Professional Documents
Culture Documents
Guidelines
OMV-EP Guidelines
Security
HSEQ-HQ-06-10-00
Contents
5. Procedure ........................................................................................................... 9
5.1 Country Briefing Notes 9
5.2 Personal Conduct 10
General...................................................................................................................10
Preparation and Planning .......................................................................................11
5.3 Facilities 12
Security Risk Assessment ......................................................................................12
Design, Installation and Maintenance.....................................................................12
Perimeter Security ..................................................................................................13
Access Control .......................................................................................................15
Internal Physical Security .......................................................................................15
Security Guards......................................................................................................15
‘Key’ Controls .........................................................................................................16
Ships and Ports ......................................................................................................16
Information Security................................................................................................17
Emergency Response (ER)....................................................................................18
Training and Briefings.............................................................................................18
Audit .......................................................................................................................19
The following business areas and risks are excluded from the standard and this guideline:
Fraud
Mine fields and unexploded ordnance
Fire
IT security
Reference to OMV in these guidelines means OMV E&P, its subsidiaries and contractors.
This document lists security guidance in Section 5.0 and has three main sections:
Country briefing notes – to ensure all persons working in the country (but especially
targeted at visitors and expatriates) are aware of basic information to minimise
settling-in problems and ensure a quick familiarisation with the country
Personal conduct – to ensure individuals can pro-actively avoid problems and
understand what to do when involved in a security incident.
Facilities – to ensure each venture has carried out an overall facility specific security
risk assessment and then evaluates credible scenarios to confirm in more detail how
effective their controls are.
The most common security threat we face is crime. Terrorism and armed insurrection are
real threats, but the probability of being its victims is small compared to crime. Appendix A
contains comprehensive guidance on personal security most of which is focused on reducing
the likelihood that individuals will become victims of crime.
Appendix B provides a security risk assessment methodology. All facilities are required to
have a security risk assessment. Each facility is assessed individually and this allows an
optimisation of risk management alternatives.
Measures to control risks are usually a combination of systems and procedures, and
‘hardware’ solutions (e.g. fences, floodlights, alarms). Hardware solutions will, in most case
be purchased from companies specialising in these products. However, for high-risk
There may be situations were facilities are not owned by OMV. For example, offices and
expatriate accommodation are often leased/rented and shared with other tenants. It is
important that a security risk assessment is completed before entering into a contract to
ensure that the right level of security is negotiated into the terms and conditions. For existing
contracts, the same principles apply and line managers are advised to carryout a full risk
assessment and, where necessary, renegotiate the contracts.
2. CROSS REFERENCES
Security Standard, EP-HSEQ document no HSEQ-HQ-06-09 latest revision
Security Forces, EP-HSEQ document no HSEQ-HQ-06-05 latest revision
International Ship and Port Facility Security Code and SOLAS Amendments 2002, ISBN
9280151495, published by International Maritime Organisation 2003
Guidelines for analysing and managing the security vulnerabilities of fixed chemical sites,
ISBN 081690877X, published by American Institute of Chemical Engineers 2002
3. MANAGEMENT RESPONSIBILITIES
Line managers are responsible for implementing these guidelines.
4. DEFINITIONS
Facilities
For the purpose of this standard a facility can mean any of the following:
Residential accommodation1 used by OMV employees, contractors and their friends
and families
Site accommodation
Office accommodation
Warehouse or storage area
Air landing strips and heliports
Aircraft hangers and vehicle garages
Geophysical survey camps
Drilling and well sites
Production or processing plants including gathering stations
Water/effluent treatment plants
Pipelines
Offshore platforms (fixed or mobile) including storage vessels
1
This applies to expatriates who are seconded overseas.
Adversary
Adversary - the collective name to describe criminals and terrorists. They are persons who
intend to cause harm. Adversaries may be categorised as originating from three general
areas:
Insiders
Outsiders
Insiders working in collusion with outsiders
Criminal – person(s) who engage in illegal activities for personnel gain or satisfaction.
For example: robbery, assault, product theft from pipeline/storage, vandalism.
