HCIS - SEC Complete [PDF]
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY SECURITY DIRECTIVES FOR INDUSTRIAL
31 0 3MB
Papiere empfehlen
![HCIS - SEC Complete [PDF]](https://vdoc.tips/img/200x200/hcis-sec-complete.jpg)
- Author / Uploaded
- Abdul Rahim Shaikh
Datei wird geladen, bitte warten...
Zitiervorschau
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-01 Application of Security Directives
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION.............................................................................................................................. 3 SCOPE................................................................................................................................................... 3 APPLICATION........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ....................................................................................................................................... 5
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 6
4.1. MINIMUM REQUIREMENTS THAT APPLY TO THIS DIRECTIVE:................................................................ 6 4.2. FACILITY CLASSIFICATION ................................................................................................................... 7 4.2.1. Class 1 Facility ............................................................................................................................... 7 4.2.2. Class 2 Facility ............................................................................................................................... 8 4.2.3. Class 3 Facility ............................................................................................................................... 9 4.2.4. Class 4 Facility ............................................................................................................................... 9 4.3. ENVIRONMENTAL REQUIREMENTS ..................................................................................................... 10 4.3.1. Indoor Air Conditioned Environment ........................................................................................... 10 4.3.2. Outdoor Environment ................................................................................................................... 10 4.4. CONTRACTOR PREREQUISITES FOR SECURITY PROJECT EXECUTION .................................................. 11 5.0. 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.7. 5.8. 5.9. 5.10. 6.0.
GENERAL REQUIREMENTS FOR EXECUTING SECURITY PROJECTS ............................. 14 RISK ANALYSIS .................................................................................................................................. 14 PRELIMINARY DESIGN ........................................................................................................................ 14 DETAIL DESIGN .................................................................................................................................. 15 INSTALLATION CONTRACTOR ............................................................................................................. 16 PERFORMANCE REQUIREMENTS ......................................................................................................... 17 PROGRESS REPORTS ........................................................................................................................... 17 PERFORMANCE VALIDATION .............................................................................................................. 18 MAINTENANCE & SUPPORT ................................................................................................................ 18 TRAINING ........................................................................................................................................... 19 RESPONSE TO EMERGENCY EVENTS ................................................................................................... 20 REFERENCE ....................................................................................................................................... 21
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 2 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for application of security directives.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 3 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide. Owner:
Company or owner of a facility.
SD
Security Directives
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
ACS
Access Control System: Manages access to facilities
API
American Petroleum Institute: An organization that defines requirements for petroleum facilities.
EVD
Explosive Vapor Detector: Detects presence of explosives
FAT
Factory Acceptance Test: Test conducted at contractor facility to verify compliance with requirements
SAT
Site Acceptance Test: Test conducted after equipment installation at its final location to verify compliance with requirements
IDAS
Intruder Detection & Assessment System: Detects intrusion attempt at perimeter, allows video surveillance and annunciates an alarm.
IMO
International Maritime Organization: An organization that defines security and safety of ships and ports.
ISPS
International Ship & Port Security: A set of regulations that defines security of ships and port facilities. ISPS is part of the IMO.
ISS
Integrated Security System: Provides an integrated environment to detect and delay intruders, monitor security environment and annunciate alarms generated from facility security systems.
SCC
Security Control Center: A facility that monitors the complete security environment in a designated area and manages alarms and responses to security events.
SOW
Scope of Work: A study that defines the requirements for security, safety and fire protection at a facility.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 4 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. API
Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 5 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 4.0.
General Requirements
4.1.
Minimum requirements that apply to this Directive: 4.1.1.
The High Commission for Industrial Security (HCIS) reserves the right to modify and/or make changes, as deemed necessary, to the Security Directives without prior notice.
4.1.2.
The national security of Saudi Arabia, including the security of the economy and the well being of its population, depends directly on physical and operational safety of a range of facilities across Saudi Arabia. The criticality of each facility varies depending on the product or service provided. Therefore, the High Commission for Industrial Security (HCIS) shall have the ultimate authority on classifying all facilities.
4.1.3.
Facilities shall have adequate levels of protection as defined within these Security Directives.
4.1.4.
The level of protection at each facility shall be dictated by its security classification. HCIS reserves the exclusive right to classify facilities according to its internal criteria or any new security requirements.
4.1.5.
Guidelines are provided with this Security Directive in order to permit the Owner to develop a preliminary evaluation of facility classification.
4.1.6.
The owner shall develop a detailed risk analysis that shall be used as the basis of facility classification. This risk analysis, and the facility classification, shall be submitted to HCIS for approval prior to detailed design development or implementation.
4.1.7.
The information contained herein will be used to define the levels of protection required for facilities in the Kingdom of Saudi Arabia (KSA) that fall under the supervision of the High Commission for Industrial Security (HCIS) of the Ministry of Interior, Kingdom of Saudi Arabia.
4.1.8.
The details of protection required for each facility is described in individual Security Directives that cover each aspect of the requirement.
4.1.9.
Owners who operate offshore or marine facilities shall ensure that they provide an adequate level of security measures to protect these facilities. Owners shall apply aspects of the International Ship and Port Facility Security Code (ISPS), issued by the IMO, that apply to their offshore or marine facilities.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 6 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives Companies that operate marine facilities shall define an exclusion zone around each marine facility. They shall ensure that adequate warning signs are deployed on strategically located buoys advising incoming traffic that they are entering a restricted area. These warning signs shall comply with prevailing Saudi Arabian and international marine standards on sign construction and design. Owner shall be responsible for ensuring all required permissions and standards for buoy deployment are complied with and that the buoys are maintained in good condition. Owner shall deploy marine barriers to protect marine facilities. Deployment of these barriers shall not compromise safety considerations for the facility. 4.1.10.
4.2.
These Security Directives supersede all older SSD’s previously issued by the HCIS.
Facility Classification Facilities shall be classified based on a four (4) level classification methodology. The general criterion for each level is defined in the sections below.
4.2.1.
Class 1 Facility A Class 1 facility is defined as any facility whose destruction, or serious damage, could seriously damage the Kingdom’s economy or gravely disrupt the well being of its population. Such facilities are characterized by meeting ANY of the following criteria: 4.2.1.1. 4.2.1.2. 4.2.1.3. 4.2.1.4. 4.2.1.5.
Loss presents an unacceptable financial risk. Loss of function/capacity cannot be made up by other existing facilities. Directly and seriously impacts hydrocarbon exports. Major threat to environment or population due to damage or destruction. Critical infrastructure, regardless of capital investment or availability of alternates.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 7 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives Class 1 Facility Examples Examples of facilities that are classified as Class 1 are as follows: 4.2.1.6. 4.2.1.7. 4.2.1.8. 4.2.1.9. 4.2.1.10. 4.2.1.11. 4.2.1.12. 4.2.1.13. 4.2.1.14. 4.2.1.15. 4.2.1.16.
4.2.2.
Major Oil & Gas production, processing, transportation and export. Major Oil Refining and Storage. Major Electricity Generation Facilities. Major Water Desalination Facilities. Major Commercial & Industrial Sea Ports. Major Telecommunications facilities. Major pumping facilities for oil and water. Major facilities using or producing chemicals whose flammability, explosiveness, toxicity and evaporability may cause serious harm to the environment or population if the facility is damaged or destroyed. Manufacture and storage of commercial explosives. Infrastructure that supports, or contains facilities or services, that are deemed important to the national interest. Primary computer facilities that manage the above items.
Class 2 Facility A Class 2 facility is defined as any facility whose destruction, or serious damage, could cause short term damage to the Kingdom’s economy or temporarily disrupt the well being of its population. Such facilities are characterized by meeting ANY of the following criteria: 4.2.2.1. 4.2.2.2. 4.2.2.3. 4.2.2.4.
Loss of function/capacity can be compensated for short periods by other existing facilities. Directly impacts hydrocarbon exports but will not significantly reduce them. Possible threat to environment or population due to damage or destruction. Critical infrastructure, regardless of capital investment or availability of alternates.
Class 2 Facility Examples Examples of facilities that are classified as Class 2 are as follows:
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 8 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 4.2.2.5. 4.2.2.6. 4.2.2.7.
4.2.2.8. 4.2.2.9.
4.2.3.
Support facilities for hydrocarbon production, processing, transportation & export. Hydrocarbon plants, such as major GOSP’s. Facilities using or producing chemicals whose relatively low flammability, explosiveness, toxicity and evaporability present medium level risk to the environment or population if the facility is damaged or destroyed. Infrastructure that supports, or contains facilities or services, that are deemed important to the national interest. Primary computer facilities that manage the above items.
Class 3 Facility A Class 3 facility is defined as any facility whose disruption, or serious damage, could cause minimal or no damage to the Kingdom’s economy or would not disrupt the well being of its population. Such facilities are characterized by meeting ANY of the following criteria: 4.2.3.1. 4.2.3.2. 4.2.3.3.
Loss of function/capacity can be compensated for an extended period by other existing facilities. No direct impact on oil exports. No threat to environment or population due to damage or destruction.
Class 3 Facility Examples Examples of facilities that are classified as Class 3 are as follows: 4.2.3.4. 4.2.3.5. 4.2.3.6. 4.2.3.7.
4.2.4.
Minor Sea Ports. Low Capacity Electricity Generation. (See SAF-19 for details of Power Generation Facilities). Minor Telecommunications Facilities. Bulk Plants.
Class 4 Facility
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 9 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives A Class 4 facility is defined as any facility considered a support facility, either adjacent to, or remote to, Class 1, 2 or 3 facilities. Such facilities are characterized by meeting ANY of the following criteria: 4.2.4.1. 4.2.4.2. 4.2.4.3.
Loss of function/capacity can be compensated for an extended period by other existing facilities. No direct impact on oil exports. No threat to environment or population due to damage or destruction.
Class 4 Facility Examples Examples of facilities that are classified as Class 4 are as follows: 4.2.4.4. 4.2.4.5.
4.3.
Supply Warehouses. Office Support facilities.
Environmental Requirements All devices installed for Security Directive compliance shall be capable of operating continually when subjected to the environmental conditions of the installation site. 4.3.1.
Indoor Air Conditioned Environment All devices installed indoors, or in an environmental cabinet, for Security Directive compliance, shall be cooled with redundant split or central airconditioning units.
4.3.2.
Outdoor Environment 4.3.2.1.
Equipment to be installed outdoor shall be designed to operate without air conditioning or forced air ventilation system and under the conditions of environment detailed below, and shall meet the specified performance when subjected to the full range of these conditions.
4.3.2.2.
Ambient Temperature Range: -10o C to +65o C (excluding temperature rise in cabinet)
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 10 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 4.3.2.3.
Ambient Relative Humidity Range: 5% to 100%, noncondensing
4.3.2.4.
The normal airborne dust concentration shall be considered as 1 mg/ml. During sandstorm conditions, dust concentrations reaching 500 mg/ml are encountered and winds may gust to 112 km/hr. 95% of all dust particles are less than 20 micrometers and 50% of all particles are less than 1.5 micrometers in size. Compounds present in the dust include those of sodium, calcium, silicon, magnesium and aluminum. When in wet condition (100% humidity), these compounds function as electrolytes and can result in severe corrosion of other materials.
4.3.2.5.
Other pollutants present (ppm vol. /vol. in atmosphere, worst case) are: H2S: CO: NOx: SO2: O3: Hydrocarbons:
4.4.
20 ppm (vol/vol) 100 ppm (vol/vol) 5 ppm (vol/vol) 10 ppm (vol/vol) 1 ppm (vol/vol) 150 ppm (vol/vol)
Contractor Prerequisites for Security Project Execution 4.4.1.
Designers, suppliers, contractors and systems for security related projects at facilities classified under the Security Directives shall be approved by HCIS.
4.4.2.
The Owner shall be responsible for providing HCIS with required data at least three(3) months before the scheduled security related project initiation. This will allow a complete evaluation by HCIS of the project and the proposed contractors.
4.4.3.
Contractors and suppliers shall be certified by the Ministry of Interior and the Ministry of Commerce & Industry.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 11 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 4.4.4.
The contractor shall be licensed by the competent authority at the Ministry of Interior (the General Directorate of Public Security). The certification shall clearly indicate that the contractor is authorized to engage in security related work. It shall specify the nature and type of authorized activity and shall be included in the commercial registration certificate issued by the Ministry of Commerce and Industry.
4.4.5.
The Commercial Registration (CR) certificate issued by the Ministry of Commerce & Industry shall clearly specify that the contractor is authorized to conduct security related work. It shall clearly state the vendors line of business as either importing, designing, installing or maintenance of security systems.
4.4.6.
Contractors engaged in executing safety and/or fire protection related work shall follow the requirements stated in the Safety Directives issued by the HCIS.
4.4.7.
The Owner shall submit qualification data to the HCIS for approval of all contractors selected for design and installation of security related work. Contract award for design, installation or maintenance shall not proceed until such approvals are received from the HCIS. The data submitted to the HCIS shall include, but not be limited to, the following: A) B) C) D) E) F)
G) H)
4.4.8.
Valid copies of commercial registration, showing license specified in 4.4.5. above. Chamber of Commerce membership Registration & classification certificate issued by the Ministry of Municipal & Rural Affairs. Company profile Full names and details about company owners, director, senior project personnel, system designer and installation management.. List of previous projects of a similar nature that have been executed. List must show the type of work, size of project, dates and user of the executed project. Whether company performing the work is a subsidiary or part of another organization Head office address & contact details for all prime and subcontractors.
The Owner shall ensure that the company selected for security related work shall have adequate engineering capabilities and qualified manpower to
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 12 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives design, install, test and maintain the system and execute all work requirements. 4.4.9.
The Owner shall submit to HCIS full details of all Saudi and foreign companies participating in the work. HCIS reserves the exclusive right to approve or reject any company proposed to perform the work. The Owner shall ensure that all companies participating in the work are approved by HCIS prior to work initiation.
4.4.10.
The Owner shall ensure that the company selected for security related work shall have prior technical experience inside or outside the Kingdom in similar work that matches the scope, and magnitude, of the current work.
4.4.11.
The primary contractor shall formally assume, certified in writing, total responsibility for executing all phases of the work. All sub-contractors shall be approved by HCIS prior to any contract award. The procedures for approval of sub-contractors shall be the same as for the primary contractor.
4.4.12.
Contractors receiving bid documents or working on security system design, installation, support or maintenance shall sign Non-Disclosure Agreements (NDA) specifying that the contractor shall maintain all work related documents in confidence and not disclose them to any third party without prior written approval of the Owner.
4.4.13.
Contractors performing security related work shall formally certify, in writing, that they shall provide, for the life of the system, after-sales services, support and spare parts for all devices and systems installed.
4.4.14.
The Owner shall provide HCIS with a detailed list of major system and equipment for all security related work. The list shall include model numbers, descriptions, manufacturer and local agent.
4.4.15.
HCIS shall have the right to reject any of the systems or equipment. In case any system or equipment is rejected by HCIS the Owner shall replace it with approved system or equipment or submit additional system or equipment details for approval.
4.4.16.
The Owner shall ensure that any other prerequisites deemed necessary by the user or required by current rules and regulations in effect in this regard are also included in the project scope.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 13 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
5.0.
4.4.17.
There shall be no outstanding objections, reservations or claims by any other party against the contractor executing the work.
4.4.18.
Owner shall not permit any start on security related work until HCIS approval for the specific work is received.
4.4.19.
All submissions to HCIS shall be in writing.
General Requirements for Executing Security Projects HCIS shall approve all security related work executed by companies that fall under the supervision of the Security Directives. HCIS approvals shall be secured as detailed in the following sections.
5.1.
5.2.
Risk Analysis 5.1.1.
The Owner shall prepare a risk analysis detailing the potential risk areas and the system design requirements that shall mitigate this risk.
5.1.2.
The Risk Analysis shall follow the methodology stated in the American Petroleum Institute (API) document entitled “Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries”.
5.1.3.
The Owner shall use the methodology outlined in this document to conduct a structured, comprehensive Risk Analysis for each facility.
5.1.4.
The risk analysis shall take into account facility criticality and surrounding terrain.
5.1.5.
The risk analysis shall be submitted for review by HCIS.
Preliminary Design 5.2.1.
The Owner shall prepare a preliminary design package that details the Scope of Work (SOW), main and auxiliary elements of security related work and site specific requirements.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 14 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 5.2.2.
The preliminary design package shall include the following at a minimum: 5.2.2.1.
Site Layouts showing main security related activity, device locations and system locations.
5.2.2.2.
Area covered by the Access Control System (ACS), Intrusion Detection System (IDS) and Video Surveillance System (VSS) when installed. Information shall also be provided for any additional systems installed by the Owner above and beyond the directive requirements. The preliminary design shall provide, at a minimum, general details on ACS location & number of card readers, IDS zones, layout & hardware/software, VSS cameras, zones & hardware/software.
5.2.3.
5.3.
5.2.2.3.
Details of fencing, lighting, patrol road, security control room and clearances for each site. The information provided shall include the position of each element relative to each other and the facility.
5.2.2.4.
Location and installation details for main gates, restricted area gates and emergency gates. This section shall provide details of all devices that shall be installed at each of these gates.
The data listed in section above shall be submitted to HCIS for review and approval before commencing detail design, bidding and contract award for design and installation.
Detail Design 5.3.1.
The Owner shall prepare a detail design package that provides detailed technical specifications, engineering design and list of bidders for main design elements. All information provided to HCIS shall be up to date at the time of submission.
5.3.2.
During construction, the Owner shall ensure that ongoing construction sites shall be surrounded by a category 4 fence and adequate separation maintained from existing facilities.
5.3.3.
A copy of the detail design package shall be provided to the HCIS for approval at least three months prior to awarding the bid, ordering materials
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 15 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives or initiating any work specified under the detail design package. This data shall include the items listed below. The Owner shall be responsible for any delay that may occur due to non-compliance with the time requirements mentioned above of failing to demonstrate compliance with the requirements in the HCIS security directives related to the project work. The Owner is required to meet HCIS time requirements for approvals and ensure full compliance with the security directives. 5.3.4.
The details design package shall include a list of contractors on the bidders list. The certification of the contractors, as specified under section 4.4. of this security directive, shall be supplied as part of this package.
5.3.5.
A compliance list showing compliance or non-compliance, with justification and reasons, for each applicable aspect of the HCIS security directives & project specifications shall be provided as part of this package.
5.3.6.
A list of all equipment, hardware, software, and devices shall be provided as part of this package: 5.3.6.1. 5.3.6.2. 5.3.6.3. 5.3.6.4. 5.3.6.5. 5.3.6.6.
5.4.
Manufacturers name for each system or equipment Certificate for material compliance that shows that material complies with required standards Period in which device has been available in local and international markets Local users of the product. Name & address of local agent Local agent Commercial Registration as specified in section 4.4. of this security directive.
5.3.7.
The proposed work execution schedule shall be provided as part of this package.
5.3.8.
Copies of original manufacturer catalogs and device specifications shall be provided as part of this package.
5.3.9.
The technologies, devices and systems to be supplied for the project shall be obtained from credible and reputable sources and manufacturers. The full identities of all sources and manufacturers shall be accurately disclosed in the documentation sent to HCIS.
Installation Contractor RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 16 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives The installation contractor shall be certified as specified in section 4 of this security directive.
5.5.
5.6.
Performance Requirements 5.5.1.
The Owner shall ensure that all systems and devices used for security compliance shall incorporate the latest technologies.
5.5.2.
Systems deployed for security directive compliance shall operate in an integrated environment as specified in security directive SEC-05 “Integrated Security System”.
5.5.3.
Alarm prioritization shall be a part of all systems.
5.5.4.
All critical system devices such as, but not limited to, computers and networks, shall operate in a fully redundant mode as specified in security directive SEC-05 “Integrated Security System”.
5.5.5.
System components shall have the capability for future expansion. The system shall have at least 50% spare capacity when it is initially deployed. This spare capacity includes, but is not limited to, computer memory and disc space.
5.5.6.
Systems shall have no single point of failure in their design.
5.5.7.
System components and devices shall have tamper sensors and shall annunciate an alarm for any attempt to open, modify, remove, or cut system devices and communications cabling.
5.5.8.
Systems shall be designed around open architecture to permit easy integration of technology advances.
5.5.9.
All main system components shall have the ability to send data, text or video, as applicable, to an external system, when main system is configured to do so. All external system communications and data transfers shall be in full compliance with all security considerations mentioned in the Security Directives.
Progress Reports
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 17 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives The Owner shall provide HCIS with progress reports every six months on the progress of security related work.
5.7.
Performance Validation 5.7.1.
System performance shall be validated by a Factory Acceptance Test (FAT) which shall verify compliance with all detail design and functional requirements. All major exceptions shall be cleared prior to shipment to the installation site. The documented results of the FAT shall be used as the basis of system acceptance by the Owner. The system contractor shall produce a FAT certificate certifying full compliance with all requirements which shall be signed by both the system contractor and the Owner or his representative. The FAT documentation shall be available for examination by HCIS.
5.7.2.
Installations at each site shall be validated by a Site Acceptance Test (SAT) which shall verify compliance with all installation & performance requirements. The documented results of the SAT shall be used as the basis of site acceptance by the Owner. The SAT documentation shall be available for examination by HCIS.
5.8.
Maintenance & Support 5.8.1.
The Owner shall ensure that all security installations are supported with a complete maintenance and support infrastructure.
5.8.2.
The system contractor shall provide all details and tools required for system maintenance. This shall include maintenance manuals, software diagnostics, special tools, calibration equipment and procedures.
5.8.3.
The maintenance manuals shall contain recommended maintenance intervals, procedures and recommended spare parts lists.
5.8.4.
The Owner shall be responsible for implementing a maintenance strategy to meet recommended maintenance requirements for all equipment.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 18 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 5.8.5.
All emergency backup generators shall be started up and maintained as specified in SEC-07. Once a month the auto-switch switchgear shall be tested. Generator maintenance logs for the current calendar year shall be available for inspection by HCIS if requested.
5.9.
5.8.6.
All components shall have regularly scheduled preventive maintenance (PM) at least once every 6 months with the exception of emergency backup generators which must be tested as stated in section 4.5 of SEC-07. The actual PM performed shall be documented and available for review for at least one calendar year.
5.8.7.
The Owner shall have a facility, manned 24 hours a day, 7 days a week, available for field personnel to report failures via telephone, radio or security system telemetry.
5.8.8.
Owner shall be responsible for classifying system failures as critical or noncritical failures. Critical failures shall be rectified as soon as possible.
5.8.9.
System failures and alarms shall be analyzed quarterly by the Owner to identify potential problem areas. This quarterly review shall be used as the basis for the development of strategies to rectify the problems identified.
5.8.10.
The Owner shall maintain documentation for all security equipment installed. This documentation shall include full contact details of component manufacturers, part numbers, recommended spare parts and maintenance manuals needed for each security installation.
5.8.11.
The Owner shall maintain a full set of As Built drawings for all security systems and civil work. The drawings shall be maintained as soft copy in an easily accessible format. The Owner shall maintain an index of all drawings pertaining to all security related work.
Training The Owner shall ensure that training is provided to security personnel in the operation and support of all security related systems and devices. The operational training requirements are as follows:
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 19 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives 5.9.1.
Training shall be provided to security personnel, assigned to a location with a new security installation, prior to system or device deployment.
5.9.2.
The training shall cover procedures, general system operation, failure reporting procedures, methods for handling reported errors and alarms, alarm acknowledgement and response.
5.9.3.
The Owner shall maintain logs of all training activities. The logs shall list all training provided to personnel and include personnel name, date and type of training provided.
5.9.4.
Personnel assigned to locations with security installations shall undergo a short training period prior to assuming their new duties.
The support training requirements are as follows:
5.10.
5.9.5.
Personnel directly involved in system support shall be provided training in all aspects of systems software, hardware, diagnostics and preventive maintenance.
5.9.6.
The Owner shall maintain logs of all training activities. The logs shall list all training provided to personnel and include personnel name, date and type of training provided.
Response to Emergency Events The Owner shall setup the infrastructure, procedures and personnel to develop a cohesive, rapid response to an emergency event. This shall include the management of fixed and mobile security assets using a proven command and control system where an overview and details of emergency events shall be available to operators. Personnel designated for a rapid response force shall be provided with additional training as needed to meet expected emergencies. The safety directives issued by HCIS shall be used as the basis of defining, preparing and training for emergencies.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 20 of 22
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
6.0.
Reference
The table below provides guidelines for security directive usage based on facility classification; Directive
Title
SEC-01
Application of Security Directives
SEC-02
Security Fencing
SEC-03
Security Gate
SEC-04
Security Lighting -Perimeter Lighting -Checkpoint Lighting
SEC-05
Class 1 Class 2
Class 3
Class 4
X
X
X
X
X
X
X
X
X
X
X
X
X X
X
-Access Control System -Video Surveillance System Security Devices -X-Ray
X X
X
X
X
-Turnstile -Bullet-Proof Glass Power Supply -Emergency Generator -UPS
X
X
X
X
X
X
X
X
X
-Drop-gate
X X
X
-Crash Barrier
SEC-07
X
X
Integrated Security System -Perimeter Intrusion Detection X System
SEC-06
X
X X
X X
X
X
X
X
X
X
X
X
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 21 of 22
X
X
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives Directive
Title
SEC-08
Communications
SEC-09
Security Doors
SEC-10
Security Locks
SEC-11
Identification Cards
SEC-12
Information Protection
Class 1 Class 2
Class 3
Class 4
X
X
X
X
X
X
X
X
X
X X
X
X X
X
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 22 of 22
X X
X
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-02 Security Fencing
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing Table of Contents
1.0. 1.1. 1.2. 1.3. 2.0. 2.1.
ADMINISTRATION........................................................................................................................... 3 SCOPE................................................................................................................................................ 3 APPLICATION..................................................................................................................................... 3 CONFLICTS & DEVIATIONS ................................................................................................................ 3 DEFINITIONS .................................................................................................................................... 3 TERMINOLOGY .................................................................................................................................. 4
3.0.
REFERENCES .................................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS ......................................................................................................... 6
4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9. 4.10. 4.11. 4.12. 4.13. 5.0.
INTRODUCTION .................................................................................................................................. 6 FENCE DEFINITION METHODOLOGY .................................................................................................. 6 CATEGORY 1 FENCING SYSTEM......................................................................................................... 7 CATEGORY 2 FENCING SYSTEM....................................................................................................... 10 CATEGORY 3 FENCING SYSTEM....................................................................................................... 13 CATEGORY 4 FENCING SYSTEM ....................................................................................................... 15 SHARED FENCING BETWEEN ADJACENT FACILITIES ......................................................................... 16 CLEARANCES - GENERAL ................................................................................................................ 16 MAIN GATES ................................................................................................................................... 17 EMERGENCY GATES ........................................................................................................................ 18 DESIGN REQUIREMENTS FOR FENCING SYSTEM COMPONENTS ....................................................... 18 INSTALLATION................................................................................................................................. 23 FENCE PENETRATION ...................................................................................................................... 28 DRAWINGS ...................................................................................................................................... 31
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 2 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for fencing requirements at industrial facilities.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner:
Company or owner of a facility.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 3 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing
2.1.
SD
Security Directives
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
PTZ
Pan-Tilt-Zoom: A method of mounting a surveillance camera that allows it to pan, tilt and zoom while being controlled from a remote location.
SCC
Security Control Center: A facility that monitors the complete security environment in a designated area and manages alarms and responses to security events.
Terminology
The definition of terms relating to chain link fencing can be found in ASTM F552. The definition of terms relating to barb tape can be found in ASTM F1379.
