Security Directives For Industrial Facilities: Kingdom of Saudi Arabia

KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR •
<-140/%
HIGH COMMISSION FOR INDUSTRIAL SECURITY Av1-±.
r.
SECURITY DIRECTIVES
FOR INDUSTRIAL FACILITIES

MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY
SECURITY DIRECTIVES
TABLE OF CONTENTS
SEC-01 Application of Security Directives
SEC-02 Security Fencing
SEC-03 Security Gate
SEC-04 Security Lighting
SEC-05 Integrated Security System
SEC-06 Security Devices
SEC-07 Power Supply
SEC-08 Security Doors
SEC-09 Security Locks
SEC-10 Security Doors
SEC-11 Identification Cards
SEC-12 Information Protection
Issue Date 12/6/1431H/ 26/05/2010
Restricted
AII Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS.
SECURITY DIRECTIVES
SEC-01
Application of Security Directives

SECURITY DIRECTIVES
SEC-01
Application of Security Directives
Issue Date: 12/61431H/26/05/2010
RESTRICTED
AI! Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCS
Kingdom of Saudi Arabia
ii##=8
Ministry of Interior Ii5,,
High Commission for Industrial Security +=h u» ,Al
Secretariat General it Uy
Table of Contents
1.0. ADMINISTRATION : 3
1.1 ScoPE .
1.2 APP!CATION .......so»..sos. . .. .. . . . 3
1.3. CONFLICTS &R D E V I A TI O N S . . . . . . s o . . . . . . . . . . . . . . . . . . . . . .
2.0. DEFINITIONS ., 3
3.0. REFERENCES 5
4.0. GENERAL R E Q U I R E M E N T S . . . . . . . . . . . . . + . . . . . . . . . . . . . . . . 0 . 6 . o 6 6 - o . . . . . . 6
4.1. MINIMUM REQUIREMENTS THAT APPLY TO THIS DIRECTIVE:..........

·········••·•···•·················6
4.2. FACILITY C LA S S I F I CA T I O N . . . . . . . . . . o . . . s o . . . s o . s o . . o . . . . . . . . o . 7
4.2.1. Class 1 F a c i l i t y . . . . . . . . . s o . » . s o . . o . s o . s o s . . o o o . 7
4.2.2. Class 2 F a c i l i ty . . . . . . . . . . . . s o . - . . s o . . . . . . . . s o . . . . . . . . . . . 8
4.2.3. Class 3 Facility . . 9
4.2.4. Class 4 F a c i l i ty . . . . . . . . . . . . s o s . . . . . . . . o . s o . s o . . . •• 10
4.3. ENVIRONMENTAL REQUIREMENTS . . . . . . . s o . s o s . . . . . . . . . . . . . . . » . • . . 10
4.3.1. Indoor Air Conditioned Environment. . .. 10
4.3.2. Outdoor Environment . .. 11
4.4. CONTRACTOR PREREQUISITES FOR SECURITY PROJECT EXECUTION . . . .. . . . . .. .. 12
5.0. GENERAL REQUIREMENTS FOR EXECUTING SECURITY PROJECTS 14
5.1. PROJECT WORKFLOW OVERVIEW . . • . . . • • . . . . . • . . . . . . . . . . . • . . . • . . . . . • . . • . • . • . . . . . . . • . . . . . • . . . . . . . . . . • . • • • . . . • . • . . . . . • • . • • . . .14
5.2. CONCEPTUAL DESIGN . 15
5.3. PRELIMINARY DESIGN . 16
5.4. DETAIL DESIGN . 17
5.5. CONSTRUCTION RELEASE 18
5.6. iNSTAllATION CONTRACTOR 18
5.7. PERFORMANCE REQUIREMENTS . . . . . 8 8 · + - · 8 8 8 8 8 8 . 8 . 8 8 8 8 . . 3 8 8 8 6 0 . 8 o o o o o o o o .18
5.8. PERFORMANCE VALIDATION 19
5.9. MAINTENANCE SUPPORT...»oo»so..»oooooooooooooooooo-oooooooooo· .2G
5.10 TRAINING , ........•.•............ •. 21
5.11. RESPONSE TO EMERGENCY E V E N T S . . . . . . . . . . . . .. .. . . . . .. .. . . .. .. .. .. .. . .. . .. . . . . .. .. .. . . . . .. .. .. . . . .. .. .. . 22
6.0. APPLICATION OF REQUIREMENTS 23
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
Al Rights reserved to HCIS Copying or distribution prohibited without written permission from HCIS
Page 2 of23
35..1,2\2
- ? &t&
-ti5y
Ministry of Interior
High Commission for Industrial Security +±! u» .Al
uJI 2L'JI
Secretariat General
1.0. Administration
I. I . Scope
This Directive provides the minimum requirements for companies and establishments
that are subject to the supervision of the High Commission for Industrial Security
(HCIS), Ministry of Interior, for application of security directives.
1.2. Application
This Directive is applicable to all facilities, including new projects, the expansion of
existing facilities, and upgrades. For application to existing facilities, the Operator
shall assess his facilities against the requirements of these Directives and coordinate
with the General Secretariat of the High Commission for Industrial Security (HCIS) to
comply with the Security, Safety, and Fire Protection requirements according to these
Directives and add to or modify the existing facilities as required. Where the HCIS
has assessed deficiencies in existing facilities during a survey, comparing the current
state of the facilities to the requirements of these Directives, those identified
deficiencies shall be corrected by the Operator.
1.3. Conflicts & Deviations
Where implementation of a requirement is unsuitable or impractical, where other
equivalent company or industry Standards and Codes are followed, or where any
conflict exists between this Directive and other company standards and Codes, the
deviations shall be resolved by the HCIS. Deviation lower than the requirements of
this directive shall be listed and submitted in a report of compliance or non
compliance, with justification and reason, for each applicable requirement of these
security directives, and approval shall be received from the HCIS prior to
implementation. The documents shall be retained by the company in its permanent
engineering files.
2.0. Definitions
HCIS High Commission for Industrial Security. The HCIS is part of the
Ministry of the Interior. It is responsible for the development, and
implementation, of security, safety and fire protection strategies
Issue Date: 12/6/1431H/ 26/05/2010
RESTRICTED
AI! Rights reserved t HCIS. Copying or distribution prohibited without written permission from HCS
Page 3 0 f 2 3
Kingdom of Saudi Arabia %,%4%
#/kl
AA/i,3
High Commission for Industrial Security
Secretariat General
Kingdom-wide.
Operator: Company or owner of a facility.
SD Security Directives.
,...�,
Shall: Indicates a mandatory requirement.
Should: Indicates a recommendation or that which is advised but not
required.
ACS Access Control System: Manages access to facilities.
API American Petroleum Institute: An organization that defines
requirements for petroleum facilities. www.api.org
ETD Explosive Trace Detector: Detects presence of explosives.
FAT Factory Acceptance Test: Test conducted at contractor facility to
verify compliance with requirements.
SAT Site Acceptance Test: Test conducted after equipment installation
� at its final location to verify compliance with requirements.
IDAS Intruder Detection & Assessment System: Detects intrusion
attempt at perimeter, allows video surveillance and annunciates an

