chapter 16 revision history as of 6/29/2018
TRANSCRIPT
Chapter 16-i
Chapter 16 Revision History as of 6/29/2018
Chapter 16-ii
Subsection Date Changed To
Second Paragraph,
first sentence. Pg. 16-1
7/12/2017 DOE Order 2511.1CD DOE Order 251.1,
Departmental Directive
(“CD” removed).
Second Paragraph,
first sentence. Pg. 16-1
7/12/2017 Deleted: “Paragraph
6a(3)(c)”
“Appendix”
Second Paragraph,
third sentence. Pg. 16-1 7/12/2017 Deleted: of the Associate
Under Secretary for
EHSS (AU.1) reference.
Changed to read” “… HQ
must obtain the approval at
the appropriate level.”
Definitions, second
paragraph under
“Equivalencies” Pg. 16-1
7/12/2017 Deleted“ - At HQ, the
Head of Element must
request equivalencies for
security directives …”
Equivalency and
Exemption Request
Process. Third paragraph
“The HSO of the
requesting element…”
Pg. 16-2
7/12/2017 First bullet: Deleted
“Vulnerability
Assessment (VA)” And
all other references to
“VA”
“Conducting a formal Risk
Assessment (RA) …”
Equivalency and
Exemption Request
Process. Fourth paragraph
“The Director,AU-40
forwards …”
Pg. 16-2
7/12/2017 Deleted the word
“Policy” and (AU-510).
“… the Office of Security
(AU-5) …”
Equivalency and
Exemption Request
Process. First paragraph
“Conducting a formal
Risk Assessment …”
Pg. 16-2
Added “The recommended
tool for the RA…”
Forms/Samples/Graphics
Pg. 16-3
Added “…Example and
Template (Attachment
1600-3)”
Attachments
Pg. 16-14
Added 3 page attachment
FMEA Tool/Example
(Attachment 1600-3)
Chapter 16-iii
Chapter 16-iv
This page intentionally left blank.
Chapter 16-1
Chapter 16 Equivalencies and Exemptions
DOE security orders and manuals often require certain measures to be taken to protect
DOE security interests. In some cases, a DOE organization may be unable to comply with
the requirements as specified in the directive, but can achieve the security goal in another
equally effective manner. In other cases, the security requirement cannot be met as
prescribed.
DOE Order 251.1D, Departmental Directives Program, Appendix E, establishes a process
for requesting and approving “equivalencies and exemptions” (collectively called
“deviations”) to the requirements in DOE directives. These categories are defined in the
HQ Implementation Procedures subsection below. HQ elements seeking an equivalency or
exemption from DOE security requirements as they are implemented at HQ must obtain
the approval at the appropriate level. All approved equivalencies and exemptions at HQ
must be entered into the SSIMS database.
This chapter covers the process for submitting, justifying, considering, approving, and
tracking deviations requested by HQ elements.
HQ Implementation Procedures
Definitions:
1. Equivalencies – Equivalencies are alternative methods for meeting a requirement in a
directive when that directive specifies how to do something. An equivalency
proposes an alternate approach that achieves a level of protection equivalent to the
method specified in the directive. The request for an equivalency must demonstrate
that the alternate method will provide an equivalent level of protection, with no
increased risk to public health and safety, the environment, workers, or security.
2. Exemptions – Exemptions are a release from one or more requirements in a directive
without identifying an equivalent means of meeting the requirement, resulting in the need
to accept additional risk. The request for exemption must clearly delineate the level of
additional risk and the measures implemented to reduce risk to a reasonably achievable
level. Any increase in risk to public health and safety, the environment, workers, or
security must be justified.
Equivalency and Exemption Request Process:
The HSO of the HQ element considering a request for an equivalency or exemption should first
consult with the HQ Deviations Program Manager, AU-42. The HSO should explain the need
for equivalency or exemption and what alternative actions, if any, could be taken to meet the
Chapter 16-2
security requirement. The HQ Deviations Program Manager ensures that the proper security
program manager within AU-40 is informed of the element’s inability to meet the security
requirement and intention to submit a request.
The HSO and the security program manager within AU-40 should attempt to resolve the
problem before resorting to an equivalency or exemption request. When the problem cannot
be resolved, the request may be processed.
The HSO of the requesting element is responsible for:
Conducting a formal Risk Assessment (RA) to determine the level of risk entailed by
issuing an equivalency or exemption. The RA must fully identify the increased risk
to security that may occur and justify the need for the equivalency or exemption.