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. ASTM A121
Standard Specification for Metallic-Coated Carbon Steel Barbed Wire
ASTM A123
Standard Specification for Zinc (Hot-Dip Galvanized) Coatings on Iron and Steel Products
ASTM A392
Standard Specification for Zinc-Coated Steel Chain-Link Fence Fabric
ASTM A641
Standard Specification for Zinc-Coated (Galvanized) Carbon Steel Wire
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 4 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing ASTM C94
Standard Specification for Ready-Mixed Concrete
ASTM F1043
Standard Specification for Strength and Protective Coatings on Steel Industrial Chain Link Fence Framework
ASTM F1083
Standard Specification for Pipe, Steel, Hot-Dipped Zinc-Coated (Galvanized) Welded, for Fence Structures
ASTM F1379
Standard Terminology Relating to Barbed Tape
ASTM F1664
Standard Specification for Poly(Vinyl Chloride)(PVC) and Other Conforming Organic Polymer-Coated Steel Tension Wire Used with Chain-Link Fence
ASTM F1910
Standard Specification for Long Barbed Tape Obstacles
ASTM F1911
Standard Practice for Installation of Barbed Tape
ASTM F552
Standard Terminology Relating to Chain Link Fencing
ASTM F567
Standard Practice for Installation of Chain-Link Fence
ASTM F626
Standard Specification for Fence Fittings
ASTM F668
Standard Specification for Polyvinyl Chloride (PVC) and Other Organic Polymer-Coated Steel Chain-Link Fence Fabric
ASTM F934
Standard Specification for Standard Colors for Polymer-Coated Chain Link Fence Materials
PAS-68
BS PAS 68:2007, Specification for vehicle security barriers
SD-STD02.01, Rev A
US Department of State standard, “Specification for Vehicle Crash Test of perimeter barriers and gates
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 5 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.0.
General Requirements
4.1.
Introduction The perimeter of facilities shall be protected by a fence system in accordance with the requirements stated in this Security Directive.
4.2.
4.1.1.
The type of fence used in a facility shall be based on the facility classification. Facility classifications are performed by the HCIS. Guidelines can be found in SEC-01 “Application of Security Directives”.
4.1.2.
This Security Directive defines fences and emergency gates in fences. There are four distinct fence types numbered Category 1 through Category 4. Category 1 fences provide the highest security while Category 4 fences are designated for lower security requirements.
4.1.3.
The fence is defined in terms of functional aspects followed by specific details of fence material requirements and installation requirements.
Fence Definition Methodology The following functions are combined to produce a specific category type fencing system. 4.2.1.
The functions constituting the fencing system are as follows: 4.2.1.1.
External Interface - Encompasses the requirements external to the fence and generally consists of patrol roads and associated clearances.
4.2.1.2.
Anti-Personnel Barrier - Describes the components that provide anti-personnel characteristics of the fencing system.
4.2.1.3.
Anti-Vehicle Barrier - Describes the components that provide physical impediments to vehicle ingress through the fencing system.
4.2.1.4.
Intrusion Sensors / Surveillance Layer - Defines the installation environments for electronic, fence mounted, sensing systems & volumetric sensors that comply with the requirements of SEC05”Integrated Security System” for detection of attempts to cut or climb the fence or penetrate the fencing system.
4.2.1.5.
Lighting - Describes the requirements for perimeter and shared fence lighting as defined in SEC-04 “Lighting”.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 6 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.2.1.6.
4.3.
Internal Interface - Encompasses the requirements internal to the fence and generally consists of patrol roads and associated clearances on the inside of the perimeter
4.2.2.
While the description is provided in terms of discrete, functional layers, these discrete functions are physically combined to achieve the specified functionality. All functions shall be installed contiguous to each other or may be co-located depending on specific fence configuration.
4.2.3.
All clear zones and areas between fences shall be graded and cleared of all vegetation, building or any other obstacles.
4.2.4.
The requirements for each layer are summarized in the following sections followed by specific fence material and installation requirements in the Design Detail Section.
4.2.5.
Drawings for all fence elements are shown in section 5.0 of this security directive.
Category 1 Fencing System Category 1 fencing systems are used at facilities where the highest level of security is required. Category 1 fences implement a layered approach to security consisting of an external interface layer, anti-vehicle layer, anti-personnel layer, intrusion sensor layer, lighting layer and an internal interface layer. Elevation & isometric drawings of the fencing system are shown in figures 1 & 2 of section 5.0. A general layout of the chain link fence can be found in figure 9. Each layer is defined below. 4.3.1.
Category 1 External Interface Layer The Category 1 fencing system requires an external interface layer comprised of an outer patrol road and required clear zones. The external interface describes the requirements external to the fencing system. This outer patrol road is used by security personnel to patrol the perimeter from the outside. It must be level, a minimum of 4.6m wide and paved (concrete or asphalt) to ensure road is passable under all weather conditions. This clear zone for this area refers to an area, on the outside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance from the anti-vehicle barrier (see
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 7 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing next section), on the outside of the fencing system, shall be at least 15m wide. The patrol road shall be located within this clear zone. 4.3.2.
Category 1 Anti-Vehicle Layer The Category 1 fencing system requires an anti-vehicle layer comprised of a crash rated barrier and associated clear zone. The anti-vehicle layer is contiguous to the inside of the external interface layer. The anti-vehicle layer consists of a crash-rated barrier that meets or exceeds the requirements set by the US Department of State standard SD-STD-02.01, revision A, or PAS-68. 4.3.2.1.
Crash Barrier Rating • Crash-rated barriers vary widely on the level of impact they will absorb. The rating of the crash-rated barrier for the anti-vehicle layer in a Category 1 fencing system will depend on the surrounding terrain. •
•
• •
If the terrain presents obstacles that will prevent a vehicle from accelerating to the maximum speed listed in SD-STD02.01, revision A or PAS-68, then a lower rated barrier can be used. Obstacles that preclude vehicle acceleration could be, for example, sandy, rocky or hilly terrain in the surrounding area. An Owner can use a K4 or K8 rated barrier (using SDSTD-02.01, revision A as an example) where the surrounding terrain presents adequate obstacles to slow down any approaching vehicle to the maximum speed for these ratings. Where the terrain, and distance, allows acceleration to the maximum speed listed in SD-STD02.01, revision A or PAS-68, the crash-rated barrier shall be rated at the maximum rating (K12/L3 in SD-STD-02.01, revision A as an example). The Owner shall develop the required rating of the crashrated barrier in consultation with HCIS. The clear zone associated with this layer will extend 800m15m inside the anti-vehicle barrier. The 800m clearance is
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 8 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing required when the surrounding area is vacant at the time the facility is designed while 15m is the minimum clearance. 4.3.3.
Category 1 Anti-Personnel Layer • •
•
4.3.4.
The Category 1 fencing system requires an anti-personnel layer contiguous with the anti-vehicle layer clear zone. The anti-personnel fence shall consist of a 3m high fence configured with three rolls of concertina wire. The concertina wire shall be mounted on top of the fence with a second roll mounted on the front top and the third roll mounted on the bottom. The details of the fence installation can be found in the Design Details section of this Security Directive. Each pole on the anti-personnel fence will be reinforced by bracing each pole with a brace post, on the inside, attached at a point 1500mm above the ground plane and extending downwards towards the inside of the fence at 45o in the vertical plane which is perpendicular to the plane of the fence. The details of the brace posts can be found in the Design Details section of this Security Directive.
Category 1 Intrusion Sensors Layer • •
• • •
The Category 1 fencing system requires intrusion sensors to detect any attempt at entering the facility through the fencing system. The sensors shall incorporate at least two types of sensing technologies in order to provide a high level of probability of detection of an unauthorized penetration attempt. These sensors shall work in an integrated environment to detect such intrusions and shall be mounted as needed in the area inside the anti-personnel fence. At least one of the sensors shall be capable of detecting vertical and lateral movement within the field. Cameras mounted for assessment or as a sensor shall supply video imagery of the fencing system and shall detect any motion within their field of view. The field of view for the camera shall be designed so as to provide an uninterrupted view up to the next camera.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 9 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing • •
4.3.5.
Cameras shall be located at a maximum distance of 7.5m from the inside of the anti-personnel fence. Intrusion sensors & cameras shall meet the requirements stated in SEC-05 “Integrated Security System”.
Category 1 Lighting Layer The Category 1 fencing system shall include a lighting layer fully compliant with SEC-04 “Security Lighting”. The lighting shall be installed a maximum of 3m behind the camera pole location .
4.3.6.
Category 1 Internal Interface Layer The Category 1 fencing system requires an internal interface layer comprised of required clear zones and an inner patrol road. The internal interface describes the requirements internal to the fencing system. This clear zone for this area refers to an area, on the inside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance from the lighting pole, shall be at least 5m wide. This inner patrol road is used by security personnel to patrol the perimeter from the inside. It must be level, a minimum of 4.6m wide and paved (concrete or asphalt) to ensure road is passable under all weather conditions. It shall be located at the edge of the internal interface clear zone.
4.4.
Category 2 Fencing System Category 2 fencing systems are used at facilities where high levels of security are required. Category 2 fences implement a layered approach to security consisting of an external interface layer, anti-personnel layer, anti-vehicle layer, intrusion sensor layer, lighting layer and an internal interface layer. Elevation & isometric drawings of the fencing system are shown in figures 3 & 4 of section 5.0. A general layout of the chain link fence are shown in figure 9. Each layer is defined below.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 10 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.4.1.
Category 2 External Interface Layer •
•
•
4.4.2.
This outer patrol road is used by security personnel to patrol the perimeter from the outside. It must be level, a minimum of 4.6m wide and paved (concrete or asphalt) to ensure road is passable under all weather conditions. This clear zone for this area refers to an area, on the outside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance from the inner edge of the patrol road to the Anti-Personnel fence (see next section), shall be 15m wide.
Category 2 Anti-Personnel Layer •
•
• •
4.4.3.
The Category 2 fencing system requires an external interface layer comprised of an outer patrol road and required clear zones. The external interface describes the requirements external to the fencing system.
The Category 2 fencing system requires an anti-personnel layer comprised of an anti-personnel fence and associated clear zone. The anti-personnel layer is contiguous on the inside of the external interface layer. The anti-personnel barrier consists of a 3m high fence configured with three rolls of concertina wire. The concertina wire shall be mounted on top of the fence with a second roll mounted on the front top and the third roll mounted on the bottom. The details of the fence can be found in the Design Details section of this Security Directive. The clear zone associated with this layer will extend 10.5m inside the anti-personnel fence. This clear zone will house sensors for intrusion detection.
Category 2 Anti-Vehicle Layer •
The Category 2 fencing system requires an anti-vehicle layer comprised of fence reinforcements. The anti-vehicle layer is colocated with the antipersonnel fence.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 11 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing •
•
4.4.4.
Each pole on the anti-personnel fence will be reinforced by bracing each pole with a brace post, on the inside, attached at a point 1500mm above the ground plane and extending downwards towards the inside of the fence at 45o in the vertical plane which is perpendicular to the plane of the fence. The details of the brace posts can be found in the Design Details section of this Security Directive. Lateral bracing, or other measures, may be added to increase the antipersonnel fence to increase anti-vehicle characteristics. The Owner shall, in consultation with HCIS, add additional antivehicle barriers, such as cable based or crash rated fences if required by the Risk Analysis. In all circumstances anti-personnel requirements and clearances shall be retained.
Category 2 Intrusion Sensors Layer • • • • • • • •
The Category 2 fencing system requires intrusion sensors to detect any attempt at entering the facility through the fencing system. The sensors shall incorporate at least two types of sensing technologies in order to provide a high level of probability of detection of an unauthorized penetration attempt. These sensors shall work in an integrated environment to detect such intrusions and can be mounted as needed in the inside area of the anti-personnel fence. At least one of the sensors shall be capable of detecting vertical and lateral movement within the field. Cameras mounted for assessment or as a sensor shall supply video imagery of the fencing system and shall detect any motion within their field of view. The field of view for the camera shall be designed so as to provide an uninterrupted view up to the next camera. Cameras shall be located at a maximum distance of 7.5m from the inside of the anti-personnel fence. Intrusion sensors & cameras shall meet the requirements stated in SEC-05 “Integrated Security System”.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 12 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.4.5.
Category 2 Lighting Layer The Category 2 fencing system shall include lighting layer fully compliant with SEC-04 “Lighting”. The lighting shall be installed a maximum of 3m behind the camera pole location.
4.4.6.
Category 2 Internal Interface Layer •
• • •
4.5.
The Category 2 fencing system requires an internal interface layer comprised of required clear zones and an inner patrol road. The internal interface describes the requirements internal to the fencing system. This clear zone for this area refers to an area, on the inside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance from the lighting pole, shall be at least 5m wide. This inner patrol road is used by security personnel to patrol the perimeter from the inside. It must be level, a minimum of 4.6m wide and paved (concrete or asphalt) to ensure road is passable under all weather conditions. It shall be located at the edge of the internal interface clear zone.
Category 3 Fencing System Category 3 fencing systems are used at facilities where medium levels of security are required. Category 3 fencing systems implement a layered approach to security consisting of an external interface layer, anti-personnel layer, anti-vehicle layer, lighting layer, surveillance layer, and an internal interface layer. Elevation & isometric drawings of the fencing system are shown in figures 5 & 6 of section 5.0. A general layout of the chain link fence are shown in figure 9. Each layer is defined below. 4.5.1.
Category 3 External Interface Layer
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 13 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing The Category 3 fencing system requires an external interface layer comprised of required clear zones. The external interface describes the requirements external to the fencing system. This clear zone for this area refers to an area, on the outside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance outside the Anti-Personnel fence, (see next section), shall be at least 6m wide. 4.5.2.
Category 3 Anti-Personnel Layer •
• • •
4.5.3.
The Category 3 fencing system requires an anti-personnel layer comprised of an anti-personnel fence and associated clear zone. The anti-personnel layer is contiguous to the external interface layer. The anti-personnel barrier consists of a 3m high fence configured with two rolls of concertina wire. The concertina wire shall be mounted on the front top and the second roll mounted on the top. The details of the fence installation can be found in the Design Details section of this Security Directive. The clear zone associated with this layer will extend 5m inside the anti-personnel fence.
Category 3 Anti-Vehicle Layer The Category 3 fencing system requires an anti-vehicle layer comprised of fence reinforcements co-located with the anti-personnel fence. Each alternate pole on the anti-personnel fence will be reinforced by bracing each pole with a brace post, on the inside, attached at a point 1500mm above the ground plane and extending downwards towards the inside of the fence at 45o in the vertical plane which is perpendicular to the plane of the fence. The details of the brace posts installation can be found in the Design Details section of this Security Directive.
4.5.4.
Category 3 Surveillance Layer •
The Category 3 fencing system shall include a Surveillance layer fully compliant with SEC-05 “Integrated Security System”.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 14 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing • • •
4.5.5.
Surveillance cameras can be selected at owner discretion and may be fixed or Pan/Tilt/Zoom (PTZ) types. These cameras shall be sited to provide a clear view of the perimeter and with adequate zoom capability to discern facial features of an intruder. Cameras shall be located at a maximum distance of 7.5m from the inside of the anti-personnel fence.
Category 3 Lighting Layer The Category 3 fencing system shall include an Area lighting layer fully compliant with SEC-04 “Security Lighting”. The lighting shall be installed a maximum of 5m behind the camera pole location.
4.5.6.
Category 3 Internal Interface Layer The internal interface describes the requirements internal to the fencing system. The Category 3 fencing system requires an internal interface layer comprised of a clear zone. This clear zone for this area refers to an area, on the inside of the fencing system, cleared of all vegetation & obstructions, and maintained in this state. This clear zone, measured as the distance from the fence towards the inside of the facility, shall be at least 5m wide.
4.6.
Category 4 fencing System •
•
Category 4 fencing systems are used at facilities where low levels of security are required. Category 4 fencing systems implement a simple approach to security consisting of an anti-personnel layer with associated internal and external clear zones. The anti-personnel function is provided by a 3m high fence with a single roll of concertina wire mounted on outriggers along the top of the fence. The fence perimeter should have at least a 5m clear zone on the inside and outside of the fence.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 15 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing • • •
4.7.
4.8.
Lighting is at Owner discretion but Area lighting is recommended. The lighting can be located within the inner clear zone if required. Elevation & isometric drawings of the fencing system are shown in figures 7 & 8 of section 5.0. A general layout of the chain link fence are shown in figure 9. The details of the fence installation can be found in the Design Details section of this Security Directive.
Shared Fencing between adjacent facilities 4.7.1.
Adjacent facilities present a special case for fencing. As a general rule, the first facility that is being constructed shall implement all fences, clearances and clear zones.
4.7.2.
Facilities built after the first facility is built shall implement a modified version of the requirements.
4.7.3.
Lighting shall comply with the requirements stated in SEC-04 “Security Lighting”. for Shared Fence Lighting.
4.7.4.
Camera and sensor locations for each category fence shall be modified so that they minimize interaction between adjacent security systems.
4.7.5.
A clear zone of 5m shall be established between the shared fence and the new facility. This clear zone shall house sensors as needed by the fence category. All remaining clearances for that particular fence category shall remain.
Clearances - General Refers to the minimum distance, including the clear zone, inside the inner fence, at which Class 1, 2, 3, & 4 facilities may be located. Clearances to the nearest critical element within the facility shall be located as shown below. Critical elements located with the facility are items such as, but not limited to, main electrical facilities, storage tanks (non water), pump stations, control rooms and processing facilities. Owner shall determine critical elements needed for the facility and ensure clearances are complied with. HCIS shall have the right to designate elements to comply with clearance requirements. RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 16 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing Category 1:
60m
Critical elements only
Category 2:
60m
Critical elements only
Category 3:
60m
Critical elements only
Category 4:
As required by the Owner
These clearances apply to the distance that critical elements are located from the fence. This does not apply to non-critical elements which can be located closer to the fence as long as safety and building codes are complied with. 4.8.1.
Clearances - Coastal Facility
If facility is built in coastal areas the following additional requirements apply. Coastal facility clearance refers to the minimum distance, in front of the antipersonnel barrier, to the high water mark. This distance shall be 60m which will include outer patrol road clearances. 4.8.2.
Clearances - Elevated Pad
If facility is built on an elevated pad, 1.5m or higher, the following additional requirements apply. The requirements shall be maintained as shown in table 1, distances include clear zones: Requirement Clearance; Toe of berm to fence Slope; Toe of berm to fence Slope; Fence to distance outside the fence
Category 1 30m
Category 2 30m
Category 3 20m
0.3m in 30m 0.3m in 6.1m
Table 1 – Elevated Pad clearances
4.9.
Main Gates Main gates shall be setup as specified in SEC-03 “Gatehouse Architecture”.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 17 of 45
Category 4 20m
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing
4.10.
4.11.
Emergency Gates 4.10.1.
Emergency gates in the perimeter shall meet the requirements of SD-STD02.01, revision A, “Specification for Vehicle Crash Test of perimeter barriers and gates” or PAS-68, “Publicly Available Specification-68 for crash ratings”.
4.10.2.
Owner shall implement a maintenance program for monthly testing of each gate.
4.10.3.
Emergency gates shall have video surveillance that is monitored in the local SCC.
4.10.4.
Gate width shall be at least 5m or greater if needed due to operational requirements.
Design Requirements for Fencing System Components Drawings of individual design elements are shown in section 5.0 of this security directive. 4.11.1.
Materials Materials shall be uniform and consistent and shall meet the following requirements:
4.11.2.
Fabric 4.11.2.1.
Fabric shall be vinyl-coated chain link with a 50 mm diamond mesh and a height of 2700 mm (±12 mm), with the top and bottom selvages twisted and barbed. The standard length of roll shall be 15 m and shall be woven continuously without splices. Exception: Galvanized fabric shall be permitted when required by section 4.12.8.
4.11.2.2.
Vinyl-coated chain link fabric shall be PVC fusion bonded fabric per ASTM F668, Class 2b and shall consist of 6-gage (4.88 mm in diameter) core wires uniformly galvanized in
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 18 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing accordance with ASTM A641, Class I, and coated with 0.20 mm (8 mil) of PVC applied by the fusion method over a thermo set plastic bonding agent.
4.11.3.
4.11.4.
4.11.2.3.
The minimum breaking strength for the fence fabric shall be 9650 N (2170 lbs).
4.11.2.4.
The color of the PVC shall be dark green or black as per ASTM F934.
4.11.2.5.
If galvanized fabric is used, as required in 4.12.8., it shall consist of heavy galvanized chain link material, conforming to ASTM A392, Class II, 2-inch (50-mm) mesh 6-gage wire and a height of 2700 mm (± 12 mm).
Line Posts 4.11.3.1.
Line posts shall be NPS 3 schedule 80 steel pipe (OD = 89 mm [3.5 inch]), high strength 83,000 grade (minimum tensile strength shall be 585 MPa [85,000 psi] and minimum yield strength shall be 572 MPa [83,000 psi]) as per ASTM F1083 Group 1A, galvanized internally and externally in accordance with Type A of ASTM F1043.
4.11.3.2.
The line post shall be 3600mm in total length, including length in foundation, unless otherwise stated.
4.11.3.3.
Line posts shall receive 10 to 12 mils thermal fusion coating of PVC.
4.11.3.4.
Line Post installation drawings are shown in figure 11, section 5.0 of this security directive.
Terminal, Corner, and Pull Posts 4.11.4.1.
Terminal, corner, and pull posts shall be NPS 4 schedule 80 steel pipe (OD = 114 mm [4.5 inch]), high strength 83,000 grade (minimum tensile strength shall be 585 MPa [85,000 psi] and minimum yield strength shall be 572 MPa [83,000 psi]) as per ASTM F1083 Group 1A, galvanized internally and externally in accordance with Type A of ASTM 1043.
4.11.4.2.
Posts shall receive 10 to 12 mils thermal fusion coating of PVC.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 19 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.11.4.3.
4.11.5.
4.11.6.
4.11.7.
4.11.8.
Line Post installation drawings are shown in figure 11, section 5.0 of this security directive.
Brace Post 4.11.5.1.
Brace post shall be NPS 2 schedule 40 steel pipe (OD = 60 mm [2.375 inch]) regular grade as per ASTM F1083 Group 1A, galvanized internally and externally in accordance with Type A of ASTM 1043.
4.11.5.2.
Brace post shall receive 10- to 15-mils thermal fusion coating of PVC.
Top Rail 4.11.6.1.
Top rail shall be NPS 2 schedule 40 steel pipe (OD = 60 mm [2.375 inch]), regular grade as per ASTM F1083 Group 1A, galvanized internally and externally in accordance with Type A of ASTM 1043.
4.11.6.2.
Rails shall receive 10- to 15-mils thermal fusion coating of PVC.
Tension Wire 4.11.7.1.
Tension wire shall be a minimum of 7-gage steel, 4.5 mm in diameter in accordance with ASTM F1664.
4.11.7.2.
Tension wire shall be vinyl-coated, class 2b in accordance with ASTM F934, to match the same type of coating (PVC Fusionbonded) specified for the fence fabric.
Barbed Wire 4.11.8.1.
Barbed wire shall consist of two strands of 12.5-gage galvanized wire according to ASTM A121, with 14-gage, 4-point barbs spaced 125 mm.
4.11.8.2.
Barbed wire shall consist of six rows attached to V-shaped heavy-pressed galvanized arms capable of withstanding 1,112
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 20 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing N (250 pounds) downward pull at the outermost end of the arm without causing permanent deflection of the arm.
4.11.9.
4.11.8.3.
Barbed wire shall be secured to the extension arm by lock wire. Lock wire shall be ASTM A641, 360 mm long by 3.75 mm nominal diameter wire, minimum, annealed and galvanized with a 25 mm diameter hook on one end.
4.11.8.4.
Barbed wire shall be vinyl-coated, class 2b in accordance with ASTM F1664, to match the same type of coating (PVC Fusionbonded) specified for the fence fabric.
4.11.8.5.
Angle arms shall receive 10- to 15-mils thermal fusion coating of PVC.
Tie Wire The core wire shall be 9-gage, 2.65 mm nominal diameter minimum, galvanized in accordance with ASTM F626. Tie wire shall be coated the same type of coating (PVC fusion-bonded or extruded) as specified for the fence fabric.
4.11.10.
Post Tops 4.11.10.1. One post tops shall be provided for each post, with openings to permit through passage of top rail. 4.11.10.2. Post tops shall be made of pressed steel designed as a watertight closure cap for tubular posts. 4.11.10.3. Tops shall receive 10 to 15 mils thermal fusion coating of PVC.
4.11.11.
Fittings Fittings shall be in accordance with ASTM F626 with the followings specific requirements: 4.11.11.1. Tension and brace bands shall be 3.17 mm by 25.4 mm (1⁄8 inch by 1 in.) secured using 9.5 mm (3⁄8 in.) galvanized steel carriage bolts and nuts. 4.11.11.2. Hog rings shall be 9-gage steel wire PVC coated in accordance with ASTM F668, class 2b, color to match the fence system.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 21 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.11.11.3. Tension bars shall be 6 mm x 19 mm (0.25 inch x 0.75 inch) galvanized steel in accordance with ASTM A123. 4.11.11.4. Bands and bars shall receive 10 to 15 mils thermal fusion coating of PVC. 4.11.11.5. Drawings of fittings are shown in figure 12, section 5.0 of this security directive. 4.11.12.
Brace Rail 4.11.12.1. Brace rail shall be NPS 2 schedule 40 steel pipe (OD = 60 mm [2.375 inch] regular grade as per ASTM F1083 Group 1A, galvanized internally and externally in accordance with Type A of ASTM 1043. 4.11.12.2. Brace rail shall be equipped with 9.5 mm (0.375 inch) galvanized steel truss rods and truss tighteners in accordance with ASTM F626. 4.11.12.3. Brace rail, truss rods, and truss tighteners shall receive 10 to 15 mils thermal fusion coating of PVC.
4.11.13.
Razor Tape Barbed tape materials and configurations shall be in accordance with ASTM F1910 with the following specific provisions: 4.11.13.1. Barbed tape shall be 600 mm diameter (± 50 mm). Each loop shall consist of 24 (±1) clusters of four needle-sharp barbs on 100 mm centers, each barb measuring a minimum of 30 mm in length. 4.11.13.2. The barbed tape shall be fabricated from Series 430 stainless steel. The barbed tape shall be permanently cold-clenched over an austenitic mechanical spring core wire. 4.11.13.3. The wire shall have a diameter of 2.5 mm with a minimum tensile strength of 965 kN/m2 (140 psi). The barbed tape shall have a minimum 230° wrap about the core wire. 4.11.13.4. Adjacent alternate loops shall be clipped together in five (5) locations around the circumference to obtain the concertina effect.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 22 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.11.13.5. Clip spacing of the extended coil shall be 300± 50mm. Clips shall be capable of withstanding a minimum pull load of 900 N (200 lbs). Each coil shall contain 51 loops and cover 7.5m. 4.11.13.6. Where barbed tape is placed on the ground, each coil shall be anchored to the ground at 1.5 meter intervals using anchors formed from 10 mm diameter reinforcement bars. Each reinforcement bar anchor shall have a 50 mm hook formed at the top and shall be driven a minimum of 300 mm into the ground. 4.11.13.7. Razor Tape drawings are shown in figure 13, section 5.0 of this security directive 4.11.14.
Concrete 4.11.14.1. Concrete shall have a minimum 28-day compressive strength of 28 MPa (4000 psi). 4.11.14.2. The maximum aggregate size shall be 25 mm (1 inch). 4.11.14.3. The maximum slump shall be 75 mm (3 inch), and entrained air shall be between 2 percent and 4 percent. 4.11.14.4. Concrete mix design shall be in accordance with ASTM C94. 4.11.14.5. Cement shall be type V sulfate resistant.