�,
alarm.
IMO International Maritime Organization: The United Nations agency
concerned with international maritime activities.
ISPS International Ship & Port Security: A set of regulations that
defines security of ships and port facilities. ISPS is part of the
IMO.
ISS Integrated Security System: Provides an integrated environment to
detect and delay intruders, monitor security environment and
annunciate alarms generated from facility security systems.
sec Security Control Center: A facility that monitors the complete
security environment in a designated area and manages alarms and
responses to security events.
sow Scope of Work: A study that defines the requirements for security,
safety and fire protection at a facility.
Issue Date: 12/6/1431H / 26/05/2010
RESTRICTED
All Rights reserved to HCS. Copying or distribution prohibited without written permission from HCS
Page 4 of23
Ministry of Interior Ji55

=! _ u,»» e.Al
Secretariat General »uJ Ly
3.0. References
This directive adopts the latest edition of the references listed.
The selection of material and equipment, and the design, construction, maintenance,
operation and repair of equipment and facilities covered by this Security Directive
shall comply with the latest edition of the references listed in each Security Directive,
unless otherwise noted.
API Security Vulnerability Assessment Methodology for the
Petroleum and Petrochemical Industries.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
AII Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 5 of23
High Commission for Industrial Security a!' .dl
Lr u.yI
Secretariat General
4.0. General Requirements
4. I . Minimum requirements that apply to this Directive:
4 . 1. 1. The High Commission for Industrial Security (HCIS) reserves the righ t to
modify and/or make changes, as deemed necessary, to the Security
Directives without prior notice.
4.1.2. The national security of Saudi Arabia, including the security of the economy
and the well being of its population, depends directly on physical and
operational safety of a range of facilities across Saudi Arabia. The
criticality of each facility varies depending on the product or service
provided. Therefore, the High Commission for Industrial Security (HCIS)
shall have the ultimate authority on classifying all facilities.
4 . 1. 3 . Facilities shall have adequate levels of protection as defined within these
Security Directives.
4 . 1. 4 . The level of protection at each facility shall be dictated by its security
classification. HCIS reserves the exclusive right to classify facilities
according to its internal criteria or any new security requirements.
4.1.5. Guidelines are provided with this Security Directive in order to permit the
Operator to develop a preliminary evaluation of facility classification.
4.1.6. All security design shall be carried out by qualified security consultants or
qualified companies who have been approved by the HCIS.
4.1.7. The Operator shall develop a detailed security vulnerability assessment or
risk analysis, performed by a qualified security consultant, that shall be used
as the basis of facility classification. This shall follow the methodology
specified in the API document Security Vulnerability Assessment
Methodology for the Petroleum and Petrochemical Industries.
4.1.8. This facility classification and risk analysis shall be submitted to HCIS for
approval prior to security system design development or implementation.
4.1.9. The information contained herein will be used to define the l e vels of
protection required for fac iliti es in the Kingdom of Saudi Arabia (KSA) that
fall under the supervision of the High Commission for Industrial Security
(HCIS) of the Ministry of Interior, Kingdom of Saudi Arabia.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
Al! Rights reserved to HCIS Copying or distribution prohibited without written pemission from HCIS
Page 6 o f 23
Kingdom of Saudi Arabia ±24%2\ea
de& - Se
Ministry of!nterior A+»55,,
High Commission for Industrial Security +=! ,»

