Home Page > Executive Branch > Code of Federal Regulations > Electronic Code of Federal Regulations

e-CFR Data is current as of November 19, 2009

Title 49: Transportation

Browse Previous

PART 1522—TSA-APPROVED VALIDATION FIRMS AND VALIDATORS

Authority:   49 U.S.C. 114, 5103, 40113, 44901–44907, 44913–44914, 44916–44918, 44932, 44935–44936, 44942, 46105.

Source:   74 FR 47695, Sept. 16, 2009, unless otherwise noted.

Subpart A—General

top

top

(a) This part governs the use of TSA-approved validation firms and individual validators to assess whether certain persons regulated under this chapter are in compliance with this chapter.

(b) In addition to the terms in §§1500.3 and 1540.5 of this chapter, the following terms apply in this part:

Applicant means a firm that seeks to become a TSA-approved validation firm under this part.

Assessment means the physical inspections, records reviews, personnel interviews, and other procedures conducted by a validator to assess whether a person is in compliance with relevant requirements of a security program.

Conflict of interest means a situation in which the validation firm, the validator, or an individual assisting in the assessment, or the spouse or immediate family member of such person, has a relationship with, or an interest in, the person under assessment that may adversely affect the impartiality of the assessment. Examples of conflict of interest situations include, but are not limited to, any of the following:

(1) The validation firm is a parent company or subsidiary of the person under assessment, has a financial interest in the person under assessment, or has common management or organizational governance (for example, interlocking boards of directors) with the person under assessment.

(2) The validation firm, the validator, or an individual who will assist in conducting the assessment, or an immediate family member of such a validator or individual, is a creditor or debtor of the person under assessment.

(3) The validator, or an individual who will assist in conducting the assessment, or the spouse or immediate family member of such a person, is, or within the past two years has been, an employee, officer, or contractor of the person under assessment whose duties did not involve the operations being assessed.

(4) The validator, or an individual who will assist in conducting the assessment, or the spouse or immediate family member of such a person, is, or at any time has been, an individual, officer, or contractor of the person under assessment whose duties or responsibilities did involve the operations being assessed.

(5) The validator, or an individual who will assist in conducting the assessment, or the spouse or immediate family member of such a person, has a financial interest in the person under validation.

Firm means a business enterprise or other non-governmental organization, including a sole proprietorship, partnership, limited liability partnership, limited liability corporation, and a corporation.

National of the United States means a citizen of the United States, or a person who, though not a citizen, owes permanent allegiance to the United States, as defined in 8 U.S.C. 1101(a)(22), and includes American Samoa and Swains Island.

TSA-approved validation firm or validation firm means a firm that has been approved under this part to conduct an assessment under this chapter.

Validator means an individual assigned by the validation firm to be responsible for conducting a given assessment under this part.

top

No person may make, or cause to be made, any of the following:

(a) Any fraudulent or intentionally false statement in any application under this part.

(b) Any fraudulent or intentionally false entry in any record or report that is kept, made, or used to show compliance with this subchapter, or used to exercise any privilege under this part.

(c) Any reproduction or alteration, for fraudulent purpose, of any report, record, security program, access medium, or identification medium issued or submitted under this part.

top

(a) Each validation firm and each validator must allow TSA, during normal business hours, in a reasonable manner, without advance notice, to enter the facility and make any inspections or tests, including copying records, to—

(1) Determine compliance of a validation firm or validator with this chapter and 49 U.S.C. 114 and Subtitle VII, as amended; or

(2) Carry out TSA's statutory or regulatory authorities, including its authority to—

(i) Assess threats to transportation;

(ii) Enforce security-related regulations, directives, and requirements:

(iii) Inspect, maintain, and test the security of facilities, equipment, and systems;

(iv) Ensure the adequacy of security measures for the transportation of passengers and cargo;

(v) Oversee the implementation, and ensure the adequacy, of security measures at airports and other transportation facilities;

(vi) Review security plans; and

(vii) Carry out such other duties, and exercise such other powers, relating to transportation security as the Assistant Secretary of Homeland Security for the TSA considers appropriate, to the extent authorized by law.

