and reporting.

In coordination with Aviation Security, Transport Canada has submitted a proposal for capital funding to migrate TSIS from an application platform to an online version. This will help regional inspectors connect to TSIS, particularly when doing inspections offsite. The migration will also position us to introduce tablets that inspectors can use to record their findings. Currently inspectors must record oversight observations on paper and transfer the details to TSIS when they return to the office.

Risk-based planning

The program created a risk analysis process for rail inspections. The process quantitatively ranked 557 rail sites across Canada according to risk level. To determine levels, criteria were assigned numeric values based on the weight of their contribution to vulnerability, and the likelihood and impact of a terrorist attack.

This resulted in the development of a Minimum Inspection Schedule (MIS) for each region. The schedule identifies and ranks all sites inspectors will visit during an inspection period.

Inspection frequency is also dictated by the risk-based planning process. A rail station with a greater security risk will be inspected more frequently.

With the new MEDIUM threat level for passenger rail in Canada, SIMS also made several changes to its oversight program. For example we:

• increased the number of planned inspections at passenger rail facilities
• added monitoring activities at major passenger rail transportation locations, for added surveillance, visibility and monitoring
• required inspectors to conduct and report on new reactive inspections in response to rail accidents and security incidents, as they occur

Multi-year planning

In response to new National Oversight Planning and Reporting requirements, SIMS commenced multi-year planning of its Minimum Inspection Schedules. Multi-year planning is based on the current 3-year cycle for security plan reviews. This long-range forecast allows for oversight planning for all rail sites in each region. Regions are expected to visit each rail site at least once during any 3-year cycle.

Each MIS template includes the following inspection types:

• security plan review
• security manager interview
• comprehensive inspections
• selected inspections
• monitoring
• reactive inspections

Time standards

SIMS participated in Transport Canada Safety and Security working groups for risk criteria and time standards. This influenced how we approached our risk-based inspection planning.

SIMS also collaborated with Aviation Security on a time per-inspection process and set a nationally consistent standard for available inspection hours. The principles established by these working groups helped create the new risk-based inspection planning process and develop national time standards.

International Bridges and Tunnels MOU Management Committee

SIMS created an International Bridges and Tunnels MOU Management Committee with 9 signatories, representing 12 bridges and tunnels. The committee's terms of reference were negotiated with individual owners and operators. They were finalized in fall 2015.

Oversight delivery in 2017 to 2018

As per the Oversight Transparency Integration Plan, we will report on how we deliver planned risk-based inspections, reactive inspections and regulatory authorizations through the Canadian Center on Transportation Data (CCTD).

The oversight we deliver, and explanations for any variance in our planning, will be consistent with data and information in the Safety and Security 2017 to 2018 Integrated Q4 Program Oversight Delivery Dashboard. Program Directors General approve this information.

Organizational contact information

Transport Canada welcomes your comments on this report.

Email: TC.Railsecurity-sureteferroviaire.TC@tc.gc.ca

Annex A: Definitions

Required Field	Description
Oversight	How Transport Canada promotes, monitors or enforces compliance with our safety and security requirements.
Regulatory authorizations	Given when a regulated party (for example, a railway company or vehicle manufacturer) applies for permission to do a regulated activity, or be exempt from it. We may give permission in various forms, including a permit, licence or certification. Transport Canada does not control the number of regulatory authorizations per planning cycle.
Inspection	A documented, formal examination of industry compliance with Canadian transportation safety and security rules, regulations and requirements. Authorized Transport Canada officials record the results of each inspection. For the purposes of this document, audits are a type of inspection. *Includes pre-site, onsite, and post-site inspection and oversight activities. Is complete when the inspector submits an approved inspection or oversight activities report. Does not include follow-up action, quality control checks or outreach activities.
Planned, risk-based inspections	All inspections Transport Canada initially commits to doing in a given planning cycle. The SO3 Management Board may authorize updates as needed. *Include inspections that are announced (and expected), and those that are unannounced. Does not include: estimated numbers of demand-driven activities, such as regulatory authorizations “reactive” or “opportunity” inspections that happen because of a change in oversight
Follow-up activities	Arise from findings of an initial inspection. May include an on-site inspection, requests for more information, or enhanced monitoring. *Do not include enforcement.