Secretariat General tut Lu'yr
4 . 1 . 1 O. The details of protection required for each facility is described in individual
Security Directives that cover each aspect of the requirement.
4.1.11. Operators who operate offshore or marine facilities shall ensure that they
provide an adequate level of security measures to protect these facilities.
Operators shall apply aspects of the International Ship and Port Facility
Security Code (ISPS), issued by the IMO, that apply to their offshore or
marine facilities.
Companies that operate marine facilities shall define an exclusion zone
around each marine facility. They shall ensure that adequate warning signs
are deployed on strategically located buoys advising incoming traffic that
they are entering a restricted area. These warning signs shall comply with
prevailing Saudi Arabian and international marine standards on sign
construction and design. Operator shall be responsible for ensuring all
required permissions and standards for buoy deployment are complied with
and that the buoys-are maintained in good condition.
Operator shall deploy marine barriers to protect marine facilities.
Deployment of these barriers shall not compromise safety considerations for
the facility.
4.1.12. These Security Directives supersede all older S S D ' s previously issued by
the HCIS.
4.2. Facility Classification
Facilities shall be classified based on a four (4) level classification methodology. The
general criterion for each level is defined in the sections below.
4.2.1. Class 1 Facility
A Class 1 facility is defined as any facility whose destruction, or serious
damage, could seriously damage the Kingdom's economy or gravely disrupt
the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.1.1. Very large capital investment
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
AI Rights reserved to HCIS. Copying or distribution prohibited without written pennission from HCIS
Page 7 of23
Ministry of Interior Ai1,,