4.12.
Installation The fence shall be installed in accordance with ASTM F567 and the specific provisions in this section. Section 5.0 of this security directive contains drawings of installation requirements. 4.12.1.
Fabric 4.12.1.1.
The fencing fabric shall be attached to all line posts by means of tie wire spaced at intervals not exceeding 350 mm along each post. Fasten the fabric to the rail or tension wire at intervals not exceeding 600 mm.
4.12.1.2.
The chain link fence fabric shall be installed so that the posts are enclosed.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 23 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing
4.12.2.
4.12.1.3.
The bottom of the chain link fabric shall be tied to a continuous concrete anchor constructed according to Figure 2.
4.12.1.4.
Tension bars shall be used with fabric bands spaced at maximum 375 mm intervals to fasten fabric to line posts.
4.12.1.5.
The bottom edge of fabric shall be fastened to the tension wire with wire ties at intervals not exceeding 12 inches (250 mm).
4.12.1.6.
The fabric shall be stretched tautly so as not to deflect more than 76 mm (3 inch) in the center of the fence panel in between the two line posts. Fabric shall be fastened securely to the posts.
Posts 4.12.2.1.
Where solid rock is encountered, posts shall extend 600 mm into concrete footings.
4.12.2.2.
All posts, except brace posts, shall be installed in a vertical position, plumb and in line.
4.12.2.3.
Footings for all posts shall extend 100 mm below the end of the post.
4.12.2.4.
The soil shall be moistened before placing the concrete.
4.12.2.5.
All line posts shall be equally spaced at intervals of not more than 3 m.
4.12.2.6.
Terminal posts (Corner, End, Gate or Pull) shall be installed at the beginning and end and at a maximum of 90 m intervals of fence fabric and at changes in vertical and horizontal alignments exceeding 22½° deflection angle.
4.12.2.7.
Except for gateposts, the exposed surface of the concrete foundation shall be set 25 mm above surrounding grade with a smooth 13 mm crown, sloping away from the post.
4.12.2.8.
Before placing components such as fabric, rails, tension wire, and gates, the concrete shall have cured a minimum of 7 days unless the concrete reaches at least 75 percent of its design strength.
4.12.2.9.
Line, corner, pull, and terminal posts shall be set vertically in cylindrical concrete foundations in accordance with Table 2.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 24 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing Comment: The values in Table 2 below are the minimum; site soil conditions may require a bigger size in diameter, depth, or embedment. Table 2– Post Installation Schedule Post Type
Foundation Diameter (mm)
Fence Post Line Post Corner, Pull & Terminal Posts Brace Post Gatepost OD (mm) 73 168 219
Foundation Depth (m)
Post Embedment (m)
350
1.0
0.9
450
1.1
1.0
300
1.0
0.9
300 600 800
1 1.2 1.5
0.9 1.1 1.4
4.12.2.10. All posts shall be supplied with the necessary holes drilled for the appropriate fittings. 4.12.2.11. Barbed arms shall be riveted or bolted to the post. 4.12.2.12. Brace posts shall be attached at a point 1500 mm above ground level and extend downward toward the inside of the fence at 45° in a vertical plane which is perpendicular to the plane of the fence. 4.12.2.13. Pull post intervals shall not exceed 90 m (300 ft). 4.12.2.14. Anchor post installation details are shown in figure 10, section 5.0 of this security directive. 4.12.3.
Top Rail and Tension Wire 4.12.3.1.
Fence shall be installed with a top rail and bottom tension wire.
4.12.3.2.
The top rail shall be continuous except over drive gates. One expansion/contraction coupling shall be used for every 30 m of rail.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 25 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing
4.12.4.
4.12.5.
4.12.6.
4.12.3.3.
If it is necessary for a top rail to be omitted, a top tension wire shall be installed.
4.12.3.4.
The tension wire shall be secured to the chain link fabric with hog rings spaced no greater than 305 mm (12 in) on center.
4.12.3.5.
Tension wire shall be secured to terminal posts by means of a winding bracket.
Bracing in Plane of Fence 4.12.4.1.
Each brace assembly shall consist of one top and one intermediate compression member both of 60 mm O.D. pipe and one adjustable diagonal tension rod of 9.5 mm diameter. The top rail is the top compression member. Pipe used for the compression members shall be of one piece without couplings in the bracing panel.
4.12.4.2.
Gate and end posts shall be braced to the nearest line post with one complete brace assembly.
4.12.4.3.
Corner and pull posts shall be braced to the two nearest line posts with one complete brace assembly to each line post.
Barbed Wire 4.12.5.1.
Six strands of barbed wire shall be installed.
4.12.5.2.
Strands shall be spaced uniformly and attached to frame with bands, clips, or eyebolts.
4.12.5.3.
The strands of barbed wire shall be stretched to remove sag and be anchored firmly to extension arms.
Miscellaneous Installation 4.12.6.1.
The tie wires shall clasp the pipe and fabric firmly with ends twisted at least two full turns.
4.12.6.2.
Coatings damaged in the field shall be repaired using methods and techniques recommended by the manufacturer.
4.12.6.3.
Posts and rails shall be one piece free of welded sections.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 26 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.12.6.4.
4.12.7.
Installation of barbed tape shall follow the practice of ASTM F1911.
Alignment 4.12.7.1.
Fence shall run in straight lines as far as possible. Where changes of direction are required the angle shall not be less than 90 degrees.
4.12.7.2.
When fully constructed the barbed wire, tension wire, fabric, and truss rods shall be stretched tautly.
4.12.7.3.
Where the fence crosses features such as streams and drainage ditches and where conforming of the fence to the ground contour is impractical, the fence shall span the depression, unless otherwise indicated in the contract documents. The space below the bottom of the fence shall be closed with extra fence fabric or barbed wire as indicated in the contract documents. If extra length fence posts are required at such locations, they shall be furnished and installed in lieu of standard length posts, together with any intermediate posts, stakes, braces, extra fabric, or wire as may be required.
4.12.7.4.
4.12.8.
A reasonably smooth profile at the fence line shall be provided. The bottom of the fence shall not be more than 25 mm (1 inch) above the finished ground line.
Grounding 4.12.8.1.
Fences which are within 10 m of an enclosed ground grid or ground loop that is connected to equipment operated at 1000 V or greater shall not be PVC coated and shall be grounded at intervals not exceeding 15 m to the ground grid or loop. All fences within 3 meters of a ground grid or ground electrode shall be bonded at the nearest fence post to the ground grid or ground electrode.
4.12.8.2.
Fences that pass under a transmission line operating at 69 kV and above shall not be PVC coated and be grounded at intervals not exceeding 15 m on that portion of the fence within 100 m of the power line.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 27 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.12.8.3.
Fences that cross over a ground grid or conductors that connect two ground grids shall not be PVC coated and shall have a bond between the grid or conductors and the nearest post. If the crossing area is extensive, the bond is required every 50 m. Exception: If the ground conductors used to connect the ground grids are insulated and sleeved with PVC conduit at points within 10 m of the fence, then the bond is not required
4.12.9.
4.12.10.
Gates 4.12.9.1.
Gates shall be installed in accordance with the locations, type, and size specified in the contract documents.
4.12.9.2.
Gates shall be furnished with necessary fittings and hardware.
4.12.9.3.
Gates shall be installed plumb, level, and secure for the full opening without interference.
4.12.9.4.
Ground items shall be set in concrete in accordance with gate manufacturer’s recommendations.
4.12.9.5.
Parts and attachments shall be inspected for defects.
Quality Assurance 4.12.10.1. The supplier shall be solely responsible for quality control of all furnished materials, installations, and workmanship, including those items or installations furnished by any of the supplier’s subcontractors or vendors. 4.12.10.2. The purchaser reserves the right to make inspections at any time during the receipt and installation of fencing materials.
4.13.
Fence Penetration Fence penetration by pipelines shall be either under or over the fence and shall comply with any of the following approved methods.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 28 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.13.1.
4.13.2.
Under Fence Penetration 4.13.1.1.
The pipeline shall be buried at least 18m on either side of the fence for Category 1, 2 & 3. Where fence design configuration requires greater distances, the pipeline shall be buried outside those clearances. For Category 4 fences, the distance at which the pipeline is buried is at Owner discretion.
4.13.1.2.
Under Fence penetration shall be carried out by direct burial for all fence Classifications.
4.13.1.3.
Direct Burial requires that the pipeline be buried to a depth compliant with applicable codes but, in no case, less then 1.5m deep.
4.13.1.4.
Under fence penetrations shall require the construction of a concrete culvert above/at/below ground level with opening(s) for the pipeline. The opening shall be sealed on both sides with bars and a collar to prevent ingress of humans or small animals. The fence shall conform to the culvert shape.
4.13.1.5.
Stout guardrails shall be installed at the transition point where the pipeline enters/exits the ground to prevent vehicle damage to the pipeline.
4.13.1.6.
A dedicated camera shall be provided that will permit video monitoring of the pipeline/collar in the local SCC.
Over Fence Penetration 4.13.2.1.
Over fence penetrations shall be at least 7m above the ground plane for Category 1, 2 & 3 fences. Category 4 fence height clearances shall be at Owner discretion.
4.13.2.2.
No exposed pipe less than 7m above the fence shall be permitted within 18m on either side of the Category 1, 2 or 3 fence. Where fence design configuration requires greater distances, the pipeline shall be buried outside those clearances. For Category 4 fences, the distance at which the pipeline is buried are at Owner discretion.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 29 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 02 – Security Fencing 4.13.2.3.
For Category 1, 2 &3 fencing systems the pipeline on exterior side of fence, and 5m on the inside of the fence, shall be covered with concertina wire, installed the same way as the top of a Category 1 fence. The concertina shall terminate 2m before ground entry on the exterior side of the fence. For Category 4 fencing systems pipeline on both the interior, and exterior, side of the fence shall be covered with concertina wire for a distance of 5m centered on the fence.
4.13.2.4.
Stout guardrails shall be installed at the transition point where the pipeline enters/exits the ground to prevent vehicle damage to the pipeline.
4.13.2.5.
Owner shall ensure that fence sensors are not affected by the pipeline.
4.13.2.6.
A dedicated camera shall be provided that will permit video monitoring of the pipeline/collar in the local SCC.
RESTRICTED All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 30 of 45
5.0.
Drawings This section contains drawings that provide a visual representation of the information presented in this security directive. The following drawings are available in this section: 1.
Figure 1
Class 1 Fencing System - Elevation
2.
Figure 2
Class 1 Fencing System - Isometric
3.
Figure 3
Class 2 Fencing System - Elevation
4.
Figure 4
Class 2 Fencing System - Isometric
5.
Figure 5
Class 3 Fencing System - Elevation
6.
Figure 6
Class 3 Fencing System - Isometric
7.
Figure 7
Class 4 Fencing System - Elevation
8.
Figure 8
Class 4 Fencing System - Isometric
9.
Figure 9
General Layout – Chain link Security fence
10.
Figure 10
Fence Anchor Details
11.
Figure 11
Fence Post Assembly
12.
Figure 12
Fence Attachments & Fittings
13.
Figure 13
Barbed Tape (Concertina) Details
Page 31 of 45
Figure 1 SEC 02 – Fencing Class 1 Fencing System – Elevation Page 32 of 45
Figure 2 SEC 02 – Fencing Class 1 Fencing System – Isometric View Page 33 of 45
Figure 3 SEC 02 – Fencing Class 2 Fencing System – Elevation Page 34 of 45
Figure 4 SEC 02 – Fencing Class 2 Fencing System – Isometric View Page 35 of 45
Figure 5 SEC 02 – Fencing Class 3 Fencing System – Elevation Page 36 of 45
Figure 6 SEC 02 – Fencing Class 3 Fencing System – Isometric Page 37 of 45
Figure 7 SEC 02 – Fencing Class 4 Fencing System – Elevation Page 38 of 45
Figure 8 SEC 02 – Fencing Class 4 Fencing System – Isometric Page 39 of 45
Figure 9 SEC 02 – Fencing General Layout – Chain Link Fence Page 40 of 45
Figure 10 SEC 02 – Fencing Fence & Post Details Page 41 of 45
Figure 11 SEC 02 – Fencing Fence Post Assembly Page 42 of 45
Figure 12 SEC 02 – Fencing Fence Attachments & Fittings Page 43 of 45
Figure 13 SEC 02 – Fencing Barbed Tape (Concertina) Details Page 44 of 45
Page 45 of 45
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-03 Security Gate
Table of Contents
1.0. 1.1. 1.1. 1.2.
ADMINISTRATION................................................................................................................ 3 SCOPE..................................................................................................................................... 3 APPLICATION.......................................................................................................................... 3 CONFLICTS & DEVIATIONS ..................................................................................................... 3
2.0.
DEFINITIONS ......................................................................................................................... 3
3.0.
REFERENCES ......................................................................................................................... 5
4.0.
GENERAL REQUIREMENTS .............................................................................................. 6
4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9. 4.10. 4.11. 4.12. 4.13. 4.14. 4.15.
PRELIMINARY INSPECTION CHECKPOINT (PIC) ...................................................................... 6 VEHICLE APPROACH SPEED MANAGEMENT (VASM). ........................................................... 7 AUXILIARY GATE ................................................................................................................... 7 GATEHOUSE ........................................................................................................................... 8 TRAFFIC MANAGEMENT ......................................................................................................... 9 ADDITIONAL INSPECTION AREA ........................................................................................... 10 OVERWATCH ........................................................................................................................ 10 SUPPORT BUILDING .............................................................................................................. 11 COMMUNICATIONS ............................................................................................................... 11 LIGHTING ............................................................................................................................. 12 ENVIRONMENTAL ................................................................................................................. 12 ACCESS MANAGEMENT ........................................................................................................ 12 SURVEILLANCE CAMERAS .................................................................................................... 13 RESPONSE ZONE ................................................................................................................... 13 POWER SYSTEMS .................................................................................................................. 14
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for security gates to industrial facilities.
1.1.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.2.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner:
Company or owner of a facility.
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not
required. UPS
Uninterruptible Power Supply An uninterruptible power supply (UPS), also known as an uninterruptible power source, is a device which maintains a continuous supply of electric power to connected equipment by supplying power from batteries when utility power is not available.
Auxiliary Gate
A steel gate installed close to the gate house to permit the closure of gatehouse vehicle or pedestrian lanes when they are not being used.
Chicane
A sharp double bend created by placing barriers on the road
CMU
Concrete Masonry Unit A Concrete masonry unit (CMU) [US], concrete block, or breeze block [UK], cinder block or foundation block [US], clinker block (if bottom ash or clinker is used as an aggregate) is a large rectangular brick used in construction. Concrete blocks are made from cast concrete, i.e. portland cement and aggregate, usually sand and fine gravel in the case of blocks. They are formed typically in the shape of two squares joined on one side to form a rectangle, with the insides of the squares hollow.
FDB
Final Denial Barrier The FDB is a barrier constructed inside the facility that can stop vehicles if they penetrate the gatehouse.
LAN
Local Area Network
NIJ
National Institute of Justice
PIC
The preliminary inspection checkpoint (PIC) permits the interdiction of vehicles at a distance from the main gatehouse and provides early warning to main gate personnel of potentially hazardous payloads.
PTZ
Pan / Tilt / Zoom A method for mounting cameras whereby the camera can be panned, tilted or zoomed from a remote location.
VASM
Vehicle Approach Speed Management (VASM) limits the speed of vehicles approaching a gatehouse by the incorporation of design features in the approach road.
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. NFPA 70
National Fire Protection Association: National Electrical Code
ANSI C2
American National Standards Institute (ANSI)/ Institute of Electrical & Electronics Engineers (IEEE): National Electrical Safety Code
NIJ 0108.01
Ballistic Resistant Protective Materials
4.0.
General Requirements The gate architecture specified in this Security Directive specifies the minimum requirements for gates to facilities. The gate architecture is based on managing the approach to a facility, inspection and response. Collectively these facilities are referred to as the “security gate” and the layout comprises the gate architecture. The gate architecture consists of the elements to manage the approach, inspection and response of vehicles and pedestrians to a facility. Full containment and control of all vehicles and personnel is required at all gates. This shall be achieved through a combination of active and passive barrier systems managed by on-site security personnel. Each element is detailed in the following sections.
4.1.
Preliminary Inspection Checkpoint (PIC) The function of the PIC is to permit the interdiction of vehicles at a distance from the main gatehouse and provide early warning to main gate personnel of potentially hazardous payloads. The requirement for the PIC at any facility shall be jointly determined by the Owner and HCIS. The PIC shall be manned by government forces. The PIC shall meet the following requirements: 4.1.1. The PIC shall be located at least 300m before the main gate of the facility. 4.1.2. Traffic approaching the PIC, and all the way through the main gate, shall be channelized using medians, or other separation obstacle, to divide incoming and outgoing traffic. The median height shall be at least 152mm. The median shall start at least 10m before the PIC. 4.1.3. The PIC shall have checkpoint lighting installed as specified in SEC-04 “Lighting”. 4.1.4. Parking for at least 5 full sized vehicles shall be provided adjacent to the PIC. This parking shall be used for security vehicles and vehicles being subjected to increased inspection without obstructing traffic flow. 4.1.5. The PIC shall be within line-of-sight of the main gate operated by the Owner. If the PIC is not within line-of-sight due to terrain or other considerations, a hotline between the main gate and PIC shall be established.
4.2.
Vehicle Approach Speed Management (VASM). 4.2.1. The roadway approaching a gatehouse shall have a chicane or zigzag design to retard the speed of incoming vehicles. This may be augmented by additional speed retardation devices and designs if so required by the Owner. 4.2.2. Where space for a chicane is not available the Owner shall utilize other speed control devices to implement the intent of the VASM. 4.2.3. The chicane shall be designed in such a fashion that traffic shall be forced to slow down while traversing the chicane. 4.2.4. The approach to the gatehouse after the chicane shall be no longer than 50m in order to minimize the distance the vehicle has available to accelerate to the gatehouse. 4.2.5. The sides of the roadway in the chicane shall have barriers that shall prevent a vehicle from driving or cutting across the chicane. 4.2.6. The chicane shall be designed to allow long loads and articulated loads to pass safely through. Any design elements that facilitate the passage of such loads shall not compromise the intent of the VASM. 4.2.7. The VASM shall not obstruct the line-of-sight between the PIC and main gate.
4.3.
Auxiliary Gate 4.3.1. The auxiliary gate shall provide the capability to shutdown pedestrian or vehicle lanes or the entire gate as needed. 4.3.2. It shall consist of a steel gate that can be used to close selected entry or exit lanes or to close all lanes when they are not needed.. 4.3.3. Chain link gates shall not be acceptable. 4.3.4. The auxiliary gate shall be designed to prevent any person entering the facility when the gate is closed. 4.3.5. The Owner shall ensure that anti-personnel measures are incorporated in the gate design to prevent an intruder from entering through or climbing over the gate when it is closed. 4.3.6. Gates shall be constructed of strong steel elements that present a reasonable degree of anti-vehicle protection. 4.3.7. The auxiliary gate shall be at least 3.0m high and shall be able to cover all lanes. Multiple segments shall be used for the gate. 4.3.8. The auxiliary gate shall be located on the outside of the facility and within 3m 10m of the gatehouse.
4.3.9. All gate segments shall have positive locking mechanisms to retain gate integrity and security. 4.3.10. Locks used on this gate shall be fully compliant with SEC-10 “Locks”.
4.4.
Gatehouse The gatehouse shall house security personnel and security system components to manage access to the facility. 4.4.1. The gatehouse shall be sized to accommodate security personnel assigned to the gate. Gatehouse sizing shall be approved by HCIS prior to construction. 4.4.2. The gatehouse windows shall comply with the requirements for bullet-proof glass specified in SEC-06 “Security Devices”. Windows for document inspection are permitted as long as they comply with the requirements of SEC-06 “Security Devices”. All opening in the windows shall comply with the requirements of SEC-06 “Security Devices”. 4.4.3. The walls of the gatehouse shall provide ballistic protection to level IIIA of NIJ 0108.01. The walls shall be constructed of CMU. The CMU openings shall have a steel rebar mesh and shall be filled with grout. The mesh shall use steel rebar to provide reinforcement. Solid walls or steel walls shall be permitted as long as they provide the required level of ballistic protection. Alternative methods of construction, such as prefab panels, prefab gatehouses or polymer reinforcements, shall be acceptable as long as ballistic protection to level IIIA of NIJ 0108.01 is provided. This protection level shall be certified by the manufacturer. 4.4.4. The gatehouse shall have 360o degree visibility. 4.4.5. The gatehouse shall be installed on a base raised a minimum of 500mm above the roadway. 4.4.6. The side of the gatehouse facing the outside and inside shall be protected by a concrete barrier. This barrier shall be located on the gatehouse base and consist of a raised circular barrier at least 70cm high across the full width of the gatehouse. The barrier height shall not impede visibility from the gatehouse. The barrier shall be located within 3m of the gatehouse building. 4.4.7. All entrances to the interior of the gatehouse shall be on the sides of the gatehouse facing inside the facility. 4.4.8. Gatehouse interior lighting shall comply with the requirements of SEC-04 “Security Lighting”.
4.4.9. The gatehouse shall have LAN connectivity that connects the gatehouse to the corporate network. 4.4.10. All electrical switchgear for gatehouse devices shall be on the side of the gatehouse facing inside the facility or off to the side inside the perimeter fence and within 5m of the gatehouse. 4.4.11. Power to the gatehouse shall clearly distinguish between commercial power and UPS power by the use of distinct outlets for each power source. Power outlets sourced from UPS power shall only be used for designated security devices and no extra outlets, other what are required, shall be installed.. 4.4.12. Power to the gatehouse and all security devices shall comply with the requirements of SEC-07 “Power Supply”. 4.4.13. The gatehouse shall have adequate clearance above the windows to permit installation of large screen displays for security systems without impeding the view from inside the gatehouse. 4.4.14. The area above the gatehouse and inspection lanes shall be covered with a sunshade. The sunshade shall have adequate clearances to allow trucks and vehicles to enter the facility. The sunshade shall extend to an adequate distance on both sides of the gate to cover positions where security personnel will conduct inspections. The sunshade extension to cover these positions shall allow for gate orientation and the suns position to optimize coverage at all times of day. 4.4.15. An audible alarm shall be provided that shall be sounded during an emergency. The intensity of the alarm shall be adequate to be audible to all personnel in the gate area. Activation of the alarm shall be by a pushbutton in the gatehouse. The pushbutton shall be protected against accidental activation but shall not be locked at any time. Activation of the alarm shall annunciate an alarm at the Security Control Center that is monitoring the gate. 4.4.16. An X-ray unit, compliant with SEC-06 “Security Devices” shall be installed close to the gatehouse for inspecting packages entering the facility. The X-ray unit shall be installed so that it does not obstruct gatehouse visibility and it shall be housed in an environmentally controlled enclosure.
4.5.
Traffic Management 4.5.1. Each lane in the gatehouse inspection area shall have medians separating each lane of traffic. The medians shall be sized to allow installation of equipment and permit a safe location for personnel to stand on. The height of the median shall be sized as needed for operational needs but shall be at least 152mm high.
4.5.2. The traffic management design shall incorporate a rejection lane where vehicles denied access shall be able to turn around without entering the facility. The rejection lane turning radius shall be sized for the largest vehicle expected to enter the facility. 4.5.3. There shall be adequate parking on the inside and outside of each gate to allow parking of gate personnel and visitors without obstructing traffic flow. 4.5.4. Each lane shall have a clearly visible traffic light type setup that will inform users from a distance if a lane is open or closed. 4.5.5. All lanes and traffic flow directions shall be clearly marked on the roadway. 4.5.6. Roadway containment preventing inbound vehicles from unauthorized access shall extend from the installation perimeter to the final denial barrier. The containment shall consist of barriers on either side of the roadway that shall deny a vehicle entry to the facility until past the final denial barrier.
4.6.
Additional Inspection Area 4.6.1. The additional inspection area is a space where detailed inspections or document inspection can be carried out without obstructing traffic flow. 4.6.2. There shall be adequate space adjacent to the gatehouse for gate security personnel to conduct additional vehicle inspections without obstructing traffic flow. 4.6.3. A shaded or enclosed location shall be provided in the additional inspection area where K-9 services shall be located when needed by the local security requirements. 4.6.4. The additional inspection area shall be located as close as possible to the gatehouse. 4.6.5. This area shall always be within line-of-sight of gatehouse personnel.
4.7.
Overwatch The overwatch position sets up a location where heavy, mounted weapons can be deployed to support gatehouse personnel. Manning of the overwatch position shall be at the discretion of the Owner, HCIS and Saudi Government security agencies assigned for facility protection. 4.7.1. The Owner shall establish an overwatch position, covered with a small sunshade, that will allow additional mounted weapons to be deployed with the gatehouse in clear line of sight.
4.7.2. The overwatch position shall be within 300m of the gatehouse and shall be located within the facility. 4.7.3. Where possible, the overwatch position shall be located at a higher vantage point to provide an unobstructed field of fire to support gatehouse security personnel. 4.7.4. Overwatch positions shall only be required at main gates to facilities.
4.8.
Support Building Support buildings are used to house gate related systems and facilities. 4.8.1. Gates with access control system or intrusion detection system deployments will require a support building with toilet facilities and rooms for security system installation. 4.8.2. Gates without access control system or intrusion detection system deployments shall only require toilet facilities in the support building if the nearest existing toilet facilities are more then 10m away. 4.8.3. Network equipment shall be installed in a dedicated room in the support building or, if space permits, in the gatehouse. Equipment installed in the gatehouse shall not interfere with gatehouse operations or affect visibility. 4.8.4. The buildings housing security system components shall be of CMU or concrete construction. 4.8.5. Entry doors shall be fully compliant with the requirements of SEC-09 “Security Doors”. 4.8.6. Locks shall be fully compliant with SEC-10 “Security Locks”. 4.8.7. The entry door to the room housing security system components shall be within line-of-sight from the gatehouse. 4.8.8. The environmental system shall comply with the requirements of SEC-05 “Integrated Security System” for housing security system components.
4.9.
Communications 4.9.1. Communication systems deployed at the gatehouse shall comply with the requirements of SEC-08 “Communications”. 4.9.2. SEC-08 “Communications” compliant hotlines and radios shall be provided to the security control center and other facilities as needed. 4.9.3. Each gatehouse shall have at least 2 dedicated telephone lines.
4.10. Lighting 4.10.1. The gate area, starting with the PIC and up to, and including the area under the gatehouse sunshade, shall have checkpoint lighting installed that is fully compliant with SEC-04 “Lighting”. 4.10.2. The area along the roadway starting at the gatehouse and 200m past it shall have area lighting installed that is fully compliant with SEC-04 “Lighting”.
4.11. Environmental 4.11.1. All enclosed structures deployed for compliance with the requirements of this Security Directive shall have air conditioning that is fully compliant with SEC-01 “Application of Security Directives”. 4.11.2. All equipment deployed for compliance with the requirements of this Security Directive shall be certified for extended, continuous operation under the environmental conditions stated in SEC-01 “Application of Security Directives”. 4.11.3. The gatehouse shall be air conditioned as specified in SEC-01 “Application of Security Directives”.
