KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES
FOR INDUSTRIAL FACILITIES,
SEC-01
Application of Security Directives
a
SY
RESTRICTED
AIL Righs reserved to HCIS. Copylg odsrbtonprofibitadwldnut writen pension om HISKINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
‘Table of Contents
1.0. ADMINISTRATION
11. SCoPE...
APPLICATION
CONFLICTS & DEVIATIONS
2.0. DEFINITIONS..
30. REFERENCE!
40. GENERAL REQUIREMENTS...
4.1. MINIMUM REQUIREMENTS THAT APPLY TO THIS DIRECTIVE:
42. FACILITY CLASSIFICATION. ws
421 Class I Facil
422. Class 2 Facility,
423, Class 3 Facility.
424 Class 4 Facility.
43. ENVIRONMENTAL REQUIREMENTS .
43.1. Indoor Air Conditioned Environment
43.2. Outdoor Environment
4.4.” ConTRACTOR PREREQUISITES FOR SECURITY PROJECT EXECUTION.
5.0. GENERAL REQUIREMENTS FOR EXECUTING SECURITY PROJECTS.
Risk ANALYSIS.
PRELIMINARY DESIGN.
erat, Dasien.
INSTALLATION CONTRACTOR 7 vw
PERFORMANCE REQUIREMENTS... fe
PROGRESS REPORTS,
PERFORMANCE VALIDATION...
MAINTENANCE & SUPPORT...
‘TRAINING...
RESPONSE TO EMERGENCY EVENTS.
60, REFERENCE.
somanannenesnsnnnins
RESTRICTED
At Righs reserved HCI, Copying or ditibutionprofbied witht writen persion fom HCIS
Page 2 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR,
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
1.0.
LL
12.
13.
Administration
Scope
‘This Directive provides the minimum requirements for companies and establishments
that are subject to the supervision of the High Commission for Industrial Security
(HCIS), Ministry of Interior, for application of security directives.
Application
‘This Directive is applicable to all facilities, including new projects, the expansion of
existing facilities, and upgrades. For application to existing facilities, the Owner shall,
assess his fucilities against the requirements of these Directives and coordinate with
the General Secretariat of the High Commission for Industrial Security (HICIS) to
comply with the Security, Safety, and Fire Protection requirements according to these
Directives and add to or modify the existing facilities as required. Where the HCIS
has assessed deficiencies in existing facilities during a survey, comparing the current
state of the facilities to the requirements of these Directives, those identified
deficiencies shall be corrected by the Owner.
Where implementation of 2 requirement is unsuitable or impractical, where other
equivalent company or internationally recognized Standards and Codes are followed,
or where any conflict exists between this Directive and other company standards and
Codes, the deviations shall be resolved by the HCIS. Deviation lower than the
requirements of this directive shall be listed and submitted in a report of compliance
‘or non-compliance, with justification and reason, for each applicable requirement of,
these security directives, and approval shall be received from the HCIS prior to
implementation, The documents shall be retained by the company in its permanent
engineering files.
RESTRICTED
AU Rights servedto NCIS. Copying oe dsubuton probed withou weiuen pernitsion fom HCTS
Page 3 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
2.0.
Definitions
Hels
Shall:
Should:
Acs
APL
Evb
FAT
IDAS
IMo-
ISPs
Iss
scc
High Commission for Industrial Security. The HCIS is part of the
‘Ministry of the Interior. It is responsible for the development, and
implementation, of security, safety and fire protection strategies
Kingdom-wide.
Company or owner of a facility.
Security Directives
Indicates a mandatory requirement,
Indicates a recommendation or that which is advised but not
required.
Access Control System: Manages access to facilities
American Petroleum Institute: An organization that defines
requirements for petroleum facilities.
Explosive Vapor Detector: Detects presence of explosives
Factory Acceptance Test: Test conducted at contractor facility to
verify compliance with requirements
Site Acceptance Test: Test conducted after equipment installation
at its final location to verify compliance with requirements
Intruder Detection & Assessment System: Detects intrusion
attempt at perimeter, allows video surveillance and annunciates an
alarm.
International Maritime Organization; An organization that defines
security and safety of ships and ports
Intemational Ship & Port Security: A set of regulations that
defines security of ships and port facilities. ISPS is part of the
IMO.
Integrated Security System: Provides an integrated environment to
detect and delay intruders, monitor security environment and
annunciate alarms generated from facility security systems.
