Immediate compliance and business risks

Missing a written hazmat security plan puts your shipments and your company at immediate legal and financial risk. PHMSA requires a written Hazardous Materials Security Plan under 49 CFR 172.800 for anyone who offers for transportation or transports specified hazardous materials.

Under 49 CFR 172.802, the plan must be written, retained while in effect, and reviewed at least annually. PHMSA can assess baseline civil penalties around $9,300 for certain security plan failures, with much larger fines and enforcement actions for serious violations. PHMSA enforcement guidance

Beyond fines, inspections, shipment holds, corrective orders, and even criminal exposure can disrupt operations. Reputational damage from a public enforcement action often costs more than the penalty and slows recovery.

Who must have a written hazmat security plan? Quick checks for shippers

Not sure if your shipments need a written security plan? Under 49 CFR 172.800, PHMSA requires a written plan for specific materials, quantities, and situations.

Start with a few clear triggers. Any quantity of Division 1.1, 1.2, or 1.3 explosives requires a plan. Any quantity of materials poisonous by inhalation (PIH) also requires a plan and must carry "Inhalation Hazard" markings.

Quantity thresholds matter for many other classes. A "large bulk quantity" is more than 3,000 kg (6,614 lb) for solids or more than 3,000 liters (792 gal) for liquids or gases in a single packaging. Large bulk shipments of flammable gases, certain flammable liquids, oxidizers, corrosives, and poisonous materials can trigger the plan requirement.

Simple rules to self‑screen shipments

• Explosives manufacturers or distributors who ship any amount of Division 1.1, 1.2, or 1.3 materials need a security plan.
• If you move a cargo tank filled with gasoline or LPG, that large bulk quantity likely triggers the requirement.
• Agricultural suppliers hauling anhydrous ammonia or ammonium nitrate fertilizers in bulk should expect to need a plan.
• Medical or research facilities shipping Highway Route Controlled radioactive quantities or regulated select agents must include security planning.
• Manufacturers of organic peroxides or highly corrosive chemicals that meet Packing Group I or II thresholds must have a plan for affected shipments.

Some materials need special treatment, not just a yes or no. Lithium cells and batteries do not automatically trigger the DOT security plan by hazard class. But lithium shipments face strict, mode‑specific safety controls for air transport, including state‑of‑charge and cargo‑only limits. PHMSA guidance on lithium batteries

For radioactive materials, the triggers include IAEA Category 1 and 2 items, Highway Route Controlled Quantities, and NRC‑listed quantities of concern. Uranium hexafluoride that requires placarding will also bring the security plan requirement into play.

Quick takeaway: if you ship explosives or PIH at all, you need a written plan. If you move large bulk quantities in a single packaging, check the 3,000 kg/3,000 L thresholds. When a material or quantity sits in a gray area, plan for a compliance audit or expert review so you stay ahead of enforcement risk.

What a Compliant Hazmat Security Plan Must Include — and How to Turn Requirements into Controls

Not sure what to put in a written hazmat security plan so it actually passes inspection? Start with the rule: 49 CFR 172.802 requires a transportation security risk assessment and measures for personnel security, prevention of unauthorized access, and en route security.

PHMSA also recommends a clear, repeatable TSRA process to make those requirements practical. Following that process gives you defensible decisions and a record for inspectors.

Follow a seven‑step TSRA so your plan is defensible

1. Scoping: define which materials, locations, and modes the plan covers.
2. Knowledge of operations: collect quantities, routes, schedules, and current security measures.
3. Assessment: identify threat scenarios and risk control points using internal and external data.
4. Strategy: prioritize risks and select proportional controls.
5. Action: implement the chosen security measures across people, places, and processes.
6. Verification: monitor that controls are working as intended.
7. Evaluation: review results and update the plan at least annually.