4.12. Access Management 4.12.1. Owner shall develop documented procedures for vehicle, pedestrian and documentation inspection in each lane. Security personnel shall execute this procedure at the gatehouse after receiving adequate training as specified in SEC01 “Application of Security Directives”. The procedures shall be available in the gatehouse for inspection by HCIS. 4.12.2. The area around the gatehouse shall be fenced so that visitors cannot enter the facility without being cleared by gatehouse personnel. All entry points in the gatehouse area leading into the facility shall be fenced off with gates where needed. Fences shall be adequately sized to deter any attempt to climb them. 4.12.3. All access management devices deployed for implementing Security Directives shall meet the requirements of SEC-05 “Integrated Security System” and SEC-06 “Security Devices”. 4.12.4. Owner shall implement an X-ray examination system using X-ray units fully compliant with the requirements of SEC-06 “Security Devices”. This X-ray system shall be used to examine all packages entering the facility. 4.12.5. No personal vehicles shall be permitted in restricted areas.
4.12.6. Gates leading into industrial facilities shall deploy access control systems as specified in SEC-05 “Integrated Security System”.
4.13. Surveillance Cameras 4.13.1. Owner shall deploy PTZ surveillance cameras in the gate area. 4.13.2. These cameras shall have an adequate field of view and focal length to view both sides of the gate and the gatehouse. They shall have a clear view of pedestrian and vehicle traffic entering and exiting the facility. 4.13.3. Cameras shall be monitored in the local security control center. 4.13.4. Security control center personnel shall be provided with a full set of controls to manage and view the PTZ camera imagery.
4.14. Response Zone 4.14.1. The response zone is the area past the main gate house where security personnel can activate a Final Denial barrier (FDB) which shall prevent unauthorized vehicles from entering the facility after passing the inspection point. Typically the FDB shall be a hydraulic crash barrier fully compliant with the requirements of SEC-06 “Security Devices”. 4.14.2. The length of the response zone shall be calculated based on the configuration of the gate. If the gate always has crash barriers deployed then the crash barriers may be located as needed on the inside of the fence. If the crash barriers are generally down then the length of the response zone shall be calculated based on the velocity of the threat vehicle when detected, subsequent rate of acceleration, and the response time. 4.14.3. Typically, assuming a 4 second response time (2 sec: barrier deployment + 2 sec: personnel response), the response zone shall be at least 80m long to protect the facility against a high speed penetration. The FDB shall be installed at the end of this zone. Owner shall have the option of using a shorter response zone length if additional speed control measures are put in place that limit initial vehicle velocity at the gate. 4.14.4. FDB’s shall be located in both entry and exit lanes. FDB activation shall be via gatehouse personnel or the security control center personnel.
4.14.5. Roadway containment shall be installed from the gatehouse up to the FDB. The containment shall prevent a vehicle from taking any alternate route other then the roadway.
4.15. Power Systems All power systems deployed to support facility gates shall comply with the requirements of SEC-07 “Power Supply”.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-04 Security Lighting
Table of Contents
1.0. 1.1. 1.1. 1.2.
ADMINISTRATION................................................................................................................ 3 SCOPE..................................................................................................................................... 3 APPLICATION.......................................................................................................................... 3 CONFLICTS & DEVIATIONS ..................................................................................................... 3
2.0.
DEFINITIONS ......................................................................................................................... 3
3.0.
REFERENCES ......................................................................................................................... 5
4.0.
GENERAL REQUIREMENTS .............................................................................................. 6
4.1. PERIMETER LIGHTING ............................................................................................................ 6 4.2. AREA SECURITY LIGHTING .................................................................................................... 7 4.3. CHECKPOINT LIGHTING .......................................................................................................... 7 4.4. GATE HOUSE INTERIOR LIGHTING.......................................................................................... 8 4.5. SHARED FENCE LIGHTING ...................................................................................................... 8 4.6. COMMON REQUIREMENTS ...................................................................................................... 9 4.6.1. Lighting System Design .................................................................................................... 9 4.6.2. Lighting Poles ................................................................................................................. 10 4.6.3. Luminaire Requirements ................................................................................................. 10 4.6.4. Lamp Characteristics ...................................................................................................... 11 4.6.5. Cabling ........................................................................................................................... 12 4.6.6. Power Supply .................................................................................................................. 12 4.6.7. Lighting Control ............................................................................................................. 12 4.6.8. Lighting System Maintenance ......................................................................................... 13
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior,, for security lighting at industrial facilities.
1.1.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.2.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner
Company or owner of a facility.
Shall
Indicates a mandatory requirement.
Should
Indicates a recommendation or that which is advised but
not required. Area
A section of the facility where additional lighting is required.
Checkpoint
A security facility that controls access to a facility.
CRI
Color Rendering Index
Existing Facility
A facility that is in existence prior to any development in the surrounding area
FC
Foot Candles
Gate House
The building at the checkpoint where security personnel and equipment are housed.
Illuminance
Illuminance is the total luminous flux incident on a surface, per unit area. It is a measure of the intensity of the incident light, wavelength-weighted by the luminosity function to correlate with human brightness perception.
LDD
Luminaire Dirt Depreciation LDD is a measure of how resistant the luminaire is to ingress of environmental pollutants that will reduce light output. The extent of LDD depends on these conditions and also how often the fixtures will be cleaned.
LLD
LLD Lamp Lumen Depreciation is a measure of how, as a lamp ages and as it nears end of life, it produces less and less light on a predictable curve, the extent of which depends on the type of lamp.
Lumens
The lumen (symbol: lm) is the SI unit of luminous flux, a measure of the perceived power of light.
Luminaire
An electric lighting fixture, wall bracket, portable lamp, or other complete lighting unit designed to contain one or more electric lighting sources and associated reflectors, refractors, housing, and such support for those items as necessary.
Lux
The lux (symbol: lx) is the SI unit of Illuminance. It is used in photometry as a measure of the intensity of light, with wavelengths weighted according to the luminosity function, a standardized model of human brightness perception.
New Facility
A facility that is constructed adjacent to an existing facility and shares a common fence with it.
Perimeter
The outer boundary of the facility.
Restrike Time
The time needed by a luminaire to reach full design
brightness after an interruption in the power supply followed by its subsequent restoral.
3.0.
Security Lighting
Security lighting is used to aid threat detection, assessment, interdiction and deterrence. It increases the effectiveness of guards and CCTV by increasing the visual range during periods of darkness or by illuminating an area where natural light is insufficient.
Shared Fence
A fence that is common to two adjacent facilities.
SI
The International System of Units (abbreviated SI from the French Système international d'unités) is the modern form of the metric system.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. ACI 318-05 ASTM A123 IESNA Lighting Handbook NFPA 70 UL 1598
Building code requirement for structural concrete Standard Specification for Zinc (Hot-Dip Galvanized) Coatings on Iron and Steel Products The Illuminating Engineering Society of North America Lighting Handbook Reference & Application National Fire Protection Association: National Electrical Code Luminaires
4.0.
General Requirements This Security Directive describes the general requirements for lighting at facilities. The types of lighting addressed in this Security Directive are as follows: • • • • • • •
4.1.
Perimeter lighting Area lighting Check point lighting Gate house interior lighting Shared fence lighting. Common Requirements Maintenance
Perimeter Lighting 4.1.1. Perimeter lighting shall illuminate the fence line and its surrounding area with the minimum light levels shown below. Lighting along the fence line shall be uniform with all light illumination overlapping adjacent light illumination. At no point along the fence line shall the illuminance be less then the values shown below. 4.1.1.1.
Fence Line - ±1 m
4.1.1.2.
Fence Line - 3m inside
4.1.1.3.
Fence Line - 10m outside
23 lux 20 lux 12 lux
If higher illuminance levels are required for operation of surveillance systems installed along the perimeter then the lighting system shall be designed for these higher levels. 4.1.2.
The lighting system shall be designed based on lighting calculations for the entire perimeter using the point by point method. This calculation sheet shall be available for inspection by HCIS.
4.1.3.
Poles used for installation of perimeter lighting shall be 4m high with the luminaire placed on top of the pole.
4.1.4.
Poles used for installation of perimeter lighting shall be spaced at 20m intervals along the perimeter fence maintaining the intensities specified in 4.1.1.
4.1.5.
Poles used for installation of perimeter lighting shall be setback from the fence as required by SEC-02 “Fencing” for the category of fence being used at the facility.
4.1.6.
The lighting system shall be designed in accordance with the requirements of this Security Directive.
4.1.7.
See Common Requirements in section 4.6 of this Security Directive for additional requirements.
4.2.
Area Security Lighting Area security lighting shall illuminate designated areas. Designated areas are locations within the facility where illumination is required due to operational considerations. If higher illuminance levels are required for operation of surveillance systems installed at the facility then the lighting system shall be designed for these higher levels.
4.3.
4.2.1.
Lighting in the designated area shall be uniform with all light illumination overlapping adjacent light illumination. At no point in the designated area shall the average illuminance be less then 5 lux (0.5fc).
4.2.2.
The illuminance in the designated area should be balanced with the illuminance in the surrounding area. In general, the luminance ratios should not exceed 8:1 (according to IESNA Lighting Handbook) but this can vary depending on local requirements.
4.2.3.
Poles used for installation of area lighting shall be 10m to 30m high with the luminaire placed on top of the pole.
4.2.4.
Area security lighting shall be spaced as required to meet the illuminance requirements.
4.2.5.
Area lighting poles used at the perimeter fence shall be setback from the fence as required by SEC-02 “Fencing” for the category of fence being used at the facility.
4.2.6.
See Common Requirements in section 4.6 of this Security Directive for additional requirements.
Checkpoint Lighting 4.3.1.
Checkpoint lighting shall illuminate designated areas with the minimum light levels shown below. Designated areas are the approach, exit and gatehouse area of the checkpoint or locations within the checkpoint where illumination is required due to operational considerations.Lighting in the checkpoint area shall be uniform with all light illumination overlapping adjacent light illumination. At no point at the checkpoint, or area surrounding the gatehouse, shall the illuminance be less then the values shown below.
4.3.2.
Illuminance at ground level: 100 lux (10fc) OR 2X Illuminance of the surrounding area. Whichever is higher.
4.3.3.
Vertical Illuminance: >25% of the horizontal illuminance at the level of vehicle driver. .
The illuminance in the checkpoint area should be balanced with the illuminance in the surrounding area. If higher illuminance levels are required for operation of surveillance systems installed at the checkpoint then the lighting system shall be designed for these higher levels.
4.4.
4.5.
4.3.4.
Lights used for checkpoint Lighting shall have a CRI>50.
4.3.5.
Light levels and luminaire aiming angles shall be sufficient to clearly identify incoming vehicles, vehicle license plates, pedestrians, vehicle drivers and cargo at least 10m away from the gate house anywhere in the checkpoint area and permit inspection of people, vehicles, goods and documents.
Gate House Interior Lighting 4.4.1.
Gate House interior lighting shall provide adequate task level lighting with illuminance at the countertop level, inside the gate house, at least 300lux (30 fc).
4.4.2.
Gate house interior lighting shall be selected to minimize reflections on the gate house windows.
4.4.3.
A dimmer shall be provided for lights in each part of the gate house to allow intensity to be turned down in order to minimize gate house interior visibility from the outside.
4.4.4.
Emergency lights shall be provided to enable operating personnel to follow planned operating and shutdown procedures in the event of a power failure.
4.4.5.
All gate house lighting switch controls shall be installed at a single location.
Shared Fence Lighting Shared fence lighting requirements apply when a new facility is set up next to an existing facility that already has perimeter lighting and intrusion detection. The intention of this requirement is to ensure that there is minimal interaction between the two facilities security systems and each security system functions independently of the other. 4.5.1.
Shared fence lighting shall illuminate the fence line and its surrounding area with the minimum light levels shown below. Lighting along the fence line shall be uniform with all light illumination overlapping adjacent light illumination. At no point along the fence line shall the illuminance be less then the values shown below. All values measured with existing facility lights powered OFF. 4.5.1.1.
Fence Line - ±1 m
23 lux
4.5.1.2.
Fence Line - 3m inside
4.5.1.3.
Fence Line - 10m outside
20 lux 12 lux
If higher illuminance levels are required for operation of surveillance systems installed along the perimeter then the lighting system shall be designed for these higher levels.
4.6.
4.5.2.
Shared fence luminaires shall be mounted on top of poles with a vertical height selected so that the light output does not interfere with the perimeter cameras in the existing facility.
4.5.3.
Poles used for mounting shared fence luminaires shall be spaced horizontally as required to meet illuminance requirements.
4.5.4.
Poles used for mounting shared fence luminaires shall be setback 5m – 10m from existing fence.
4.5.5.
The shared fence luminaire beam shall overlap existing facility lights on the fence line.
Common Requirements This section describes requirements common to all security lighting. 4.6.1.
Lighting System Design 4.6.1.1.
The lighting system for perimeter, area lighting and shared fence lighting shall be designed based on lighting calculations using the point by point method. This calculation sheet shall be available for inspection by HCIS.
4.6.1.2.
Computer plotter prints shall be supplied with all security lighting proposals showing grid patterns and calculations covering perimeter, area lighting at perimeter fences and shared fence lighting.
4.6.1.3.
Grid size on the plotter points shall be based upon a grid of 10 meters square.
4.6.1.4.
All calculation shall use a tarmacadam base reflectance factor of 0.01 in all lighting calculations.
4.6.1.5.
The uniformity of Illumination and the overall rating of brightest to darkest regions in the designated area of interest shall meet the following minimum requirements unless otherwise specified: Maximum to Minimum:
5:1
Average to Minimum:
2:1
4.6.2.
4.6.3.
Lighting Poles 4.6.2.1.
Pole shall be made of aluminum or hot-dipped galvanized steel.
4.6.2.2.
The pole design shall be selected on the basis of structural integrity and corrosion protection within the selected environment.
4.6.2.3.
Steel poles shall comply with ASTM A123 for corrosion protection. All fasteners used on poles, and pole components, shall be protected against corrosion.
4.6.2.4.
Aluminum poles shall be suitably protected inside and outside against damage by environmental elements.
4.6.2.5.
Each pole shall have an environmentally sealed wiring compartment for connecting to the power system.
4.6.2.6.
The wiring compartment shall be sealed against vermin or moisture ingress.
4.6.2.7.
The pole shall be grounded in accordance with NFPA 70.
4.6.2.8.
The foundation for the poles shall be designed to carry the weight of the poles and withstand wind effects on the entire assembly.
4.6.2.9.
The foundations for lighting poles shall comply with the requirements of ACI-318, or equivalent, for such foundations.
Luminaire Requirements 4.6.3.1.
All luminaires shall be at full light intensity in the time periods specified below, or less, after activation: Perimeter Lighting: Area Lighting: Checkpoint Lighting: Shared Fence Lighting:
5 minutes 10 minutes 5 minutes 5 minutes
4.6.3.2.
Restrike time, for all lighting types, with the exception of gate house interior lighting, shall be 1 minute or less.
4.6.3.3.
LLD:
0.90
[Perimeter & Shared Fence Lighting ONLY]
4.6.3.4.
LDD:
0.71
[Perimeter & Shared Fence Lighting ONLY]
4.6.3.5.
The luminaire body and frame shall be made of corrosion resistant material such as, but not limited to, die cast aluminum. Supplier shall provide data on which internationally recognizable standard for corrosion protection has been used in the manufacture of the luminaire. Owner shall evaluate the standard for acceptability and forward the data to HCIS as part of the design package submissions stated in
SEC-01 “Application of Security Directives”. [Perimeter & Shared Fence Lighting ONLY] 4.6.3.6.
Luminaires shall be watertight and sealed against water or dust ingress.
4.6.3.7.
The luminaire shall be certified to comply with the requirements of UL 1598 for wet locations. Equivalent standards may be used where they provide similar protection.
4.6.3.8.
Luminaires shall be certified by the manufacturer for operation in the environmental conditions stated in SEC-01 “Fencing”. Luminaires used in marine environments shall be specifically designed for such environments and shall be certified by the manufacturer.
4.6.4.
4.6.3.9.
The luminaire shall be designed so that it can be aimed in both horizontal and vertical directions.
4.6.3.10.
Luminaires installed at the perimeter shall have an asymmetric forward throw beam (unless otherwise stated) with a wide beam angle to cover designated areas. The beam spread shall be such that adjacent beams overlap and eliminate any dark areas in the area of interest.
4.6.3.11.
The lens shall be heat and impact resistant. It shall be hinged for easy access or complete removal.
4.6.3.12.
The luminaires shall be of full cut-off design in order to direct light to the area of interest and minimize upwards light spill.
4.6.3.13.
The luminaire shall be grounded in accordance with NFPA 70.
Lamp Characteristics 4.6.4.1.
High Intensity Discharge (HID) & High Pressure Sodium Discharge (HPS) lamps are recommended for this application. This shall not preclude using other lighting technologies as long as all light levels at designated distances are maintained.
4.6.4.2.
Minimum lighting output shall be 48,000 lumens unless otherwise stated.
4.6.4.3.
Luminaires used in coastal, or other areas, subject to fog and low clouds should use light sources specifically designed for use in such environments. A minimum light output of 20,000 lumens using Low Pressure Sodium Discharge lamps is recommended for coastal area applications, but not required, as long as the design criteria stated in this Security Directive are met.
4.6.5.
4.6.6.
4.6.7.
4.6.4.4.
Lumen output, beyond 2,000 hours, shall not decrease by more than 2% per 1,000 hours of operation.
4.6.4.5.
Ballasts and capacitors for High Intensity Discharge (HID) fixtures shall be certified by the manufacturer as being Polychlorinated Biphenyl (PCB) free.
4.6.4.6.
Ballast shall be certified by the manufacturer to reliably start the lamp in environmental conditions stated in SEC-01 “Application of Security Directives”.
Cabling 4.6.5.1.
Cabling shall be buried in accordance with NEC requirements at a minimum depth of 600mm.
4.6.5.2.
Where cables rise above ground they shall be protected by rigid steel conduit or by rising inside the support masts for the lights.
4.6.5.3.
Cables shall comply with applicable electrical codes stated in NFPA70.
Power Supply 4.6.6.1.
Two dedicated power supplies shall be used to power the lights. Each circuit shall be setup in a loop design similar to a domestic ring main configuration.
4.6.6.2.
Each light shall be on an individual circuit from the ring main.
4.6.6.3.
Each light shall be connected to a different ring main than the light adjacent to it.
4.6.6.4.
Lights shall be powered by the emergency power generator in the event of power failure.
4.6.6.5.
Each lighting fixture shall be protected by a fuse or circuit breaker in a secure compartment with a suitable lock.
4.6.6.6.
The power supply shall fully comply with the requirements stated in SEC-07 “Power Supply”.
Lighting Control 4.6.7.1.
Perimeter, area lighting, checkpoint lighting and shared fence lighting shall be controlled automatically. The lighting controls shall be designed so the lights are energized prior to darkness, or during the day, at a time suitable for the run-up period of the lamps used.
4.6.7.2.
Lighting controls shall energize the lights when the ambient natural lighting level is 1.6 times the average horizontal perimeter light
illuminance design level or 15 lux (1.5fc), whichever is higher. This ensures that the designed illuminances are met during dusk and during dark periods of the day as well as after dark.
4.6.8.
4.6.7.3.
A manual backup switch to power on designated lights on shall be provided in the security control room.
4.6.7.4.
A switch shall be provided to permit the use of alternate perimeter, area or shared fence luminaires if required. Activation of this switch shall cause every alternate luminaire to turn on.
4.6.7.5.
Security lighting shall be independent of other lighting and power systems at the facility.
4.6.7.6.
All switchgear controls and switches for security lighting shall be located in a locked and secure facility.
4.6.7.7.
The lighting system design shall incorporate sensors to annunciate an alarm when a perimeter or shared fence luminaire does not turn on within the design period. This alarm shall be annunciated in the local security control room and local main gatehouse.
Lighting System Maintenance 4.6.8.1.
Owner shall ensure that all devices and materials needed for lighting system maintenance and support are available at the facility. This includes spare parts, ladders, lifts and cleaning materials.
4.6.8.2.
Owner shall ensure that the lighting system design takes into account maintenance requirements such as winches or tilt-poles to raise and lower luminaires. Such built-in mechanisms shall be rated to operate in the environmental conditions stated in SEC-01 “Application of Security Directives”. Winches used for luminaire maintenance shall have positive locking mechanisms to ensure luminaire stability and operator safety.
4.6.8.3.
Owner shall implement a luminaire group relamping program based on the manufacturers LLD factors. This program shall be designed to replace all lamps when the lamp reaches between 70% to 80% of its estimated life. Owner shall maintain a maintenance log for such activity.
4.6.8.4.
Owner shall implement a maintenance program to ensure all luminaires are cleaned on a regular basis at intervals of 24 months or less based on LDD factors. More frequent cleaning should be performed for facilities located in areas prone to dirt accumulation on the luminaire.
4.6.8.5.
Owner shall implement a maintenance program to replace failed lamps or lighting system devices within 72 hours of detection. If
adjacent luminaires or luminaires used for perimeter lighting fail, at least one of them shall be repaired within 24 hours.
FIGURE-1: ASSYMETRIC FLOOD LIGHTING – AIMING DIAGRAM
FIGURE-2: SECURITY FENCE & SECURITY LIGHTING
FIGURE-3: Typical layout for floodlighting open area. H is the pole height to the luminaires.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-05 Integrated Security System
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION ................................................................................................................................ 3 SCOPE ...................................................................................................................................................... 3 APPLICATION ........................................................................................................................................... 3 CONFLICTS & DEVIATIONS ...................................................................................................................... 3
2.0.
DEFINITIONS .......................................................................................................................................... 3
3.0.
REFERENCES ......................................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS ............................................................................................................... 5
4.5. 4.6. 4.7. 4.8. 4.9. 4.10. 4.11. 4.12.
INTRUSION DETECTION & ASSESSMENT SYSTEM (IDAS)........................................................................ 5 ACCESS CONTROL SYSTEM ................................................................................................................... 10 VIDEO SURVEILLANCE SYSTEM (VSS) .................................................................................................. 16 ID MANAGEMENT SYSTEM (IDMS) ...................................................................................................... 19 COMPUTER INSTALLATION IN SECURITY SYSTEMS ................................................................................. 20 SECURITY SYSTEMS INTEGRATION .................................................................................................... 22 FACILITY DESIGN REQUIREMENTS FOR HOUSING SECURITY SYSTEMS ............................................... 23 SECURITY CONTROL CENTER (SCC) ................................................................................................. 24
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for integrated security systems at industrial facilities..
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner:
Company or owner of a facility.
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
ACS
Access Control System: A system that permits, or denies, access to a facility after evaluation of credentials.
Biometrics
Biometrics is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
IDMS
Identification Card Management System: A system to manage the design, creation and retrieval of identification cards.
IDAS
Intrusion Detection and Assessment System: Detects intrusion attempt at perimeter, allows video surveillance and annunciates an alarm.
ISS
Integrated Security System
PIN
Personal Identification Number
PTZ
Pan-Tilt-Zoom: A method of mounting a surveillance camera that allows it to pan, tilt and zoom while being controlled from a remote location.
SED
Single Entry Device: A physical device that allows entry to a facility under the control of the ACS.
UPS
Uninterruptible Power Supply An uninterruptible power supply (UPS), also known as an uninterruptible power source, is a device which maintains a continuous supply of electric power to connected equipment by supplying power from batteries when utility power is not available.
VSS
3.0.
Video Surveillance System: A system using video cameras to view a designated area.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted.
IEC 60529
Degrees of protection provided by enclosures (IP Code)
4.0.
General Requirements
4.1.
Facilities shall be protected by an Integrated Security System (ISS) in accordance with the requirements stated in this Security Directive.
4.2.
The integrated environment of the ISS may be placed locally, or remotely, as needed due to operational requirements. The definition of integration are shownin section 4.10 of this Security Directive.
4.3.
This Security Directive defines procedures and technical requirements for the ISS. The ISS consists of the Intrusion Detection & Assessment System (IDAS), Access Control System (ACS), Identification Management System (IDMS) and Video Surveillance System (VSS).
4.4.
The type of ISS used in a facility shall be based on the facility classification.
4.5.
Intrusion Detection & Assessment System (IDAS) The IDAS consists of perimeter sensors and cameras connected to a computer system that will analyze and localize the sensor data, trigger an alarm when an intrusion is detected and activate a camera(s) to display video, of the area where the alarm was triggered, to security personnel tasked with monitoring the system. The IDAS shall meet the following requirements: 4.5.1.
Design
The IDAS design shall be based on a comprehensive evaluation of the site and available technologies to determine the optimal design. 4.5.2.
Architecture
The IDAS shall be designed with to ensure continued operation despite the failure of a single device. The system shall be designed with no single point of failure. Failover between primary and backup devices shall be automatic and shall not require any User intervention. 4.5.3.
Camera Type:
The IDAS shall use fixed cameras that permit constant monitoring of the perimeter being covered by the camera. PTZ cameras shall be used to augment the fixed cameras and for use as assessment devices to view the surrounding terrain. Cameras shall use automatic exposure control and be capable of outputting video at full frame rate or sub-multiples of the full frame rate. An example of this is 30 frames per second (fps) as full frame rate and 15 fps as ½ frame rate or 7.5fps as ¼ frame rate.
4.5.4.
Detection Time:
Refers to the time an intrusion attempt is initiated to the time the system detects the attempt. Less than or equal to 1 second from intrusion initiation. 4.5.5.
Localization Accuracy
Refers to how accurately the system can locate where along the perimeter the intrusion attempt is being made. ±75 meters from where intrusion has been detected. 4.5.6.
Camera Display Latency
Refers to the maximum time the system takes to display the video for the specific area where the intrusion attempt has been detected and localized. Less than or equal to 0.5 seconds after detection. 4.5.7.
Camera Field of View
Refers to the area displayed for any fixed camera. All camera views shall overlap with adjacent cameras along the entire perimeter. 4.5.8.
Camera Focal Length
Refers to the capability of the camera lens to display details. Camera focal length shall be adequate to display a person, at the furthest limit of the cameras coverage. 4.5.9.
Perimeter Lighting
Refers to lighting deployed along the perimeter and adjacent areas. Lighting shall be compliant with SEC-04 “Security Lighting” and adequate for camera to display a clear image under all lighting conditions within the range specified in SEC-04 “Security Lighting”. 4.5.10.
Probability of Detection
Refers to the probability that an intrusion attempt will be detected. This includes movement, cutting, climbing, lifting or digging, or any combination of these anywhere along the perimeter.
IDAS suppliers shall provide independent, third party evaluations & certifications, by internationally recognized institutions, that verify compliance with this requirement. Greater than or equal to 95% 4.5.11.
Nuisance Alarms
Refers to an alarm generated by the system for which there is no intrusion attempt. An example would be blowing debris or high wind speed triggering an alarm. Such events should not generate an alarm and the systems algorithms should factor in local environmental and terrain considerations as part of the alarm annunciation process. Less than or equal to 2 per month / zone. 4.5.12.
False Alarms
Refers to an alarm generated by the system for which there is no cause. An example would be an alarm generated where no cause can be discovered such as debris, high wind speed, etc. 1 false alarm per month / system maximum. 4.5.13.
Sensors 4.5.13.1. The IDAS shall use at least 2 independent types of sensors to detect an intrusion attempt into the facility and shall have video capability around the perimeter to assess the intrusion attempt. 4.5.13.2. Sensors shall be adjustable to set detection thresholds. Sensors shall be installed as required by the individual fence configurations specified in SEC-02 “Security Fencing”. The IDAS shall use video cameras for intrusion assessment. 4.5.13.3. At least one of the 2 independent sensor types shall be a volumetric sensor system to detect an intrusion attempt. This shall detect any motion, within the covered volume, of any man sized object. This sensor shall be augmented with a second independent sensor, using different technology, that shall be selected by the Owner to detect any intrusion attempt. 4.5.13.4. The sensitivity of all sensors shall be uniform in the entire area being monitored by the sensors.