Security Control Center: A facility that monitors the complete
security environment in a designated area and manages alarms and
RESTRICTED
‘AI Right reserved to CIS. Copying or stbtion poked wthet writen permission fom HCIS
Page 4 of 23KINGDOM OF SAUDI ARABIA.
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
responses to security events.
sow Scope of Work: A study that defines the requirements for security,
safety and fire protection at a facility.
3.0. References
‘This directive adopts the latest edition of the references listed.
‘The selection of material and equipment, and the design, construction, maintenance,
operation and repair of equipment and facilities covered by this Security Directive
shall comply with the latest edition of the references listed in each Security Directive,
unless otherwise noted.
API Security Vulnerability Assessment Methodology for the
Petroleum and Petrochemical Industries
RESTRICTED.
AIT Rights reserved to HCAS. Copying or srtation rolibted without writen pension from HCIS
Page 5 of 23KINGDOM OF SAUDI ARABIA.
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
4.0.
4
General Requirements
Minimum requirements that apply to this Directive:
41d
413
419.
‘The High Commission for Industrial Security (HCIS) reserves the right to
modify and/or make changes, as deemed necessary, to the Security
Directives without prior notice.
‘The national security of Saudi Arabia, including the security of the economy
and the well being ofits population, depends directly on physical and
operational safety of a range of facilities across Saudi Arabia, The
criticality of each facility varies depending on the product or service
provided. Therefore, the High Commission for Industrial Security (HCIS)
shall have the ultimate authority on classifying all facilities.
Facilities shall have adequate levels of protection as defined within these
Security Directives,
The level of protection at each facility shall be dictated by its security
classification. HCIS reserves the exclusive right to classify facilities
according to its intemal criteria or any new security requirements.
Guidelines are provided with this Security Directive in order to permit the
Owner to develop a preliminary evaluation of facility classification.
‘The owner shall develop a detailed risk analysis that shall be used as the
basis of facility classification.
‘This risk analysis, and the facility classification, shall be submitted to HCIS.
for approval prior to detailed design development or implementation,
The information contained herein will be used to define the levels of.
protection required for facilities in the Kingdom of Saudi Arabia (KSA) that
fall under the supervision of the High Commission for Industrial Security
HCIS) of the Ministry of Interior, Kingdom of Saudi Arabia.
‘The details of protection required for each facility is described in individual
Sceurity Directives that cover each aspect of the requirement.
Owners who operate offshore or marine facilities shall ensure that they
provide an adequate level of security measures to protect these facilities.
Owners shall apply aspects of the Intemational Ship and Port Facility
RESTRICTED
AIDRighsrsesedt HCIS. Copying o istibtion proibitd wthoat writen permision fom HCIS
Page 6 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
42.
Security Code (ISPS), issued by the IMO, that apply to their offshore or
marine facilities.
Companies that operate marine facilities shall define an exclusion zone
around each marine facility. They shall ensure that adequate warning signs
are deployed on strategically located buoys advising incoming traffic that
they are entering a restricted area. These warning signs shall comply with
prevailing Saudi Arabian and intemational marine standards on sign
construction and design. Owner shall be responsible for ensuring all
required permissions and standards for buoy deployment are complied with
and that the buoys are maintained in good condition.
‘Owner shall deploy marine barriers to protect marine facilities. Deployment
of these barriers shall not compromise safety considerations for the facility.
4.1.10. These Security Directives supersede all older SSD’s previously issued by
the HCIS.
Facility Classification
Facilities shall be classified based on a four (4) level classification methodology. ‘The
general criterion for each level is defined in the sections below.
42.1, — Class 1 Facility
A Class 1 facility is defined as any facility whose destruction, or serious
damage, could seriously damage the Kingdom's economy or gravely disrupt
the well being of its population
Such facilities are characterized by meeting ANY of the following criteria:
42.1.1 Loss presents an unacceptable financial risk.
4.2.1.2. Loss of function/capacity cannot be made up by other existing
ft
4.2.1.3. Directly and seriously impacts hydrocarbon exports
RESTRICTED.
-AlDRighs reserved to HCIS. Copying o stribrion pried witout writen perisscn from HCIS
Page 7 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
42.14.
42.15.
Major threat to environment or population due to damage or
destruction.
Critical infrastructure, regardless of capital investment or availability
of alternates.
Class 1 Facility Examples
Examples of facilities that are classified as Class 1 are as follows’
42.16.