This seven‑step approach comes from PHMSA's RMSEF security template and makes the TSRA repeatable and auditable. PHMSA RMSEF security template

Practical, proportionate controls you can use today

• Distribution centers: tighten access with single, well‑lit entry points, badge or fob systems, CCTV, inventory tracking, and targeted background checks for employees handling covered shipments.
• Manufacturing sites: add perimeter fencing, layered access zones, CCTV with active monitoring, role‑based security duties, and documented inspection rounds tied to the TSRA.
• Radiopharmacies: use locked, shielded storage; assigned Radiation Safety Officers; dosimeter monitoring; strict inventory logs; and limited access to authorized staff only.
• Class 7 shipments: include vehicle anti‑theft devices, route controls, visual tamper checks before departure, and secure temporary storage when stops are unavoidable.
• Lithium batteries: scale fire protections to the battery format, add NFPA‑compliant sprinklers, separate charging areas, and procedures for damaged‑battery handling and disposal.
• PIH materials: enforce strict packaging controls, restricted access during loading, trained responders for spills, and surveillance plus variable patrols to reduce predictability.

Document everything. The plan must name the senior official responsible, list job duties, include recurring training, and be retained while in effect. PHMSA guidance also highlights maintaining records of your TSRA, implementation steps, and verification activities.

The key difference between a paper plan and a compliant one is proof you used a TSRA to choose controls. Do that, train staff, and review the plan annually so controls stay proportional to risk.

Keep a Audit‑Ready Security Plan: Reviews, Training, and Records

Worried an inspector will ask for your security plan and training records on the spot? Under 49 CFR 172.802, the plan must be written, kept while in effect, and reviewed at least annually.

Review the plan every year and sooner whenever operations change. That means new locations, new hazardous materials, altered routes, or updated threats trigger a revision and employee notice.

What inspectors will expect to find

• A written security plan on-site or accessible through your principal place of business, with revision dates and a named responsible official.
• A Transportation Security Risk Assessment (TSRA) showing how you chose controls and when you evaluated them.
• Complete training records for each hazmat employee, including completion dates, course materials, trainer information, and a certification of testing.
• Shipping papers, Dangerous Goods Declarations, and proof of correct markings, labels, and packaging certifications for recent shipments.
• Documentation of corrective actions, incident logs, and verification checks that show controls are monitored and adjusted.

Make this a single audit‑ready binder or a well‑organized digital folder so you can hand over records quickly. PHMSA guidance advises keeping the plan and related records available to DOT or DHS officials upon request.

Train on schedule and keep the records that matter

All hazmat employees need general security awareness training and those with duties under the plan must get in‑depth security training. Initial training should be completed within 90 days of assignment and recurrent training at least every three years.

Keep training records for three years from the last training date. Also retain them for 90 days after an employee leaves or changes functions so you can document continuity.

Integrate security topics into your existing hazmat training, SOPs, and audit checklists so you avoid duplicate sessions and records. Link TSRA findings to standard operating procedures and your recurring audit program so verification occurs in one place.

Bottom line: keep one organized set of documents, review yearly or when changes occur, train within 90 days, and retain records for three years. Do that and you’ll be ready for DOT, PHMSA, or FAA inspections without scrambling.

A Practical 30 to 90 Day Compliance Roadmap

Worried about inspections or fines? If you ship explosives, inhalation‑hazard materials, or large bulk quantities, PHMSA likely expects a written security plan. A compliant plan must include a documented Transportation Security Risk Assessment, personnel screening, controls to prevent unauthorized access, and en‑route protections. Doing nothing risks civil penalties (baseline around $9,300), shipment holds, and disruptive enforcement actions.

• Run a gap assessment to confirm whether your operations trigger the security plan requirement and where your controls fall short.
• Document a repeatable TSRA so your control choices are defensible and auditable.
• Implement personnel vetting and role‑based training, then keep clear training records for each hazmat employee.
• Add physical access and en‑route protections like locks, tracking, route planning, and anti‑theft checks.
• Maintain audit‑ready records, review the plan annually, and revise whenever operations change.

If you want help building or auditing a written security plan, TMGI develops compliant plans and performs gap assessments. Call our Strongsville office at (866) 572-8644 or email twagner@tmgihazmat.com.

Start now to reduce enforcement risk and keep your hazardous shipments moving smoothly.