+= - hi
Secretariat General ult UyI
4.2.1.2. Loss presents an unacceptable financial risk.
4.2.1.3. Loss of function/capacity cannot be made up by other existing
facilities.
4 . 2 . 1 . 4. Directly and seriously impacts hydrocarbon exports.
4 . 2 . 1. 5 . Major threat to environment or population due to damage or
destruction.
4 . 2 . 1. 6 . Critical infrastructure, regardless of capital investment or availability
of alternates.
Class I Facility Examples
Examples of facilities that are classified as Class I are as follows:
4 . 2 . 1. 7 . Major Oil & Gas production, processing, transportation and export.
4 . 2 . 1. 8 . Major Oil Refining and Storage.
4.2.1.9. Major Electricity Generation Facilities.
4 . 2. 1 . 1 0 . Major Water Desalination Facilities.
4 2 1 . 1 I. Major Commercial & Industrial Sea Ports.
4 . 2 . 1. 1 2 . Major Telecommunications facilities.
4. 2 . 1 . 1 3 . Major facilities using or producing chemicals whose flammability,
explosiveness, toxicity and evaporability may cause serious harm to
the environment or population if the facility is damaged or destroyed.
4 . 2 . 1 .1 4 . Manufacture and storage of commercial explosives.
4 . 2 . 1. 1 5 . Infrastructure that supports, or contains facilities or services, that are
deemed important to the national interest.
A Class 2 facility is defined as any facility whose destruction, or serious
damage, could cause short term damage to the Kingdom's economy or
temporarily disrupt the well being of its population.
4. 2 . 2. 1 . Medium capital investment
4.2.2.2. Loss of function/capacity can be compensated for short periods
by other existing facilities.
4.2.2.3. Directly impacts hydrocarbon exports but will not significantly
reduce them.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 8 of23
##Ek#<
Ministry oflnterior ±-ti55
High Commission for Industrial Security +a! _ A'
Secretariat General uh) 2uj
4.2.2.4. Possible threat to environment or population due to damage or
destruction.
4.2.2.5. Critical infrastructure, regardless of capital investment or
availability of alternates.
Class 2 Facility Examples
Examples of facilities that are classified as Class 2 are as follows:
4.2.2.6. Support facilities for hydrocarbon production, processmg,
transportation & export.
4.2.2.7. Hydrocarbon plants, such as major GOSP's.
4.2.2.8. Facilities using or producing chemicals whose relatively low
flammability, explosiveness, toxicity and evaporability present
medium level risk to the environment or population if the facility
is damaged or destroyed.
4.2.2.9. Infrastructure that supports, or contains facilities or services, that
are deemed important to the national interest.
4 . 2. 2. 1 0 . Major pumping facilities for oil and water.
4. 2. 2. 1 1 . Major computer facilities that manage the above items.
A Class 3 facility is defined as any facility whose disruption, or serious
damage, could cause minimal or no damage to the Kingdom's economy or
would not disrupt the well being of its population.
4 . 2 .3 . 1. Small capital investment
4. 2 . 3 . 2 . Loss of function/capacity can be compensated for an extended
period by other existing facilities.
4.2.3.3. No direct impact on oil exports.
4.2.3.4. No threat to environment or population due to damage or
destruction.
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
AI Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 9 of23
High Commission for Industrial Security >ell ' i.A
u Uy
Secretariat General
4.2.3.5. Minor Sea Ports.
4.2.3.6 Low Capacity Electricity Generation. (See S A F - 1 9 for details of
Power Generation Facilities).
4.2.3.7. Minor Telecommunications Facilities.
4.2.3.8. Bulk Plants.
A Class 4 facility is defined as any facility considered a facility that
supports a class 1, 2 or 3 facility and is either adjacent to, or remote to,
Class 1, 2 or 3 facilities.
4 . 2. 4 . 1 . Minimal capital investment
4.2.4.2. Loss of function/capacity can be compensated for an extended
period by other existing facilities.
4.2.4.3. No direct impact on oil exports.
4.2.4.4. No threat to environment or population due to damage or
destruction.
4.2.4.5. Supply Warehouses.
4.2.4.6. Office Support facilities.
4.3. Environmental Requirements
All devices installed for Security Directive compliance shall be capable of operating
continually when subjected to the environmental conditions of the installation site.
4.3.1. Indoor Air Conditioned Environment
All areas housing security devices in facilities shall be cooled with
redundant split or central air-conditioning units. Devices installed in
cabinets shall use a cabinet specific air conditioner.
Issue Date: 12/6/1431H / 26/05/2010
RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCS
Page IO of23
High Commission for Industrial Security +=! U r i,# l
Secretariat General LI uy
Window type air conditioners shall not be used for cooling any security
facilities or equipment.
4.3.2. Outdoor Environment
4.3.2.1. Equipment to be installed outdoor shall be designed to operate
without air conditioning or forced air ventilation system and
under the conditions of environment detailed below and shall
meet the specified performance when subjected to the full range
of these conditions.
4.3.2.2. Equipment that is not capable of operating in such temperatures
shall be installed in a cabinet with active cooling specifically
designed for the cabinet.
The contractor shall provide certification, by an independent
authority, that the cabinet is rated for operation in the conditions
specified in this section.
4.3.2.3. Ambient Temperature Range: -10° C to +65° C (excluding
temperature rise in cabinet)
4 . 3 . 2 .4 . Ambient Relative Humidity Range: 5% to 100%, non
condensing
4. 3 . 2 . 5 . The normal airborne dust concentration shall be considered as l
mg/ml. During sandstorm conditions, dust concentrations
reaching 500 mg/ml are encountered and winds may gust to l l 2
km/hr.
95% of all dust particles are less than 20 micrometers and 50%
of all particles are less than 1 .5 micrometers in size. Compounds
present in the dust include those of sodium, calcium, silicon,
magnesium and aluminum.
When in wet condition (I 00% humidity), these compounds
function as electrolytes and can result in severe corrosion of
other materials.
4.3.2.6. Other pollutants present (ppm vol. /vol. in atmosphere, worst
case) are:
20 ppm (vol/vol)
Issue Date: 12/6/1431H/26/05/2010
RESTRJCTED
Page 1 1 of23
<
=+.. w #
e I
%<a
f :'
t it""
High Commission for Industrial Security >-! t i.J
Secretariat General iu) Luy
CO: I 00 ppm (vol/vol)
NOx: 5 ppm (vol/vol)
so. IO ppm (vol/vol)
0: I ppm (vol/vol)
Hydrocarbons: 150 ppm (vol/vol)
4.4. Contractor Prerequisites for Security Project Execution
4 .4 . 1 . Designers, suppliers, contractors and systems for security related projects at
facilities classified under the Security Directives shall be approved by
HCIS.
4.4.2. The Operator shall be responsible for providing HCIS with required data at
least three(3) months before the scheduled security related project initiation.
This will allow a complete evaluation by HCIS of the project and the
proposed contractors.
4.4.3. Contractors and suppliers shall be certified by the Ministry of Interior and
the Ministry of Commerce & Industry.
4.4.4. The contractor shall be licensed by the competent authority at the Ministry
of Interior (the General Directorate of Public Security). The certification
shall clearly indicate that the contractor is authorized to engage in security
related work. It shall specify the nature and type of authorized activity and
shall be included in the commercial registration certificate issued by the
Ministry of Commerce and Industry.
4.4.5. The Commercial Registration (CR) certificate issued by the Ministry of
Commerce & Industry shall clearly specify that the contractor is authorized
to conduct security related work. It shall clearly state the vendors line of
business as either importing, designing, installing or maintenance of security
systems.
4.4.6. The Operator shall submit qualification data to the HCIS for approval of all
contractors selected for design and installation of security related work.
Contract award for design, installation or maintenance shall not proceed
until such approvals are received from the HCIS.
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
A Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 1 2 of23
$84±k
#l<at
Ministry of Interior -a55