42.17.
42.18.
42.1.9.
42.110.
421.11
42.1.12,
4.2,1.13.
4.21.14.
421.15,
42.1.6.
‘Major Oil & Gas production, processing, transportation and export.
‘Major Oil Refining and Storage.
Major Electricity Generation Facilities.
“Major Weter Deselination Facilities.
Major Commercial & Industrial Sea Ports.
Major Telecommunications facilities.
Major pumping facilites for oil and water.
Major facilities using or producing chemicals whose flammability,
explosiveness, toxicity and evaporability may cause serious harm to
the environment or population if the facility is damaged or destroyed.
Manufacture and storage of commercial explosives.
Infrastructure that supports, or contains facilities or services, that are
deemed important to the national interest.
Primary computer facilities that manage the above items.
42.2. Class 2 Facility
‘A Class 2 facility is defined as any facility whose destruction, or serious
damage, could cause short term damage to the Kingdom's economy or
temporarily disrupt the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
42.21.
42.22.
4.2.2.3,
4.2.24.
Loss of function/capacity can be compensated for short periods by
other existing facilities.
Direcily impacts hydrocarbon exports but will not significantly reduce
them.
Possible threat to enviconment or population due to damage or
destruction
Critical infrastructure, regardless of capital investment or availability
of alternates.
RESTRICTED
AURights served to HCIS, Copying or ditibation prohibited witout writen poision fom HCTS
Page 8 of 23KINGDOM OF SAUDI ARABIA.
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY,
SEC 01 - Application of Security Directives
423.
Class 2 Facility Examples
Examples of facilities that are classified as Class 2 are as follows:
4.2.2.5, Support facilities for hydrocarbon production, processing,
transportation & export.
4.2.2.6. Hydrocarbon plants, such as major GOSP's.
4.2.2.7. Facilities using or producing chemicals whose relatively low
flammability, explosiveness, toxicity and evaporability present
‘medium level risk to the environment or population if the facility is
damaged or destroyed.
4.2.2.8. Infrastructure that supports, ot contains facilities or services, that are
deemed important to the national interest
mary computer facilities that manage the above items.
4.2.2.9,
Class 3 Facility
A Class 3 facility is defined as any facility whose disruption, or serious
damage, could cause minimal or no damage to the Kingdom’ s economy or
‘would not disrupt the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.3.1. Loss of function/capacity can be compensated for an extended period
by other existing facilities.
4.2.3.2. Nodirect impact on oil exports.
4.2.3.3. No threat to environment or population due to damage or destruction
Class 3 Facility Examples
Examples of facilities that are classified as Class 3 are as follows:
4.2.3.4. Minor Sea Ports.
4.2.3.5. Low Capacity Electricity Generation. (See SAF-19 for details of
Power Generation Facilities).
4.2.3.6. Minor Telecommunications Facilities.
4.2.3.7. Bulk Plants.
RESTRICTED
reserved vo HCI. Copying or stbutinn prohibited without writen permission fom HCIS
Page 9 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
43.
42.4,
Class 4 Facility
A Class 4 facility is defined as any facility considered a support facility,
either adjacent to, or remote to, Class 1, 2 of 3 facilities.
‘Such facilities are characterized by meeting ANY of the following criteria:
4.2.4.1. Loss of function/capacity can be compensated for an extended period
by other existing facilities.
42.4.2. No direct impact on oil exports,
4.2.4.3, No threat to environment or population duc to damage or destruction.
Class 4 Facility Examples
Examples of facilities that are classified as Class 4 are as follows:
424.4, Supply Warehouses.
424.5. Office Support facilities.
Environmental Requirements
All devices installed for Security Directive compliance shall be capable of operating
continually when subjected to the environmental conditions of the installation site,
43.1.
43.2,
Indoor Air Conditioned Environment
All devices installed indoors, or in an environmental cabinet, for Security
Directive compliance, shall be cooled with redundant split or central air-
conditioning units.
Outdoor Environment
4.3.2.1. Equipment to be installed outdoor shall be designed to operate
without air conditioning or forced air ventilation system and
- under the conditions of environment detailed below, and shall
RESTRICTED
[ALRighsreervedto HEIS. Copying ee rbtion prebibted wie: writen pemsion fom HCIS
Page 10 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
meet the specified performance when subjected to the full range
of these conditions.