(b) At the request of TSA, each validation firm and validator must provide evidence of compliance with this chapter, including copying records.

(c) TSA and DHS officials working with TSA may conduct inspections under this section without access media or identification media issued or approved by a validation firm or other person, except that the TSA and DHS officials will have identification media issued by TSA or DHS.

top

top

This subpart governs the use of TSA-approved validation firms and validators to assess whether certified cargo screening facilities (CCSFs), or facilities seeking to be approved as such, comply with the requirements of 49 CFR part 1549.

top

In addition to the other requirements of this part, a validation firm must meet the following requirements to be approved to assess certified cargo screening facilities:

(a) Resources. The validation firm must have sufficient facilities, resources, and personnel to conduct the assessments.

(b) Security Coordinator. The validation firm must designate and use a Security Coordinator and at least one alternate Security Coordinator.

(1) The Security Coordinator and alternates must be senior employees or officers of the firm, and must be readily available during normal business hours.

(2) The Security Coordinator and designated alternates must serve as the validation firm's primary contact for security-related activities and communications with TSA.

(3) The Security Coordinator must immediately initiate corrective action for any instance of non-compliance by the validation firm with any applicable TSA security requirement.

(c) Security Program. The validation firm must obtain TSA approval of a security program and must implement the security program.

(d) Personnel. The validation firm must ensure that its personnel carry out the requirements of this chapter and the validation firm's security program.

(e) Change in information. (1) The validation firm must inform TSA, in a form and manner prescribed by TSA, of any change in the information required to be submitted by the validation firm to TSA under this part within seven days of the change.

(2) Changes included within the requirement of this paragraph include, but are not limited to, changes in the validation firm's address, phone number, or other contact information, the identity of the Security Coordinator or alternate, significant changes in ownership of the firm.

top

(a) Security program required. No person may operate as a validation firm unless that person holds and carries out an approved security program under this part.

(b) Content. The validation firm standard security program together with approved alternate procedures and amendments that TSA has issued to that particular firm constitutes that firm's security program. Each security program under this part must—

(1) Provide for the security of aircraft, as well as that of persons and property traveling in air transportation, against acts of criminal violence and air piracy, and against the introduction into aircraft of any unauthorized explosive, incendiary, and other destructive substance or item;

(2) Describe the processes and procedures to be used to maintain current qualifications, credentials, or accreditations, training, and security threat assessments for relevant personnel;

(3) Describe the facilities, support personnel, and other resources to be used in conducting assessments; and

(4) Require that the validation firm designate and use a Security Coordinator and at least one alternate Security Coordinator.

(c) Amendment requested by a validation firm or applicant. A validation firm or applicant may file a request for an amendment to its security program with the TSA designated official at least 45 calendar days before the date it proposes for the amendment to become effective, unless the designated official allows a shorter period. Any validation firm may submit to TSA a group proposal for an amendment that is on behalf of it and other validation firms that co-sign the proposal.

(1) Within 30 calendar days after receiving a proposed amendment, the designated official, in writing, must either approve or deny the request to amend.

(2) An amendment to a validation firm's security program may be approved if the designated official determines that safety and the public interest will allow it, and if the proposed amendment provides the level of security required under this part.

(3) Within 30 calendar days after receiving a denial of the proposed amendment, the validation firm may petition TSA to reconsider the denial. A Petition for Reconsideration must be filed with the designated official.

(4) Upon receipt of a Petition for Reconsideration, the designated official must either approve the request to amend the security program or transmit the petition, along with any pertinent information, to TSA for reconsideration. TSA will make a determination on the petition within 30 calendar days of receipt by either directing the designated official to approve the amendment or by affirming the denial.