Terrorist – person(s) with extreme religious, ethnic, political or social agendas who use
force or violence to achieve their objectives. For example: bombs, hijack, hostage taking,
disruption to operations.
Attractiveness of Target
Not all targets are of equal value to adversaries. Attractiveness of target (AT) is an estimate
of the real or perceived value of a target to an adversary based on such factors as shown in
Table 1 below:
Table No 1
Attractiveness of target (AT) is the most important predictor of security risk. It can be used at
an early stage to screen and risk-rank facilities.
Security Risk
The broad definition2 of HSE risk is:
The product of the chance that a specified undesirable event will occur and the severity
of the consequences of the event
The consequences of the event are usually described in terms of the impact on people,
environment, assets or reputation. In general, this HSE definition is applicable to security
risk.
Although security risk is similar to HSE risk, it does differ in a number significant ways. This
difference is important for the management of risk and the evaluation of security systems.
The differences are as follows:
The initiating event for an HSE risk is accidental (but considered preventable)
HSE risks can be calculated numerically using historical databases based on
structured incident records, maintenance data, component reliability testing/history
and consequence modelling. There is no established methodology for quantifying
security risk
Security incidents are intentional, and not accidental
Security risks may have consequences not directly linked to the original initiating
event. For example, theft of ammunition, toxic chemicals or radioactive sources may
be carried out for use at a later date
The consequences of security risks from terrorists is primarily connected to
maximising publicity, media attention or shock value. This is done through the
surrogate ‘success’ measures of HSE risk impacts of injury to persons, environment,
asset loss and reputation
The victims of security risks may or may not be involved in any way with the agenda
of the adversaries and are almost always innocent victims. They may also be third
parties
Security risks are characterised by the attractiveness of the target as a leading risk
indicator. This is analogous to the likelihood (or chance) that an event will occur in the
definition of HSE risk.
2
From Guidelines for the Development and Application of Health, Safety and Environmental
Management Systems, published by E&P Forum (now OGP) July 1994, Report No 6.36/210
Exploration & Production, HSEQ, Vienna Page 8 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
5. PROCEDURE
5.1 Country Briefing Notes
Each Venture shall prepare and keep updated a set of country briefing notes that are readily
available for any visitor to that country before the person travels. The briefing notes shall
contain, as a minimum, the following information:
1. The time zone relative to GMT and if daylight saving time is in operation
2. Business and banking hours
3. Brief guide to telephone services
4. Emergency telephone numbers – police, fire, ambulance
5. Emergency contact numbers and names for the in-country venture
6. Addresses and telephone numbers for offices/sites and any ‘safe havens’
7. Embassy or consulate representation for the nationality of the visitor
8. Details of the in-country person tracking register (if relevant) – details of how to
access and register a person
9. Prohibited items – articles that cannot be brought into (or taken out of) the
country, or are not permitted without the appropriate licence or documentation
10. Food and drink – advice on drinking water purity and potential food risks
11. Currency – recommended currency to bring, acceptance of credit cards and
availability of automated cash machines or other sources of cash
12. Detail the main language(s) spoken
13. Brief details of the weather/climate
14. Religions – list the main religions in the country
15. Potential targets for discrimination because of: nationality, race, colour, religion,
ethnic group
16. Women and society – give information on how women are expected to dress and
appropriate cultural information of particular interest to women in general. Include
any special security and safety information for women travellers.
17. Transportation – describe road, rail and air travel and give guidance on safe
travel
18. Explain arrangements for meeting visitors at the airport including back up if one
party is delayed
19. Any special country specific information, such as: common crimes, areas to
avoid, restrictions on photography, natural phenomena (e.g. earthquakes, tropical
storms), hazardous fauna (e.g. scorpions, snakes), prevalence of health risks
(e.g. rabies, HIV AIDS), electrical supply and connection details for portable
equipment (e.g. mobile phones, laptops)
20. Who is responsible (with contact details) for updating and developing the country
briefing notes – this will help ensure that they are up to date and feedback can be
used to improve the notes
Exploration & Production, HSEQ, Vienna Page 9 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
This guidance is primarily targeted at people travelling outside their home countries.