4.3.2.2, Ambient Temperature Range: -10° C to 465° C (excluding
temperature isin cabinet)
43.2.3. Ambient Relative Humidity Range: 5% to 100%, non-
condensing
4.3.2.4. ‘The normal airborne dust concentration shall be considered as 1
mg/ml. During sandstorm conditions, dust concentrations
reaching 500 mg/ml are encountered and winds may gust to 112
kav.
95% of all dust particles are less than 20 micrometers and 50%
of all particles are less than 1.5 micrometers in size. Compounds
present in the dust include those of sodium, calcium, silicon,
magnesium and aluminuen,
‘When in wet condition (100% humidity), these compounds
function as electrolytes and can result in severe corrosion of
other materials.
43.2.5. Other pollutants present (ppm vol. /vol. in atmosphere, worst
case) are:
HS: 20 ppm (vol/vol)
CO: 100 ppm (vol/vol)
NOx: 5 ppm (vol/vol)
sg: 10 ppm (vol/vol)
oO: 1 ppin (vol/vol)
Hydrocarbons: 150 ppm (vol/vol)
4.4, Contractor Prerequisites for Security Project Execution
44.1. — Designers, suppliers, contractors and systems for security related projects at
facilities classified under the Security Directives shall be approved by
HCIS.
RESTRICTED
AILRighs reserved 1 HCIS. Copying oF asebaton prohibited without writen pense from HCIS
Page LI of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR,
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
4.2.
443.
4a,
4A5:
447,
‘The Owner shall be responsible for providing HCIS with required data at
east three(3) months before the scheduled security related project initiation.
This will allow a complete evaluation by HCIS of the project and the
proposed contractors.
Contractors and suppliers shall be certified by the Ministry of Interior and
the Ministry of Commerce & Industry
‘The contractor shall be licensed by the competent authority at the Ministry
of Interior (the General Directorate of Public Security). ‘The certification
shall clearly indicate that the contractor is authorized to engage in security
related work. It shall specify the nature and type of authorized activity and
shall be included in the commercial registration certificate issued by the
Ministry of Commerce and Industry.
‘The Commercial Registration (CR) certificate issued by the Ministry of
‘Commerce & Industry shall clearly specify that the contractor is authorized
to conduct security related work. It shall clearly state the vendors line of
business as cither importing, designing, installing or maintenance of security
systems :
Contractors engaged in executing safety and/or fire protection related work
shall follow the requirements stated in the Safety Directives issued by the
HCIS.
‘The Owner shall submit qualification data to the HCIS for approval of all
contractors selected for design and installation of security related work.
Contract award for design, installation or maintenance shall not proceed
until such approvals are received from the ICIS.
The data submitted to the HCIS shall include, but not be limited to, the
following:
A) Valid copies of commercial registration, showing license specified in
44.5. above.
B) Chamber of Commerce membership
C) Registration & classification certificate issued by the Ministry of
Municipal & Rural Affairs
D) Company profile
E) Full names and details about company owners, director, senior project
personnel, system designer and installation management,
F) List of previous projects ofa similar nature that have been executed.
List must show the type of work, size of project, dates and user of the
executed project.
all
RESTRICTED
rexerved to HCIS. Copying o dstbutenproded without writen pemmissfn frm HCIS
Page 12 of 23,KINGDOM OF SAUDI ARABIA.
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
448,
449.
4A
4a
44.
G) Whether company performing the work is a subsidiary or part of
another organization
H) Head office address & contact details for all prime and sub-
contractors.
‘The Owner shall ensure that the company selected for security related work
shall have adequate engineering capabilities and qualified manpower to
design, install, test and maintain the system and execute all work
requirements.
‘The Owner shall submit to HCIS full details of all Saudi and foreign
‘companies participating in the work.
HCIS reserves the exclusive right to approve or reject any company
proposed to perform the work
‘The Owner shall ensure that all companies participating in the work are
approved by HCIS prior to work initiation.
(0. The Owner shall ensure that the company selected for security related work
shall have prior technical experience inside or outside the Kingdom in
similar work that matches the scope, and magnitude, of the current work.
1. The primary contractor shall formally assume, certified in writing, total
responsibility for executing all phases of the work. All sub-contractors shall
be approved by HCIS prior to any contract award. The procedures for
approval of sub-contractors shall be the same as for the primary contractor.
2, Contractors receiving bid documents or working on security system design,
installation, support or maintenance shall sign Non-Disclosure Agreements
(NDA) specifying that the contractor shall maintain all work related
documents in confidence and not disclose them to any third party without
prior written approval of the Owner.
