(a) Review and approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of Sec. 27.215, including Alternative Security Programs submitted pursuant to Sec. 27.235.
(b) If a Security Vulnerability Assessment does not satisfy the requirements of Sec. 27.215, the Department will provide the facility with a written notification that includes a clear explanation of deficiencies in the Security Vulnerability Assessment. The facility shall then enter further consultations with the Department and resubmit a sufficient Security Vulnerability Assessment by the time specified in the written notification provided by the Department under this section. If the resubmitted Security Vulnerability Assessment does not satisfy the requirements of Sec. 27.215, the Department will provide the facility with written notification (including a clear explanation of deficiencies in the SVA) of the Department's disapproval of the SVA.