However, many of the issues will be relevant to security when in their normal country of
residence.
General
Personal security is primarily concerned with protection from criminal and terrorist activities.
Whilst physical threats and thefts may be the highest priority, more subtle threats can occur if
a person is involved in compromising or illegal activities, or is just too careless and trusting.
This can leave vulnerable employees open to arrest, blackmail or corruption, or as a
minimum, damage the reputation of the company. Guidelines to minimise these risks are:
3
CRG is an international specialist business risk consultancy that prepares and regularly updates
country and city security risk profiles. OMV subscribes to their online business service.
4
Log-in and password details change periodically, hence, they are not detailed in this standard
Exploration & Production, HSEQ, Vienna Page 10 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
Keep a copy of ‘country briefing notes’ – see previous section – with your carry on
baggage. Read the notes as part of your preparation and ask questions about
anything you are not sure about. If required, contact the country HSEQ representative
(or Security Advisor if available) who can arrange a security briefing.
Carry out some personal research into the country you are visiting. Use the CRG
website to get more information or purchase a guide/phrase book.
5.3 Facilities
These facilities guidelines represent a ‘menu’ of risk control measures. However, each
individual facility shall implement the appropriate security measures based on the results
from the risk assessment. Additional specialised guidance covering aviation operations is
given in Appendix C.
The risk assessment should normally be done in two stages. First, a facility based
assessment that calculates the Security Risk Level as an overall risk. Second, a
scenario based assessment that goes into more detail. The scenario-based
assessments may cause a re-evaluation of the overall facility based assessment.
The risk assessment shall be documented and carried out by a dedicated risk
assessment team in accordance with the generic methodology detailed in Appendix
B. For new facilities the assessment shall be carried out before entering into any
binding contracts. In particular, at this early stage it is possible to optimise the
location, design and layout of the facility. This can make a major contribution to cost-
effective risk reduction.
5
Levels of risk are defined in Appendix B using the security risk level
Exploration & Production, HSEQ, Vienna Page 12 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
security clearance for the specific system. Information on the systems that could be
of benefit to an adversary shall be strictly controlled. Factors to be considered:
Perimeter Security
Each facility shall have perimeter security to prevent intrusion by unauthorised
persons by land or sea, as appropriate. Perimeter security is the outer layer of a
physical barrier. The layers are (1) the grounds around the facility (2) the perimeter of
buildings (3) Interior rooms/areas within buildings, and (4) contents. Figure 1 below
illustrates these four lines of protection.
Space/area protection
Object protection
Physical barriers are important and rarely, if ever, prevent penetration. Fences can be
climbed, walls can be scaled, and a determined adversary can eventually bypass
locked doors and windows. They can deter and delay, and have to be used with other
systems of security to be effective.
Physical barriers against unauthorised access, e.g. fences, razor wire, outer
raised earth mound as a barrier to small arms fire
Adequate external lighting around the perimeter and on the approaches to the
site
Uniformed and patrolling security guards
Video surveillance cameras and intruder alarm systems
Video surveillance cameras and intruder alarm systems are to be monitored
by trained staff who have been provided with comprehensive procedures on
the actions to be taken if they detect intruders
The clearance of trees and bushes that could provide hiding places for
intruders or could obstruct the view of guards covering the area around the
site
Where there is a risk of suicide bomb or ram attack, measures such as
concrete-block chicanes, retractable barriers or armed-guard reinforced
guardhouses should be installed on the approach road(s)
Locating car parks within the perimeter with video surveillance cameras or
regular patrols, particularly where there are parking spaces reserved for senior
executives who could be targeted
In high risk countries using covert surveillance personnel (e.g. disguised as
gardeners, maintenance personnel, etc) watching for anything unusual or
suspicious
Access Control
Each facility shall have systems and procedures to ensure that only authorised
persons can enter the facility.
