105.225—Facility recordkeeping requirements.
(a)
Unless otherwise specified in this section, the Facility Security Officer (FSO) must keep records of the activities as set out in paragraph (b) of this section for at least 2 years and make them available to the Coast Guard upon request.
(b)
Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized deletion, destruction, or amendment. The following records must be kept:
(1) Training.
For training under § 105.210, the date of each session, duration of session, a description of the training, and a list of attendees;
(2) Drills and exercises.
For each drill or exercise, the date held, description of drill or exercise, list of participants, and any best practices or lessons learned which may improve the Facility Security Plan (FSP);
(3) Incidents and breaches of security.
For each incident or breach of security, the date and time of occurrence, location within the facility, description of incident or breaches, to whom it was reported, and description of the response;
(4) Changes in MARSEC Levels.
For each change in MARSEC Level, the date and time of notification received, and time of compliance with additional requirements;
(5) Maintenance, calibration, and testing of security equipment.
For each occurrence of maintenance, calibration, and testing, record the date and time, and the specific security equipment involved;
(6) Security threats.
For each security threat, the date and time of occurrence, how the threat was communicated, who received or identified the threat, description of threat, to whom it was reported, and description of the response;
(7)
Declaration of Security (DoS) A copy of each single-visit DoS and a copy of each continuing DoS for at least 90 days after the end of its effective period; and
(8) Annual audit of the FSP.
For each annual audit, a letter certified by the FSO stating the date the audit was completed.