(a) Unless otherwise specified in this section, the Facility Security Officer (FSO) must keep records of the activities as set out in paragraph (b) of this section for at least 2 years and make them available to the Coast Guard upon request.
(b) Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized deletion, destruction, or amendment. The following records must be kept:
(1) Training. For training under §§ 105.210 and 105.535, the date of each session, duration of session, a description of the training, and a list of attendees;
(2) Drills and exercises. For each drill or exercise, the date held, description of drill or exercise, list of participants, and any best practices or lessons learned which may improve the Facility Security Plan (FSP);
(3) Incidents and breaches of security. For each incident or breach of security, the date and time of occurrence, location within the facility, description of incident or breaches, to whom it was reported, and description of the response;
(4) Changes in MARSEC Levels. For each change in MARSEC Level, the date and time of notification received, and time of compliance with additional requirements;
(5) Maintenance, calibration, and testing of security equipment. For each occurrence of maintenance, calibration, and testing, record the date and time, and the specific security equipment involved;
(6) Security threats. For each security threat, the date and time of occurrence, how the threat was communicated, who received or identified the threat, description of threat, to whom it was reported, and description of the response;
(7) Declaration of Security (DoS) A copy of each single-visit DoS and a copy of each continuing DoS for at least 90 days after the end of its effective period;
(8) Annual audit of the FSP. For each annual audit, a letter certified by the FSO stating the date the audit was completed; and
(9) TWIC Reader/Physical Access Control System (PACS). For each individual granted unescorted access to a secure area, the: FASC-N; date and time that unescorted access was granted; and, if captured, the individual's name. Additionally, documentation to demonstrate that the owner or operator has updated the Canceled Card List with the frequency required in § 101.525 of this subchapter.
(c) Any record required by this part must be protected from unauthorized access or disclosure. Electronic reader records and similar records in a PACS are sensitive security information and must be protected in accordance with 49 CFR part 1520.
[USCG-2003-14732, 68 FR 39322, July 1, 2003, as amended at 68 FR 60541, Oct. 22, 2003; USCG-2006-23846, 83 FR 12102, Mar. 19, 2018; USCG-2007-28915, 81 FR 57712, Aug. 23, 2016]