Professional Documents
Culture Documents
This document covers the minimum mandatory requirements for security systems at Saudi Aramco
facilities designated with Facility Security Classification per SAES-O-201.
This document is intended for Saudi Aramco use only. No part of this document may be distributed, reproduced, stored in any retrieval
system, or transmitted in any form or by any means (electronic, mechanical, reprographic, recording, or otherwise) without the prior
written consent of Saudi Aramco.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 1 of 18
SAES-O-205 Security Systems for Industrial Facilities
Revision
Publication Date Summary of Changes Contact ID
Type
Aligned with April 2017 release of HCIS security
September 20, 2017 Major ABUASSGM
directives
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 2 of 18
SAES-O-205 Security Systems for Industrial Facilities
Contents
1 Scope ..............................................................................................................................5
Application ......................................................................................................................... 5
Definition ........................................................................................................................... 5
Handling and Distribution ................................................................................................... 5
2 Conflicts and Deviations ...............................................................................................5
3 Application of Requirements ........................................................................................5
4 General Design Requirements ......................................................................................6
Redundancy and Single Point of Failure ............................................................................ 6
Computer Hardware .......................................................................................................... 6
Operating Systems ............................................................................................................ 6
Communications and Data Network................................................................................... 6
Data and System Backup .................................................................................................. 6
External System Interface .................................................................................................. 7
System Security................................................................................................................. 7
Power Supply .................................................................................................................... 7
Date/Time Synchronization ................................................................................................ 7
Tamper Protection ............................................................................................................. 7
Component Failure Alarms ................................................................................................ 7
False Alarm Reduction ...................................................................................................... 7
Structural Requirements .................................................................................................... 7
Camera Specifications ....................................................................................................... 8
5 Security Systems Requirements and Specifications ..................................................8
Intrusion Detection and Assessment System (IDAS) ......................................................... 8
Security Access Control System (SACS) ......................................................................... 11
Video Assessment and Surveillance System (VASS) ...................................................... 12
Plant Control Room ACS ................................................................................................. 14
Security Control Center ................................................................................................... 15
Security Control Center Integration Requirements ........................................................... 15
6 Terminology ................................................................................................................. 16
Acronyms ........................................................................................................................ 16
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 3 of 18
SAES-O-205 Security Systems for Industrial Facilities
Definitions........................................................................................................................ 17
7 References ................................................................................................................... 17
Saudi Aramco Documents ............................................................................................... 17
Industry Codes and Standards ........................................................................................ 17
Other References ............................................................................................................ 18
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 4 of 18
SAES-O-205 Security Systems for Industrial Facilities
1 Scope
This document covers the minimum mandatory requirements for security systems at Saudi
Aramco facilities designated with Facility Security Classification per SAES-O-201.
Application
This standard shall be used in conjunction with Security Directive SEC-05 issued in 2017 by the
High Commission for Industrial Security (HCIS), Ministry of Interior, Kingdom of Saudi Arabia
Requirement
Definition
This document uses ‘requirement’ language. Please note the following definitions:
Shall mandatory
Should or must recommendation, strongly preferred
May permissible/optional
Can possible or capable
3 Application of Requirements
The following security systems shall be installed at each facility as required by the Facility
Security Classification (FSC), in line with the respective requirements provided for each system
as delineated in paragraph 5.
Facility Security Classification
Security System Requirement
Class 1 Class 2 Class 3 Class 4
Security Access Control System (SACS) X X X
Intrusion Detection & Assessment System (IDAS) X X
Video Assessment & Surveillance System (VASS) X X X X
ID Management System (IDMS) X X X X
Automatic License Plate Recognition System (ALPR) X X X
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 5 of 18
SAES-O-205 Security Systems for Industrial Facilities
4.1.1 Security systems shall be designed such that single component failure cannot
disable the system function.
4.1.2 Security system computers shall be installed in a redundant configuration with
primary and back-up components.
4.1.3 Automatic switch-over function shall be enabled between redundant components
without loss of operational function or data.
4.1.4 Computing devices with high availability and fully redundant components such as
CPU, memory, power supply, network cards, etc., may be installed as separate
redundant units. Similarly, virtual computing architecture can be installed if it can
achieve the same level of reliable and redundant function by redundant units.
Computer Hardware
Computer Hardware applied as component of security systems shall be of the latest generation
available at the time of design completion. The hardware shall be adequate to ensure that the
system required performance and responsiveness to user commands is achieved and
maintained in all system operational conditions.
Operating Systems
Operating systems used for the security system shall be current, have full mainstream support
from the manufacturer.
All service packs, and other Operating System updates, shall be installed prior to system
commissioning.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 6 of 18
SAES-O-205 Security Systems for Industrial Facilities
System Security
All security systems cyber security requirements shall be according to the Information Protection
Manual.