(d) Amendment by TSA. TSA may amend a security program in the interest of safety and the public interest, as follows:

(1) TSA must notify the validation firm, in writing, of the proposed amendment, fixing a period of not less than 30 calendar days within which the validation firm may submit written information, views, and arguments on the amendment.

(2) After considering all relevant material, the designated official must notify the validation firm of any amendment adopted or rescind the notice of amendment. If the amendment is adopted, it becomes effective not less than 30 calendar days after the validation firm receives the notice of amendment, unless the validation firm disagrees with the proposed amendment and petitions the TSA to reconsider, no later than 15 calendar days before the effective date of the amendment. The validation firm must send the petition for reconsideration to the designated official. A timely Petition for Reconsideration stays the effective date of the amendment.

(3) Upon receipt of a Petition for Reconsideration, the designated official must either amend or withdraw the notice of amendment, or transmit the Petition, together with any pertinent information, to TSA for reconsideration. TSA must make a determination on the Petition within 30 calendar days of receipt, either by directing the designated official to withdraw or amend the notice of amendment, or by affirming the notice of amendment.

(e) Emergency Amendments. (1) If TSA finds that there is an emergency requiring immediate action that makes compliance with the procedural requirements in this section contrary to the public interest, the designated official may issue an emergency amendment, without the prior notice and comment procedures described in paragraph (d) of this section.

(2) The emergency amendment is effective without stay on the date the validation firm receives notification. TSA will incorporate in the notification a brief statement of the reasons and findings for the emergency amendment to be adopted.

(3) The validation firm may file a Petition for Reconsideration with TSA no later than 15 calendar days after TSA issues the emergency amendment. The certified cargo screening facility must send the Petition for Reconsideration to the designated official; however, the filing does not stay the effective date of the emergency amendment.

(f) Availability. Each validation firm having a security program must do the following:

(1) Maintain an original of the security program at its corporate office.

(2) Have accessible a complete copy, or the pertinent portions of its security program, or appropriate implementing instructions, at each office where it conducts validation services. An electronic version is adequate.

(3) Make a copy of the security program available for inspection upon the request of TSA.

(4) Restrict the distribution, disclosure, and availability of information contained in its security program to persons with a need to know, as described in part 1520 of this chapter.

(5) Refer requests for such information by other persons to TSA.

top

(a) Initial application and approval. Unless otherwise authorized by TSA, each applicant must apply for a security program and for approval to operate as a validation firm, in a form and a manner prescribed by TSA, not less than 90 calendar days before the applicant intends to begin operations. The application must be in writing and include the following:

(1) The firm's legal name; other names, including doing business as names; state of incorporation or licensing, if applicable; and tax identification number.

(2) The names of the senior officers or employees of the applicant who will serve as the Security Coordinator and alternates.

(3) A signed statement from each person listed in paragraph (a)(2) of this section stating whether he or she has been a senior manager or representative of any operator, whether or not a validation firm, that had its security program withdrawn by TSA.

(4) Copies of Government-issued identification of persons listed in paragraph (a)(2) of this section.

(5) The street address and e-mail address of the applicant.

(6) A statement acknowledging the requirement that all personnel of the applicant who are subject to training under the requirements of this part must successfully complete such training before performing security-related duties.

(7) Other information requested by TSA concerning security threat assessments.

(8) A statement acknowledging that all personnel of the applicant who must successfully complete a security threat assessment under the requirements of this part must do so before the applicant authorizes the personnel to perform duties under this part.