Security Guards
At those facilities where security guards are used, measures shall be taken to ensure
they are vetted, trained and properly controlled. Where guards are armed, they shall
comply with OMV commitment to human rights as detailed in Security Forces, EP-
HSEQ document no HSEQ-HQ-06-05 latest revision. Guards may be contracted
directly by OMV or included in the contract package for facilities rented/leased by
6
Emergency exits must be capable of being opened without keys in the direction of escape
Exploration & Production, HSEQ, Vienna Page 15 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
OMV. Whatever the commercial arrangement OMV should use these guidelines to
ensure that the risks are being properly managed.
‘Key’ Controls
Each facility shall have procedures and secure key7 storage to ensure that only
authorised persons have keys for access to external entrances/exits and sensitive
areas.
Measures are to be taken to ensure that keys to external doors, sensitive
areas and safes/security furniture are issued only to authorised persons
Keys must be adequately safeguarded and accounted for when not in use
Procedures shall be in place to replace locks or recode electronic access
software immediately a key is lost, cannot be accounted for or there is a
possibility that an unauthorised copy exists
Consider replacing critical locks/security codes on a regular basis
7
A ‘key’ can be a mechanical piece of equipment or any item with an electronic interface, e.g. swipe
cards, personal identification numbers (PIN), biometric devices
8
International Ship and Port Facility Security Code and SOLAS Amendments 2002, reference ISBN
9280151495, published by International Maritime Organisation 2003
Exploration & Production, HSEQ, Vienna Page 16 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
In essence, the Code takes the approach that ensuring the security of ships and port
facilities is a risk management activity and that to determine what security measures
are appropriate, an assessment of the risks must be made in each particular case.
The purpose of the Code is to provide a standardized, consistent framework for
evaluating and controlling risk.
The Code requires cargo ships over 500 tonne and MODUs9 to be certified for use in
international waters to comply with the following:
A designated individual of the shipping company to be responsible for
developing a security program
A risk based analysis of the security threats to each ship
A ship specific security plan
A designated individual on each ship who is responsible for ensuring the
security plan is implemented and is the primary point of contact between the
ship and the Port Facility Security Officer at each port facility the ship uses
In addition the requirements for ships and for port facilities include:
Monitoring and controlling access
Monitoring the activities of people and cargo
Ensuring security communications are readily available
The Code gives very detailed information about what is required to managing ship
and port facility risks. A security specialist with expertise in this area will be able to
provide further guidance.
Information Security
Each facility shall have safeguards and procedures to ensure that sensitive OMV and
partner documents/information cannot be accessed or viewed by unauthorised
persons. Typical controls may include:
9
MODU = Mobile offshore drilling unit
Exploration & Production, HSEQ, Vienna Page 17 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
For most facilities there should be in place emergency response plans (ERP) that are
based around HSE incident scenarios. In general security incidents scenarios will be
integrated into an overall facility ERP. Specific security incidents that should be
considered (based on the facility risk assessment) for inclusion in the ERP are as
follows:
Bomb threats
Suspect vehicles, mail, packages or other items
Explosions/fires
Assault with or without weapons (e.g. gun, knife)
Intruders
Suicide attack
Hostage situations
Siege situations
Kidnap and ransom
Major protests and demonstrations against OMV
Persons working on the facility who have been made aware of the risks and are
constantly vigilant are an important defence against security incidents. Briefings
should be organised for all new starts and personnel with specific security
responsibilities shall be properly trained and regularly assessed to ensure continuing
effectiveness. Mock exercises should be scheduled to test both people and
equipment. After an exercise or security incident a formal review of the response
shall be carried out to improve, where possible, the management of security.
Audit
Each facility shall have their security risk assessments and security control systems
audited by an independent10 expert security consultant periodically – annually for
high/extreme risk facilities and every two years for medium/low risk facilities.
Temporary or short-term facilities (e.g. geophysical survey camps, drill sites,
construction camps) should be audited immediately before significant activities
commence in high/extreme risk situations, and, at the discretion of the country
General Manager, in low/medium risk situations.
A single person can audit small or low risk facilities. A team with a mix of skills and
experience should audit larger and higher risk facilities. The composition of the team
would be similar to the security risk assessment team, refer Appendix B.
