Five tips for creating an effective and clear CSP for your ICD 705 project
The construction security plan (CSP) establishes the security protections for the design and construction of a SCIF or SAPF project. A required document in the ICD 705 Tech Spec, the CSP is critical in making sure a project site stays protected from potential threats through all phases of construction. It also assigns the responsibility for the enforcement of the CSP to specific agencies and individuals within the government and industry to make sure everything goes to plan.
What a CSP includes
The purpose of developing a CSP is to have a security plan in place that the accrediting official (AO) and the site security manager (SSM) can refer back to when they need to communicate the security guidelines at a high level to all involved on the project.
Some topics outlined in a CSP include:
- Identification information like the identified SSM and AO, site location, start date and completion date, description of project, etc.
- Identification of adjacent facilities
- Site security measures like fencing, cameras, guards, escorts, etc.
- Security measures for how the construction plans and other related documents are handled
- Information to verify the construction workers allowed on the site (U.S. documentation, clearances required, etc.)
- Security measures to ensure the integrity of the procurement, shipping and storage of building/finishing material that the AO may require
Keep in mind that the above topics are all “suggested topics” for a CSP, so there is some room for interpretation in what goes into your specific CSP, depending on your secure facility’s size, purpose and location. That might leave some security professionals a little intimidated, especially when they’re used to checking boxes and filling in required information instead of answering essay questions, so to speak. But if you keep these tips in mind, your CSP will be easier to develop and implement.
Here are five tips to help this process run smoothly and efficiently:
1. Hire a great site security manager (SSM)
A Construction Security Plan, no matter how well-developed, is only as good as the SSM who enforces it. When looking for your perfect SSM, look for someone with a strong background in site security with an ability to work well in a team setting. Since the SSM is in charge of implementing the CSP, they should be a vocal leader with great communication skills.
The SSM is approved via the CSP by the AO and is responsible to make periodic security inspections to make sure the CSP is followed and notify the AO when there are violations, which is why those communication skills are so important.
2. Review the risks and security in depth
As part of the CSP process, you’ll need to review your project’s analytical risk assessment and security in depth. Make sure that you’re outlining specific security measures to stop unauthorized access and visual observations.
The CSP also contains site control measures like (as stated in the ICD/ICS 705):
- Signs at all entry points listing prohibited and restricted items (e.g., cameras, firearms, explosives, drugs, etc.).
- Physical security barriers to deny unauthorized access.
- Vehicle inspections.
- Identity verification.
- Random searches at site entry and exit points.
Looking deeply into the security and risk assessment are foundational inputs that build the CSP, so be thorough when conducting this research. In other words, the more work you put in at this step, the fewer problems you may face down the road.
3. Don’t over-secure your site
You might think the more security the better for your site, right? Not necessarily. A common mistake made in CSP development is over-securing your site, not considering the huge cost, especially when the project’s risk doesn’t warrant that level of security.
For example, if you require escorted work on your site at a ratio of cleared escort for every five contractors, but your project’s risks don’t require it, that could be an unnecessary budget expense. This might work OK if you need escorts on a 300-square-foot remodel, but on a 100,000-square-foot building, that could cost millions of dollars to escort 200 to 300 contractors.
Another common over-securing measure could be making all personnel on the site U.S. citizens when you only need U.S. persons. The cost of construction increases if everyone needs to be U.S. citizens versus just persons because it greatly reduces the pool of contractors and subcontractors you’re able to work with, and it could not only increase your budget but also delay your project timeline.
4. Keep the design criteria out of the Construction Security Plan
A common misconception is that the CSP must contain design criteria for the project or that it should contain the security in depth for the finished project. Again, the purpose of the CSP is to protect the project before and during construction, but it doesn’t extend after the project is accredited.
The Pre-Construction Checklist, TEMPEST Checklists and addendums, other checklists, and a security design package are what contain the construction methods, not the CSP.
To help avoid these mistakes, read the ICD/ICS 705 carefully, and consult with colleagues who have walked through this and done it well. Don’t be afraid to ask for help because winging it just won’t cut it when it comes to your CSP.
5. Get your entire team on the same page
With all of the moving parts that come with a secure construction project, it’s important to make sure your entire team is up to speed on the Construction Security Plan, and can have it to refer back to when things get hectic. Ideally the CSP gets created during the concept phase of a project, and once it’s approved by the AO, it’s passed on to the contractors and architects to get all project personnel on the same page. With the CSP, they can understand how to handle documents, what restrictions are placed on the construction employees (e.g., required U.S. citizenship or criminal background check), and what the day-to-day rules are during construction.
Depending on the size, location and use of your ICD 705 facility, the CSP development process can be either relatively simple or extremely complicated. Don’t overthink the process or overdo it on the security aspects with your CSP. And if you still need help in developing yours, reach out to Adamo about our technical consulting services—we’d be happy to walk you through the CSP process to ensure your construction site is as secure as possible so that it can be accredited.