4.5.14.
User Interface
The IDAS shall provide a full set of controls as generally used in CCTV systems. This will allow the IDAS User to select cameras for display, use split screens, manage PTZ cameras, etc. The controls shall include a joystick for PTZ camera control.
4.5.15.
Displays
The IDAS shall provide the User with multiple displays that will allow easy visual monitoring of IDAS camera outputs. The multiple display setup shall include, as a minimum, the following: Display 1:
Overview Map Display with all alarm location data.
Display 2:
Split-screen display, preset or user selected, automatically switches to alarm zone display when alarm is triggered.
Display 3:
Index Display for cycling through a random, or user selected, series of images from IDAS cameras. User shall have the choice to create an index of selected cameras that are displayed simultaneously and updated at user selectable or preset intervals.
Display 4:
PTZ camera display
Camera imagery shall normally be displayed at any acceptable sub-multiple of the full frame rate & resolution but in no event less than one(1) frame per second during nonalarm conditions. During alarm conditions camera frame rate and resolution shall automatically switch to 640 x 480 or greater pixel resolution and 15-30 frames per second frame rate as selected by the Owner or preset in the system. All displays shall be minimum 20” size flat screen displays. 4.5.16.
Alarm Annunciation
The IDAS shall annunciate the alarm locally and, if required by the Owner, at a remote site. The remote site shall be capable of receiving the alarm data & video and sending back an acknowledgement as specified in the External System Interface section below. 4.5.17.
Video Recording
Refers to a device that will digitally record a video of the perimeter when an alarm is generated. User may select any camera or group of cameras for full time recording if required. All video recorded for alarms from cameras shall be stored and available for viewing up to 90 days from the date the video was taken. User shall size digital recording capacity to permit recording under all scenarios and still maintain at least 50% spare storage capacity. Alarm recording shall be at full frame rate or ½ frame rate. Pre -Alarm recording - 5-60 seconds configurable Post-Alarm recording- 5-60 seconds configurable 4.5.18.
Power Supply
Power supplied for the system, including cameras, sensors and recording system, shall be powered by an uninterruptible power source fully compliant with SEC-07 “Power Supply” with the exception of UPS backup time in equipment shelters which shall be a minimum of 2 hours at its full rated capacity. 4.5.19.
External System Interface
Refers to the interface required for the IDAS to transmit alarm data and video to an external system & receive acknowledgement of alarms from the external system. 4.5.19.1. The Owner shall ensure that the IDAS supplier clearly documents the ability of the IDAS to be remotely monitored and controlled. 4.5.19.2. The system shall have the ability, if required by the Owner, to transmit all system data to an external system, including video, and receive acknowledgements in a fully documented format and protocol. 4.5.19.3. The Owner may elect to use any interface format as long as all system data, including video, can be transparently sent to an external system for display and alarm acknowledgement, the interface requirements are fully defined and the interface is installed in the IDAS. 4.5.19.4. All data transmitted to an external system shall use encryption to secure the data during transit over the network. 4.5.20.
User Interface
The IDAS shall provide security personnel with a full range of controls for managing, selecting, zooming and otherwise controlling all cameras, acknowledging alarms and acquiring data from the system. The IDAS shall provide a map display for displaying the overall system. The map display shall permit the optional use of bilingual labels in Arabic and English. The display shall use color icons to annunciate perimeter status. 4.5.21.
Network
The IDAS shall use redundant networks for all IDAS systems including field devices such as cameras & sensor interfaces. Failover between networks shall be automatic. Any field device failure shall not impact network performance. 4.5.22.
Tamper Protection
The IDAS shall incorporate elements that will annunciate an alarm if any attempt is made to tamper with IDAS system elements such as cabling, computer equipment or field computer facility access where active IDAS components are located.
All junction & pull boxes, mounted externally, shall use tamper-proof screws for all fasteners on the case that are externally accessible. All surface mounted cables shall be encased in steel conduit. 4.5.23.
Alarm Annunciation
The alarm displays shall display all alarm indications in all detection zones as well as individual device status. All device or component failures shall be annunciated on alarm displays at the facility where the system is installed. If the system uses remote management then these alarms shall also be displayed at the remote location. System shall incorporate alarms about faults within the system such as, but not limited to, elevated temperatures in equipment rooms, device failures or communication failures between system and sensors. 4.5.24.
System Security
Access to the IDAS shall be protected by user ID’s and passwords, at a minimum, and an audit trail shall be maintained to log all User and user activities. 4.5.25.
Environmental
All devices mounted externally shall be sealed to a minimum standard of IEC 60529 and shall meet the environmental conditions stated in SEC-01 “Application of Security Directives”.
4.6.
Access Control System
The Access Control System (ACS) comprises the hardware and software needed to electronically authenticate a request by personnel to access a facility and to advise security personnel of any invalid attempts. The local ACS consists of card readers or biometric readers, computer systems to validate the request and local displays to advise security personnel of system status and access request status. This local ACS shall be connected to a central ACS for data storage of all local ACS logs and access data. The central ACS shall be used for reporting and data management. The ACS shall meet the following requirements: 4.6.1.
Architecture 4.6.1.1.
The ACS shall consist of a local ACS at each facility with a central ACS that shall store and retain all ACS personnel and access data online for at least 36 months. The ACS shall ensure compliance with section 4.8 of this Security Directive.
4.6.1.2.
Personnel data referring to card holder short leave, vacation, lost, stolen, revoked shall automatically be updated in the ACS and disseminated automatically to all sites.
4.6.1.3.
The ACS shall be designed with full redundancy at all levels to ensure continued operation despite the failure of a single device. The system shall be designed with no single point of failure.
4.6.1.4.
Failover, and restore, between primary and backup devices shall be automatic and shall not require any User intervention.
4.6.1.5.
All local ACS operations & functions shall continue to operate with no loss of capability when communication links to the central ACS are disrupted.
4.6.1.6.
All access data shall be uploaded to central system at periodic intervals not to exceed 10 minutes.
Card Readers or Biometric Readers
4.6.2.
Refers to devices that are used to initiate a request for access to the ACS, receive the response and operate an associated single entry device. The readers may use cards and/or biometrics as the access requesting mechanism. •
• • •
One reader minimum shall be installed per single entry device (SED) where multiple single entry devices are installed. Where the installation only has one SED two card readers shall be installed at both the entry and exit sides of the SED. If reader controllers are used a minimum of two controllers shall be installed with each alternate card reader connected to alternate controllers. The ACS shall have the ability to deploy readers in multiple zones with each zone having independent security access levels. The readers shall allow or deny access based on the response from the ACS. All access denied alarms shall be annunciated at the local gatehouse. 4.6.2.1.
Card Readers
Cards shall be compliant with all Security Directives pertaining to ID cards. Card readers shall incorporate PIN keypads. 4 digit minimum PIN entry capability shall be used on all card readers and validated by the ACS. 4.6.2.2. •
Biometric Readers
Biometric readers may use fingerprint, hand geometry, iris or any other biometric measurement generally accepted within the security industry.
• •
4.6.3.
Biometric readers shall validate data against a biometric template either stored in a smart card or against a central database. Biometric data retained in the smart card shall be encrypted. All biometric readers shall have the ability to verify that the measurements are being taken from a live person and not a printed copy or a copy made from some inanimate object. Reader User interface
Refers to the method the card or biometric reader uses to communicate access decisions to the card holder after an access attempt.
4.6.4.
4.6.3.1.
The device shall have indicators to inform the user that the device is ready, access request is being processed, request approved and request denied. This can be dedicated indicator lights, flashing lights or alphanumeric display. If indicator lights are used they shall use different colors for request approval and denial.
4.6.3.2.
Alphanumeric displays used in such devices shall have clearly visible displays in bright daylight conditions.
4.6.3.3.
The system shall allow the use of a duress code on the card reader keypad to inform security personnel about a forced access attempt.
Single Entry Device
Refers to the device used to control access to and from the facility. For personnel it is generally a turnstile or door and for vehicles it is a drop gate. The single entry device shall be controlled by the ACS and shall normally be in closed or locked position unless released by the ACS after a valid card or biometric read. All single entry devices shall be compliant with SEC-06 “Security Devices”. 4.6.5.
Alarm Annunciation
Refers to the displays and printers used to keep security personnel apprised of system and access request status. All devices shall be mounted in local gatehouse with the option to remotely annunciate the alarms at an external system. The system shall require acknowledgement by security personnel of each alarm. Devices used for alarm annunciation are as follows: Status Display Displays overall system map and status of each device using colors to denote system status. Display shall include status of local computers, communication links (if any), UPS, access request status. All titles shall be bi-lingual in Arabic & English. Alarm Display
Displays status of access request with configurable option to display selected events. Display shall include critical access denied messages in color. All messages shall be bi-lingual in Arabic & English. Printer Prints hardcopy, line by line, of all messages on Alarm Display. Owner shall have option to use, or not use, the printer but the function shall be provided. Printer shall continue to operate, and print required messages, regardless of communication link status. Audio Annunciation All alarm messages shall be accompanied by an audio tone that shall be audible above ambient noise in the gatehouse. A distinct audio tone shall be used when an alarm is generated due to an access attempt by a card that is marked lost, stolen, revoked, on vacation or expired. Response Time The alarm annunciation system shall respond to a valid/invalid access attempt in less then 0.5 seconds and display any alarm condition. Operation All displays shall continue to operate, and display complete system information, regardless of communication link status. 4.6.6.
Emergency Release
Refers to a physical emergency switch that will allow security personnel to initiate an emergency release of selected single entry devices when required.
4.6.7.
4.6.6.1.
Emergency Release switch shall be protected against accidental activation.
4.6.6.2.
Only selected single entry devices shall be released.
4.6.6.3.
Emergency switch activation shall be logged in ACS.
4.6.6.4.
Emergency switch shall function independently of the ACS.
4.6.6.5.
In the event of an emergency gate personnel shall be able to allow entry and exit of emergency vehicles.
4.6.6.6.
The ACS shall permit gate personnel to initiate emergency procedures to allow the free exit of facility personnel under emergency conditions. As part of these procedures the ACS shall provide the facility to update personnel access status as the actual data is collected during an emergency.
Cameras
Refers to cameras that provide gate area surveillance ability and user surveillance cameras. Area Surveillance: 1 PTZ color camera for entry side and 1 PTZ color camera for exit side.
• • •
4.6.8.
User Surveillance: The user surveillance cameras shall have the ability to record ACS users either at the card reader or after passing through the single entry device. Cameras shall have adequate wide angle ability to display a recognizable image of the user of the card reader, for a height range (of the user) of 1.3-2.2 m. The system shall have the ability to display cameras imagery locally and/or remotely as required by the Owner. All camera imagery shall be recorded in digital format as defined under Video Recording below. Video Recording
Refers to a device that will digitally record the image of all personnel requesting access. Images shall be retrievable and displayable on a computer screen. All images from cameras shall be stored and available for viewing, locally and across the network, up to 3.0 months from the date the image was taken. 4.6.9.
Date/Time Synchronization
All devices connected to the local & central ACS shall have their date/time synchronized to each other. In general, time synchronization shall be based on the date/time setting at the central ACS. 4.6.10.
Power Supply 4.6.10.1. Power supplied for the system, including computers, card readers, cameras and recording systems, shall be powered by an uninterruptible power source backed up by an emergency power generator as required by SEC-07 “Power Supply”. 4.6.10.2. In the event of a power failure to the gatehouse, turnstiles or drop gates, power shall be automatically supplied from an emergency power generator as specified in SEC-07 “Power Supply”. 4.6.10.3. Upon restoral of the main power supply the power shall revert to the main source with no User intervention. 4.6.10.4. Power supply to the ACS shall be fully compliant with SEC-07 “Power Supply”.
4.6.11.
External System Interface
Refers to the interface required for the ACS to transmit alarm data and video to an external system & receive acknowledgement of alarms from the external system. 4.6.11.1. The Owner shall ensure that the ACS supplier clearly documents the ability of the ACS to be remotely monitored. 4.6.11.2. The system shall provide the ability to transmit all system data to an external system, including video, and receive acknowledgements in a fully documented format and protocol. 4.6.11.3. The Owner may elect to use any interface format as long as all system data, including video, can be transparently sent to an external system for display and alarm acknowledgement, the interface requirements are fully defined and the interface is installed in the ACS. 4.6.11.4. All data transmitted to an external system shall use encryption to secure the data during transit over the network. 4.6.12.
Reporting Requirements
The ACS shall provide a set of reporting tools that shall allow authorized system operators and gate personnel to generate reports from data stored in the ACS database. The following pre-formatted reports shall be available for ACS personnel to generate at any time: 4.6.12.1. On-Site Report: Lists all personnel on site with details of last access point used. This report shall include contact numbers for each person. 4.6.12.2. Visitor Report: Lists all visitors to site. This report shall include, at a minimum, visitor name, organization being visited, contact person, exit / entry dates, gates used. 4.6.12.3. Card holder photographs and access records shall be available on the local system for review by gate and SCC personnel. 4.6.13.
Functional Requirements
The ACS shall have the following installed and operational capabilities: 4.6.13.1. Biometric readers installed at locations where biometric based systems are deployed. 4.6.13.2. System shall protect against tail gating. 4.6.13.3. Local anti-pass back shall be enforced by the system. This shall prevent a card holder from making an entry unless an exit has already been recorded in the system. 4.6.13.4. Local system shall continue to function with no degradation even when communication links to the central ACS are disrupted.
4.6.13.5. All User and access activities shall be stored in the system and be available for review by system personnel. 4.6.14.
Environmental
All devices mounted externally shall be sealed to a minimum standard of IEC 60529 and shall meet the environmental conditions stated in SEC-01 “Application of Security Directives”.
4.7.
Video Surveillance System (VSS)
The integrated security system shall include Closed Circuit Television System (CCTV) abilities to monitor Intruder Detection System (IDAS) perimeters, access control system (ACS) users, main gates and critical buildings and areas of the facility. The VSS shall meet the following requirements: 4.7.1.
Camera Type
All cameras shall be color cameras. The Owner may optionally augment this with a separate camera capable of multi-spectral operation such as day/night or thermal / infrared. In all cases the color camera shall be installed as the primary device. Cameras shall use either fixed type or Pan-Tilt-Zoom (PTZ) type camera mounts. PTZ cameras can be used in lieu of fixed cameras if they do not compromise the coverage area, have increased zoom and resolution capability and use a high-slew rate PTZ system. 4.7.2.
Camera Housings 4.7.2.1.
All cameras shall be installed in housings designed to protect them from the ambient environmental conditions listed in SEC-01 “Application of Security Directives”.
4.7.2.2.
The camera and its housing shall be fully certified for operation in the environmental conditions stated in SEC-01 “Application of Security Directives”. No additional cooling or fans are permitted.
4.7.2.3.
Housings shall be certified to an internationally recognized standard such as IP-66 or better.
4.7.2.4.
Power and data cables from the camera shall be installed in armored conduit to prevent tampering. Boxes used for camera power and data connections shall use tamperproof screws externally on the box and shall be placed out of easy reach. No cabling from the camera shall be visible externally and all openings into the camera housing shall be sealed.
4.7.2.5.
4.7.3.
4.7.4.
Explosive - proof camera housings shall be used when dictated by operational requirements.
Camera Placement 4.7.3.1.
Cameras shall be placed based on local topography, camera type and lens type.
4.7.3.2.
The Owner shall develop a study that defines the actual field of view of each camera/lens combination used and identifies blind spots. The study shall consider the actual focal length of the camera lens, pole height, local topography and obstructions in the camera field of view.
4.7.3.3.
The study shall identify all areas visible to the camera to at least 1km past the outer perimeter and 5-10km for longer range cameras.
4.7.3.4.
Local terrain shall be used to determine the optimal camera mounting pole height that will meet the requirements of this Security Directive.
Camera Field of View
Refers to the area displayed for any specific camera. All camera views shall overlap the views from adjacent cameras in the area of interest so that there are no blind spots along the area of interest. 4.7.5.
Camera Frame Rate
Camera frame rate shall be selectable from 1 – 30 frames per second with the option to provide 15-30 frames per second if selected by the User or when an alarm is triggered. 4.7.6.
Lighting
Compliant with SEC-04 “Security Lighting” and adequate for camera to display a clear image under all ambient light conditions. 4.7.7.
Video Recording
Refers to a device that will record a video of the cameras at all times. 4.7.7.1.
All video data shall be recorded in digital format.
4.7.7.2.
User shall be able to select any camera for full time recording if required.
4.7.7.3.
All video from cameras shall be stored and available for viewing, across the network, up to 90 days from the date the video was taken.
4.7.7.4.
4.7.8.
All recorded camera imagery shall have location & time/date displayed on the video.
Power Supply
Power supplied for the cameras, and recording system, shall be powered by an uninterruptible power source fully compliant with SEC-07 “Power Supply”. 4.7.9.
External System Interface
Refers to the technical details required to transmit video to an external system. The Owner shall ensure that the CCTV supplier clearly documents this requirement and demonstrates its viability.
4.7.10.
4.7.9.1.
The system shall provide the ability to transmit all video to an external system if so required by the Owner.
4.7.9.2.
The Owner may elect to use alternate interface formats and that are acceptable as long as all video can be transparently sent to an external system for display.
4.7.9.3.
The interface shall permit the external system to select and monitor any cameras or group of cameras.
Imagery Processing 4.7.10.1. The VSS shall process incoming video imagery from IDAS/ACS/VSS cameras against a set of rules to determine if potential risk exists in the activity being monitored. 4.7.10.2. The processing shall allow the detection of abnormal behavior such as, but not limited to, activity at a time when no activity is expected, packages left behind, entry into a restricted area or approach to a restricted area. 4.7.10.3. It shall have the ability to discriminate between human and animal intrusions. 4.7.10.4. The system analyzing the video imagery shall have the ability for the Owner to add new rules as required by local topography. 4.7.10.5. The system shall be designed to permit the incorporation of future analysis rules using a plug-in type architecture where new rules can be readily incorporated by the Owner. 4.7.10.6. It shall have the ability to accept and integrate sensor inputs from other systems into its video processing algorithms.
4.7.11.
Geo-Spatial Processing
4.7.11.1. The VSS shall be geo-spatially aware and have the ability to overlay, and relate, camera imagery to Geographical Information System (GIS) maps of the area under surveillance. 4.7.11.2. This shall require that all camera installations have geo-spatial coordinates for each location. 4.7.12.
Long-Range Surveillance 4.7.12.1. VSS systems shall have the ability to monitor the area contiguous to the facility perimeter to evaluate situations as they are developing. While facilities in developed areas will require short range monitoring, facilities in isolated areas will require longer range monitoring. 4.7.12.2. In general, facilities in open areas shall have the ability to monitor surrounding areas. While facilities in built-up areas shall have the ability to monitor areas up to 1km from the facility. 4.7.12.3. Facilities in open areas shall base the camera monitoring range on the time required to deploy a response from the nearest security post. In no event shall this be less then 1km. 4.7.12.4. Facilities shall use either radar (facilities in open areas only), thermal sensors or night vision sensors to detect activity in the monitored area. These sensors, after their output has been processed, as specified in the Imagery Processing section, shall be used by the system to automatically slew a camera to the area of interest and annunciate an alarm. 4.7.12.5. Radar shall be optimized to detect personnel and vehicle sized targets. Radars shall automatically be turned off when their radar beam emission points towards the facility being protected. 4.7.12.6. This VSS ability shall be used to complement the IDAS which monitors actual intrusion attempts at or inside the perimeter.
4.7.13.
VSS Locations 4.7.13.1. All main facilities shall have VSS compliant surveillance cameras at main gates, facility entrances, perimeter fences and critical buildings and areas of the facility. 4.7.13.2. These cameras shall be monitored remotely if so required by the Owner
4.8.
ID Management System (IDMS)
The integrated security system shall include an identification card management system to print and issue machine readable ID cards for all personnel requiring access to company facilities. The general requirements for the IDMS are as follows:
4.9.
4.8.1.
The IDMS shall produce, track and manage ID cards for issue to eligible personnel including both employees and contractors.
4.8.2.
The IDMS shall consist of local IDMS workstations at each facility with a central IDMS that shall store and retain all IDMS access data online for at least 5 years. 4.8.2.1.
The central IDMS shall be designed with full redundancy at all levels to ensure continued operation despite the failure of a single device.
4.8.2.2.
Failover, and restore, between primary and backup devices shall be automatic and shall not require any User intervention.
4.8.2.3.
All local IDMS workstation operations shall function with no loss of capability when communication links to the central IDMS are disrupted.
4.8.2.4.
All card data shall be sent to the central IDMS at regular intervals of 15 minutes or less.
4.8.3.
A minimum of two IDMS workstations shall be deployed at each local facility.
4.8.4.
Owner shall ensure that IDMS workstations are available in reasonable proximity to each plant using these identification cards.
4.8.5.
The IDMS shall provide data online to the ACS and other systems that use identification cards.
4.8.6.
ID cards and ID card management shall be fully compliant with the ID card requirements stated in this Security Directive & SEC-11 “Identification Cards”.
Computer installation in security systems All computers installed in security systems shall follow specific guidelines in order to ensure reliable operation. The requirements are as follows: 4.9.1.
Redundancy
All computers shall be installed in a redundant configuration with automatic failover from the active system to the backup system with no loss of data.
4.9.2.
Single Point of Failure
Systems shall be designed to eliminate single points of failure in critical areas. 4.9.3.
Hardware
Computer hardware and software used for security systems shall be of the latest generation available at the time of the design completion. 4.9.4.
Communications
When configured for connectivity to an external system, Systems shall employ redundant communications links, in compliance with SEC-08 “Communications”, and employ route diversity in the physical link installation to the nearest communication central office. 4.9.5.
Database
All system data pertaining to the security system shall be stored in a relational data base management system. The system storage shall be designed to ensure that all system data is available online for a minimum 24 month period, or greater. Specific periods for various systems are specified in each section. 4.9.6.
Backup
All security system data shall be backed up on a regular cycle. 4.9.7.
Storage
All computer systems shall be configured with at least 50% spare disc storage beyond expected system requirements. 4.9.8.
External Systems Interface
All security systems shall have a clearly defined, and documented, procedure for providing all system data, including video, to an external system for display and acknowledgement if required by Owner or operational requirements. This data shall be made available to the external system after full compliance with security authentication protocols. This capability shall be implemented if dictated by operational requirements. 4.9.9.
Security
All computer systems shall apply a robust array of current security tools to protect the system against unauthorized access attempts. 4.9.10.
Power Supply
Security systems shall be powered by a uninterruptible power supply, backed up by an emergency power generator, fully compliant with SEC-07 “Power Supply”. 4.9.11.
Environmental
All security system components shall be rated for the environmental conditions they are used in as specified in SEC-01 “Application of Security Directives”.
4.10. Security Systems Integration Security systems shall present an integrated view to security personnel. This does not preclude individual system installation on physically discrete computers as technology limitations may preclude the optimal solution of a single, common hardware platform for all systems. All security systems deployed in facilities shall meet the following requirements: 4.10.1.
All installations shall have the ability to present security personnel with a single interface and user environment. This will allow security personnel to manage the system from this environment without regard to the physical system distribution on different platforms.
4.10.2.
Provision of this ability requires that all such systems transparently share data across secured links and permit the integration of security data with imagery from cameras and sensor activations. This integrated environment shall be presented to security personnel across multiple displays that share common design and management techniques.
4.10.3.
Integration at a data level, as specified in this requirement, allows individual specialized management in each system’s own specialized environment.
4.10.4.
All IDAS and ACS installations can continue to install specialized system monitoring equipment as dictated by individual system requirements. This translates to a local monitoring facility for the IDAS and local displays for ACS while maintaining full external system connectivity to the integrated environment which may be at a different location or could be co-located at the same location.
4.10.5.
ISS components installed in the field shall have tamper sensors connected to the ISS that will annunciate an alarm when any attempt is made to access the component.
4.10.6.
Site Acceptance Tests (SAT) for new installations shall be conducted to verify ISS operation prior to acceptance by the Owner. The SAT procedures and documentation shall be filed and available for review.
4.11. Facility Design Requirements for housing security systems Security systems shall be housed in secured facilities that have adequate structural, electrical and environmental safeguards. These facilities shall be classified by location as follows: TYPE A:
Located within company administrative office areas.
TYPE B:
Installed at a local facility close to a gate house or other security facility.
TYPE C: Installed in the field to contain interface equipment to security system field components. Each one of these installations shall comply with the requirements stated below. 4.11.1.
All structures housing security system components shall be of cinderblock or cement construction with steel rebar reinforcements. Structure may be an independent structure or located within a building.
4.11.2.
Type A: Structures in office buildings can be located as needed as long as they comply with the remaining requirements in this section. Type B: Structures at facilities shall be located within 50m of the local gate house on the inside of the facility perimeter fence. Type C: Field structures can be placed as required by system installation requirements but shall be inside the facility perimeter fence.
4.11.3.
Ingress into this structure shall be via a steel door fully compliant with the requirements stated in SEC-09 “Doors” and use a locking system compliant with SEC-10 “Locks”. Access to these locations shall be restricted to authorized personnel.
4.11.4.
Independent structures (Type B) shall have their front door in direct line of sight to the gatehouse.
4.11.5.
Structures shall have two separate, independent air conditioning systems when air conditioning is required. A/C systems may be any combination of central and split type systems.
Window type units are specifically excluded from this application due to dust ingress concerns. 4.11.6.
All openings to the outside environment shall be sealed against dust ingress. This shall include appropriate weather stripping on all doors.
4.11.7.
The room shall be sized such that, with all equipment installed there shall be at least 1.5m clearance in all directions from the security equipment installation. Wall mounted equipment shall require this clearance in front and sides only.
4.11.8.
All power supplies for security systems shall be fully compliant with the requirements stated in SEC-07 “Power Supply”. The UPS used for the security system shall be mounted either in the same room as the equipment, or, if required by electrical codes or safety considerations, be mounted in a separate room adjacent to this room. Generators shall be housed in a structure compliant with local electrical and building codes and shall be fully compliant with SEC-07 “Power Supply”.
4.12. Security Control Center (SCC) The Security Control Center (SCC) shall house command and control systems and functions to manage and coordinate security assets and activities in an area. 4.12.1.
The structure housing this SCC shall comply with the requirements of Sections 4.11 of this Security Directive. Where possible, the SCC shall be constructed underground.
4.12.2.
No part of the SCC area shall have doors or windows leading directly to the exterior of the building.
4.12.3.
The SCC shall have raised floors, as used in computer rooms, to facilitate wiring.
4.12.4.
The SCC operator work area shall have no offices other then those required for SCC personnel.
4.12.5.
An access control system, with a video camera at the SCC door monitored inside the SCC, shall be used to manage access to the SCC.
4.12.6.
Power supply to the SCC shall be fully compliant with SEC-07 “Power Supply”. A dedicated UPS shall be provided for the SCC. Non SCC equipment shall not be connected to this UPS.
4.12.7.
Redundant air conditioning systems shall be used for the SCC.
4.12.8.
Fire detection and fire protection systems shall be installed in the SCC.
4.12.9.
Computer installations in the SCC shall comply with the requirements of Sections 4.9 of this Security Directive.
4.12.10.
The SCC shall have the ability to view and manage gates and facilities. Main gate cameras and hydraulic crash barriers shall be monitored from the SCC. The ability to manage emergency activation and deactivation of the hydraulic crash barriers from the SCC is required but implementation of this ability shall be decided by the Owner in consultation with HCIS.
4.12.11.
