API RP 70:2003 pdf download

API RP 70:2003 pdf download.Security for Offshore Oil and Natural Gas Operations.
5.2 Facility owners/operators and contractors should keep abreast of the latest sccurity alerts and govermment intelligence information and disseminate this information, as appropriate, throughout the organization Facility owners/ operators should evaluate and respond appropriately to this information to safcguard personnel and assets
5.3 Facility owners/operators should report, as appropriate, suspicious activities and behaviors, attempled incursions, terrorist threats, or actual events to the appropriate agencies. See Appendix A for an example communications protocol developed by the Gulfr Safety Commite
5.4 Fach facility owner/operator should cstablish clear communication channels and procedures for asssing, preparing for, and responding to potential or actual hreats.
5.5 Fach facility owner/operator should establish and maintain flective liaison with local emergency response agencies and organizations, as appropiate.
5.6 Fach facility ownerloperator should be aware of existing sccunty regulations, standards and operating practices as they relate to their assets.
5.7 Fach facility owner/operator should develop a policy for control of relevant secunity sensitive information (SSI).
6 Security Vulnerability Assessment (SVA)
If a facility meets or exceeds any of the threshold characteristics established and published by the U.S. Coast Guard, a SVA will be required Additionally. a facility may by deemed critical by a particular ownerloperator for a variety of other reasons. Fach owner/operator should not only review the threshold characteristics, they should also determine ifa SVA is warranted based on their own unique criteria
After an initial evaluation to determine which facilitics are critical, a sccurity vulncability assessment (SVA) should be conducted for these critical facilies The SVA is a sccondary
evaluation that examines a facility’s characteristics and operations to identify potenial threats or vulnerabilities and existing and prospective sccunity measures and prcedures
designed to proleet a facility.
7 Security Plans
7.1 SECURITY PLAN CONSIDERATIONS
Secunty planning starts with sound policy and procedures in place. The facility owneropenator should develop either an owner/operator-wide, multiplc -facility or facility-specific
security plan. Refer to Appendix D for an Example Model Security Pan
The sccurity plan should incude the fllowing clements
1. The measures being taken to detect or deter an attack or incursion;
2 The responses that may be considered at various Security alert conditions, including the response to an actual attack, intrusion, or event,
3. Means of mitigating the consequences of an incident, if any, and;
4 If applicable, any aditional sccurity measures identified in the SVA described in Section6.
The plan should be kept confidential for security reasons.
The plan should be reevaluated and updated peniodically.
A brief overview of the individual framework elements is provided in this section, as well as a roadmap to the more specific and detailed description of the individual elements that
comprise the remainder of this recommended practice.
7.2 SECURITY PLAN EL EMENTS
In developing a security plan, the facility owner/operator should consider several basic clements
This document recognizes the importance of flexibility in designing sccurity plans and provides guidance commensurate with this need.
It is important to recognize that a secunity plan could be a highly integrated and iterative process.
7.2.1 Develop Baseline Security Plan
A plan is devcloped to address awareness, communication and response actions, as applicable to the most significant risks to the facility. The output of the SVA, if conducted, should be included in the formulation of the plan.
Minimum Bements to be considered
●Management and employee secunty responsibilities,
●Communications wihin the company and with relevant
governmental authorities,
●Faility access (personnel, gods and equipmnent);
●Restricted area(s). if applicable;
”Security training and drills;
●Asssment of security drills and exercises;
Handling sccurity sensitive rclated information (SSI).