Power Supply
All security systems shall be powered by main power, uninterruptible power supply, and backed
by an emergency generator, fully compliant with SAES-O-207 requirements.
Environmental Requirements shall be according to SAES-O-201 provisions.
Date/Time Synchronization
All devices connected to the security systems shall have their date and time synchronized to
each other. Device time shall be dictated by centralized or distributed time servers.
Tamper Protection
All security system terminal components shall be equipped with tamper protection
All junction and pull boxes, mounted externally, shall use tamper-proof screws for all fasteners.
All outdoor cables shall be protected in steel conduits. Opening to the system housing shall be
sealed.
Structural Requirements
Facilities housing security systems shall comply with SAES-O-209 for specific structural and
location requirements
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 7 of 18
SAES-O-205 Security Systems for Industrial Facilities
4.13.1 Chilled water air handling units shall not be utilized for cooling security system
rooms.
4.13.2 Transformers shall not be installed in the security system equipment room.
4.13.3 The security system equipment room shall remain locked with entry control devices
allowing access only to authorized security personnel.
4.13.4 Plumbing, sewage or drainage for toilets or kitchens shall not be routed in the
security equipment room walls, ceiling or floors.
Camera Specifications
All cameras provided for the security systems included in this standard shall have the following
minimum requirements:
4.14.1 Image Quality
4.14.2 All optical cameras of security systems shall operate at full High-Definition (HD)
resolution of 1920 x 1080 pixels with progressive scan (1080 p) at 30 frames/per
second or higher.
All thermal cameras shall operate at 320x240 pixels or higher, resolution in
long Wave Infra-Red (LWIR) at 30 frames/per second. Cooled Midwave Infra-
Red (MWIR) may be used only as an alternative to LWIR for extreme long
range applications.
Cameras may switch to fractional HD resolution and frame rate under non-
alarm conditions. Minimum operating resolution is 720p at 7.5 frames per
second.
4.14.3 Focal Length and Zoom
All cameras shall have adequate focal lens to provide the required operation
function. Fixed cameras may have fixed lens. Vari-focal lens shall be provided for all
PTZ and Long Range Optical/Thermal Cameras.
4.14.4 Interface
All cameras shall connect directly to IP/LAN network without intermediate interface.
4.14.5 Camera Housing
All camera enclosures shall be sealed to IP-66, and shall meet other environmental
conditions listed in SAES-O-201.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 8 of 18
SAES-O-205 Security Systems for Industrial Facilities
5.1.1 The IDAS shall function as an integrated system consisting of detection layer of
perimeter sensors, assessment layers of cameras, alarm communication, display
and control computing layer, that shall analyze and localize the sensor data, trigger
an alarm when an intrusion is detected and display pre and post alarm and live video
from the camera in the area where the alarm was triggered, to security personnel
tasked with monitoring the system.
5.1.2 Local Operator
IDAS shall have local displays and alarm annunciation in the facility’s designated
security post.
5.1.3 Security Control Center Operator
The SCC operator, with adequate network connectivity, bandwidth, IDAS alarm,
announcements, and full control, shall be transmitted to the designated Security
Control Center (SCC) or regional Security Control Center having jurisdiction on the
facilities location. The responsible Security Control Center shall be determined by
ISSD.
5.1.4 Seamless Integration with SCC
IDAS must provide seamless integration with the Security Control Center (SCC)
integrated application environment that enables seamless operation of the security
function in the SCC’s area of responsibility.
5.1.5 Intrusion Detection Sensors
The IDAS shall use a minimum of two independent types of detection sensors in
order to detect an intrusion attempt into the facility’s perimeter.
Sensors may be linear or volumetric and may detect intrusions using different
parts of the electromagnetic spectrum, including radio-frequency, microwave,
infrared and thermal energy.
Any motion shall be detected by a volumetric sensor (microwave sensor,
fixed thermal/optical camera with video analytics) within the covered volume
of any human sized object on the inside of the anti-personnel fence.
A detection of an intrusion attempt shall be done by minimum of one sensor
at a specific alarm zone. Each alarm zone length along the perimeter shall
not exceed 150 linear meter or the length of a straight perimeter section to
the facility, whichever is lower.
Sensors shall be adjustable to set detection thresholds.
The sensors combined performance and sensitivity shall not be degraded in
intense or severe weather conditions to drop the probability of detection
below the level specified in section 5.1.10.
Sensors shall be deployed in locations specified in SAES-O-202.
The sensitivity of all sensors shall be uniform in the entire area/volume being
monitored by the sensors. Where variable sensitivity is employed, the
sensitivity shall be adequate on the entire protected perimeter, including
turns, corners and edges.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 9 of 18
SAES-O-205 Security Systems for Industrial Facilities
Sensor overlap shall be used to cover areas at the sensor coverage edge to
ensure elimination of any blind spots.