All auditors shall be trained. Actions arising from an audit shall be tracked until
satisfactory close-out
6. RECORD OF REVISIONS
None
10
EP-HSEQ will provide an approved list of consultants
Exploration & Production, HSEQ, Vienna Page 19 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
Driving
Plan your journey: check the weather forecast, keep maps in the car in case of
detours, ensure car is regularly serviced and has sufficient fuel
Travel with a fully charged mobile telephone, keep an emergency kit for breakdowns,
have identification and have contact numbers to arrange rescue
If you do breakdown and someone stops to help, do not get out of the car unless you
know them or it is the police. Ask the person offering assistance to stop at the nearest
service station and report your problem
When in your car, always keep the doors locked and windows closed. Be aware the
most likely time when you will be at risk is when your vehicle is stopped or your speed
is significantly reduced. Typically this will be at stop lights, stop signs, ‘give way’
junctions, accident sites, police/military checkpoints and road works. Be aware -
sometimes these stops are staged by criminals/terrorists as deliberate traps
Avoid driving through religious processions, political demonstrations or crowds in
general
When you stop leave ample manoeuvring space between you and the vehicle in front
of you. If suspicious persons approach you, do not roll down the window, but drive
away quickly
If you are trapped on the road or in a parking area and in trouble, keep the car locked,
and blow the horn to alert others
If you are followed or harassed by another driver do not stop. Never lead the person
back to your home. Instead, try to find a police station, hotel or public facility. Once
you find a place of safety, do not worry about using a legal parking space. Park as
close as you can and get inside the building fast
If a car ‘bumps‘ into you, be aware this may be a contrived accident. If you are
suspicious, do not stop to exchange information but drive to the nearest service
station or public place to call the police
Never pick up hitchhikers or give lifts to strangers
If involved in a car hijack, comply with any requests and keep your hands visible to
minimise any misunderstandings
Hotels
General requirements when selecting a secure hotel room:
Ask the OMV in-country Venture for a list of recommended hotels or if not available,
use this guideline to specify your requirements with the OMV corporate travel agency
For travel to countries where OMV does not have a base, consult the Control Risks
Group website (refer Section 5.2 above) to establish the risk profile and use this
guideline to specify your requirements with the OMV corporate travel agency
If possible try to get a room between the second and sixth floors. Ground and first
floors generally may be more vulnerable to unauthorised entry. Floors above the sixth
floor may be out of reach of fire rescue ladders
Try to get a room away from elevator landings and stairwells. This is to avoid being
caught by persons exiting the elevator or hiding in the stairwell
If arriving after 1800 hours ensure that reservations are guaranteed
If anticipating renting an automobile, request information about parking arrangements
to assess security. Typical risk reduction factors are: controlled and guarded access,
good lighting, Video surveillance cameras coverage, no dense shrubbery for criminals
to hide in, short walk to hotel
Ask where the nearest fire exit is and, to help memorise, walk from your room to the
fire exit stairwell and back.
All hotel keys, mechanical or electronic card type, are insecure. They can be copied
or employees (room cleaners, maintenance staff, return of laundry) can use them
dishonestly. Keep all valuables in a sealed envelope in the hotel safe - better still, do
not bring expensive jewellery or watches
Valuable electronic equipment (e.g. camera, laptop computer, handheld computer,
mobile phone) may have to be stored in your room. Keep stored in a locked suitcase
even when you are in the bathroom or visiting the restaurant/bar
Always use the safety chain and optical viewer before allowing someone into your
room. Meet visitors in the hotel public areas – not in your room
Whilst sleeping or in the bathroom use the safety chain – hotel staff have master keys
that can override the door lock and sometimes the deadbolt lock
Commercial and personal documentation should also be secured in a locked
briefcase or suitcase
Keep you room neat and tidy – this makes it easier to spot if someone has been in
your room and searching your possessions
Keep your room number confidential. Answer the phone with you name only. At the
bar/restaurant show your room card do not say the number out loud and do not
display your key. Hand in your key to the receptionist and do not leave it in view on
the counter.