+--! _! •
uJ Luy
Secretariat General
The data submitted to the HCIS shall include, but not be limited to, the
following:
A) Valid copies o
f commercial registration, showing license specified in
4.4. 5. above.
B) Chamber o
f Commerce membership
C) Registration & classification certificate issued by the Ministry o

f
Municipal & Rural Affairs.
D) Company profile
E) Full names and details about company owners, director, senior project
personnel, system designer and installation management..
F) List o
f previous projects o
f a similar nature that have been executed
List must show the type of work, size o

f project, dates and user of the
executed project.
G) Whether company performing the work is a subsidiary or part o

f
another organization
H) Head office address & contact details for all prime and sub
contractors.
4.4.7. The Operator shall ensure that the company selected for security related
work shall have adequate engineering capabilities and qualified manpower
to design, install, test and maintain the system and execute all work
requirements.
4.4.8. The Operator shall submit to HCIS full details of all Saudi and foreign
companies participating in the work.
HCIS reserves the exclusive right to approve or reject any company
proposed to perform the work.
The Operator shall ensure that all companies participating in the work are
approved by HCIS prior to work initiation.
4.4.9. The Operator shall ensure that the company selected for security related
work shall have prior technical experience inside or outside the Kingdom in
similar work that matches the scope, and magnitude, of the current work.
44.10. The security system contractor shall formally assume, certified in writing,
total responsibility for executing all phases of the work. All sub-contractors
shall be approved by HCIS prior to any contract award. The procedures for
approval of sub-contractors shall be the same as for the primary contractor.
4.4. I I. Contractors receiving bid documents or working on security system design,
installation, support or maintenance shall sign Non-Disclosure Agreements
Issue Date: 12/6/14311H/26/05/2010
RESTRICTED
All Rights reserved t HCIS. Copying or distribution prohibited without written pemission from HCS
Page 1 3 0f23
Ministry of Interior )- L i ,
High Commission for Industrial Security sh _A'A
Secretariat General Lr uyf
(NDA) specifying that the contractor shall maintain all work related
documents in confidence and not disclose them to any third party without
prior written approval of the Operator.
4.4.12. Contractors performing security related work shall fonnally certify, in
writing, that they shall provide, for at least 1 0 years, after-sales services,
support and spare parts for all devices and systems installed.
4 . 4. 1 3 . The Operator shall provide HCIS with a detailed list of major system and
equipment for all security related work. The list shall include model
numbers, descriptions, manufacturer and local agent.
4.4.14. HCIS shall have the right to reject any of the systems or equipment. In case
any system or equipment is rejected by HCIS the Operator shall replace it
with approved system or equipment or submit additional system or
equipment details for approval.
4.4. l 5. The Operator shall ensure that any prerequisites required by current rules
and regulations in effect are included in the project scope.
4.4.16. There shall be no outstanding objections, reservations or claims by any
other party against the contractor executing the work.
4 . 4. 1 7 . All submissions to HCIS shall be in writing.
5.0. General Requirements for Executing Security Projects
HCIS shall approve all security related work executed by companies that fall under
the supervision of the Security Directives. HCIS approvals shall be secured as
detailed in the following sections.
5 . 1. Project Worktlow Overview
Projects that fall under the jurisdiction of the HCIS shall follow the following general
sequence to ensure requisite approvals are received from HCIS on a timely basis:
Issue Date: 12/6/14311/26/05/2010
RESTRICTED
Page 1 4 of23
High Commission for Industrial Security +a u»»el
uhr uy
Secretariat General
Task Description Transmit
documents to HCIS
I Concept Company develops concept for a new Operator
project Discretion
2. Classification Company classifies project security Operator
level as specified in SEC-OJ Discretion
r, 3 Risk Analysis SEC-OJ, section 4. 1.6. Operator
Discretion
4. Conceptual Shows the classification o

f afacility, 3 months before
Design (10%) the risk analysis and a proposed preliminary design
security design overview
5. Preliminary Shows details o

fALL aspects o
f After Preliminary
Design (PD) security related elements at facility Design bas
completed internal
(30%)
Operator review
6. Detail Design Final Design offacility after all 3 months before

--
.
internal and HCIS reviews start of

(60%/90%)
construction
·- 7 Construction After HCIS approvals are received Operator
Release Discretion
,-� 8. Final As-Built Retain drawings in internal company None
Drawings archive
This section provides an overview of the project workflow for projects. Details for
the specific phases can be found in the following sections.
5.2. Conceptual Design
The conceptual design to be submitted to HCIS shall contain three main elements:
• The Classification of the proposed facility and the basis for the classification.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
Page 1 5 of 23
= % #4 kl
++ '
.
t
g
a
e ; "S
i
I
t
R ' _I
High Commission for Industrial Security +=)_ A» .l