(b) Standard security program. After the Security Coordinator successfully completes a security threat assessment, TSA will provide to the applicant the validation firm standard security program, any security directives, and amendments to the security program and other alternative procedures that apply to validation firms. The applicant may either notify TSA that it accepts the standard security program or submit to TSA a proposed modified security program to the designated official for approval. The validation firm must also submit a supplement to the security program that specifies processes and procedures that the firm will use to maintain the qualification of its validators and its personnel assisting validators with assessments to the designated TSA official for approval. TSA will approve the security program under §1522.109, or issue a written notice to modify under §1522.109(b).

top

(a) Review. TSA will review an application received under §1522.107 to determine whether—

(1) The applicant has met the requirements of this part, the proposed security program, and any applicable Emergency Amendment and Security Directive;

(2) The applicant is able and willing to carry out the requirements of this part, its security program, and an applicable Emergency Amendment and Security Directive;

(3) The approval of such applicant's security program is not contrary to the interests of security and the public interest;

(4) The applicant has not held a security program that was withdrawn within the previous year, unless otherwise authorized by TSA; and

(5) TSA determines that the applicant is qualified to be a validation firm.

(b) Notice. —(1) Approval. If an application is approved, TSA will send the applicant a written notice of approval of its security program, and approval to operate as a validation firm.

(2) Commencement of operations. A validation firm may commence operations when it has received approval under this section, and successfully completed training and security threat assessments for all relevant personnel.

(3) Disapproval. If an application is disapproved, TSA will serve a written notice of disapproval to the applicant. The notice of disapproval will include the basis of the disapproval of the application.

(c) Duration of security program. A security program approved under this section will remain effective until the end of the calendar month 12 months after the month it was approved or until the program has been surrendered or withdrawn, whichever is earlier.

top

(a) Petition for reconsideration. If TSA disapproves an application under section 1522.107, the applicant may seek reconsideration of the decision by submitting a written petition for reconsideration to the Assistant Secretary or his or her designee within 30 days of receiving the notice of disapproval. The written petition for reconsideration must include a statement and any supporting documentation explaining why the applicant believes the reason for disapproval is incorrect.

(b) Review of petition. Upon review of the petition for reconsideration, the Assistant Secretary or designee makes a determination on the petition by either affirming the disapproval of the application or approving the application. The Assistant Secretary or designee may request additional information from the applicant prior to rendering a decision. This disposition is a final agency action for purposes of 49 U.S.C. 46110.

top

(a) Basis for withdrawal of approval. TSA may withdraw approval of a TSA-approved validation firm if the validation firm ceases to meet the standards for approval, fails to fulfill its responsibilities under this subpart, or if TSA determines that continued operation is contrary to safety and the public interest.

(b) Notice of withdrawal of approval. (1) Except as provided in paragraph (c) of this section, TSA will provide a written notice of proposed withdrawal of approval to the validation firm.

(2) The notice of proposed withdrawal of approval will include the basis for the withdrawal of approval.

(3) Unless the validation firm files a written petition for reconsideration under paragraph (d) of this section, the notice of proposed withdrawal of approval will become a final notice of withdrawal of approval 31 days after the validation firm's receipt of the notice of proposed withdrawal of approval.

(c) Emergency notice of withdrawal of approval. (1) If TSA finds that there is an emergency requiring immediate action with respect to a TSA-approved validation firm's ability to perform assessments, TSA may withdraw approval of that validation firm without prior notice.

(2) TSA will incorporate in the emergency notice of withdrawal of approval a brief statement of the reasons and findings for the withdrawal of approval.

(3) The emergency notice of withdrawal of approval is effective upon the TSA-approved validation firm's receipt of the notice. The validation firm may file a written petition for reconsideration under paragraph (d) of this section; however, this petition does not stay the effective date of the emergency notice of withdrawal of approval.

(d) Petition for reconsideration. A validation firm may seek reconsideration of the withdrawal of approval by submitting a written petition for reconsideration to the Assistant Secretary or designee within 30 days of receiving the notice of withdrawal of approval. The filing of a petition for reconsideration does not stay the effective date of the withdrawal pending the reconsideration.