If you are required to use parking labels in your car make sure it does not indicate
your name or room number
Thieves often work around hotel ‘relaxation’ areas, as guests tend to lower their
guard. Take care with valuables/briefcases/handbags around the bar, restaurant, gym
or swimming pool
11
Use the back of your hands – if your palm gets burnt it is much more serious and severely limits
your ability to escape e.g. opening doors, climbing ladders, etc.
Exploration & Production, HSEQ, Vienna Page 22 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
Most people die in fires from smoke inhalation – be aware of how hazardous this can
be. Cover your mouth/nose with a wet cloth to increase your chances of survival
during the emergency
If you are trapped in your room call reception and make sure they know you are
waiting to be rescued
Fill the bath and sink with water, soak towels/blankets and seal openings around the
door and vents to prevent smoke leaking into your room. Cool the door and walls
using water. A door can hold back a fire for over an hour – sufficient time for rescue
Open a window for fresh air. Do not break the window as you may need to close it
again if smoke starts entering from the outside
A wet towel swung around the room will help clear the room of smoke
Stay low, but alert to any signs of rescue from the street or corridor. Let the firemen
know where you are by waving a towel or sheet from the window
At the Airport
To reduce the risks of arousing suspicion or becoming an innocent victim of a crime or
terrorist attack the following guidance should be followed:
In the event of a disturbance of any kind, go in the opposite direction and do not get
involved
Check in early for your flight to avoid long queues at check in counters – the spare
time can be used for working in the airside business lounge
After check in go directly through security and customs to the airside section of the
airport. This area tends to be more secure
Co-operate and be patient with all security staff – they are there to help you and may
have difficulty speaking and understanding the same language as you
If any conflict arises during the check in and security screening – remain polite and
ask for the supervisor or airline representative
It is not a good idea to exchange items between bags while waiting in queues for
security or immigration/customs screening
At all times keep control of luggage/briefcases – never leave unattended or with
zippers/covers open
Keep a low profile as this will keep any undue attention away from you, for example:
o Dress casually and do not wear expensive watches or jewellery
o Luggage tags should have the address concealed
o Consider removing frequent flyer luggage tags or similar ‘prestige’ indicators
o Consider removing company logos from luggage
Have a plan for arrival at your destination airport: onward transportation
arrangements, accommodation booked, country briefing notes readily at hand, and
currency
Drivers who are meeting new arrivals at the airport should use a display board with
the name of the visitor only – the company name/logo should be used with discretion
The first thing that a traveller should remember is that he or she is not the only one that is
scared and nervous. Everyone involved is in the same emotional state. Fear can lead to
irrational behaviour and set off a defensive state of violence. These guidelines will minimise
the possibility of being selected for special attention by the hijackers and maximise your
survival chances.
There is no set pattern for how a hijacking starts, it may be noisy, with shouting and shooting
or it may be quiet and methodical with an announcement by a flight crew member. The first
few minutes are crucial in order to stabilise the situation:
Stay calm, and encourage others around you to do the same
Remember the hijackers are extremely nervous and are possibly scared
Comply with the hijackers instructions
If shooting occurs, keep your head down or drop to the floor
Once the takeover of the aircraft has been accomplished, you may be separated by
nationality, race or gender. Your passport may be confiscated, and your hand baggage
ransacked. The aircraft may be diverted to another destination. The hijackers may enter into
a negotiation phase which could last indefinitely. During this phase passengers may be used
as bargaining tools, lives may be threatened, or passengers may be exchanged for food or
fuel. This will be the longest phase of the hijack:
If you are told to keep your head down or maintain another body position, talk
yourself into relaxing as you may need to stay in that position for some time
Prepare yourself mentally and physically for a long ordeal – but remember, it will end
Do not attempt to hide your passport or belongings e.g. mobile phone
If addressed by the hijackers respond in a regulated tone of voice
Use your time wisely by observing the characteristics and behaviour of the hijackers,
mentally attach nicknames to each one and notice their dress, facial features and
temperaments
If you or a nearby passenger are in need of help due to illness or discomfort, ask for
the assistance of a crew member first – do not approach a hijacker unless they have
already given similar assistance to other passengers
If the hijackers single you out, be responsive but do not volunteer information
The last phase of the hijacking is resolution. This could be by rescue team or through
negotiation. If a hostage rescue team is used, be prepared for noise, chaos, possibly
shooting:
If you hear shots fired inside or outside the aircraft, immediately take a protective
position – put your head down or drop to the floor
If instructed by the rescue force to move, do so quickly, putting your hands up in the
air or behind your head, make no sudden movements
If fire or smoke appears, attempt to get emergency exits open, and use the inflatable
slides or exit onto the wing
Once you are on the tarmac, follow the instructions of the rescue team or, if there is
no guidance, move quickly away from the aircraft and eventually move towards the
terminal or control tower
Expect to be treated as a hijacker or co-conspirator by the rescue team; initially you
will be treated roughly until it is determined that you are not part of the hijacking team
Residential Security
Residential security is a critical part of your personal security. The following guidelines
should be used when reviewing your security arrangements:
Choose a location that offers the most security. The less remote, the safer your home
will be, particularly if in an area close to a police station and fire protection. However,
locations with high profile business leaders or politicians may increase risks.