Secretariat General uh Ly
• The risk analysis that has been perfonned.
• Security design overview
HCIS shall evaluate this information and inform the Operator of its acceptance or any
issues with the submission. This evaluation shall allow the preliminary design to
proceed with an accepted basis.
5.3. Preliminary Design
5. 3 . 1 . The Operator shall prepare a preliminary design package, developed by a
qualified security consultant, that details the Scope of Work (SOW), main
and auxiliary elements of security related work and site specific
requirements.
5.3.2. Te preliminary design package shall include the following at a minimum:
5 . 3 . 2 . l. Site Layouts showing main security related activity, device
locations and system locations.
5 . 3 . 2. 2 . Area covered by the Access Control System (ACS), Intrusion
Detection System (IDS) and Video Assessment & Surveillance
System (VASS) when installed. Information shall also be
provided for any additional systems installed by the Operator
above and beyond the directive requirements.
The preliminary design shall provide, at a minimum, general
details on ACS location & number of card readers, IDS zones,
layout & hardware/software, VASS cameras, zones
hardware/software.
5 . 3 . 2. 3 . Details of fencing, lighting, patrol road, security control room
and clearances for each site. The information provided shall
include the position of each element relative to each other and
the facility.
5.3.2.4. Location and installation details for main gates, restricted area
gates and emergency gates. This section shall provide details of
all devices that shall be installed at each of these gates.
5 .3 .3 . The Operator shall submit this data to HCIS as specified in 4.4.2 of this
security directive.
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
Page 1 6 0 f 2 3
High Commission for Industrial Security +=in A l i.
Luy
Secretariat General
5.4. Detail Design
5.4.1. The Operator shall prepare a detail design package, prepared by a qualified
security consultant, that provides detailed technical specifications,
engineering design and list of bidders for main design elements. All
information provided to HCIS shall be up to date at the time of submission.
5.4.2. During construction, the Operator shall ensure that ongoing construction
sites shall be surrounded by a category 4 fence and adequate separation
maintained from existing facilities.
5.4.3. A copy of the detail design package shall be provided to the HCIS for
approval at least three months prior to awarding the bid, ordering materials
or initiating any work specified under the detail design package. This data
shall include the items listed below. The Operator shall be responsible for
any delay that may occur due to non-compliance with the time requirements
mentioned above of failing to demonstrate compliance with the
requirements in the HCIS security directives related to the project work.
The Operator is required to meet HCIS time requirements for approvals and
ensure full compliance with the security directives.
5.4.4. The detailed design package shall include a list of contractors on the bidders
list. The certification of the contractors, as specified under section 4.4. of
this security directive, shall be supplied as part of this package.
5.4.5. A compliance list showing compliance or non-compliance, with justification
and reasons, for each applicable aspect of the HCIS security directives &
project specifications shall be provided as part of this package.
5.4.6. A list of all equipment, hardware, software, and devices shall be provided as
part of this package:
5.4.6.1. Manufacturers name/or each system or equipment
5.4.6.2. Certificate for material compliance that shows that material complies
with required standards
5.4.6.3. Period in which device has been available in local and international
markets
5. 4. 6. 4 Local users o
f the product.
5.4.6.5. Name & address o

f local agent
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
Al Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCS
Page 17 0f23
2 3 p ; s t , ;z
T ±ll
Ministry of Interior -n55,,
High Commission for Industrial Security sh ;- N u,J . )
Secretariat General uh» Ly
5.4.6.6. Local agent Commercial Registration as specified in section 4.4. o