Integration of SCC functions shall comply with the requirements of Sections 4.10 of this Security Directive.
4.12.12.
SCC operators shall have all SCC functions available to them in a single, multi-display console. The console shall be design with a single common interface to all SCC functions. This shall allow the operator to manage and coordinate all security assets, in the area under his control, without having to access other systems. All data required for the SCC function shall be provided to the operator at this console.
4.12.13.
Personnel data and imagery shall be available to the SCC operator.
4.12.14.
All voice communications into and out of the SCC shall be recorded and maintained for 12 months.
4.12.15.
Large Screen Displays shall be used to provide a continuous overview of the status of all areas under the SCC’s control.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-06 Security Devices
Table of Contents
1.0. 1.1 1.2 1.3
ADMINISTRATION.............................................................................................................................. 3 SCOPE................................................................................................................................................... 3 APPLICATION........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ....................................................................................................................................... 5
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 6
4.1. INSPECTION DEVICES ........................................................................................................................... 6 4.1.1. X-Ray Systems ................................................................................................................................. 6 4.1.2. Explosive Vapor Detectors ............................................................................................................. 8 4.1.3. Metal Detection Archways ............................................................................................................ 10 4.2. PERSONNEL PROTECTION DEVICES .................................................................................................... 10 4.2.1. Bullet Proof Vest ........................................................................................................................... 11 4.2.2. Ballistic Protection Helmets ......................................................................................................... 11 4.2.3. Bullet-Proof Glass ........................................................................................................................ 12 4.3. BARRIER DETERRENCE....................................................................................................................... 13 4.3.1. Drop Gates.................................................................................................................................... 13 4.3.2. Turnstiles ...................................................................................................................................... 14 4.3.2. Crash Barriers .............................................................................................................................. 16
1.0.
Administration
1.1
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for security devices used at industrial facilities.
1.2
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions
HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner
Company or owner of a facility.
Shall
Indicates a mandatory requirement.
Should
Indicates a recommendation or that which is advised but not required.
ANFO
ANFO stands for ammonium nitrate/fuel oil (most often diesel fuel, sometimes kerosene or even molasses). It is by far the most widely used explosive in coal mining, quarrying, metal mining, and civil construction
Crash Barriers
Anti-Ram Crash Barriers provide a mechanism to prevent forcible ingress of a vehicle into an area. They shall be designed to handle the impact and velocity of a large vehicle and be able to absorb the kinetic energy transferred from the vehicle to the crash barrier during a high speed, forcible ingress attempt.
DNT
Dinitrotoluene or Dinitro is an explosive which is one of the precursors for trinitrotoluene (TNT), which is synthesized through three separate nitrations of toluene.
EGDN
Ethylene glycol dinitrate (EGDN), also known as nitroglycol, is a yellowish, oily explosive liquid. Due to its volatility it serves as a detection taggant in some plastic explosives such as semtex.
EVD
Explosive Vapor Detectors (EVD) provide industrial security departments with the tools to non-intrusively scan vehicles and packages for the presence of explosives. EVD’s draw air into a chamber or they use pads swiped across the object under examination. These items are analyzed for trace presence of molecule’s characteristic of explosives.
NG
Nitroguanidine is used as an explosive propellant, notably in mixture as the smokeless powder triple-base - the nitroguanidine reduces the propellant's flash and flame temperature.
PETN
PETN (pentaerythritol tetranitrate, also known as penthrite) is one of the strongest known high explosives, with a relative effectiveness factor (R.E. factor) of 1.66.
RDX
Cyclotrimethylenetrinitramine, also known as RDX, cyclonite, hexogen, and T4, is an explosive nitroamine widely used in military and industrial applications.
TNT
Trinitrotoluene (TNT) - The explosive yield of TNT is considered the standard measure of strength of bombs and other explosives.
X-Ray
X-ray systems provide industrial security departments with
the tools to non-intrusively scan and monitor the contents of packages and cargo entering restricted areas. X-ray systems use density variations as the basis of analyzing the imagery of the object being scanned.
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. ASTM A123
Standard Specification for Zinc (Hot-Dip Galvanized) Coatings on Iron and Steel Products
ASTM A514
Standard Specification for High-Yield-Strength, Quenched and Tempered Alloy Steel Plate
ASTM A517
Standard Specification for Pressure Vessel Plates, Alloy Steel, High-Strength, Quenched and Tempered
ASTM F2069-00
Standard practice for evaluation of Explosives Vapor Detectors
ASTM F792-01
2
Standard practice for evaluating the imaging performance of security x-ray systems
NIJ 0101.04
United States National Institutes of Justice - Ballistic Resistance of Personal Body Armor
NIJ 0108.01
Ballistic Resistant Protective Materials
NIJ 0601.00
Hand-Held and Walk-Through Metal Detectors Used in Concealed Weapon and Contraband Detection
PAS-68
BS PAS 68:2007, Specification for vehicle security barriers
SD-STD-02.01
US Department of State - Vehicle Crash Test of perimeter barriers and gates, Revision A
Revision A
4.0.
General Requirements
Owner shall deploy security devices needed for Inspection, Personal Protection and Barrier Deterrence.
4.1.
Inspection Devices Inspection devices shall be installed to detect any attempt to bring contraband into a protected facility through the gates and other entry points. These devices consist of, but not limited to, X-ray systems, Explosive Vapor Detectors and Metal detection archways. 4.1.1. X-Ray Systems 4.1.1.1. X-ray systems shall be designed for security inspection and shall incorporate the requirements of this Security Directive. 4.1.1.2. While these specifications are specifically for X-ray systems they do not remove the need to evaluate related operational issues of deploying additional devices such as K-9, explosive detectors, metal detectors and machine readable identification cards that can enhance the efficacy of X-ray system deployment. 4.1.1.3. All X-ray systems deployed at designated facilities shall meet the imaging performance specified in ASTM F792-01 2. 4.1.1.4. All X-ray systems shall be deployed in environmentally controlled facilities that shall meet the environmental requirements of SEC-01 “Application of Security Directives”. The operation of the air conditioning system shall be monitored and an alarm displayed if the air conditioning system fails.
4.1.1.1.
Certification
4.1.1.1.1. All deployed X-ray systems shall be certified as being fully compliant with the standards referenced in this directive. 4.1.1.1.2. Operators shall be required to use an ASTM F792-01 2 compliant test target daily to verify X-ray performance. The results of the test shall be documented, as per ASTM F792, and retained for 3 months. 4.1.1.1.3. Each x-ray system shall have certification from a nationally recognized authority as regards X-ray emission from the device
after installation. This certification shall be renewed on a yearly basis after the conducting of annual surveys. 4.1.1.1.4. As X-ray performance frequently depends on operator skills, operators using the specific X-ray model shall be trained in its performance and use. This training shall be renewed every two years. Training shall be granted by a nationally recognized authority. 4.1.1.1.5. Each X-ray System shall have the certification level in the form of a tag or label permanently affixed to the device. 4.1.1.1.6. Each X-ray System shall have the name of the manufacturer, month and year of manufacture and place of manufacture in the form of a tag or label permanently affixed to the device. 4.1.1.1.7. The X-ray units shall be repaired with parts certified by the manufacturer. Substitute parts shall only be used if approved by the manufacturer. 4.1.1.1.8. In case a repair operation is carried out or the unit is moved, the unit shall not be returned to operation until a radiation survey certifies that radiation emitted from the X-ray unit cabinet shall not exceed 0.5 milliroentgen in one hour at any point five centimeters outside the cabinet.
4.1.1.2.
Controls & Indicators
4.1.1.2.1. X-ray generation shall require the insertion of a key to grant permission to initiate the process. X-ray activation by any switch on the control panel, with the key removed, shall not be permitted. 4.1.1.2.2. The control panel shall have lights indicating unit status & X-ray emission. 4.1.1.2.3. Two independent means shall be provided to annunciate that the Xray unit is emitting X-rays. Failure of a single component shall not cause failure of both annunciators. 4.1.1.2.4. Clearly defined warning labels shall be affixed to the unit bearing the statement “CAUTION: X-RAYS PRODUCED WHEN ENERGIZED” shall be affixed in a clearly visible position. This warning shall be listed in Arabic & English. 4.1.1.2.5. The control panel shall include an emergency switch to terminate X-ray generation.
4.1.1.3.
Safety Features
4.1.1.3.1. Radiation emitted from the X-ray unit cabinet shall not exceed 0.5 milliroentgen in one hour at any point five centimeters outside the cabinet. 4.1.1.3.2. The insertion of any part of the human body through any port into the primary beam shall not be possible. 4.1.1.3.3. Each door of the X-ray unit shall have at least two safety interlocks. At least one of these interlocks shall cause the physical disconnection of the energy supply circuit to the high voltage generator. 4.1.1.3.4. Each access panel shall have at least one safety interlock. 4.1.1.3.5. Failure of any single component in the X-ray unit shall not cause failure of more then one required safety interlock. 4.1.1.3.6. A ground fault shall not result in the generation of X-rays.
4.1.1.4.
Operation Personnel operating the unit shall work for a maximum of 90 minutes. They shall then work on other activities for at least 90 minutes prior to being reassigned this task. This measure shall be put in place to ensure that the operator is fully concentrated on his task. The skill level and focus of the operator are the key elements in correct interpretation of the image.
4.1.2. Explosive Vapor Detectors Explosive Vapor Detectors (EVD) shall be designed to incorporate the requirements of this Security Directive. While these specifications are specifically for EVD’s they do not remove the need to evaluate related operational issues of deploying additional devices such as K-9, X-ray units, metal detectors and machine readable identification cards that can multiply the effectiveness of EVD’s.
4.1.2.1. All EVD’s deployed at designated facilities shall be tested according to the procedures specified in ASTM F2069-00.
4.1.2.2. All EVD’s shall be constructed of materials and components that will permit extended, continuous operation under the environmental conditions listed in SEC-01 “Application of Security Directives”. 4.1.2.3. All deployed EVD’s shall be certified, by independent, internationally recognized authorities, as being fully compliant with the standards referenced in this document. 4.1.2.4. As EVD performance depends on operator skills, operators using the specific EVD model shall be trained in its performance and use. This training shall be renewed every two years. Training shall be granted by a nationally recognized authority. 4.1.2.5. EVD’s deployed for use at industrial facilities shall meet the following performance requirements: 1.
Explosives Detected
2.
Power
3.
Maintenance
4. 5.
Environmental Calibration
6.
Sample Collection Mode
7.
Sample Collection Time
8.
Sample Analysis Time
TNT, RDX, PETN, NG, EGDN, DNT, ANFO (ammonium nitrate), double base smokeless and black powders, and common taggants such as DMDNB and mononitrotoluenes. Shall have the ability to operate with batteries and/or mains power. Routine maintenance shall be of a simple nature that can be performed by security personnel with basic training. The EVD shall be waterproof. Under calm, clear weather conditions, the EVD shall not require calibration more then once a day. The calibration shall be clearly explained in the manuals and shall be performable by the operator. It is understood that inclement weather may require frequent calibration. All target explosives can be detected using vapor collection with swipe collection as a mandatory optional mode. Less then 20 seconds nominal. Extended periods of up to 5 minutes allowed depending on sample collection method. Less then 60 seconds after sample is inserted into EVD
9.
Detection Limits
10.
Alarm Annunciation
11.
False Positives
12.
Nuisance Alarm Rate
13.
Probability of Detection
14.
Data Storage
15.
Radioactivity
Can detect 100micrograms of each target explosive in the vapor collection mode 95% of the time Audio & Visible alarm with a clear display of the explosive type detected. Less then 5% in laboratory tests Less than 1 percent when handled by security personnel who is reasonably clean but may have had recent contact with firearms and ammunition. Greater than 99 percent for a swiped fingerprint. It is assumed that the finger has been in contact with explosives. The data for the EVD’s activities over a 24 hour period can be stored in the device and printed out later when the device is connected to a computer. The system can contain a sealed radioactive ionization source with a strength of less than 50 mCi (millicuries). [3.7 x 1010 Becquerel (Bq)= 1 Ci]
4.1.3. Metal Detection Archways Metal Detection Archways shall be installed at facilities to detect any attempt to detect any metal objects being taken into a facility by personnel entering the facility. 4.1.3.1. Archways shall comply with all standards for metal detection archways listed under National Institute of Law Enforcement and Criminal Justice Standards #0601.00. 4.1.3.2. The supplier shall provide verifiable certification for compliance with this standard.
4.2.
Personnel Protection Devices Owner shall deploy bullet proof vests, ballistic protection helmets and bulletproof glass to protect security personnel at gates.
4.2.1. Bullet Proof Vest 4.2.1.1. Bullet-proof vests shall be provided to security personnel for personal protection. 4.2.1.2. This armor shall protect against 9 mm Full Metal Jacketed Round Nose (FMJ RN) bullets, with nominal masses of 8.0 g (124 gr) impacting at a minimum velocity of 427 m/s (1400 ft/s) or less, and 44 Magnum Semi Jacketed Hollow Point (SJHP) bullets, with nominal masses of 15.6 g (240 gr) impacting at a minimum velocity of 427 m/s (1400 ft/s) or less. It shall also provide protection against most handgun threats, as well as the threats mentioned in sections 2.1, 2.2, and 2.3 of the United States National Institutes of Justice Standard−0101.04, Rev A standard. 4.2.1.3. Bullet-Proof vests provided for Security Directive compliance shall comply with the performance standards for Type IIIA armor listed under the United States National Institutes of Justice Standard−0101.04, Rev A. 4.2.1.4. The vest shall be free from wrinkles, blisters, cracks or fabric tears, crazing, chipped or sharp corners and edges, or other evidence of inferior workmanship. 4.2.1.5. The manufacturer shall have on file with NIJ's CTP Office, documentation of the method(s) used to assure configuration control, uniformity of production methods, and materials traceability. 4.2.1.6. All bullet-proof vests shall have clearly affixed labels citing standards compliance in accordance with NIJ 0101.04, Rev A. 4.2.1.7. All ballistic panels shall be labeled citing standards compliance in accordance with NIJ 0101.04, Rev A. 4.2.1.8. The manufacturer shall provide certified compliance statements that demonstrate complete penetration or any designated depth measurement of Back Face Signature (depth of depression in backing material) in the backing material is less than 44 mm (1.73 in) when tested using Type IIIA type ammunition.
4.2.2. Ballistic Protection Helmets 4.2.2.1. Ballistic protection helmets shall be provided to security personnel for personal protection.
4.2.2.2. These helmets shall protect against 9 mm Full Metal Jacketed Round Nose (FMJ RN) bullets, with nominal masses of 8.0 g (124 gr) impacting at a minimum velocity of 427 m/s (1400 ft/s) or less, and 44 Magnum Semi Jacketed Hollow Point (SJHP) bullets, with nominal masses of 15.6 g (240 gr) impacting at a minimum velocity of 427 m/s (1400 ft/s) or less. It shall also provide protection against most handgun threats, as well as the threats mentioned in sections 2.1, 2.2, and 2.3 of the United States National Institutes of Justice Standard−0101.04, Rev A standard. 4.2.2.3. Bullet-Proof vests provided for Security Directive compliance shall comply with the performance standards for Type IIIA armor listed under the United States National Institutes of Justice Standard − 0101.04, Rev A. 4.2.2.4. The helmet shall have an internal foam suspension system to augment ballistic protection characteristics and increase user comfort. 4.2.2.5. All bolts used in the helmet shall be ballistically protected to the same level as the helmet shell. 4.2.2.6. The helmet shall be lightweight and designed for extended use in hot climates. 4.2.2.7. The manufacturer shall provide certified compliance statements that demonstrate complete penetration or any designated depth measurement of Back Face Signature (depth of depression in backing material) in the backing material is less than 44 mm (1.73 in) when tested using Type IIIA type ammunition.
4.2.3. Bullet-Proof Glass 4.2.3.1. Bullet-Proof glass shall be installed in gatehouses and other facilities requiring ballistic protection. 4.2.3.2. Bullet-Proof glass shall be capable of meeting the requirements of NIJ Standard 0108.01 and shall provide protection against Type III ammunition as defined in this NIJ standard. 4.2.3.3. The frame in which the bullet proof glass is installed shall be certified to the same level as the glass itself. 4.2.3.4. The supplier shall provide verifiable certification for compliance with this standard.
4.3.
Barrier Deterrence Owner shall deploy drop gates and turnstiles at gates to manage vehicular and pedestrian traffic and provide certified crash rated barriers at main gates and entrances to critical facilities.
4.3.1. Drop Gates 4.3.1.1. Drop-gates provide administrative barriers for managing vehicle traffic flow into secured facilities. These drop-gates may be manual or system operated. Where required, tangible, physical barrier capability shall be provided by deployment of a crash barrier to supplement the drop-gate. 4.3.1.2. All drop gates shall be constructed of materials and components that will permit extended, continuous operation under the environmental conditions listed in SEC-01 “Application of Security Directives”. 4.3.1.3. Drop gates shall be system operated when installed for Security Directive compliance. 4.3.1.4. Drop gates installed for Security Directive compliance shall comply with the following requirements: 1.
Housing
2.
Installation
3.
Component Mounting
4.
Component Access
5.
Manual Control
Stainless steel, hot-dipped galvanized steel, powder coated steel or aluminum painted as required by local codes. All fasteners must have corrosion protection. Shall be mounted perpendicular to the mounting surface. All components shall be mounted from inside the housing with no fasteners protruding on the outer surface of the housing. The housing shall incorporate an access door adequately sized to permit maintenance personnel to remove and replace any component. The housing shall incorporate a single, two position externally accessible switch that permits the following operational modes: UP: Drop-gate can be manually raised with no system alarm. DOWN: Drop-gate is manually lowered and placed under system control.
6.
Automatic Control
7.
Boom Configuration
8.
Boom Sensor
9.
Boom Color
10.
Boom Span
11.
Cycle Time
12.
Raise Sensor
13.
Component Rating
14.
Power Supply
Switch shall be installed in the drop-gate housing under a weatherproof cover. Shall have the ability to function completely under the control of an external access control system. Drop-gates under control of an access control system shall use a normally open or normally closed contact state change to raise and lower the drop-gate. If boom encounters an obstruction it shall immediately change direction and return to the raised or lowered position. If boom is hit by a vehicle, it shall break or disengage from its mounting. The boom shall incorporate a sensor such that if the boom is broken a normally open or normally closed contact state change shall be activated to control a crash barrier or other alarm annunciation. Boom shall be painted or taped with highvisibility, fluorescent black and yellow stripes. Boom shall span the entire roadway. Raise / Lower Boom: 1.5 seconds max Shall provide a normally open or normally closed contact state change to indicate to an external access control system that the arm has been raised. This alarm shall be suppressed when the gate is under manual control. All components shall be rated for the environmental conditions stated in the Security Directive and shall have adequate power ratings to guarantee 24 hour / 7 day a week / 365 days a year operation. Power supplied to this device shall be backed up by an emergency generator and shall fully comply with the requirements of SEC-07 “Power Supply”. Each drop gate shall be powered by an individual circuit breaker.
4.3.2. Turnstiles 4.3.2.1. Turnstiles shall be designed to incorporate the requirements of this Security Directive.
4.3.2.2. All turnstiles shall be constructed of materials and components that will permit extended, continuous operation under the environmental conditions listed in SEC-01 “Application of Security Directives”. 4.3.2.3. Turnstiles shall be system operated when installed for Security Directive compliance. 4.3.2.4. Turnstiles installed for Security Directive compliance shall comply with the following requirements: 1.
Main Body
2.
Arms
3.
Configuration
4.
Bottom Assembly
5.
Failure Modes
6.
Top Assembly
7.
Installation
8.
Manual Override
9.
Rotation Constraints
10.
Rotation Sensor
11.
User Sensor
Stainless steel, hot-dipped galvanized steel, powder coated steel or anodized aluminum. Stainless steel. Four arms at 90degrees to each other. Shields on both sides using the same material as the main body. The bottom of the main turnstile column shall use a dust and water proof thrust bearing. Entry: Fail-Lock when power is lost. Exit: Fail-Open when power is lost Easy accessibility for maintenance personnel from inside the facility. Turnstile shall be secured top and bottom to a rigid structure. Any clear zone above the turnstile shall be sealed with barbed wire. Turnstile shall have mechanical manual override key-switch for each turnstile. Keyswitch shall be switchable for entry, exit or free rotation. Only rotates in one direction if single direction model. Rotates in both directions if bi-directional model. Both modes follow failure mode constraints. Normally Open or Normally Closed contact that changes state when turnstile is rotated. Uses Pressure plate in turnstile base OR optical sensor at turnstile egress OR other sensor to positively confirm that user has actually passed through the turnstile. Sensor shall provide a normally open or normally closed contact state change to annunciate event to an external system.
12.
Auto-Lock
13.
System Interface
14.
Component Rating
15.
Power Supply
16.
Cabling
Turnstile shall auto-lock, at 90 degree position, after access is granted if the turnstile is rotated or shunt-time is exceeded. Unless Turnstile is set for free rotation, it shall not allow rotation greater then 90 degrees in any legal direction. Turnstiles under control of an access control system shall use a normally open or normally closed contact state change to unlock and lock a turnstile. All components shall have adequate power ratings to guarantee 24 hour / 7 day a week / 365 days a year operation. Power supplied to this device shall be backed up by an emergency generator and shall fully comply with the requirements of SEC-07 “Power Supply”. Each turnstile shall be powered by an individual circuit breaker. All cabling to the turnstile shall be via steel flexible conduit or steel conduits as acceptable under local electrical codes.
4.3.2. Crash Barriers Crash Barriers shall be designed to incorporate the requirements of this Security Directive. While these requirements are specifically for crash barriers they do not remove the need to evaluate related operational issues of traffic flow management, stand-off distances, building protection, terrain modifications and vehicle type restrictions that can enhance the effectiveness of Crash Barrier deployment. 4.3.2.1. All Crash Barriers deployed at industrial facilities shall either meet the K12/L3 requirements set by the latest version of US Department of State standard SD-STD-02.01, Revision A or the requirements of PAS-68. 4.3.2.2. All barriers shall be constructed of materials and components that will permit extended, continuous operation under the environmental conditions listed in SEC-01 “Application of Security Directives”. 4.3.2.3. All barrier installation shall have power supplies fully compliant with the requirements of SEC-07 “Power Supply”.
4.3.2.4. Regardless of standard requirements, the minimum deployed barrier height shall be 80cms. 4.3.2.5. All deployed crash barriers shall be certified, by independent, internationally recognized authorities, as being fully compliant with the standards referenced in this document. 4.3.2.6. The crash barrier shall be constructed of steel that complies with either ASTM 514 or ASTM 517 standards. 4.3.2.7. All steel components and fasteners shall be protected against corrosion by hot-dip galvanizing in compliance with ASTM A123. 4.3.2.8. All Crash Barriers shall have traffic light type indicators either adjacent to each Crash Barrier or above the lane in which the Crash Barrier is installed. The traffic lights shall have independent lights for barrier lowered (amber or green) and barrier deployed (red color). The lights shall change state automatically depending on barrier position. 4.3.2.9. In deployed position the Crash Barrier shall have painted markings, in high-visibility colors, facing oncoming vehicles, to advise them that the barrier is deployed. 4.3.2.10. The barrier shall be controlled by a control panel inside the gatehouse with normal raise and lower switches. The control panel shall have status lights indicating barrier deployment. 4.3.2.10.1. The control panel shall include an emergency raise switch. The switch shall have a protective mechanism to prevent accidental activation but shall permit easy activation when required. Activation of the switch shall raise all barricades at the gate. The normal raise/lower buttons shall not affect barricade operation once the emergency raise button has been activated. 4.3.2.10.2. Lowering of the barrier after emergency raise shall require activation of a key-switch or a command from a remote security control room, to lower the barrier. A single keyswitch shall control multiple barriers for clearing the emergency raise switch activation. Once the emergency switch has been re-set the normal raise/lower switches shall be reactivated.
4.3.2.11. The crash barrier shall incorporate safety features that will prevent NORMAL barrier deployment if there is a vehicle over it. This safety feature shall not affect emergency activation. 4.3.2.12. Normal Operation Raise/Lower: Emergency Raise:
3 - 5 seconds Maximum less then 1.5 seconds
4.3.2.13. The crash barriers shall be deployed using hydraulically powered mechanisms. The Hydraulic Power Unit (HPU) shall be adjacent to, or within 10m, of the actual crash barrier installation. Each HPU shall power only one barrier. The HPU shall be designed to allow at least 3 - 5 complete raise lower cycles if power to the HPU is interrupted. 4.3.2.14. The crash barrier shall have the ability to interface with external computer systems, be remotely controlled and integrate with an access control system. Implementation strategies of these options shall be decided by the Owner in consultation with HCIS. 4.3.2.14.1. The crash barrier control system shall have the ability to be remotely connected to an external computer system via a communication link. The external system shall have the ability to raise and lower the barrier including emergency raise and subsequent lower. 4.3.2.14.2. The barrier supplier shall provide clearly documented procedure, protocols and formats for external system connectivity, using the system environment, and the communication link. The level of detail provided shall be adequate to permit the Owner to develop the relevant control software on an external computer system. 4.3.2.14.3. The crash barrier control system shall have the ability to be integrated with an access control system and accept commands via normally open or normally closed contact state change from a card reader or drop-gate.
4.3.2.15. When in lowered position the crash barrier shall be able to handle the weight of vehicles passing over it with no impact on performance.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-07 Power Supply
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION................................................................................................................ 3 SCOPE..................................................................................................................................... 3 APPLICATION.......................................................................................................................... 3 CONFLICTS & DEVIATIONS ..................................................................................................... 3
2.0.
DEFINITIONS ......................................................................................................................... 3
3.0.
REFERENCES ......................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS .............................................................................................. 5
4.1. INCOMING POWER .................................................................................................................. 5 4.1.1. Primary Power Supply ...................................................................................................... 5 4.1.2. Alternate Power Supply .................................................................................................... 5 4.1.3. Automatic Power Feed Switching ..................................................................................... 5 4.1.4. Filtering & Lightning Protection ...................................................................................... 5 4.2. EMERGENCY POWER GENERATORS ........................................................................................ 6 4.3. UNINTERRUPTIBLE POWER SUPPLY (UPS) ............................................................................. 7 4.4. GROUNDING ........................................................................................................................... 8 4.5. SUPPORT................................................................................................................................. 8
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for power supply used at industrial facilities.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner:
Company or owner of a facility.
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
UPS
Uninterruptible Power Supply An uninterruptible power supply (UPS), also known as an uninterruptible power source, is a device which maintains a continuous supply of electric power to connected equipment by supplying power from batteries when utility power is not available.
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted. NFPA 70
National Fire Protection Association: National Electrical Code
IEEE 519
IEEE recommended practices and requirements for harmonic control in electrical power systems.
IEEE C62.41.1991
IEEE recommended practices on surge voltages in low-voltages AC power circuits.
NFPA 110
Standard for emergency and standby power systems
NFPA 780
Standard for installation of lightning protection systems
4.0.
General Requirements All security systems and devices shall be provided with AC power from a reliable source with backup emergency power systems as defined in this Security Directive. All power supplies used in security applications shall have main power supply alternate power sources, emergency generator and UPS backup and shall be protected against surges and sags in the incoming power circuits.
4.1.
Incoming Power 4.1.1. Primary Power Supply The primary power supply feed that supplies the security systems at the facility shall be adequately sized, and installed, to meet all requirements for operation of all security systems and components. 4.1.2. Alternate Power Supply A separate power source shall feed the UPS bypass transformer. The separate source could be separate buses of a double-ended system. If separate sources are not available, then the UPS shall be supplied from separate breakers of the same source. 4.1.3. Automatic Power Feed Switching 4.1.3.1.
