TWIC compliance will affect plant operations. Keep these principles in mind as you select your compliance strategy.

For the last several months, it’s been almost impossible to visit a refinery or chemical plant without discussing the topic of the TWIC Final Rule. This long-awaited regulation is finally giving definition to the challenge of fully complying with the government’s plan to protect our critical infrastructure.

Most facilities we serve are subject to the TWIC regulations because they connect with Coast Guard regulated waterways and the connected rail systems. As a result, they have until August 23, 2018 to implement a system to control the access to their plant using biometric credentials. In other words, they must invest in software and hardware that can verify a person’s identity by using a unique identifier like their fingerprint, eye, or face.

The problem is, since the government took so long to complete the final rule, many biometric manufacturers have lost interest in this relatively small opportunity (compare the size of our market to other biometric uses like cellphones). So, the choices are narrow and still evolving as we approach a decision point on the system of choice.

We’ve built expertise in this arena so we find ourselves advising our clients as the solutions become more clear. As you evaluate your options, Keep these thoughts as a guide:

  1. TWIC vs COTS:  There are very few solutions that are designed specifically to comply with TWIC, so they cost more. Rightly so, as their manufacturers have spent some extra development time to put them together. However, the Final Rule leaves an opening for companies to employ “Commercially Off The Shelf” (COTS) solutions that follow certain guidelines for compliance with TWIC. These are generally less expensive to buy, but they usually come with operational inefficiencies in enrollment and system management. Your evaluation should take this cost vs. efficiency balancing act into account.
  2. Choose for the Long Term:  The TWIC uses fingerprints as its biometric, but fingerprints can be problematic in our environment. Given the COTS option, sites can choose more than fingerprint readers to perform their biometric match so sites are looking at vascular scanners, iris scanners, and facial recognition alternatives, to name a few. They do this for the right reasons – the final selection must be as fast and reliable as possible so that the disruption of plant efficiency is minimized. On top of that, the solution must be “fully baked” for our rigorous environment. There’s no sense in choosing a slick biometric option that is not dependable long term. Each site must judge each option for itself, taking into account physical environment, plant culture, and budget.
  3. Don’t “Over-rush”: The solutions are still evolving and it’s a complex arrangement of options. New solutions and data from pilot projects will come forward in the next several months, giving us valuable additional data with as much as a year of runway to implement before compliance. Make sure that you perform your due diligence promptly, but don’t jump the gun.
  4. Run a Pilot: Under time pressure, the tendency is to cut corners in sourcing a solution. Your TWIC investment will be costly to procure so you want to be sure that it will fulfill its promise. Test this on a small scale so that you can have confidence that you’ll achieve your goals.
  5. Begin with the end in mind:  Adding biometrics is likely to diminish throughput at access points so there is understandable concern about how to mitigate this risk. As one customer said to us just last week, “I don’t just want to comply, I want to thrive.” With this goal in sight, consider how your TWIC compliance strategy can impact other key safety and security issues. For example, can we find efficiencies in time and attendance by integrating with our time and attendance system?  What about Emergency Response?


If inFRONT can assist you in determining a clear TWIC strategy, create and evaluate a pilot solution, or address integration with World class Emergency Response, please let me know.