f
this security directive.
5.4.7. The proposed work execution schedule shall be provided as part of this
package.
5.4.8. Copies of original manufacturer catalogs and device specifications shall be
provided as part of this package.
5.4.9. The technologies, devices and systems to. be supplied for the project shall be
obtained from credible and reputable sources and manufacturers. The full
identities of all sources and manufacturers shall be accurately disclosed in
the documentation sent to HCIS.
5.5. Construction Release
Once all HCIS approvals have been received the design can be released to the
installation contractor for construction.
5.6. Installation Contractor
The installation contractor shall be certified as specified in section 4.4 of this security
directive.
5.7. Performance Requirements
5.7.1. The Operator shall ensure that all systems and devices used for security
compliance shall incorporate the latest technologies that meets the
specifications and is in production by the supplier.
5.7.2. Systems deployed for security directive compliance shall operate in an
integrated environment as specified in security directive SEC-05 "Integrated
Security System".
5.7.3. Alarm prioritization shall be a part of all systems.
Issue Date: 12/6/1431H/26/05/2010
RESTRICTED
Page 1 8 of23
.
%al
<all
""
t
l _ » e.
Secretariat General ud uyr
5.7.4. All critical system devices such as, but not limited to, computers and
networks, shall operate in a fully redundant mode as specified in security
directive SEC-05 "Integrated Security System" and other security directives
that apply to auxiliary systems such as power supplies, lighting and
communications.
5.7.5. System components shall have the capability for future expansion. The
system shall have at least 50% spare capacity when it is initially deployed.
This spare capacity includes, but is not limited to, computer memory and
disc space.
5.7.6. Systems shall be designed so that failure of a sin gl e component or
subsystem shall not result in the failure of the system. When a failure
occurs, system shall fail-secure or fail-safe depending on the requirements
of the function. .
5.7.7. System components and devices shall have tamper sensors and shall
annunciate an alarm for any attempt to open, modify, remove, or cut system
devices and communications cabling.
5.7.8. Systems shall be designed around open architecture to permit easy
integration of technology advances.
5.7.9. All main system components shall have the ability to send data, text or
video, as applicable, to an external system, when main system is configured
to do so. All external system communications and data transfers shall be in
full compliance with all security considerations mentioned in the Security
Directives.
5.8. Performance Validation
5.8. I. System performance shall be validated by a Factory Acceptance Test (FAT)
which shall verify compliance with all detail design and functional
requirements. All major exceptions shall be cleared prior to shipment to the
installation site.
The documented results of the FAT shall be used as the basis of system
acceptance by the Operator. The system contractor shall produce a FAT
certificate certifying full compliance with all requirements which shall be
Issue Date: 12/6/1431 /26/05/2010
RESTRICTED
Page !9of23
Ministry of Interior -Ii,Ny5
High Commission for Industrial Security =hu» ,A
Secretariat General u u
signed by both the system contractor and the Operator or his representative.
The FAT documentation shall be available for examination by HCIS.
5.8.2. Installations at each site shall be validated by a Site Acceptance Test (SAT)
which shall verify compliance with all installation & performance
requirements.
The documented results of the SAT shall be used as the basis of site
acceptance by the Operator. The SAT documentation shall be available for
examination by HCIS.
e-
5.9. Maintenance & Support
5.9.1. The Operator shall ensure that all security' installations are supported with a
complete maintenance and support infrastructure.
5.9.2. The system contractor shall provide all details and tools required for system
maintenance. This shall include maintenance manuals, software
diagnostics, special tools, calibration equipment and procedures.
5.9.3. The maintenance manuals shall contain recommended maintenance
intervals, procedures and recommended spare parts lists.
5.9.4. The Operator shall be responsible for implementing a maintenance strategy
to meet recommended maintenance requirements for all equipment.
5.9.5. All emergency backup generators shall be started up and maintained as
specified in SEC-07. Once a month the auto-switch switchgear shall be
tested.
Generator maintenance logs for the current calendar year shall be available
for inspection by HCIS if requested.
5.9.6. All components shall have regularly scheduled preventive maintenance
(PM) at least once every 6 months with the exception of emergency backup
generators which must be tested as stated in section 4.5 of SEC-07. The
actual PM performed shall be documented and available for review for at
least one calendar year. During PM the performance of the component shall
be validated to perform to its design requirements.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
Page 20 of23
Ministry of Interior 1 5 ,
High Commission for Industrial Security =' _ u»J _.A
Secretariat General uh uyr
5.9.7. The Operator shall have a facility, manned 24 hours a day, 7 days a week,
available for field personnel to report failures via telephone, radio or
security system telemetry.
5. 9 . 8 . Operator shall be responsible for classifying system failures as critical or
non-critical failures. Critical failures shall be rectified as soon as possible.
5.9.9. System failures and alarms shall be analyzed quarterly by the Operator to
identify potential problem areas. This quarterly review shall be used as the
basis for the development of strategies to rectify the problems identified.
5. 9 . 1 0 . The Operator shall maintain documentation for all security equipment
installed. This documentation shall include full contact details of
component manufacturers, part numbers, recommended spare parts and
maintenance manuals needed for each security installation.
5.9.1 I . The Operator shall maintain a full set of As Built drawings for all security
systems and civil work. The drawings shall be maintained as soft copy in an
easily accessible format. The Operator shall maintain an index of all
drawings pertaining to all security related work. All drawings shall be
stored in a secure location and in a secure format.
5.9.12. All Maintenance activities shall be documented and retained for a 1 2 month
period. The documentation shall be available for review by HCIS.
e
5.9.13. The Operator shall conduct periodic audits of all security equipment as
specified in SEC-12.
5.10. Training
The Operator shall ensure that training is provided to security personnel in the
operation and support of all security related systems and devices.
The operational training requirements are as follows:
5.10.1. Training shall be provided to security personnel, assigned to a location with
a new security installation, prior to system or device deployment.
5.10.2. The training shall cover procedures, general system operation, failure
reporting procedures, methods for handling reported errors and alarms,
alarm acknowledgement and response.
Issue Date: 12/6/1431H /26/05/2010
RESTRICTED
AII Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 21 of23
Kingdom of Saudi Arabia 55,2%3=a
Ministry of Interior -u555
High Commission for Industrial Security +a! 4J ) . l
Secretariat General l!I Luy
5.10.3. The Operator shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personnel name, date and type
of training provided.
5.10.4. Personnel assigned to locations with security installations shall undergo a
short training period prior to assuming their new duties.
The support training requirements are as follows:
5.10.5. Personnel directly involved in system support shall be provided training in
all aspects of systems software, hardware, diagnostics and preventive
maintenance.
5 . 1 0. 6 . The Operator shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personnel name, date and type
of training provided.
5.11. Response to Emergency Events
The Operator shall setup the infrastructure, procedures and personnel to develop a
cohesive, rapid response to an emergency event. This shall include the management
of fixed and mobile security assets using a proven command and control system
where an overview and details of emergency events shall be available to operators.
Personnel designated for a rapid response force shall be provided with additional
training as needed to meet expected emergencies.
The security directives issued by HCIS shall be used as the basis of defining,
preparing and training for emergencies.
Issue Date: 12/6/1431H/ 26/05/2010
RESTRICTED
Page 22 of23
Kingdom of Saudi Arabia .wg#a!
$ , ' g 5M i
(2
t " t
, :
Ministry of Interior b'As!j
High Commission for Industrial Security =l ± t' ,
Secretariat General
89 u» Ly
6.0. Application of Requirements
This section lists how the elements of this security directive apply to facilities depending on
their classification using the criteria stated in section 4.2 of this directive.
] A P P L I C A T I O N
E L E M E N T j Class 1 ,· Class 2 ! Class 3 , Class 4
Minimum Requirements that Apply to this