The facility shall have dedicated transfer switchgear that will execute an automatic, unattended changeover to the emergency diesel generator supply within 30 seconds of the failure of the primary power supply.
4.1.3.2.
The sensing of power failures shall include sensing at the gate house and any other installed security systems.
4.1.3.3.
System shall automatically revert to the primary feed upon its restoration with no manual intervention required.
4.1.3.4.
In case of total failure of the electric power system including the UPS and disruption of system operation, the system shall restart automatically, upon resumption of the electrical power, to all previous settings that were used before the disruption of the power supply.
4.1.4. Filtering & Lightning Protection 4.1.4.1.
All incoming power shall be filtered and protected against surges, sags and harmonic variation by the deployment of surge suppressors and appropriate voltage correction devices as mandated by IEEE 519 and IEEE C62.41.1991.
4.2.
4.1.4.2.
The wiring shall incorporate protection against lighting strikes as mandated by NFPA 780.
4.1.4.3.
A single line diagram overview of the power system are shown in Figure 1, section 5.0 of this security directive.
Emergency Power Generators All facilities that deploy security systems for Security Directive compliance shall have emergency power generators installed. 4.2.1
The generator shall power security system components and facilities.
4.2.2
The generator shall be sized to power all security systems & devices, air conditioning, lighting, fence lighting and communications equipment installed at the security facility while maintaining at least 30% spare capacity.
4.2.3
The generator can be installed locally, at the facility, or at a remote location. Regardless of the location of the generator, it shall be able to sense power failure at the incoming local power supply to the security system.
4.2.4
The generator shall have dedicated transfer switchgear that will execute an automatic, unattended generator start and changeover to the generator within 20 seconds of the failure of the main local power supply. System shall automatically revert to the main feed upon its restoration with no manual intervention required.
4.2.5
The fuel tank for the generator shall have a low level alarm which shall be activated in the guard house, or security control room, when the fuel level drops to 10% of full capacity.
4.2.6
The generator shall have, as a minimum, a fuel tank sized for continuous 24 hours operation at full load.
4.2.7
The generator shall be installed in an enclosure, or building, that protects it from the environment and prevent unauthorized ingress to the generator and its controls. The structure housing the emergency generator shall not be part of the perimeter fence and shall be located at least 60m away from the fence. Generators installed near the facility shall have acoustic barriers rated to reduce the noise to an acceptable level at the nearest occupied offices. The exhaust pipes from each generator shall be fitted with a spark arrestor and shall terminate above the roof of the housing.
4.3.
Uninterruptible Power Supply (UPS) All facilities that deploy security systems for Security Directive compliance shall have dedicated UPS’s installed. 4.3.1. The UPS shall be dedicated to powering security system components and facilities. 4.3.2. The UPS shall be sized to power all security systems & devices, security system computers, interface equipment, displays, printers, card readers, and workstations. This UPS shall not power single entry devices, such as drop gates and turnstiles, or lighting. 4.3.3. The UPS shall sense any failure of input power and automatically switch to internal battery power with no impact on connected equipment which shall continue to function without interruption during the outage. UPS shall automatically revert to the input power upon its restoration with no manual intervention required. 4.3.4. The UPS shall be capable of accepting two incoming power circuits and using either one of them to power the UPS. The UPS shall switch to batteries if both incoming power circuits fail. It shall incorporate an internal static switch for changeover between incoming power and batteries and a bypass switch to allow maintenance of the system. 4.3.5. The UPS shall have installed battery capacity to power its maximum rating for four (4) hours minimum. The UPS shall be sized with 30% spare capacity over and above the actual calculated load. All batteries shall be long life valve regulated maintenance free (design life> 10 years) and specifically designed for use in UPS systems. The use of vehicle batteries is specifically prohibited. 4.3.6. Internal UPS faults shall be annunciated in the gate house, or security control center, by a remotely mounted panel and shall also be annunciated in internal security system logs. UPS shall automatically initiate a security system computer shutdown (to protect the computers) if UPS battery levels drop below the level required to power the security system. 4.3.7. The UPS shall be located adjacent to the security computer system in a separate room. 4.3.8. The UPS room shall be air conditioned to the same requirements as the security system.
4.4.
Grounding 4.4.1. All power systems that supply power to security systems or components shall ensure that the power system is properly grounded to maximize performance, reliability and safety. 4.4.2. Grounding system shall be installed to protect frame structural, fencing, electrical equipments, computer and communication system, equipment enclosure. 4.4.3. The grounding system shall be designed and constructed in accordance with NFPA-70, article 250.
4.5.
Support 4.5.1. All emergency generators shall be tested by the facility operator on the following schedule: 4.5.1.1.
Weekly startup test and fluid level check.
4.5.1.2.
Monthly full load test and power transfer switch test.
4.5.1.3.
Monthly tests shall be performed to confirm the ability of the alternate power feed to carry the full load.
4.5.1.4.
Emergency power supply components shall be maintained, and tested, as mandated by NFPA 110 figure A.8.3.1 (a).
4.5.1.5.
Any problems detected during the testing shall be rectified within 24 hours.
4.5.2. All UPS’s shall be tested once every three months for battery cell voltages and UPS function. Any problems detected during the testing shall be rectified within 24 hours.
STS MBS
NOTE: This is simplified diagram redundant equipment determined by the site: interties are not shown; specific component types are not implied in this diagram. LEGEND: AC - Alternating Current DC - Direct Current ATC - Automatic Transfer Switch BC - Battery Charger SI - Static Inverter STS - Static Transfer Switch MBS - Maintenance Bypass Switch UPS - Uninterruptible Power Supply Power Flow
FIGURE-1: SINGLE-LINE TYPICAL POWER SUPPLY
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-08 Communications
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION.............................................................................................................................. 3 SCOPE................................................................................................................................................... 3 APPLICATION........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ....................................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 5
4.1. WIRELESS COMMUNICATIONS .............................................................................................................. 5 4.2. WIRED COMMUNICATIONS ................................................................................................................... 8 4.2.1. Infrastructure .................................................................................................................................. 8 4.2.2. Hotlines ........................................................................................................................................... 9 4.3. POWER SUPPLY FOR COMMUNICATIONS EQUIPMENT ........................................................................... 9 4.4. MAINTENANCE & SUPPORT .................................................................................................................. 9
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for communications systems used at industrial facilities.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations
Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
DEFINITIONS HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner
Company or owner of a facility.
Shall
Indicates a mandatory requirement.
3.0.
Should
Indicates a recommendation or that which is advised but not required.
GIS
A geographic information system (GIS) is a system for capturing, storing, analyzing and managing data and associated attributes which are spatially referenced to the earth.
GPS
The Global Positioning System (GPS) allows small electronic receivers to determine their location (longitude, latitude, and altitude) to within a few meters using time signals transmitted along a line of sight by radio from the GPS satellites.
Base Station
A base station is a wireless communications station installed at a fixed location to communicate with field radios.
RF
Radio frequency, or RF, refers to that portion of the electromagnetic spectrum in which electromagnetic waves can be generated by alternating current which is fed to an antenna.
Hotline
A direct telephone based voice circuit that is always connected to a single, or group, of recipients and does not need dialing to connect. The act of lifting the telephone receiver shall cause the bell to ring on the other side.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted.
TIA-222-G
Structural Standard for Antenna Supporting Structures and Antennas
TIA-758-A
Customer-owned Outside Infrastructure Standard
Plant
Telecommunications
4.0.
General Requirements Communications systems used for security applications consist of wireless and wired communications. Both technologies shall be used for transfer of voice, data and video as required by local security protocols. All wired and wireless voice communications in and out of Security Control Centers shall be recorded as specified in SEC-05 “Integrated Security System”. Recorded data shall be accessible across the network to authorized personnel.
4.1.
Wireless Communications
4.1.1.
Wireless technologies shall be used to transfer voice, data and video in accordance with the security procedures and requirements of the user.
4.1.2.
All wire and wireless voice communications entering and leaving the security control center shall be recorded and kept for 12 months. The data recorded on the system must be accessible for the use by authorized personnel only.
4.1.3.
To ensure compliance with these security instructions, the High Commission for Industrial Security shall be furnished with copies of the licenses issued by the Communications and IT Commission, authorizing the owner or concerned company to import, install and use of the required radio communications equipment. Such license shall be documented in the commercial registration issued by the Ministry of Commerce.
4.1.4.
The firm supplying or installing the communications system shall supply the Owner with a formal compliance list, indicating the degree of compliance with the requirements of these security instructions. The owner shall forward such certification to the Supreme Commission for Industrial Security.
4.1.5.
The radio equipment shall not interfere with communications systems used by other security agencies. This requirement shall cover all frequencies in use and any emissions of radio frequencies from the system.
4.1.6.
The Owner shall guarantee that all radio equipments have clear coverage in its operating areas and the facilities of supervising security personnel. The owner shall provide the High Commission for Industrial Security with evidence of compliance with this requirement.
4.1.7.
All voice radio communications equipment shall have at least four channels for security, fire fighting, emergency and operations. Each company shall identify its own needs of the channels required for its operations.
4.1.8.
The radio systems shall have the capability to access other systems in case of emergencies when the user elects to. Selection of the type of emergency by the radio system shall lead to the generation of a series of distinctive audio tones which alert to the existence of an emergency.
4.1.9.
The channels dedicated to security operations shall be equipped with reliable coding criteria.
4.1.10. All radio equipment shall be addressable and capable of being formed in structural groups and the owner shall have the capability of disabling a radio from accessing a group. 4.1.11. The radio equipment shall show the identity of the calling radio equipment. 4.1.12. The hand held and portable radio equipment shall be capable of interfacing with the vehicle and sounding the horn upon receiving an incoming call or using the loud speaker installed on the vehicle as a public address system. 4.1.13. The owner shall ensure that adequate supply of portable radio systems is provided to meet routine demands and cases of emergency. Additional numbers of radio equipment shall also be made available in cases of emergency for use by external agencies that may require them to respond to an emergency. 4.1.14. The communication towers shall be surrounded by security fences in accordance with the security instructions. Such security fences shall be in full compliance with the requirements of TIA-222-G specification or other similar standards in terms of design and installations of such structures.
4.1.15. The communications system and equipment shall be tied into the main power system of the site in addition to the standby power supply system, coupled with the provision of a UPS power source of a minimum capacity of 12 hours specifically designated for the security communications equipment. 4.1.16. All radio equipment shall be approved for operation in environmental conditions specified in SEC-01. 4.1.17. All radio equipment shall be provided with lightening protection capability in accordance with internationally recognized criteria. 4.1.18. The radio equipment used for security applications shall be capable of providing multiple synchronized communications without any interference between them. 4.1.19. The radio equipment shall be selected so as to ensure absence of interference between them and the facility operating equipment. They must be explosion proof, intrinsically safe, class 1 division. 4.1.20. An alternative redundant system shall be made available in the event of failure of the main system and the system shall work around the clock with a high degree of efficiency. 4.1.21. The capability to interface the radio instruments with other communications systems, such as the paging and the public address systems shall be provided. 4.1.22. The radio equipment shall not be provided with photographic capabilities. 4.1.23. The communications range shall be within the coverage needed for the site. 4.1.24. The system shall have the capability of being used with protective clothing worn by disaster control teams in cases of emergency. 4.1.25. The system shall be capable of operating in structurally insulated buildings and in control rooms without any impact on their performance and the transmission shall be strong at all times. 4.1.26. The system and instruments shall be proofed against intruders for both incoming and outgoing calls.
4.1.27. The radio communications system shall be managed, operated and maintained by and under the supervision of the Owner. 4.1.28. The instruments shall be compatible with the other equipment which operates on specific frequencies. 4.1.29. The audio shall be clear upon receiving and transmitting the various calls and the clarity of the audio shall not be affected by any hurdles that may exist in the industrial and operation areas. 4.1.30. The capability of cancelling the instrument from the system in case of damage or loss shall be provided. 4.1.31. Local availability of services and spare parts by the supplier or agent for the useful life of the system which shall be guaranteed by the contractor implementing the project. The maintenance contractor shall be licensed to engage in this activity and the fact shall be documented in his commercial register.
4.2.
Wired Communications 4.2.1. Infrastructure 4.2.1.1. All cabling and equipment installed for compliance with this Security Directive shall comply with requirements stated in TIA-758-A. 4.2.1.2. All direct buried copper telecommunications cables shall be placed with a minimum cover of 0.60 meters. All direct buried fiber optic cables shall be placed with a minimum cover of 1.20 meters. 4.2.1.3. All cables shall have adequate levels of protection, as defined by TIA-758-A, for the environment in which they are installed. 4.2.1.4. The number of maintenance holes shall be reduced to a minimum. Maintenance holes shall comply with the requirements of TIA-758-A. 4.2.1.5. Cables that are above ground shall be placed in steel conduit. 4.2.1.6. Security applications shall always have redundant data circuits.
4.2.1.7. Redundant data circuits used for security applications shall use route diversity in their physical routing from the local security facility to the central/remote security facility. 4.2.1.8. Power supplies for radio base stations, network infrastructure routing and switching devices used for security applications shall have automatically initiated backup power as required by SEC-07 “Power Supply”. 4.2.1.9. Buildings housing network infrastructure routing and switching devices used for security applications shall have adequate levels of physical protection in the form of walls, doors, locks and air conditioning that are compliant with prevailing telecommunication standards for such structures. 4.2.1.10. The system shall have mechanisms in place to detect any attempt at tampering with the cabling and devices.
4.2.2. Hotlines Owner shall ensure the availability of hotlines at each security facility. These hotlines shall connect to local emergency services and government security agencies as required in each area.
4.3.
Power Supply for Communications Equipment 4.4.1. Power supplies for wired and wireless security communications and network infrastructure equipment shall comply with the requirements of SEC-07. 4.4.2. A dedicated UPS shall be provided for security communication equipment. This UPS shall be capable of powering security communications equipment for at least 12 hours.
4.4.
Maintenance & Support 4.4.1. Owner shall implement a documented procedure for support and maintenance of security communication systems and components. 4.4.2. Organization providing maintenance support shall be licensed for this activity which shall appear on their Commercial registration issued by the Ministry of Commerce. 4.4.3. Owner shall ensure that an adequate supply of spare parts are available to support security communications systems. 4.4.4. Owner shall provide, maintain and update the As Built drawings of communication systems used for security applications.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-09 Security Doors
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION ............................................................................................................................. 3 SCOPE ................................................................................................................................................... 3 APPLICATION ........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ...................................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 5
4.1. DOOR – EXTERIOR ................................................................................................................................ 5 4.2. DOOR - EMERGENCY EXIT .................................................................................................................... 5 4.3. COMMON REQUIREMENTS .................................................................................................................... 5 4.3.1. Structural ..................................................................................................................................... 6 4.3.2. Installation ................................................................................................................................... 6 4.3.3. Hardware ..................................................................................................................................... 6 4.3.4. Frame........................................................................................................................................... 7 4.3.5. Hinges .......................................................................................................................................... 7
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for security doors used at industrial facilities.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner:
Company or owner of a facility.
SD
Security Directives
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
FMJ
3.0.
Full Metal Jacket bullet
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each Security Directive, unless otherwise noted.
ASTM A 879/A 879M
Standard Specification for Steel Sheet, Zinc Coated by the Electrolytic Process for Applications Requiring Designation of the Coating Mass on Each Surface
ASTM F1135
Standard Specification for Cadmium or Zinc Chromate Organic Corrosion Protective Coating for Fasteners
NIJ-STD-0108.01
Bullet Resistant Protective Materials
NFPA 101
Life Safety Code
NFPA 80
Fire Doors and Other Opening Protectives
4.0.
General Requirements There are two basic types of doors that are covered by this directive. They are exterior doors and emergency exit doors.
4.1.
Door – Exterior 4.1.1. Exterior doors are defined as doors that open to the outside of the building. 4.1.2. All exterior doors shall comply with the requirements in section 4.3.
4.2.
Door - Emergency Exit 4.2.1. Emergency exit door latching mechanisms shall comply with all applicable requirements of NFPA-101. 4.2.2. Emergency Exit Doors shall swing in the direction of exit travel. 4.2.3. Emergency Exit Doors shall be clearly visible and the routes to the exits conspicuously marked. 4.2.4. A panic bar, fully compliant with the requirements of NFPA-101 shall be installed to open the door from the inside. When operated, the panic bar shall release all latching devices and allow opening of the door. A second operation shall not be required. 4.2.5. A dead locking bolt shall not be used as a part of the mechanism unless it is released and retracted, and does not prevent release of the door latch or latches, or release of the door to swing outward when pressure not to exceed 15 pounds is applied to the cross-bar in the direction of exit travel. 4.2.6. All doors closers shall be adjusted to close the door within five (5) seconds. Blast doors may be adjusted to close within fifteen (15) seconds. 4.2.7. Doors shall be kept closed and sign posted to inform all personnel to keep the doors closed at all times. Door stops shall not be installed or used to keep these doors open 4.2.8. Emergency Exit Doors shall annunciate an alarm at a manned, Owner designated location, when the door is opened. 4.2.9. All door components shall provide the same level of protection as the door. 4.2.10. Additional requirements are provided in section 4.3.
4.3.
Common Requirements
The requirements stated in this section apply to exterior doors and emergency exit doors. 4.3.1. Structural 4.3.1.1. Doors & mounting hardware shall be certified to comply with the ballistic
protection requirements of NIJ-STD-0108.1, level IIIA. 4.3.1.2. All door components shall provide the same level of protection as the
door. This includes frame, hinges and fasteners. 4.3.1.3. Steel used in the door shall be of the type, thickness and strength to meet
all applicable requirements of this specification. Steel shall be free from rust, scale, pits, buckles and other imperfections that might adversely affect the appearance or the serviceability of the finished product. 4.3.1.4. Sides, bottoms, and doors shall be not less than Number 12-gauge metal
and lined with a non-sparking material. Edges of metal covers shall overlap sides at least (25.4mm). 4.3.1.5. On an outward opening single leaf door any clearance between the lock
stile and the door frame to be covered by an external, mild steel plate, cover the lock bolt in the thrown position. 4.3.1.6. Any clearances on double leaf door shall be fitted with external and
internal mild steel strips extending the full length of the meeting stiles. 4.3.1.7. The number of doors shall be kept to the absolute minimum that is
consistent with the safety requirements of NFPA 101. 4.3.1.8. Fire protection rating of a fire door presumes that the door is installed with
the appropriate frame, hardware, and other accessories as required by NFPA 80. 4.3.1.9. Fire rated doors shall be self-closing or automatic closing.
4.3.2. Installation 4.3.2.1. Sides, bottoms, and doors shall be at least (50.8mm) of hardwood and well
braced at the corners. They shall be covered with not less than 26-gauge sheet metal. 4.3.3. Hardware 4.3.3.1. Hardware like bolts, screws, nuts, and similar shall be high-quality and
corrosion protected to ASTM F1135 or equivalent. 4.3.3.2. All steel sheet used shall be corrosion protected to ASTM A879/A879M
or equivalent.
4.3.3.3. The exposed surfaces of all face hardware shall be free of sharp edges,
burrs, pits, nicks or scratches that penetrate the protective plating or anodizing. 4.3.3.4. Door shall have the capability of installing sensors that can be tied into the
intrusion detection system specified in SEC-05 “Integrated Security System”. 4.3.4. Frame 4.3.4.1. The door frame shall be considered a part of the door for purposes of entry
resistance testing and shall afford the same security protection as that of the door. 4.3.4.2. The doorframe shall be attached to sub frames that are embedded into the
surrounding concrete walls or attached to other structural wall material. 4.3.4.3. The door shall be mounted so that there shall be not more than 3mm
clearance between the door and the door frame. 4.3.4.4. The frame shall be designed so that when attached to the wall, the wall
clamping bolts shall be exposed only on the inside of the room. 4.3.4.5. Door, frames, and keepers shall be strictly anchored and provided with
anti spread space filler reinforcement to prevent disengagement of the lock bolt by prying or jacking of the door frame. 4.3.4.6. Frames shall be fabricated from steel sheet profiled to accept door panel
and reinforced internally by ballistic sheet at applicable places. 4.3.4.7. External frames shall be set in grooves on all sides to prevent doors and
frames from being blown into the building in the event of an explosion. 4.3.4.8. Door frames shall be securely mounted to the jams using lugs or other
anchors that are welded or otherwise secured to the frame to prevent removal. 4.3.4.9. Door frames on masonry building shall be properly grouted after
installation. 4.3.5. Hinges 4.3.5.1. The hinges shall be continuously welded to the door frame and the door.
Their construction to be such as to prevent removal of the hinge pin from the outside. 4.3.5.2. Door shall be mounted to the frame by not less than three hinges, so
designed to allow the door to be opened approximately 180 degrees.
SD / Classification Cross Reference CLASSIFICATION
CLASS 1
CLASS 2
CLASS 3
CLASS 4
Exterior Door
Applicable
Applicable
N/A
N/A
Emergency Exit Door
Applicable
Applicable
Applicable
Applicable
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-10 Security Locks
Table of Contenst
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION ............................................................................................................................. 3 SCOPE ................................................................................................................................................... 3 APPLICATION ........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ...................................................................................................................................... 4
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 6
4.1. LOCK – DOOR ....................................................................................................................................... 6 4.2. LOCK; EMERGENCY EXITS.................................................................................................................... 6 4.3. PADLOCKS; PERIMETER FENCE GATES ................................................................................................. 7 4.4. KEYING SYSTEM ................................................................................................................................. 8 4.5. APPLICATION ........................................................................................................................................ 8 SD / CLASSIFICATION CROSS- REFERENCE ....................................................................................................... 9
1.0.
Administration
1.1.
Scope This Directive provides the minimum requirements for companies and establishments that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for security locks used at industrial facilities.s.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
2.0.
Definitions HCIS
High Commission for Industrial Security
Owner:
Company or owner of a facility.
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
Grand Master Key
A grand master key operates locks across multiple groups of locks. Each lock will have its own unique key that only opens that specific lock while the grand master key will unlock all of the locks in many groups of locks.
HRC
The Rockwell C-scale, for harder materials, uses a diamond cone, known as a Brale indenter and a 150kg weight to obtain a value
expressed as "HRC".
3.0.
Master Key
A Master key is designed to operate several locks within a group of locks. Each lock will have its own unique key that only opens that specific lock while the master key will unlock some or all of the locks in a group of locks.
Nm
Newton metre is the unit of moment in the SI system. It is abbreviated N m or N·m, and sometimes hyphenated newton-metre. It is a compound unit of torque corresponding to the torque from a force of one newton applied over a distance arm of one metre.
Rockwell
The Rockwell scale characterizes the indentation hardness of materials through the depth of penetration of an indenter, loaded on a material sample and compared to the penetration in some reference material.
Type 304
Type 304 (18-8) is an austenitic steel possessing a minimum of 18% chromium and 8% nickel, combined with a maximum of 0.08% carbon. It is a nonmagnetic steel which cannot be hardened by heat treatment, but instead. must be cold worked to obtain higher tensile strengths.
References
This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this Security Directive shall comply with the latest edition of the references listed in each SD, unless otherwise noted. ASTM B159
Standard Specification for Copper-Beryllium Alloy Sand Castings for General Applications
ASTM B16
Standard Specification for Free-Cutting Brass Rod, Bar and Shapes for Use in Screw Machines
ASTM B30
Standard Specification for Copper Alloys in Ingot Form
ASTM B505
Standard Specification for Copper Alloy Continuous Castings
ASTM B584
Standard Specification for Copper Alloy Sand Castings for General Applications
ASTM B633
Standard Specification for Electrodeposited Coatings of Zinc on Iron and Steel
ASTM B770
Standard Specification for Copper-Beryllium Alloy Sand
Castings for General Applications ASTM E18
Standard methods for rockwell hardness and rockwell superficial hardness of metallic materials
ASTM F883
Standard Performance Specification for Padlocks
BS EN 1303:2005:1998
Building Hardware – Cylinders for locks – Requirements and test methods
NFPA 101
Life Safety Code-2006 Edition
NFPA 80
Standard for Fire Doors and Other Opening Protectives
4.0.
General Requirements
4.1.
Lock – Door 4.1.1. Lock shall be deadlock action type lock. 4.1.2. Lock cylinder shall meet the requirements of Grade 4 of BS EN 1303. 4.1.3. Lock cylinders shall comply with the Grade 4, or higher, key related security grade requirements stated in BS EN1303. 4.1.4. Lock cylinders shall comply with the Grade 1, or higher, attack resistance grade requirements stated in BS EN1303. 4.1.5. Lock shall have a minimum five (5) effective levers. 4.1.6. Lock cylinder shall have a minimum of five pins and anti-drill insert. 4.1.7. Fixing screws shall be hidden when the door is closed 4.1.8. The lock bolt shall be made of Type 304 stainless steel or equivalent material that is corrosion resistant, and has a hardness of at least Rockwell B85. Rockwell hardness shall be defined by the methods specified in ASTM E18. 4.1.9. Lock shall be mortised into fabric of door. 4.1.10. Lock shall have a mechanical relock mechanism that will prevent retraction of the bolt if the lock cover plate is moved more than (2.54 mm) at any point from its normal operating position. 4.1.11. Protection for the extended locking bolts shall be built into the door frame. 4.1.12. Lock shall operate in a temperature range of -23.3ºC to 70.0ºC (-10ºF to 158ºF).
4.1.13. Lock shall be designed to operate in the environmental conditions specified in SEC-01 “Application of Security Directives”. 4.1.14. Dead bolt shall be not less than 1” (25 mm) throw with saw-resistant hardened steel insert. 4.1.15. Key shall be a nickel silver key or better. 4.1.16. Key shall be stamped “DO NOT DUPLICATE”. 4.1.17. Key shall not break under an applied of 2.5 Nm. 4.1.18. Pin tumbler, disc tumbler and warded locks shall not be used. 4.1.19. For double doors, sliding doors and folding doors, locks shall have hook-bolt deadlock action. 4.2.
Lock; Emergency Exits 4.2.1. Panic Bolts shall be fitted on all emergency doors. 4.2.2. Panic Bolts shall be designed to resist forcible entry attempts from the outside. 4.2.3. All emergency doors shall annunciate an alarm at a central location when operated.
4.2.4. Security deadlocks shall use an electrically secured, quick release magnetic locking device. 4.2.5. All locking hardware used on emergency doors shall meet, or exceed, the requirements of NFPA 80 and NFPA 101.
4.3.
Padlocks; Perimeter Fence Gates 4.3.1. Padlocks used for gates in perimeter fences shall comply with the requirements stated in this section. 4.3.2. Padlocks, as a minimum, shall be able to withstand the test requirements for grade 2 of ASTM F883. 4.3.3. Padlocks shall use deadlock action. 4.3.4. Case shall be uniformly case hardened steel with hardness in range of 40 to 50 on the Rockwell C scale (40-50 HRC). 4.3.5. Case shall protect shackle on three sides. 4.3.6. Shackle, case spring and attachments shall be in accordance with the following: 4.3.6.1.
The shackle shall be “U” shaped and may be either spring released or pull released.
4.3.6.2.
If shackle is made of brass or bronze – it shall comply with the requirements of any one of the following ASTM standards: ASTM B16, B30, B505, B584, or B770.
4.3.6.3.
Corrosion resistant steel, carbon steel or alloy steel may be used as required in commercial practice unless other wise specified.
4.3.6.4.
Spring shall be phosphor bronze conforming to ASTM B159.
4.3.6.5.
Steel shackle shall be uniformly case hardened and shall meet the minimum desired grade requirements as specified for Forcing Tests of ASTM F883.
