106.230—OCS facility recordkeeping requirements.
(a)
Unless otherwise specified in this section, the Facility Security Officer (FSO) must keep records of the activities as set out in paragraph (b) of this section for at least 2 years and make them available to the Coast Guard upon request.
(b)
Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized access, deletion, destruction, amendment, and disclosure. The following records must be kept:
(1) Training.
For training under § 106.215, the date of each session, duration of session, a description of the training, and a list of attendees;
(2) Drills and exercises.
For each drill or exercise, the date held, a description of the drill or exercise, a list of participants, and any best practices or lessons learned which may improve the FSP;
(3) Incidents and breaches of security.
Date and time of occurrence, location within the OCS facility, a description of the incident or breach, the identity of the individual to whom it was reported, and a description of the response;
(4) Changes in MARSEC Levels.
Date and time of the notification received, and the time of compliance with additional requirements;
(5) Maintenance, calibration, and testing of security equipment.
For each occurrence of maintenance, calibration, and testing, record the date and time, and the specific security equipment involved;
(6) Security threats.
Date and time of occurrence, how the threat was communicated, who received or identified the threat, a description of the threat, to whom it was reported, and a description of the response;
(7) Declaration of Security (DoS).
A copy of each DoS for at least 90 days after the end of its effective period; and
(8) Annual audit of the Facility Security Plan (FSP).
For each annual audit, a letter certified by the FSO stating the date the audit was conducted.