5.1.6 Fixed cameras
Fixed cameras shall provide uniform assessment coverage along the entire
perimeter, leaving no blind spots. Fixed cameras shall be optical.
5.1.7 Pan-Zoom-Tilt
PTZ movable cameras shall be provided to augment fixed cameras along the
perimeter. The closest PTZ camera shall be programmed and configured to
automatically zoom into the location of the intrusion. PTZ cameras may be optical or
thermal or having dual optical/thermal components.
5.1.8 Geospatial mapping
All IDAS cameras and sensors shall be geospatially mapped so that the location and
imagery can be accurately located on the GIS map by the IDAS management
application.
5.1.9 Display
The system shall provide 4 levels of integrated display to SCC operators. All displays
shall be 1080 p, or higher. Displays shall be adequately sized to permit clear view.
32” screen per display is recommended.
Display 1: Overview Map
Display 2: Video Split-Screen Display, dedicated to viewing camera feeds,
user selectable or sequenced, and shall automatically switch to alarm zones
display during an alarm.
Display 3: Index display, listing all cameras or alarm zones.
Display 4: PTZ Camera Display
5.1.10 Performance Requirements:
Probability of Detection: Minimum %95
Probability of detection determines the overall system capability to detect
intrusion attempt, including through, over or under the protected perimeter.
Probability of detection performance shall be certified by independent
recognized certification entity, and shall consider the combined performance
of all the IDAS sensor’s components.
Localization Accuracy: Maximum +-75 m (150 m zone)
Alarms along the fence shall be localized with +- 75 meter accuracy,
equivalent to 150 m alarm zones. Localization can be achieved either by
software methods, such as geospatial coordinates association, or software
defined zones along, or via hardware methods, such as limiting the size of
each detection zones), or combination of the hardware and software
methods.
Nuisance Alarm Rate: Maximum: 1 alarm per zone over 30 day period.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 10 of 18
SAES-O-205 Security Systems for Industrial Facilities
The nuisance alarm rate is measured as the total number of nuisance alarms
averaged over the number of zones.
False Alarms: Maximum: 1 alarm per zone over 30 day period.
The nuisance alarm rate is measured as the total number of false alarms
averaged over the number of zones.
Refer to 5.12 for additional requirements about false alarms.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 11 of 18
SAES-O-205 Security Systems for Industrial Facilities
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 12 of 18
SAES-O-205 Security Systems for Industrial Facilities
FSC 4 Surveillance systems requirement shall be based on the Security Risk Assessment
(SRA) study shall designate the areas to be covered by VASS. The application areas shall
include It shall include Closed Circuit Television System (CCTV) abilities to monitor main gates,
critical buildings, and perimeters external contagious areas.
5.3.1 VASS Camera Performance
VASS shall provide active surveillance capability under all weather conditions
including low light, dense fog and sandstorm, with no adverse impact on
performance.
Cameras which are used for surveillance and alarm generation must be fixed
while assessment cameras shall use PTZ mounts to allow operators to move
the camera and zoom in to the area of interest. The selection of PTZ or fixed
cameras shall be based on factors of the area to be surveyed.
All VASS optical cameras shall be color cameras capable of low light
operation. The camera may switch to black/white mode via removing IR-cut
filter in extremely low light. The optical camera shall be augmented by
thermal cameras in selected location to provide a clear view during adverse
weather conditions, or to cover longer range where required.
The video from all cameras shall be stored and available for viewing locally
and across the network.
5.3.2 Geo-Spatial Mapping
All cameras installed for VASS compliance shall have geo-spatial coordinates that
will allow accurate display on a Geographical Information System (GIS) map at the
SCC.
5.3.3 VASS imagery Processing
The VASS shall process the imagery from fixed camera, using a video
analytics system to detect abnormal behavior and annunciate plausible
alarms, while filtering out nuisance alarms caused by weather factors,
changes in lighting and shades, moving debris, and small animals.
Abnormal behavior includes but not limited to, activity at a time where there is
no activity expected, packages left behind, entry into a restricted area,
approach to a restricted area, by image profile of human (walking, standing,
crawling), manned vehicle or unmanned surface vehicle.
It shall have the ability to accept and integrate sensor inputs from other
systems into its video processing algorithms.
The system shall enable new rules to be defined based on local topography
and other factors including for example, object speed and size, time,
movement direction, and crossing virtual lines.
5.3.4 Camera Placement
Cameras shall be placed based on local topography, operational requirements,
analysis of blind spots and view obstructions. Coverage shall be overlapped to
assure no blind spots between consecutive cameras in a contagious coverage area.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 13 of 18
SAES-O-205 Security Systems for Industrial Facilities
5.3.5 Lighting
Areas where optical cameras are deployed shall have lighting fully compliant with
SAES-O-204 requirements.