4.4.13. Contractors performing security related work shall formally certify, in
writing, that they shall provide, for the life of the system, after-sales
services, support and spare parts for all devices and systems installed.
44.14, The Owner shall provide HCIS with a detailed list of major system and
equipment for all security related work. The list shall include model
numbers, descriptiotis, manufacturer and local agent.
RESTRICTED
-AIDRighs reserved to HCIS. Coylg oc iittonroided witout writen permiston eam HIS
Page 13 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
5.0.
5.
4.4.15. HCIS shall have the right to reject any of the systems or equipment. In case
any system or equipment is rejected by HCIS the Owner shall replace it with
approved system or equipment or submit additional system or equipment
details for approval
4.4.16. ‘The Owner shall ensure that any other prerequisites deemed necessary by
the user or required by cucrent rules and regulations in effect in this regard
are also included in the project scope.
4.4.17. There shall be no outstanding objections, reservations or claims by any
other party against the contractor executing the work.
4.4.18. Owner shall not permit any start on security related work until HCIS
approval for the specific work is received.
44.19. All submissions to HCIS shall be in writing.
General Requirements for Executing Security Projects
HCIS shall approve all security related work executed by companies that fall under
the supervision of the Security Directives. HCIS approvals shall be secured as
detailed in the following sections
Risk Analysis
5.11. ‘The Owner shall prepare a risk analysis detailing the potential risk areas and
the system design requirements that shall mitigate this risk,
5.1.2. ‘The Risk Analysis shall follow the methodology stated in the American
Petroleum Institute (API) document entitled “Security Vulnerability
Assessment Methodology for the Petroleum and Petrochemical Industries”.
5.1.3. ‘The Owner shall use the methodology outlined in this document to conduct
a structured, comprehensive Risk Analysis for each facility
5.14, ‘The risk analysis shall take into account facility criticality and surrounding
terrain
5.15. The risk analysis shall be submitted for review by HCIS.
RESTRICTED
[AIL Righscservd to HCIS. Capyng or disbution potbied without writen permission fram HS
Page 14 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
EC 01 - Application of Security Directives
5.2. Preliminary Design
521
5.2.2.
523,
‘The Owner shall prepare a preliminary design package that details the Scope
of Work (SOW), main and auxiliary elements of security related work and
site specific requirements.
‘The preliminary design package shall include the following at a minimum:
52.2.1.
5.2.2.2.
5.2.2.3,
5.22.4,
Site Layouts showing main security related activity, device
locations and system locations.
Area covered by the Access Control System (ACS), Intrusion
Detection System (IDS) and Video Surveillance System (VSS)
when installed. Information shall also be provided for any
additional systems installed by the Owner above and beyond the
directive requirements
The preliminary design shall provide, at a minimum, general
details on ACS location & number of card readers, IDS zones,
layout & hardware/sofiware, VSS cameras, zones &
hardware/sofiware.
Details of fencing, lighting, patrol road, socurity control room,
and clearances for each site. The information provided shall
include the position of each element relative to each other and
the facility.
Location and installation details for main gates, restricted area
gates and emergency gates. This section shall provide details of
all devices that shall be installed at each of these gates.
The data listed in section above shall be submitted to HCIS for review and
approval before commencing detail design, bidding and contract award for
design and installation,
5.3. Detail Design
RESTRICTED
‘All Rights reserved to HCIS. Copying or dsuibuon prohibited without writen pennisson foe HCIS
Page 15 of 23,KINGDOM OF SAUDI ARABIA
‘MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
SB.
53.2.
533.
53.4.
53.5.
536.
37,
‘The Owner shall prepare a detail design package that provides detailed
technical specifications, engineering design and list of bidders for main
design elements. All information provided to FICIS shall be up to date at
the time of submission,
During construction, the Owner shall ensure that ongoing construction sites
shall be surrounded by a category 4 fence and adequate separation
maintained from existing facilities.
A copy of the detail design package shall be provided to the ICIS for
approval at least three months prior to awarding the bid, ordering materials
or initiating any work specified under the detail design package. This data
shall include the items listed below. The Owner shall be responsible for any
delay that may occur due to non-compliance with the time requirements
mentioned above of failing to demonstrate compliance with the
requirements in the HCIS security directives related to the project work.