Generally a house at the bottom of a dead end road is considered safer.
All entrances, including service doors and guest house/servant doors, shall have
quality deadbolt locks
The locks on the main entrances should be changed when first moving into
accommodation, if a key is lost or there is a possibility that an unauthorised copy
exists
Install external security lights with motion detectors
Do not leave keys hidden outside your home. Leave an extra key with a trusted
neighbour or friend
Have the utility meters installed outside the boundary walls of the house and have
security locks installed on your electricity supply switchgear box
Keep doors locked even when you or family members are at home
Fit an optical viewer in the main entrance door.
Have window locks installed on all windows or fit security grilles
If you have window grilles and bars, review fire safety and how to exit in an
emergency
Have emergency numbers/contacts posted by your telephone
Where possible have caller identification and memory storage on your telephone
Educate family members on the proper way to answer the telephone at home (also
see the section below on Security for Children)
Install intruder alarms and use them
A dog can be a deterrent to criminals but can be disabled by poisoned food. Do not
install separate ‘doggy doors’ or entrances because they can admit small intruders
Have a designated ‘safe room’ for use in an emergency
Remove unnecessary shrubs and bushes from outside your residence to minimise
cover for criminals – this can also reduce the fire risk
After switching on the lights in the house at night, draw the curtains
Private servants should be vetted and cleared with the in-country Security Advisor
(where available)
Guests of servants should not be allowed
The maid or servant room should not have direct access to the house via an internal
door
Always supervise any maintenance or repair personnel who are working inside or on
the premises of your house
Get to know your neighbours. Develop a rapport with them and offer to keep an eye
on each others homes, especially during trips away
While at home you and your family should rehearse safety drills and be aware of how
to escape danger and get help
Vary routines and avoid predictable patterns
Know where all family members are at all times
Park your car facing outwards for a quick move in an emergency
Make sure all external perimeter gates are locked when children are playing in the
garden area
Do not send children to friends houses unless you are satisfied that their parents
manage security effectively
Review with older children Section 5.2 Personal Conduct above. Some security
precautions will be important and relevant to them
Bombs can range from the size of a cigarette pack to a large parcel. They can be disguised
as letters, books, food/sweets, toys and figurines. Delivery methods have included mail
systems, personal delivery or left at the door of the house/building.
A suspicious device should be moved to an open area outside the house, the area
evacuated and the emergency services called. Do not attempt to open the package or
immerse it in water.
Consider having personal parcels delivered to your office if it has a security scanner.
SRL = S + D + A T
3 4 5 6 7 8 9 10 11
Medium – Review and introduce additional security measures to reduce risks. Second
stage scenario based risk assessment to be carried out for the more obvious threats.
High – Second stage scenario risk assessment to be carried out for all possible
threats. Expert security advisor to review SRL assessment, conduct facility survey and
make recommendations to reduce risks.
Extreme – As for ‘high’ above - also consider evacuation of vulnerable personnel and
possible cessation of activities until risk reduction recommendations are fully
implemented.