The HQ Deviations Program Manager guides the HSO in performing a RA. The
recommended tool for the RA determination is the Failure mode and effect analysis
(FMEA). An example is provided in this chapter as well a FMEA template. (See
Attachment 1600-3)
Preparing a transmittal memorandum from the Head of Element to the Director, AU-
40, in the correct format (see Attachment 1600-1). The transmittal memorandum
must briefly identify the security requirement that cannot be met and state that an
equivalency/exemption request, in the format specified in the HQFMSP, is attached
to the memorandum.
Preparing an equivalency/exemption request and attaching it to the transmittal
memorandum to the Director, AU-40 (see Attachment 1600-2).
The Director, AU-40 forwards the equivalency/exemption request to the HQ Deviations
Program Manager, who then consults with the AU-40 security program manager and the
programmatic expert in the Office of Security (AU-50) to consider the propriety of the
request. Based on these consultations, the HQ Deviations Program Manager recommends
approval or disapproval to AU-40. AU-40 may coordinate with AU-1 before approving or
disapproving the request.
If the request is approved, the HQ Deviations Program Manager issues an equivalency/
exemption number and forwards a copy of the approved request to the SSIMS data entry
specialist for entry into SSIMS. Another copy of the request is provided to AU-40 for
inclusion in the HQ Site Security Plan.
If the request is not approved, the HQ Deviations Program Manager prepares a response
memorandum from the Director, AU-40, to the Head of Element for the program element
that requested the equivalency or exemption, stating the reason(s) for denying the request.
Expiration Dates of Equivalencies and Exemptions:
Chapter 16-3
The HQ Deviations Program Manager will establish a system to review the continued need
for an equivalency or exemption.
If it is determined that the approved equivalency or exemption is no longer needed, the
element should notify AU-40 before discontinuing the approved alternative measure(s).
Points of Contact
For the names and contact information for the positions identified in this chapter, call (301) 903-
0889 or (301) 903-0885.
Forms/Samples/Graphics Sample Deviation Request Transmittal Memorandum (see Attachment 1600-1)
Equivalency/Exemption Request (see Attachment 1600-2)
Risk Assessment Tool (FMEA) Example and Template (Attachment 1600-3)
Chapter 16-4
ATTACHMENT 1600-1
Sample Deviation Request Transmittal Memorandum
MEMORANDUM FOR (NAME), DIRECTOR
OFFICE OF HEADQUARTERS SECURITY
OPERATIONS
OFFICE OF ENVIORNMENT, HEALTH, SAFETY AND
SECURITY
FROM: (NAME), (HEAD OF ELEMENT)
NAME OF ELEMENT
SUBJECT: Request for Equivalency (or Exemption)
This memorandum is to request your approval of an (equivalency) or (exemption) to the
requirement identified in DOE (Order or Manual), (Title), Paragraph ________. To assist
you in evaluating this request, an Equivalency/Exemption Request in the format specified
in the Headquarters Facilities Master Security Plan is enclosed.
If you have any questions related to this request, please contact (Name), the
Headquarters Security Officer for this office. (Name) can be contacted at phone number
________.
Enclosure
Chapter 16-5
ATTACHMENT 1600-2
EQUIVALENCY/EXEMPTION REQUEST
1. Type of Deviation: (Equivalency or Exemption)
2. Directive Citation: Number, title, date, and paragraph citation of the directive(s)
and national drivers for which the equivalency or exemption is being requested.
Briefly summarize the requirement.
3. Impacted Entity: Identity of the HQ element, HQ facility, and facility code (from the
Safeguards and Security Information Management System) to be covered by the
equivalency or exemption.
4. Justification: Specific description of the equivalency or exemption being requested.
Explain why the requirement cannot be met in the manner prescribed by the DOE
directive.
5. Proposed Alternative Measures (for an equivalency): Describe what alternative
measures are proposed to meet the requirement. Include the results of the Risk
Assessment to document how the alternative measures will result in an equivalent level
of protection with no increased risk to the security interest.
Or
5. Risk Assessment (for an exemption): If no alternative measures are possible,
include the results of the Risk Assessment to clearly identify and justify the type and
level of risk to be accepted.
NOTE: For the Risk Assessment, identify any equivalencies and exemptions on file for
any of the security layers affecting the Department’s security in depth concept for the
asset being protected and the aggregate risk impact of all current and drafted
deviations, if any.
6. Duration: Expected duration of the condition for which the equivalency or
exemption is requested, including milestones for correcting, alleviating, or
eliminating the deviant condition, if applicable. Equivalencies and exemptions can
be temporary or permanent. If temporary, provide the date when it is expected to
expire.