4.3.6.6.
Attachment clevis shall be brass or steel with zinc electroplated coating of ASTM B633.
4.3.6.7.
Shackle should have superior resistance to cutting, sawing, drilling, hammering or being pulled away from body.
4.3.6.8.
The shackle shall be 12.7 + 0.05 - 0.254 mm diameter. The shackle shall remain securely attached when the padlock is in the unlocked, fully opened position and shall be capable of being separated from the padlock only when the padlock is disassembled.
4.3.7. Padlocks shall use a minimum five tumbler cylinder level. 4.3.8. All keys shall be captive (ie key cannot be removed) in the cylinder when unlocked.
4.3.9. Key shall rotate a minimum of 90o to engage or disengage the lock. 4.3.10. Where padlock set that have more than one (1) group, the set shall be equipped with two (2) keys per lock. 4.3.11. Key/padlock combinations shall be selected such that no key shall operate more then 1 padlock out of 50 padlocks.
4.4.
Keying Systems 4.4.1. Grand master keys shall not be permitted. Grand Master keyed means that the grand master key can open all padlocks within all groups making up the set. 4.4.2. Master keys used in locks deployed for compliance with this Security Directive shall comply with the following: 4.4.3. Master keyed means that the master key shall open all padlocks in a group, but shall not open locks of another group. 4.4.4. Padlock sets that have more than one (1) group shall be equipped with two (2) keys per lock and two master keys per group. 4.4.5. Keys shall be a nickel silver key or better. 4.4.6. Keys shall be stamped “DO NOT DUPLICATE”. 4.4.7. Keys shall not break under an applied of 2.5 Nm. 4.4.8. Master keys shall have individual serial numbers. Owner shall retain a written list of personnel who have been issued these keys.
4.5.
Application 4.5.1. Doors that use lock cylinders for compliance with this directive shall be designed so that the door frame and door are SEC-09 compliant and of similar capabilities to the lock cylinder in their resistance to forced entry. 4.5.2. Gates that requires padlocks for compliance with this directive shall have all hasps, shackles and fastening hardware hardened to the same level as the padlocks used to secure the gate.
SD / Classification Cross- Reference This section identifies how this security directive shall be applied to facilities based on classification. Classification details are available in SEC-01 “Application of Security Directives”.
Classification Lock
Lock
Padlocks
Keying
- Door
- Emergency Exit
- Gates
Systems
Class 1.
Applicable
Applicable
Applicable
Applicable
Class 2
Applicable
Applicable
Applicable
Applicable
Class 3
Not Applicable
Applicable
Applicable
Applicable
Class 4
Not Applicable
Applicable
Not Applicable
Not Applicable
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-11 Identification Cards
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION ............................................................................................................................. 3 SCOPE ................................................................................................................................................... 3 APPLICATION ........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ...................................................................................................................................... 3
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 5
4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9.
OBJECTIVES .......................................................................................................................................... 5 PHYSICAL STRUCTURE ......................................................................................................................... 5 VISUAL ELEMENTS ............................................................................................................................... 5 MACHINE READABLE ELEMENTS ......................................................................................................... 7 ENCRYPTION ........................................................................................................................................ 7 BIOMETRICS ......................................................................................................................................... 8 CARD VALIDITY ................................................................................................................................... 8 CARD MANAGEMENT ........................................................................................................................... 8 COMPLIANCE ........................................................................................................................................ 9
1.0.
Administration
2.0.
Scope This directive provides the minimum requirements for companies, and establishments, that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for identification cards.
3.0.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
4.0.
Conflicts & Deviations Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files.
5.0.
6.0.
Definitions HCIS
High Commission for Industrial Security
Owner:
Company or owner of a facility.
Shall:
Indicates a mandatory requirement.
Should:
Indicates a recommendation or that which is advised but not required.
References This directive adopts the latest edition of the references listed.
The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this SD shall comply with the latest edition of the references listed in each SD, unless otherwise noted. ANSI INCITS 358-2002
The BioAPI Specification
ANSI INCITS 398-2005
Common BioMetric Exchange Formats Framework
FIPS PUB 197
Advanced Encryption Standard (AES)
(Federal Information Processing Standards Publication)
ISO/IEC 10536
Identification cards - Contactless integrated circuit(s) cards
ISO/IEC 14443A
Identification cards — Contactless integrated circuit(s) cards — Proximity cards
ISO/IEC 15693
Identification cards Contactless integrated circuit(s) cards Vicinity cards
ISO/IEC 7810
Identification Cards – Physical Characteristics
NSA Suite B
National Security Agency Suite B Cryptography
7.0.
General Requirements
All identification cards shall comply with the requirements of the standards referenced in this document. 7.1.
Objectives 7.1.1. Identification cards are issued to individuals after proper verification of a persons identity and authorization by proper authority. 7.1.2. The identification card shall only remain valid until its expiration date. A process to revoke the validity of cards shall be provided. 7.1.3. Identification cards shall be resistant to tampering and/or counterfeiting.
8.0.
Physical Structure 4.2.1. The card feedstock shall comply with the requirements of ISO/IEC 7810, “Identification Cards – Physical Characteristics”. This standard requires a credit card sized identification card sized approximately 85mm x 54mm. All card feedstock should be certified to comply with this standard. 4.2.2. The finished card shall have all layers fused together so that removal of any layer will not be possible without damaging other layers. 4.2.3. Identification cards shall have all data directly printed on the card. 4.2.4. The card shall be protected against wear and tear by an anti-counterfeiting film. This layer shall be fused to the card surface so that any attempt at tampering will also damage the printed card. 4.2.5. The film shall provide visual cues that will authenticate the integrity of the printed card. 4.2.6. Examples of such anti-counterfeiting attributes may be a hologram or 3D imaging that interacts with the base card to produce the anti-counterfeiting attribute. 4.2.7. Data may be printed on both sides of the card. 4.2.8. While there are no restrictions on card feedstock color, it is required that the base feedstock is blank and all card details shall be printed directly on the card. 4.2.9. All data printed on the ID card shall be in Arabic & English.
9.0.
Visual Elements 4.3.1. Card visual elements shall include, at a minimum, required data fields, company logo, usage policy statement, photograph and signature. The visual attributes should be adequate to authenticate the card in lower security applications. 4.3.2. The data fields that shall be printed on all cards, are as follows: REQUIRED 4.3.2.1. 4.3.2.2. 4.3.2.3. 4.3.2.4. 4.3.2.5.
Card Type Employee, Contractor, Dependent, etc. Last Name Middle Name First Name Employee Identification Number
4.3.2.6. 4.3.2.7. 4.3.2.8. 4.3.2.9. 4.3.2.10.
Government ID # Company Name Serial Number Expiry Date Blood Type
Saudi Government ID number Contractor employees only
OPTIONAL 4.3.2.11. 4.3.2.12. 4.3.2.13. 4.3.2.14. 4.3.2.15. 4.3.2.16.
Issue Date Issue Place Date of Birth Nationality Company C.R.# Access Rights
Contractor employees only Restricted facility access only
4.3.3. All cards shall have the company logo imprinted on the front of the card. If required, additional logo’s for special cases may be imprinted on the card. 4.3.4. Employee and contractor cards shall use clearly distinguishable color in accordance with the regulations issued by HCIS for Industrial Security. 4.3.5. Identification cards in which the card holder has access to restricted facilities shall have red color in a title box that will identify the card type. Red color shall not be used in title boxes or backgrounds for any other card type. 4.3.6. Owner may use colored bars or indicators to designate general access rights for card holders with restricted area access. These general access right visual indictors may be accompanied by a printed list of all plants where access is permitted. Where the number of plants is too large to list on the back of the ID card, the Owner shall use group codes to represent groups of plants where access is permitted. 4.3.7. All cards must display the following printed statement on the back of the card: This card is the property of . Use of this card, by the cardholder, or others, for purposes other than authorized by is illegal and may subject the person to criminal prosecution under the law. If found, please contact to arrange its return to the company. 4.3.8. The minimum size required for identification card photographs is 40mm x 25mm in size and must allow card holder features to be clearly distinguished. The Owner must ensure that the pictures are clear and properly exposed. 4.3.9. The photographs must show a full face view with a plain, light colored background and must be located on the front of the identification card. Personnel must not be wearing sun glasses for any identification card photographs. 4.3.10. Where cardholder has access to restricted facilities the photograph must be taken without any head gear on. Security or government personnel may use photographs with their official head gear on to clearly distinguish them from nonsecurity or non government personnel.
4.3.11. Photographs must be directly printed on the identification card and also be retained within the identification card system database. 4.3.12. Applicants shall not wear military uniform for the identification card photograph if they are not military personnel. 4.3.13. The signature must be printed directly on the identification card and also be retained within the identification card system database. The signature shall be the official one used by the card holder within the company. 4.3.14. The card shall use some form of tamper resistance that provides visual evidence of tampering. This tamper resistance can be provided by using available technology such as, but not limited to, optical varying structures, optical varying ink, laser etching & engraving, holograms, holographic images or watermarks to validate the integrity of the card. 10.0. Machine Readable Elements 4.4.1. The card shall include machine readable elements as a mandatory requirement. 4.4.2. Machine readability shall be provided, at a minimum, by the inclusion of a ‘smart card’ chip within the card. Owner may optionally place additional machine readable elements on the card for lower security applications. 4.4.3. Mandatory machine readable elements shall comply with either ISO/IEC 14443A, ISO/IEC 10536 or ISO/IEC 15693. 4.4.4. Data available as machine readable shall include biographic data, access rights and biometric measurements (if used). This data shall be stored in encrypted format in the card. 4.4.5. If Owner decides to store access related data or logs on the card, they shall also be protected by encryption. 4.4.6. Data encrypted on card shall comply with the requirements stated in the section 4.5. 11.0. Encryption 4.5.1. Data stored in smart cards for compliance with HCIS requirements shall be protected by encryption. 4.5.2. The data encrypted on the card shall be encrypted in accordance with the methods stated in FIPS PUB 197 (US Government Federal Information Processing Standards Publication Advanced Encryption Standard [AES]) and/or NSA Suite B (US Government National Security Agency Suite B Cryptography). A key aspect of Suite B is its use of elliptic curve technology instead of classical public key technology. This approach will permit Suite B to remain current in the foreseeable future. 4.5.3. At a minimum the identification card shall store private keys and public key certificates and perform encryption operations using the private key.
4.5.4. The card shall support elliptic curve key pair generation, elliptic curve private key operations and importation of digital certificates. 4.5.5. All encryption operations using the card encryption keys shall be performed oncard. 4.5.6. The card encryption keys shall be generated on the identification card. The card shall not permit export of these keys. 12.0. Biometrics 4.6.1. Biometric data used in security systems shall comply with the requirements of ANSI INCITS 358-2002 (The BioAPI Specification) and ANSI INCITS 3982005 (Common BioMetric Exchange Formats Framework). 4.6.2. These standards are used to ensure interoperability of security systems by using the standard BioAPI interface and standard file formats for biometric data. 13.0. Card Validity 4.7.1. The validity of identification cards shall comply with the instructions regulating Industrial Security specified by “Regulations for Industrial Security for Petroleum, Industrial, and Service Companies and Establishments under the supervision of the High Commission for Industrial Security”. 4.7.2. The Owner may elect to have shorter validity then specified by the Ministerial Order referenced above. 4.7.3. Cards other than employee / dependent cards must have maximum validity limited by visa or contract expiry if the validity of these documents is shorter then the maximum validity specified by the Ministerial Order referenced above. 14.0. Card Management 4.8.1. When personnel depart on vacation, short leave or terminate their employment Owner shall disable their access to restricted facilities. 4.8.2. Owner shall provide electronic authentication card readers at all restricted facilities to verify card integrity. While access control systems provide this capability, facilities without access control shall still use card reader(s) to electronically authenticate the card locally or centrally. 4.8.3. If authentication card readers are not available at all restricted facilities then the Owner shall retrieve cards with restricted area access when the card holder goes on vacation or short leave. In this case, all ID cards for restricted access shall have a list of all access rights printed on the card to allow visual authentication. 4.8.4. Owner shall recover penalties for lost cards as specified in instructions regulating Industrial Security contained in “Regulations for Industrial Security for Petroleum, Industrial, and Service Companies and Establishments under the supervision of the High Commission for Industrial Security”.
4.8.5. All identification cards allowing restricted access shall be recovered from the cardholder upon termination of employment. 4.8.6. Owner shall design and issue new ID cards once within every 4 year cycle. These new ID cards shall comply with the requirements stated in this security directive. The new card designs shall be clearly different from the old card designs. 4.8.7. Retrieved ID cards shall be destroyed as specified in instructions regulating Industrial Security contained in “Regulations for Industrial Security for Petroleum, Industrial, and Service Companies and Establishments under the supervision of the High Commission for Industrial Security”. 4.8.8. Owners shall put procedures in-place to ensure that all identification cards provided to contractors are retrieved prior to certifying completion of a contract. 4.8.9. The holder of an identification card shall be responsible for it’s safekeeping and shall return it prior to it’s expiry date or when leaving the Kingdom of Saudi Arabia. The holder shall be issued with a unique personal identification number (PIN) which will allow entry to restricted area. 14.9.
Compliance Owner shall provide documented proof of compliance with these requirements.
KINGDOM OF SAUDI ARABIA MINISTRY OF INTERIOR HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES FOR INDUSTRIAL FACILITIES
SEC-12 Information Protection
Table of Contents
1.0. 1.1. 1.2. 1.3.
ADMINISTRATION.............................................................................................................................. 3 SCOPE................................................................................................................................................... 3 APPLICATION........................................................................................................................................ 3 CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0.
DEFINITIONS ....................................................................................................................................... 3
3.0.
REFERENCES ....................................................................................................................................... 6
4.0.
GENERAL REQUIREMENTS ............................................................................................................ 7
4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9. 4.10. 4.11. 4.12.
RISK ASSESSMENT ............................................................................................................................... 7 SECURITY POLICY ................................................................................................................................ 7 ORGANIZATION OF INFORMATION SECURITY ....................................................................................... 7 ASSET MANAGEMENT .......................................................................................................................... 8 HUMAN RESOURCES SECURITY ............................................................................................................ 8 PHYSICAL & ENVIRONMENTAL SECURITY............................................................................................ 9 COMMUNICATIONS & OPERATIONS MANAGEMENT ............................................................................. 9 ACCESS CONTROL .............................................................................................................................. 10 INFORMATION SYSTEMS DEVELOPMENT & MAINTENANCE ............................................................... 11 INFORMATION SECURITY INCIDENT MANAGEMENT ........................................................................... 11 BUSINESS CONTINUITY MANAGEMENT .............................................................................................. 11 COMPLIANCE ...................................................................................................................................... 12
1.0.
Administration
1.1.
Scope This directive provides the minimum requirements for companies, and establishments, that are subject to the supervision of the High Commission for Industrial Security (HCIS), Ministry of Interior, for information protection.
1.2.
Application This Directive is applicable to all facilities, including new projects, the expansion of existing facilities, and upgrades. For application to existing facilities, the Owner shall assess his facilities against the requirements of these Directives and coordinate with the General Secretariat of the High Commission for Industrial Security (HCIS) to comply with the Security, Safety, and Fire Protection requirements according to these Directives and add to or modify the existing facilities as required. Where the HCIS has assessed deficiencies in existing facilities during a survey, comparing the current state of the facilities to the requirements of these Directives, those identified deficiencies shall be corrected by the Owner.
1.3.
Conflicts & Deviations
Where implementation of a requirement is unsuitable or impractical, where other equivalent company or internationally recognized Standards and Codes are followed, or where any conflict exists between this Directive and other company standards and Codes, the deviations shall be resolved by the HCIS. Deviation lower than the requirements of this directive shall be listed and submitted in a report of compliance or non-compliance, with justification and reason, for each applicable requirement of these security directives, and approval shall be received from the HCIS prior to implementation. The documents shall be retained by the company in its permanent engineering files. .
2.0.
Definitions HCIS
High Commission for Industrial Security. The HCIS is part of the Ministry of the Interior. It is responsible for the development, and implementation, of security, safety and fire protection strategies Kingdom-wide.
Owner
Company or owner of a facility.
Shall
Indicates a mandatory requirement.
Should
Indicates a recommendation or that which is advised but not required.
Access Control
Restricted access to resources other than to privileged entities.
Audit Logs
Files or prints of information in chronological order that record a particular computer or system event.
Authentication
A process that establishes the origin of information, or determines an entity's identity.
Authorization
Access privileges granted to an entity; conveys an "official" sanction to perform a security function or activity.
Backup
A reserve copy of data that is stored separately from the original, for use if the original becomes lost or damaged.
Confidentiality
The property that sensitive information is not disclosed to unauthorized individuals, entities, or processes.
Control
Means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of administrative, technical, management, or legal nature NOTE: Control is also used as a synonym for safeguard or countermeasure.
Encryption
The process of obscuring information using a cryptographic algorithm to make it unreadable without special knowledge
Firewall
A piece of hardware or software which functions in a networked environment to prevent communications forbidden by security policy.
Industrial Processing Facilities Information Asset
Any processing facility such as refineries, water treatment plants, petrochemical plants,….etc.
Information Processing Facilities Information Security
Any information processing system, service or infrastructure, or the physical locations housing them
Information Security Event
An information security event is an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.
Information records that are of significant value to the organization
Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved
[ISO/IEC TR 18044:2004]
Information Security Incident
An information security incident is indicated by a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security. [ISO/IEC TR 18044:2004]
Integrity
The property that sensitive data have not been modified or deleted in an unauthorized and undetected manner.
ISA
“The Instrumentation, Systems, and Automation Society”. ISA is a leading, global, nonprofit organization that sets standards for automation.
Password
A form of secret authentication data that is used to control access to a resource.
Policy
Overall intention and direction as formally expressed by management
Risk
Combination of the probability of an event and its consequence. [ISO/IEC Guide 73:2002]
Risk Analysis
Systematic use of information to identify sources and to estimate the risk. [ISO/IEC Guide 73:2002]
Risk Assessment
Overall process of risk analysis and risk evaluation. Risk Assessment is a methodology to identify and quantify risks to ensure that these risks can be minimized to an acceptable level. [ISO/IEC Guide 73:2002]
Risk Evaluation
Process of comparing the estimated risk against given risk criteria to determine the significance of the risk. [ISO/IEC Guide 73:2002]
Risk Management
Coordinated activities to direct and control an organization with regard to risk NOTE: Risk management typically includes risk assessment, risk treatment, risk acceptance and risk communication. [ISO/IEC Guide 73:2002]
Risk Treatment
Process of selection and implementation of measures to modify risk. [ISO/IEC Guide 73:2002]
Third Party
The person or body that is recognized as being independent of
the parties involved, as concerns the issue in question. [ISO/IEC Guide 2:1996] Threat
A potential cause of an unwanted incident, which may result in harm to a system or organization. [ISO/IEC 13335-1:2004]
Vulnerability
A weakness of an asset or group of assets that can be exploited by one or more threats. [ISO/IEC 13335-1:2004]
3.0.
References This directive adopts the latest edition of the references listed. The selection of material and equipment, and the design, construction, maintenance, operation and repair of equipment and facilities covered by this SD shall comply with the latest edition of the references listed in each SD, unless otherwise noted.
COBIT
Control Objectives for Information and related Technologies
ISA-TR99.00.01-2004
ISA Technical report: Security Manufacturing and Control Systems
ISA-TR99.00.02-2004
ISA Technical report: Integrating Electronic Security into the Manufacturing and Control Systems Environment
ISO/IEC 17799:2005
Information Technology; Code of Practice for Information Security Management
ISO/IEC TR 13335
Information Technology; Guidelines for the management of IT Security
Technologies
for
SANS Security SysAdmin, Audit, Network, Security Institute Policies HIPAA 1996 Health Insurance Portability and Accountability Act of 1996 NIST Guidelines Series)
Security National Institute of Standards & Technology/Computer (800 Security Resource Center
Canadian Government Security Policy, February 1, 2002
4.0.
General Requirements
4.1.
Risk Assessment
4.2.
4.1.1.
Risk Assessments shall be performed for critical information systems or facilities.
4.1.2.
The scope of the Risk Assessment shall cover all security related security systems that are deployed by the Owner and may either be the whole organization, an individual information system, specific system component(s), or service(s) where this is practical, realistic, and helpful to protect the organization’s valuable information assets and Information Processing Facilities
Security Policy
4.2.1.
Owner shall set clear direction to protect critical information assets through the issue and maintenance of an information security policy across the organization.
4.2.2.
Facilities that have substantial manpower or resources shall formulate and implement information security policies, as deemed appropriate, in line with current best practices and in compliance with this document. Reference - National Institute of Standards & Technology (NIST), SysAdmin, Audit, Network, Security Institute (SANS)
4.3.
4.2.3.
Information security policies shall be reviewed, either at planned intervals or when significant changes occur, to ensure their suitability and effectiveness.
4.2.4.
All employees and contractors shall be required to sign an undertaking not reveal any information related to the company.
4.2.5.
All documents, drawings, computer data, etc. shall remain the property of the company and may not be removed without express permission of the company.
Organization of Information Security
4.4.
4.5.
4.3.1.
A Management framework for information security shall be established to manage information security effectively within an organization. This may include appointing a Chief Information Officer and constructing information security responsibilities e.g. awareness, policy implementation, risk management and compliance monitoring and others as deemed necessary.
4.3.2.
Clear roles and responsibilities of information owners, users and information security Managers shall be established and documented to ensure effective information security implementation within the organization
Asset Management
4.4.1.
Information assets shall have owners, as applicable, who are responsible for the protection of their assets. Implementation of controls may be delegated by the owner as appropriate.
4.4.2.
An Information Classification Policy shall be defined to classify information assets according to a structure that is used to ensure special protection and handling measures for sensitive information.
4.4.3.
Owner shall maintain an inventory of all important assets.
Human Resources Security 4.5.1.
Security roles and responsibilities of employees, contractors and third party users shall be defined and documented in accordance with the organization’s information security policy.
4.5.2.
Employees, contractors and third party users shall sign an agreement or statement of understanding on their use of information assets and facilities.
4.5.3.
An information security awareness program shall be established to ensure adequate level of awareness in security procedures by concerned employees, contractors and third party users.
4.5.4.
Procedures shall be in place to ensure that employees, contractors, or third party user’s exit from the organization is managed, including the return of all company equipment and the removal of their access rights.
4.6.
4.7.
Physical & Environmental Security 4.6.1.
Critical or sensitive information processing facilities shall be housed in secure areas and protected by defined security perimeters with appropriate security barriers. They shall be physically protected from unauthorized access, damage and interference.
4.6.2.
Computer and Communication secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
4.6.3.
Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster shall be designed and applied where the sensitivity of the Computer and Communication facility justify it.
4.6.4.
Equipment shall be sited or protected to reduce the risks from environmental threats, hazards, or unauthorized access.
4.6.5.
Procedures shall be established to ensure that sensitive data on electronic storage media are removed or securely overwritten prior to media disposal.
4.6.6.
Organization’s computer and communication equipment, sensitive information or licensed software shall not be taken off-site without prior authorization.
4.6.7.
Procedures shall be in place to ensure that electronic storage media are disposed off properly when no longer needed.
4.6.8.
Organizations shall use automated entrance control systems, TV Camera systems (CCTV), and/or intruder detection systems, where applicable, to secure Computer and Communication facilities from unauthorized access.
Communications & Operations Management
4.7.1.
Operating procedures shall be documented, maintained, and made available to all users who need them.
4.7.2.
Responsibilities for the operation of information processing facilities shall be established.
4.7.3.
Segregation of duties shall be implemented, where appropriate, to reduce the risk of negligent or deliberate systems misuse.
4.7.4.
Changes to information processing facilities and systems should be controlled. These include formal approval for changes to critical systems and planning and testing of changes.
4.7.5.
Detection, prevention, and recovery controls to protect against malicious code shall be implemented as feasible. Examples are anti-virus and security patching of systems.
4.8.
4.7.6.
Back-up copies of information and software shall be taken and tested regularly in accordance with the company backup policy.
4.7.7.
Appropriate user awareness to control the threats from malicious code shall be implemented as needed.
4.7.8.
Company computer networks, systems and applications shall be protected from unauthorized access.
4.7.9.
Classified Information involved in electronic messaging, or electronic commerce services, shall be protected as required.
4.7.10.
Audit logs that record user activities, exceptions, and information security events shall be produced and protected from unauthorized access and reviewed on an ongoing basis.
4.7.11.
Audit logs shall be kept for an agreed period to assist in future reviews, access control monitoring and possible forensic investigations. The retention period for audit logs shall be long enough for operational, legal or disaster recovery purposes.
4.7.12.
All high and medium-critical or sensitive, manufacturing and control networks shall be firewalled or disconnected from any external networks (site, corporate, and/or public networks). All high and medium risk company networks should also be firewalled from the Internet or public networks.
4.7.13.
Sensitive data traveling over the public networks, outside the manufacturing and control network shall be encrypted as applicable.
4.7.14.
Operating systems, databases, network devices, firewalls etc shall be security hardened according to vendor guidelines or internally documented technical standards.
Access Control 4.8.1.
Access to the organization’s information and information processing facilities shall be controlled on the basis of organization’s business requirements.
4.8.2.
Procedures shall be in place to control user registration, de-registration when no longer required, and the allocation of access rights and privileges.
4.8.3.
The allocation of user ids/passwords, and/or other technologies used for identification and authentication purposes such as biometrics, finger–print verification, signature verification, and hardware tokens such as smart cards, etc. shall be managed and controlled through a formal management processes.
4.8.4.
Users shall have unique User IDs/Passwords, or other identification methods, to ensure their proper identification and authentication to access data and computer systems.
4.9.
4.10.
4.11.
4.8.5.
User access rights shall be reviewed, as needed, to maintain effective control over access to data and information services.
4.8.6.
Users shall be made aware of their responsibilities for maintaining effective access control, especially regarding the use of passwords and the security of user-assigned equipment.
4.8.7.
Appropriate authentication methods shall be used to control access by remote users.
Information Systems Development & Maintenance 4.9.1.
Appropriate controls shall be designed into applications to prevent errors, loss or unauthorized modification. These include input/output data validation, segregation of duties and access control.
4.9.2.
Security requirements shall be identified, documented and agreed to, prior to the implementation of Information systems to ensure they incorporate appropriate controls.
4.9.3.
Business application software in development shall be kept strictly separate from production application software. If existing facilities permit it, this separation must be achieved via physically separate computer systems. When computing facilities do not allow this, separate directories or libraries with strictly enforced access controls should be employed.
4.9.4.
Business application software development staff should not be permitted to access production information, with the exception of the production information relevant to the particular application software on which they are currently working. If the information is non-sensitive they can be granted read access and the developer should only be assigned a temporary ID or temporary access for the duration of the work.
Information Security Incident Management 4.10.1.
Responsibilities and procedures shall be in place to monitor information security incidents within the organization.
4.10.2.
Responsibilities and procedures shall be in place to report promptly and resolve information security incidents within the organization.
Business Continuity Management
4.12.
4.11.1.
A Business Continuity Plan for the organization’s critical information systems shall be developed, implemented, tested periodically and maintained to ensure the continuity of essential business operations, in the event of natural or man-made disasters, accidents, sabotage, malicious code, virus, and equipment failures.
4.11.2.
Procedures shall be established to implement the needed information backup for operational and business continuity requirements.
Compliance 4.12.1
Processes shall be established to ensure that the design, operation, and use of information systems comply with this document and internal policies of the organization.
4.12.2
Organizations shall perform regular reviews of Information systems to ensure compliance with defined security policies and procedures.