✓ ✓ ✓ ✓
Directive
Facility Classification ✓ ✓ ✓ ✓
Environmental Requirements ✓ ✓ ✓ ✓
Contractor Prerequisites for Security Project

✓ ✓ ✓ ✓
Execution
General Requirements for Executing

✓ ✓ ✓ ✓
Security Projects
Issue Date: 12/6/14311 /26/05/2010
RESTRICTED
Page 23 of23

Security Directives For Industrial Facilities: Kingdom of Saudi Arabia

Uploaded by

Copyright:

Available Formats

You might also like

Security Directives For Industrial Facilities: Kingdom of Saudi Arabia

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Directives For Industrial Facilities: Kingdom of Saudi Arabia

Uploaded by

Copyright:

Available Formats

KINGDOM OF SAUDI ARABIA

HIGH COMMISSION FOR INDUSTRIAL SECURITY Av1-±.

FOR INDUSTRIAL FACILITIES

HIGH COMMISSION FOR INDUSTRIAL SECURITY

FOR INDUSTRIAL FACILITIES

SEC-01 Application of Security Directives

SEC-02 Security Fencing

SEC-03 Security Gate

SEC-04 Security Lighting

SEC-05 Integrated Security System

SEC-06 Security Devices

SEC-07 Power Supply

SEC-08 Security Doors

SEC-09 Security Locks

SEC-10 Security Doors

SEC-11 Identification Cards

SEC-12 Information Protection

Issue Date 12/6/1431H/ 26/05/2010

HIGH COMMISSION FOR INDUSTRIAL SECURITY

FOR INDUSTRIAL FACILITIES

Application of Security Directives

HIGH COMMISSION FOR INDUSTRIAL SECURITY

FOR INDUSTRIAL FACILITIES

Application of Security Directives

Issue Date: 12/61431H/26/05/2010

High Commission for Industrial Security +=h u» ,Al

SEC-01 Application of Security Directives

1.2 APP!CATION .......so»..sos. . .. .. . . . 3

1.3. CONFLICTS &R D E V I A TI O N S . . . . . . s o . . . . . . . . . . . . . . . . . . . . . .

4.1. MINIMUM REQUIREMENTS THAT APPLY TO THIS DIRECTIVE:..........

4.2.3. Class 3 Facility . . 9

4.3. ENVIRONMENTAL REQUIREMENTS . . . . . . . s o . s o s . . . . . . . . . . . . . . . » . • . . 10

4.3.1. Indoor Air Conditioned Environment. . .. 10

4.3.2. Outdoor Environment . .. 11

4.4. CONTRACTOR PREREQUISITES FOR SECURITY PROJECT EXECUTION . . . .. . . . . .. .. 12

5.0. GENERAL REQUIREMENTS FOR EXECUTING SECURITY PROJECTS 14

5.1. PROJECT WORKFLOW OVERVIEW . . • . . . • • . . . . . • . . . . . . . . . . . • . . . • . . . . . • . . • . • . • . . . . . . . • . . . . . • . . . . . . . . . . • . • • • . . . • . • . . . . . • • . • • . . .14

5.2. CONCEPTUAL DESIGN . 15

5.3. PRELIMINARY DESIGN . 16

5.4. DETAIL DESIGN . 17

5.5. CONSTRUCTION RELEASE 18

5.6. iNSTAllATION CONTRACTOR 18

5.7. PERFORMANCE REQUIREMENTS . . . . . 8 8 · + - · 8 8 8 8 8 8 . 8 . 8 8 8 8 . . 3 8 8 8 6 0 . 8 o o o o o o o o .18

5.8. PERFORMANCE VALIDATION 19

5.9. MAINTENANCE SUPPORT...»oo»so..»oooooooooooooooooo-oooooooooo· .2G

5.10 TRAINING , ........•.•............ •. 21

5.11. RESPONSE TO EMERGENCY E V E N T S . . . . . . . . . . . . .. .. . . . . .. .. . . .. .. .. .. .. . .. . .. . . . . .. .. .. . . . . .. .. .. . . . .. .. .. . 22

6.0. APPLICATION OF REQUIREMENTS 23

Issue Date: 12/6/1431H/26/05/2010

High Commission for Industrial Security +±! u» .Al

SEC-01 Application of Security Directives

(HCIS), Ministry of Interior, for application of security directives.

state of the facilities to the requirements of these Directives, those identified

deficiencies shall be corrected by the Operator.

1.3. Conflicts & Deviations

Where implementation of a requirement is unsuitable or impractical, where other

this directive shall be listed and submitted in a report of compliance or non­

implementation. The documents shall be retained by the company in its permanent

this directive shall be listed and submitted in a report of compliance or non