‘The Owner is required to meet HCIS time requirements for approvals and
‘ensure full compliance with the security directives.
‘The details design package shall include a list of contractors on the bidders
list. The certification of the contractors, as specified under section 4.4, of
this security directive, shall be supplied as part of this package,
A compliance list showing compliance or non-compliance, with justification
and reasons, for each applicable aspect of the HCIS security directives &
project specifications shall be provided as part of this package.
A list of all equipment, hardware, software, and devices shall be provided as
part of this package:
5.3.6.1. Manufacturers name for each system or equipment
5.3.6.2. — Certificate for material compliance that shows that material complies
with required standards
5.3.6.3. Period in which device has been available in local and international
markets
53.64. Local users of the product
53.6.5. Name & address of local agent
53.6.6. Local agent Commercial Registration as specified in section 4.4. of
this security directive.
‘The proposed work execution schedule shall be provided as part of this
package
RESTRICTED
10 HIS, Copying 0 dsribuon petted witht witen permission from HIS
Page 16 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR.
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
54.
55.
53.8, Copies of original manufacturer catalogs and device specifications shall be
provided as part of this package.
5.39. The technologies, devices and systems to be supplied for the project shall be
obtained from credible and reputable sources and manufacturers. The full
identities of all sources and manufacturers shall be accurately disclosed in
the documentation sent to HCIS,
installation Contractor
‘The installation contractor shall be certified as specified in section 4 of this security
directive.
Performance Requirements
55.1.
55.2,
5.5.3.
55.4,
535.
556.
55.7.
‘The Owner shall ensure that all systems and de}
‘compliance shall incorporate the latest technologies,
used for security
Systems deployed for security directive compliance shall operate in an
integrated environment as specified in security directive SEC-05 “Integrated
Security System”.
Alarm prioritization shall be a part of all systems.
All critical system devices such as, but not limited to, computers and
networks, shall operate in ¢ fully redundant mode as specified in security
directive SEC-05 “Integrated Security Systern”.
‘System components shall have the capability for future expansion. The
system shal] have at least 50% spare capacity when it is initially deployed.
‘This spare capacity includes, but is not limited to, computer memory and
disc space.
‘Systems shall have no single point of failure in their design.
‘System components and devices shall have tamper sensors and shall
annunciate an alarm for any attempt to open, modify, remove, or cut system
devices and communications cabling,
RESTRICTED
AIRigis reserved to HCIS, Copying or dsiibution profited witout writen pemission from HCIS
Page 17 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY,
SEC 01 - Application of Security Directives
56.
5.7.
558.
539.
‘Systems shall be designed around open architecture to permit easy
integration of technology advances.
All main system components shall have the ability to send data, text or
video, as applicable, to an external system, when main system is configured
to doso. All external system communications and data transfers shall be in
full compliance with all security considerations mentioned in the Security
Directives.
Progress Reports
“The Owner shall provide HCIS with progress reports every six months on the
progress of security related work.
Performance Validation
ST,
512.
. System performance shall be validated by a Factory Acceptance Test (FAT)
which shall verify compliance with all detail design and functional
requirements. All major exceptions shall be cleared prior to shipment to the
installation site.
‘The documented results of the FAT shall be used as the basis of system
acceptance by the Owner. The system contractor shall produce a FAT
certificate certifying full compliance with all requirements which shall be
signed by both the system contractor and the Owner or his representative,
‘The FAT documentation shall be available for examination by HCIS.
Installations at each site shall be validated by a Site Acceptance Test (SAT)
which shall verify compliance with all installation & performance
requirements.
‘The documented results of the SAT shall be used as the basis of site
acceptance by the Owner. The SAT documentation shall be available for
examination by HCIS.
RESTRICTED
AIDRights eservadto HCIS. Copying or astibuos probed without writen permission from HCIS
Page 18 of 23,KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
5.8. Maintenance & Support
58.1
5.82.
58.3.
5.84,
58.5.
58.6,
58.7.
589,
‘The Owner shall ensure that all security installations are supported with a
complete maintenance and support infrastructure.
‘The system contractor shall provide all details and tools required for system.
maintenance. This shall include maintenance manuals, software
diagnostics, special tools, calibration equipment and procedures.
‘The maintenance manuals shall contain recommended maintenance
intervals, procedures and recommended spare parts lists
‘The Owner shall be responsible for implementing a maintenance strategy to
‘meet recommended maintenance requirements for all equipment.