(e) Review of petition. Upon review of the written petition for reconsideration, the Assistant Secretary or designee makes a determination on the petition by either affirming or withdrawing the notice of withdrawal of approval. The Assistant Secretary or designee may request additional information from the validation firm prior to rendering a decision. This disposition is a final decision for purposes of review under 49 U.S.C. 46110.

top

(a) Application. Every 12 months, computed from the date of initial approval under §1522.107, or more frequently as required by TSA, each validation firm must apply, in a form and manner prescribed by TSA, for renewal of approval of its security program, and of approval to operate as a validation firm. If the validation firm submits the information in the month before or after it is due, the validation firm is considered to have submitted the information in the month it is due. If the validation firm timely submits its application for review of approval under this section, the validation firm may continue to conduct assessments under this subpart unless and until TSA denies the application.

(b) Content. In addition to any other information required by TSA, the validation firm must submit the following information to TSA when applying for renewal:

(1) If required, evidence that the validators and other individuals of the validation firm with responsibilities for participating in assessments have successfully completed the initial training under §1522.119(a) and any recurrent training described in §1522.119(b).

(2) Evidence that the individual validators with responsibilities for conducting assessments continue to be certified or accredited by an organization that TSA recognizes as qualified to certify or accredit a validator.

(3) A statement signed by a senior officer or employee of the validation firm attesting that the firm has reviewed and ensures the continuing accuracy of the contents of its initial application for a security program, subsequent renewal applications, or other submissions to TSA confirming a change of information and noting the date such applications and submissions were made to TSA, including the following certification:

[Name of validation firm] (hereinafter “the validation firm”) has adopted and is currently carrying out a security program in accordance with the Transportation Security Regulations as originally approved on [Insert date of TSA initial approval]. In accordance with TSA regulations, the validation firm has notified TSA of any new or changed information required for the validation firm's initial security program. If new or changed information is being submitted to TSA as part of this application for reapproval, that information is stated in this filing.

(c) Renewal. TSA will renew approval of the security program and the validation firm's authority to conduct assessments if TSA determines that—

(1) The validation firm has met the requirements of this chapter, its security program, and any Security Directive; and

(2) The renewal of approval of the validation firm's security program, and of the approval to operate as a validation firm, is not contrary to the interests of security or the public interest.

(d) Effective. The renewal of approval issued pursuant to this section will remain effective until the end of the calendar month 12 months after the month it was approved or until the program has been surrendered or withdrawn, whichever is earlier.

(e) Withdrawal. If a validation firm fails to comply with the requirements of this section, TSA may withdraw approval of the validation firm under §1522.113.

top

(a) Each assessment conducted under this subpart must be conducted by a validator who meets the following requirements:

(1) He or she must be a citizen or national of the United States or be an alien lawfully admitted for permanent residence.

(2) He or she must meet the requirements of paragraph (a)(2)(i) or (ii) of this section.

(i) He or she must hold a certification or accreditation from an organization that TSA recognizes as qualified to certify or accredit a validator for assessments and must have at least five years of experience in inspection or validating compliance with State or Federal regulations in the security industry, the aviation industry, or government programs. The five years of experience must have been obtained within 10 years of the date of the application.

(ii) He or she must have at least five years experience as an inspector for a Federal or State government agency performing inspections similar to the inspections called for in this subpart and part 1549. The five years of experience must have been obtained within 10 years of the date of the application.

(3) The validator must have three professional references that address his or her abilities in inspection, validation, and written communications.

(4) The validator must have sufficient knowledge of the rules, regulations, policies, security programs, directives, and orders, pertaining to the certified cargo screening program (CCSP).

(5) The validator must have the ability to apply the concepts, principles, and methods of compliance with the requirements of the certified cargo screening program to include assessment, inspection, investigation, and reporting of compliance with the certified cargo screening program.

(b) Each validator and each individual who assists in conducting assessments must successfully undergo a security threat assessment as required under §1522.121.

top

(a) Initial training. The validation firm must ensure that its validators and individuals who will assist in conducting assessments have completed the initial training prescribed by TSA before conducting any assessment under this subpart.