5.3.6 Video Recording Requirements
Fixed surveillance 90 days
Assessment 30 days
Alarm events: 90 days
5.3.7 Long Range Surveillance (LRS)
Where required by SRA recommendations or specifically required by HCIS, Long
Range Surveillance shall be provided for remote facilities. The LRS shall
complement IDAS function by providing extended surveillance. For Long Range
Surveillance on marine side and offshore facilities, refer to SAES-O-313.
LRS Cameras
LRS cameras shall have a recognition range of 2km. As per the
Johnson’s Criteria, at recognition range, the type of the object can
be discerned, a person vs. a car)
LRS cameras shall monitor contagious areas beyond the facilities
perimeter.
LRS shall base the camera recognition range on the time required
to deploy response to intercept the threat from the nearest
security point. The minimum range is 2km to provide recognition
capability. Recognition capability is defined as the ability to
discern the type of object (a person vs. a car), as per the
Johnson’s criteria.
LRS Radars
Surface radars or thermal sensors shall be deployed to detect the
moving objects and automatically slew the integrated LRS
assessment camera to the area of interest to enable assessment
function, and annunciate an alarm. The radar (or thermal sensor)
range shall be equal to or exceed the LRS camera’s recognition
range. The radar (or thermal sensor) shall have continuous or
sweeping and rotating coverage over the whole area of interest.
Radars shall be optimized to detect personnel and vehicle size
target.
The radar beam shall automatically be blanked or turned off when
the beam emission points toward the facility being protected.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 14 of 18
SAES-O-205 Security Systems for Industrial Facilities
including Plant Control Room. The list of facilities requiring access control shall be determined
during SRA asset characterization process.
Standalone scaled-down version of ACS shall be provided to manage personnel access to Plant
Control Rooms. Where an outer layer ACS exists, this ACS is not required to be interfaced to
the company-wide ACS maintained by ISO.
The Plant Control Room ACS shall deploy card readers and cameras at all entry side of plant
control rooms. General requirements shall be applied.
5.5.1 The Security Control Center layout shall comply with the requirements of ISO
110641-1 through 7.
5.5.2 The Security Control Center shall be capable of 24 hours a day, 7 days a week
operation.
5.5.3 The SCC shall have the ability to view facilities, gates, and security databases. This
shall include:
Monitor status of Crash Barrier Activation, and allow override function
Monitor functional status of all security equipment
View surveillance cameras of security gates
View personnel access credentials and images
View tamper alarm of all field security equipment
5.5.4 The SCC shall serve as a resource during activation of the facility Emergency
Response Plan (ERP). The ERP is as defined in SAF-20.
5.5.5 ACS shall be provided to the entrance doors of the SCC.
5.5.6 Fire detection and fire protection systems shall be installed in the SCC, as per SAF-
04 requirements.
5.5.7 The SCC structure shall comply with SAES-O-209 requirements.
5.5.8 The SCC power system shall include a dedicated UPS and emergency power
generator as specified in SAES-O-207.
5.5.9 All voice communication into and out of the SCC shall be recorded for minimum of 12
months.
5.5.10 Large screen displays shall be installed to provide a continuous view of the status of
all areas under the SCC’s control. The large screen display content, layout, and
position shall be configured to integrate with the operation arrangement of the SCC.
5.6.1 All SCC functions shall be provided in a single command & controlled environment
that provide multi-display consoles enabling the operators to perform real-time
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 15 of 18
SAES-O-205 Security Systems for Industrial Facilities
6 Terminology
Acronyms
ALPRS Automatic License Plate Recognition System
CPU Central Processing Unit
ERP Emergency Response Plan
FOV field of view
IDAS Intrusion Detection and Assessment System
IDMS Identification Management System
LWIR long wave infrared
LRS Long Range Surveillance
MWIR mid-wave infrared
PIN Personal Identification Number
PTZ pan-tilt-zoom
SED Single-Entry Device
SCC Security Control Center
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 16 of 18
SAES-O-205 Security Systems for Industrial Facilities
Definitions
Nuisance Alarm Alarms generated by the sensor from a known cause that
is not an intrusion attempt. Examples: wildlife, blowing
debris, or wind.
False Alarms Alarms generated by the system for which there is no
known cause. False alarms are an indication the system
requires maintenance.
Probability of Detection Probability of detection determines the overall IDAS
system capability to detect intrusion attempt, including
through, over or under the protected perimeter. Probability
of detection performance shall be certified by independent
recognized certification entity, and shall consider the
combined performance of all the IDAS sensor’s
components.
7 References
All referenced specifications, standards, codes, forms, drawings and similar material shall be of
the latest issue (including all revisions, addenda, and supplements) unless stated otherwise.
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 17 of 18
SAES-O-205 Security Systems for Industrial Facilities
Other References
September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 18 of 18