All emergency backup generators shall be started up and maintained as
specified in SEC-07. Once a month the auto-switch switchgear shall be
tested.
Generator maintenance logs for the current calendar year shall be available
for inspection by HCIS if requested,
All components shall have regularly scheduled preventive maintenance
(PM) at least once every 6 months with the exception of emergency backup
generators which must be tested as stated in section 4.5 of SEC-07. The
actual PM performed shall be documented and available for review for at
least one calendar year.
‘The Owner shall have a facility, manned 24 hours a day, 7 days a week,
available for field personnel to report failures via telephone, radio or
security system telemetry.
Owner shall be responsible for classifying system failures as critical or non-
critical failures. Critical failures shall be rectified as soon as possible.
‘System failures and alarms shall be analyzed quarterly by the Owner to
identify potential problem areas. This quarterly review shall be used as the
basis for the development of strategies to rectify the problemas identified,
58.10. ‘The Owner shall maintain documentation for all security equipment
installed. This documentation shall include full contact details of
component manufacturers, part numbers, recommended spare parts and
maintenance manuals needed for each security installation.
RESTRICTED
AA Rigi reserveto HCI, Copying o strbaton poked winout writen emission rom HCIS
Page 19 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
59.
581
1. The Owner shall maintain a full set of As Built drawings for all security
systems and civil work. The drawings shall be maintained as soft copy in an
easily accessible format, The Owner shall maintain an index of all drawings
pertaining to all security related work.
‘Training
‘The Owner shall ensure that training is provided to security personnel in the operation
and support of all security related systems and devices.
‘The operational training requirements are as follows:
59.1
5.9.2.
5.9.3.
59.4.
‘Training shall be provided to security personnel, assigned to a location with
‘a new security installation, prior to system or device deployment.
‘The training shall cover procedures, general system operation, failure
reporting procedures, methods for handling reported errors and alarms,
alarm acknowledgement and response.
‘The Owner shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personne! name, date and type
of training provided.
Personnel assigned to locations with security installations shall undergo a
short training period prior to assuming their new duties.
‘The support training requirements are as follows:
5.95,
59.6,
. Personnel directly involved in system support shall be provided training in
all aspects of systems software, hardware, diagnostics and preventive
maintenance.
‘The Owner shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personnel name, date and type
of training provided.
RESTRICTED
AURights eservedto HCIS, Copying o dstrbuia pected witout wren permission rem HCIS
Page 20 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
5.10. Response to Emergency Events
‘The Owner shall setup the infrastructure, procedures and personnel to develop a
cohesive, rapid response to an emergency event. This shall include the management
of fixed and mobile security assets using a proven command and control system
where an overview and details of emergency events shall be available to operators.
Personnel designated for a rapid response force shall be provided with additional
training as needed to meet expected emergencies.
The safety directives issued by HCIS shall be used as the basis of defining, preparing
and training for emergencies,
RESTRICTED
AI Right reserved to HCAS. Copy or dsrbaon profi witout weten emission fom HCIS
Page 21 of 23KINGDOM OF SAUDI ARABIA
‘MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
6.0. Reference
‘The table below provides guidelines for security directive usage based on facility
classification;
Directive
‘Application of Security
SEC-01 | Directives mete ae Ee
SEC-02 Security Fencing v v |v |
|sEC-03 | Security Gate v v v
SEC-04 | Security Lighting v vo ilvo ly
Perimeter Lighting v viv
“Checkpoint Lighting ¥ eee ere
SEC05 | Integrated Security System | c
“Perimeter Intrusion Detection | y, o
System
7
~Access Control System
<
<
<
-Video Surveillance System |
SEC-06 | SecurityDeviees |
“Ray
“Crash Barrier
| “Turnstile
| -Drop-gate
“Bullet-Proof Glass |
RRA
SEER etc
CLR
SEC-07 | Power Supply
<
~
oy
“Emergency Generator
“UPS ~
<
~
RESTRICTED
AILRights eservedto HCIS, Copying or iit pecibited without writen pemssion fom CIS
Page 22 of 23KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SEC 01 - Application of Security Directives
reer
Class
SEC-08
SEC-09 | Security Doors
SEC-10 | Security Locks
SEC-11 | Identification Cards
Communications
SEC-12 | Information Protection
cons
RESTRICTED
AIL Rights reserved to HCIS. Copying oe esbaton pot
Page 23 of 23,
without writen perisson fom HCIS