(b) Recurrent training. The validation firm must ensure that each validator and each individual assisting in conducting assessments under this subpart completes the recurrent training prescribed by TSA not later than 12 months after the validator's or individual's most recent TSA-prescribed training. If the validator or individual completes the recurrent training in the month before or the month after it is due, he or she is considered to have taken it in the month it is due.

(c) Content. The training required by this section will include coverage of the applicable provisions of this chapter, including this part, part 1520, and §1540.105.

top

Each of the following must successfully complete a security threat assessment or comparable security threat assessment described in part 1540, subpart C of this chapter:

(a) Each individual who supervises validators or individuals who will assist validators.

(b) The validation firm's validator authorized to perform assessment services under this subpart.

(c) The validation firm's Security Coordinator and alternates.

(d) Each individual who will assist the validator in conducting assessments.

top

(a) Standards for assessment. Each validator must assess, in a form and manner prescribed by TSA, whether the person seeking to operate or operating as a certified cargo screening facility is in compliance with 49 CFR part 1549. The validator may be assisted by other individuals; however, the validator is directly responsible for the assessment and must sign the assessment report.

(b) Conflict of interest. A validator may not conduct an assessment for which there exists a conflict of interest as defined in §1552.1.

(c) Immediate notification to TSA. If during the course of an assessment, the validator believes that there is or may be an instance of noncompliance with TSA requirements that presents an imminent threat to transportation security or public safety, he or she must report the instance immediately to the Security Coordinator, and the Security Coordinator must report the instance immediately to TSA.

(d) No authorization to take remedial or disciplinary action. Neither the validation firm nor the validator is authorized to require any remedial action by, or to take any disciplinary or enforcement action against, the facility under assessment.

(e) Prohibition on consecutive assessments. Unless otherwise authorized by TSA, a validation firm must not conduct more than two consecutive assessments of a person seeking approval, or renewal of approval, to operate a certified cargo screening facility.

top

(a) Sensitive Security Information. Each validation firm must comply with the requirements in 49 CFR part 1520 regarding the handling and protection of Sensitive Security Information (SSI).

(b) Non-disclosure of proprietary information. Unless explicitly authorized by TSA, no validation firm, or any of its officers, Security Coordinators, validators, or employees, or individuals assisting in validations, may make an unauthorized release nor disseminate any information that TSA or an entity being assessed indicates is proprietary information.

top

(a) Each validator must prepare and submit to TSA a written assessment report, in a manner and form prescribed by TSA, within 30 calendar days of completing each assessment.

(b) The assessment report must include the following information, in addition to any other information otherwise required by TSA:

(1) A description of the facilities, equipment, systems, processes, and/or procedures that were assessed and any other information as determined by TSA.

(2) The validator's assessment regarding the facility's compliance with TSA requirements, including all elements of the applicable security program.

(3) Signed attestation by the individual validator with responsibility for the assessment that no conflicts of interest existed with regard to the assessment and that the assessment was conducted impartially, professionally, and consistent with the standards set forth by TSA.

top

(a) Each validation firm must maintain records demonstrating compliance with all statutes, regulations, directives, orders, and security programs that apply to operation as a validation firm, including the records listed below.

(b) Each validation firm must retain the following records for 180 days after the individual is no longer employed by the validation firm or is no longer acting as the firm's agent.

(1) Records of all training and instruction given to each individual under the requirements of this subpart.

(2) Records demonstrating that the validation firm has complied with the security threat assessment provisions of §1522.121.

(3) Records about the qualifications of validators it uses to conduct assessments under this subpart.

(c) Each validation firm must retain the following records until completion of the validation firm's next review under §1522.115, after which the records may be destroyed unless TSA instructs the validation firm to retain the records for a longer period.

(1) Copies of all applications for approval, or renewal of approval, by TSA to operate as a validation firm under part 1522.

(2) Copies of TSA's approval and renewals of approval as required by part 1522.

(d) Each validation firm must retain assessment reports and copies of back-up documentation supporting each assessment report submitted to TSA for 42 months after the assessment.

For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.

For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.

Section 508 / Accessibility