It should be noted that the risk level is only valid at the time of the assessment. Threat levels
do vary and it would be prudent to include a safety factor to cover foreseeable variations in
level of risk. For example if the SRL was assessed as 4 (low risk), it could be raised to 5 or 6
to bring it into the medium risk classification. This may be appropriate if the venture was
likely to change from being a non-operator to operator because the public profile would be
elevated with the change in activity.
Severity (S)
Severity is a parameter that defines the predicted consequences resulting from a security
incident.
1 Injuries, theft or damage of low value items • Theft of laptop PC from office
(up to €10k), minimal disruption of activities,
possible local media coverage • Security guard concussed and
weapons/ammunition stolen
2 Fatalities, theft or damage of high value items • Radioactive source stolen from
(up to €500k), theft of hazardous or construction site
dangerous items, significant but short term
disruption to activities, national media • Bomb ruptures well flow line –
coverage repaired and production back online
in one weeks
12
The monetary criteria included here are generally replacement cost insured values and does not
cover consequential losses.
Exploration & Production, HSEQ, Vienna Page 31 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
Table 2
AT has a value between 1 and 4. There are no specific criteria for deciding the exact value.
The risk assessment team shall use their best judgement to select a representative value.
The assumptions they make shall be clearly documented for audit and future re-evaluations.
As guidance the following could be used:
1 ~20%
2 ~30%
3 ~50%
4 ~50 to 100%
Table 3
However, Table 3 above should be used with extreme caution as some factors could have a
much higher weighting (or perceived value) for certain adversaries. For example, a facility
may only have 15% of the factors, but if one factor was ‘iconic or symbolic’ target, then this
could significantly increase the overall risk. Each case should be analysed on the specific
circumstances.
Exploration & Production, HSEQ, Vienna Page 33 of 37
HSEQ-HQ-06-10-00
Security
Guidelines
Diminish – A security strategy based on the principle of inherent safety and minimising
hazardous situations from arising. For example: reducing hazardous inventories,
locating office buildings away from other attractive targets, good community relations,
not having company logos on vehicles, keeping a low profile when travelling, security
vetting of individuals.
In practice, risk reduction measures will be a combination of all the above strategies and
shall be determined on a case-by-case evaluation.
Scenarios
Scenario is the term for generic events that are initiated intentionally by adversaries.
Scenarios are used as the input to facility specific security risk assessments. They require
knowledge of the facility being assessed and are effectively a brainstorming exercise.
The scenario-based approach involves selecting adversary types to hypothetically attack the
facility and then evaluating if the current security systems have the ability to diminish, deter,
detect and delay the attack before it can be successfully completed. Once a scenario is
identified, the risk assessment team should challenge and craft the scenario to represent a
realistic event.
Scenarios shall be developed on a facility specific basis. Examples of generic scenarios that
could be developed are:
• Theft
• Sabotage
• Vandalism
• Violent assault/robbery
• Violent or threatening demonstrations
• Fire/arson attack
• Food/water contamination
• Bomb
• Suicide attack
• Hijack
• Kidnap and ransom
• Disruption of operations
• Disruption of essential utilities
• Corruption of information or communication systems
• Environmental damage
• Toxic or flammable releases
• Aircraft crash
Analysis time could be reduced by only considering ‘worst case’ scenarios. However, this
approach should be used with caution, as it may not identify all possible vulnerabilities of the
facility.
Aircraft Security
All avionics and removable items in the aircraft should be marked for positive
identification
Non-installed items of value should not be stored in the aircraft if it is to be
unattended for an extended period of time
The display of corporate logos or OMV identification is not recommended
The pre-flight inspection should include checks to detect unusual objects and any
evidence of tampering with the aircraft
In-Flight Security
Flight crews should regularly review plans for handling in-flight emergencies and
threats, including the actions to be taken in the event of a bomb threat, attempted
hijacking or other terrorist threat
Where possible a secure door from the passenger cabin should separate the flight
deck and unauthorised personnel should not be permitted onto the flight deck
Wherever possible, baggage and cargo should be physically segregated from
passengers to prevent them being accessed by passengers during flight