API RP 70:2010 pdf download

API RP 70:2010 pdf download.Security for Offshore Oil and Natural Gas Operations.
7 Security Plans
7.1 SECURITY PLAN CONSIDERATiONS
Security planning starts with sound policy and procedures in place. The facility owner/operator should develop either an owner/operator-wide, multiple-facility or facility-specific security plan. Refer to Appendix D for an Example Model Security Plan.
The security plan should include the following elements:
1. The measures being taken to detect or deter an attack
or incursion;
2. The responses that may be considered at various security alert conditions, including the response to an actual
attack, intrusion, or event:
3. Means of mitigating the consequences of an incident. if
any. and;
4. If applicable, any additional security measures identified in the SVA described in Section 6.
The plan should be kept confidential for security reasons. The plan should be reevaluated and updated periodically.
A brief overview of the individual framework elements is provided in this section. as well as a roadmap to the more specific and detailed description of the individual elements that comprise the remainder of this recommended practice.
7.2 SECURITY PLAN ELEMENTS
in developing a security plan. the facility owner/operator should consider several basic elements.
This document recognizes the importance of flexibility in designing security plans and provides guidance commensurate with this need.
It is important to recognize that a security plan could be a highly integrated and iterative process.
7.2.1 Develop Baseline Security Plan
A plan is developed to address awareness, communication and response actions, as applicable to the most significant risks to the facility. The output of the SVA, if conducted, should he included in the formulation of the plan.
Minimum Elements to be considered:
• Management and employee security responsibilities:
• Communications within the company and with relevant governmental authorities;
• Facility access (personnel, goods and equipment);
• Restricted area(s), if applicable:
• Security training and drills;
• Assessment of security drills and exercises:
• Handling security sensitive related information (SSI) and security related communications:
• Audits and inspections;
• Recordkeeping;
These correspond to the three MARSEC levels. The following actions may be utilized. Deviations should be expected.
7.4.1 Threat Level Green (Low)
Applies when there is a minimal risk of threat activity directed toward the offshore oil and gas industry. The owner/ operator should have a baseline security plan and monitoring of intelligence information in place.
1. Security plan reviews and security exercises are conducted periodical iy.
2. Security Awareness. Personnel Vigilance and Incident
Reporting Programs ongoing.
3. Personnel are advised on the relevant security plan.
Selected measures from higher threat levels may be considered for application on a consistent or random basis. This level should be capable of being maintained indefinitely.
7.4.2 Threat Level Blue (Guarded)
The owner/operator should continue to actively monitor intelligence information. In addition to the Level Green measures, the owner/operator should:
1. Communicate threat level and specific security information to appropriate personnel.
2. Review plan and communication procedures.
Selected measures from higher threat level may be considered for application on a consistent or random basis. This level should be capable of being maintained indefinitely.
7.4.3 Threat Level Yellow (Elevated)
The owner/operator should continue to actively monitor intelligence, liaising directly with appropriate agencies.