APPROVED: ____________________________ Date: _______________
DISAPPROVED: _________________________ Date: _______________
Chapter 16-6
EQUIVALENCY/EXEMPTION NUMBER: ___________________
Expiration Date: ______
Chapter 16-7
ATTACHMENT 1600-3
Chapter 16-8
FMEA Tool Example
Chapter 16-9
Deviation Risk Assessment using FMEA
How the FMEA tool is used to develop a Deviation Risk Assessment: Failure modes and effects analysis (FMEA) is a systematic approach for identifying all possible failures in process, product, or service. This recommended tool can be used to develop a full risk assessment of a deviation prior to submitting for final approval and implementation. “Failure modes” means the ways, or modes, in which something might fail. Failures are any errors or defects, especially ones that affect the customer, and can be potential or actual. “Effects analysis” refers to studying the consequences of those failures, how easily they can be detected. The purpose of the FMEA is to take actions to eliminate or reduce failures, starting with the highest-priority ones. Failure modes and effects analysis also documents current knowledge and actions about the risks of failures, for use in continuous improvement. FMEA is used for control, before and during ongoing operation of the process or service. Ideally, FMEA begins during the earliest conceptual states of design and continues throughout the life of the process or service. Assemble a cross-functional team of people with diverse knowledge about the process, or service. Functions often included are design, quality, testing, reliability, maintenance, purchasing (and suppliers), and customer service.
Identify the scope of the FMEA (Deviation). How detailed should we be? Use flowcharts
to identify the scope and to make sure every team member understands it in detail.
Fill in the identifying information at the top of your FMEA form. The remaining steps ask
for information that will go into the columns of the form.
Description for each column: Deviation: Identify or describe the deviation
Potential Failure mode: Identify all the consequences that can occur on the process,
service, or regulations with deviation
o For each failure mode, determine all the potential root causes. Use tools
classified as a cause analysis tool, as well as the best knowledge and experience
of the team. List all possibilities for each failure mode on the FMEA form.
Potential effects of failure: Identify all the effects of the consequences on the process,
service, or regulations. Ask, “What does the organization experience because of this
failure? What happens when this failure occurs?”
(S)Severity rating: Determine how serious each effect is. This is usually rated on a scale
from 1 to 5, where 1 is low and 5 is high. If a failure mode has more than one effect,
write on the FMEA table only the highest severity rating for that failure mode.
(O)Occurrence rating: This rating estimates the probability of failure. Occurrence is
usually rated on a scale from 1 to 5, where 1 is extremely unlikely and 5 is extremely
likely. On the FMEA table, list the occurrence rating for each potential failure.
Chapter 16-10
Current process controls: These are test, procedures or mechanisms that you now have
in place to keep failures from happening. These controls might prevent the failure,
reduce the likelihood that it will happen or detect failure after the cause has already
happened but before the customer is affected.
(D)Detection rating: This rating estimates how well the controls can detect its failure
mode after they have happened but before the process or product is detected.
Detection is rated on a scale from 1 to 5, where 1 means the control is absolutely certain
to detect the problem and 5 means the control is certain not to detect the problem (or
no control exists). On the FMEA table, list the detection rating for each failure.
(RPN)Risk Priority Number: RPN equals S x O x D. These numbers provide guidance for
ranking potential failures in the order they should be addressed. The higher the RPN,
the higher the risk, to lower the RPN, the lower the risk.
Severity Scale
Level Descriptions
1 Does not cause injury or damage to mission but may result in delay in work
2 Cause minor injury or damage to mission, quick repair turnover
3 Cause minor injury or damage to mission, work stoppage
4 Cause severe injury or system damage
5 May cause mission loss or death
Occurrence Rating
Level Descriptions
1 Highly unlikely to occur- 1 Occurrence approximately every 4+ years
2 Remote probability- 1 Occurrence approximately every 2-3 years
3 Occasionally occurs- 1 occurrence approximately 1-2 years
4 Probable occurrence- 1 occurrence approximately every month
5 High likelihood of occurrence- More than one occurrence per day
Detection Rating
Level Descriptions
1 Process designed for almost certain detection of failure, Automatic detection
2 Moderately high chance of detection- there is periodic monitoring
3 Moderate chance of detection
4 Very remote chance of detection-only detected during inspections, or testing
5 No design control or no chance of failure detection
Chapter 16-11
This page intentionally left blank.