This subpart applies to each of the following owner/operators:
(a) Described in § 1580.1(a)(1) of this part that is a Class I freight railroad.
(b) Described in § 1580.1(a)(1) of this part that transports one or more of the categories and quantities of RSSM in an HTUA.
(c) Described in § 1580.1(a)(4) of this part that serves as a host railroad to a freight railroad described in paragraph (a) of (b) of this section or a passenger operation described in § 1582.101 of this subchapter.
(a) Security training program required. Each owner/operator identified in § 1580.101 of this part is required to adopt and carry out a security training program under this subpart.
(b) General requirements. The security training program must include the following information:
(1) Name of owner/operator.
(2) Name, title, telephone number, and email address of the primary individual to be contacted with regard to review of the security training program.
(3) Number, by specific job function category identified in Appendix B to this part, of security-sensitive employees trained or to be trained.
(4) Implementation schedule that identifies a specific date by which initial and recurrent security training required by § 1570.111 of this subchapter will be completed.
(5) Location where training program records will be maintained.
(6) Curriculum or lesson plan, including learning objectives and method of delivery (such as instructor-led or computer-based training) for each course used to meet the requirements of § 1580.115 of this part. TSA may request additional information regarding the curriculum during the review and approval process. If recurrent training under § 1570.111 of this subchapter is not the same as initial training, a curriculum or lesson plan for the recurrent training will need to be submitted and approved by TSA.
(7) Plan for ensuring supervision of untrained security-sensitive employees performing functions identified in Appendix B to this part.
(8) Plan for notifying employees of changes to security measures that could change information provided in previously provided training.
(9) Method(s) for evaluating the effectiveness of the security training program in each area required by § 1580.115 of this part.
(c) Relation to other training. (1) Training conducted by owner/operators to comply other requirements or standards, such as emergency preparedness training required by the Department of Transportation (DOT) (49 CFR part 239) or other training for communicating with emergency responders to arrange the evacuation of passengers, may be combined with and used to satisfy elements of the training requirements in this subpart.
(2) If the owner/operator submits a security training program that relies on pre-existing or previous training materials to meet the requirements of subpart B, the program submitted for approval must include an index, organized in the same sequence as the requirements in this subpart.
(d) Submission and implementation. The owner/operator must submit and implement the security training program in accordance with the schedules identified in §§ 1570.109 and 1570.111 of this subchapter.
(a) Training required for security-sensitive employees. No owner/operator required to have a security training program under § 1580.101 of this part may use a security-sensitive employee to perform a function identified in Appendix B to this part, unless that individual has received training as part of a security training program approved by TSA under 49 CFR part 1570, subpart B, or is under the direct supervision of an employee who has received the training required by this section as applicable to that security-sensitive function.
(b) Limits on use of untrained employees. Notwithstanding paragraph (a) of this section, a security-sensitive employee may not perform a security-sensitive function for more than sixty (60) calendar days without receiving security training.
(c) Prepare. (1) Each owner/operator must ensure that each of its security-sensitive employees with position- or function-specific responsibilities under the owner/operator's security program has knowledge of how to fulfill those responsibilities in the event of a security threat, breach, or incident to ensure—
(i) Employees with responsibility for transportation security equipment and systems are aware of their responsibilities and can verify the equipment and systems are operating and properly maintained; and
(ii) Employees with other duties and responsibilities under the company's security plans and/or programs, including those required by Federal law, know their assignments and the steps or resources needed to fulfill them.
(2) Each employee who performs any security-related functions under § 1580.205 of this subpart must be provided training specifically applicable to the functions the employee performs. As applicable, this training must address—
(i) Inspecting rail cars for signs of tampering or compromise, IEDs, suspicious items, and items that do not belong;
(ii) Identification of rail cars that contain rail security-sensitive materials, including the owner/operator's procedures for identifying rail security-sensitive material cars on train documents, shipping papers, and in computer train/car management systems; and
(iii) Procedures for completing transfer of custody documentation.
(d) Observe. Each owner/operator must ensure that each of its security-sensitive employees has knowledge of the observational skills necessary to recognize—
(1) Suspicious and/or dangerous items (such as substances, packages, or conditions (for example, characteristics of an IED and signs of equipment tampering or sabotage);
(2) Combinations of actions and individual behaviors that appear suspicious and/or dangerous, inappropriate, inconsistent, or out of the ordinary for the employee's work environment, which could indicate a threat to transportation security; and
(3) How a terrorist or someone with malicious intent may attempt to gain sensitive information or take advantage of vulnerabilities.
(e) Assess. Each owner/operator must ensure that each of its security-sensitive employees has knowledge necessary to—
(1) Determine whether the item, individual, behavior, or situation requires a response as a potential terrorist threat based on the respective transportation environment; and
(2) Identify appropriate responses based on observations and context.
(f) Respond. Each owner/operator must ensure that each of its security-sensitive employees has knowledge of how to—
(1) Appropriately report a security threat, including knowing how and when to report internally to other employees, supervisors, or management, and externally to local, state, or Federal agencies according to the owner/operator's security procedures or other relevant plans;
(2) Interact with the public and first responders at the scene of the threat or incident, including communication with passengers on evacuation and any specific procedures for individuals with disabilities and the elderly; and
(3) Use any applicable self-defense devices or other protective equipment provided to employees by the owner/operator.