SAEP-120

Execution Requirements for Security Projects

September 20, 2017

This procedure outlines the minimum mandatory procedural requirements for executing security
projects at Saudi Aramco facility. The scope spans from project initiation to completion, and
includes security contractors’ qualification requirements, Security Risk Assessment Study
requirement, security drawings requirements, and High Commission of Industrial Security (HCIS)
submittal contents and mandatory approval requirements.

This document is intended for Saudi Aramco use only. No part of this document may be distributed, reproduced, stored in any retrieval
system, or transmitted in any form or by any means (electronic, mechanical, reprographic, recording, or otherwise) without the prior
written consent of Saudi Aramco.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 1 of 21
SAEP-120 Execution Requirements for Security Projects

Responsible Department: Industrial SecurityIndustrial Security

Committee: SecuritySecurity

Revision
Publication Date Summary of Changes Contact ID
Type
Title changed from “Security Drawings for Saudi Aramco
Facility” to “Execution Requirements for Security
Projects”
September 20, 2017 Major Expanded scope to include all project execution ABUASSGM
requirements, and aligned with April 2017 HCIS Security
Directives, specifically SEC-14 Security Projects
Management

06/30/2014 Major Revised to comply with 3-year cycle, reaffirmed contents ABUASSGM

9/16/2008 New New, titled “Security Drawings for Saudi Aramco Facility” ABUASSGM

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 2 of 21
SAEP-120 Execution Requirements for Security Projects

Contents
1. Scope ..............................................................................................................................5
Application ......................................................................................................................... 5
Requirement Definition ...................................................................................................... 5
Handling and Distribution ................................................................................................... 5
2. Conflicts and Deviations ...............................................................................................5
3. Security Contractors Requirements.............................................................................5
Security Consultant ........................................................................................................... 5
Security Contractor ............................................................................................................ 6
Non-Disclosure Agreement ................................................................................................ 6
Equipment Warranty and Support Requirements ............................................................... 6
4. Security Submittals General Requirements ................................................................6
Project Proposals and Detailed Design Package General Requirements .......................... 6
HCIS Submittal General Requirements ............................................................................. 7
5. General Requirements of Security Drawings ..............................................................8
Drawings Preparation and Format ..................................................................................... 8
Drawings Content .............................................................................................................. 9
6. Project Submittals Specific Requirements ................................................................ 11
STAGE-1 HCIS Submittal: Security Risk Assessment and Conceptual Design................ 12
STAGE-2 HCIS Submittal: Preliminary Design ................................................................ 13
STAGE-3 HCIS Submittal: Detailed Design ..................................................................... 14
STAGE 4 HCIS Submittal: Operational Readiness .......................................................... 17
7. Responsibilities ........................................................................................................... 18
Execution Agency ............................................................................................................ 18
Proponent Organization ................................................................................................... 19
Industrial Security Support Department (ISSD) ................................................................ 19
Drawing Management Unit (DMU) of Engineering Knowledge and Resources Division
(EK&RD).......................................................................................................................... 19
8. Terminology ................................................................................................................. 19
Acronyms ........................................................................................................................ 19
Definitions........................................................................................................................ 20
9. References ................................................................................................................... 21
Saudi Aramco Documents ............................................................................................... 21

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 3 of 21
SAEP-120 Execution Requirements for Security Projects

Industry Codes and Standards ........................................................................................ 21

Other References ............................................................................................................ 21

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 4 of 21
SAEP-120 Execution Requirements for Security Projects

1. Scope
This procedure outlines the minimum mandatory requirements for executing security projects at
Saudi Aramco facility. The span covers project planning to completion. The scope includes:
 Security contractors qualification requirements
 Security Risk Assessment Study Requirement
 Security drawings requirements
 HCIS submittals and mandatory approval requirements
Application
This procedure is applicable and shall be invoked when executing all projects that provide or
require new or upgraded security countermeasures at Saudi Aramco facilities
All facilities under HCIS jurisdiction require strict compliance with HCIS requirements of
workflow submission and approval, package content, construction, installation, contractor
selection.
Requirement Definition
This document uses ‘requirement’ language. Please note the following definitions:
Shall mandatory
Should or must recommendation, strongly preferred
May permissible/optional
Can possible or capable
Handling and Distribution
This document is classified as Company General Use. See GI 710.002.

2. Conflicts and Deviations

Any conflict between this document and other applicable Mandatory Saudi Aramco Engineering
Requirements (MSAERs) shall be addressed in writing to the EK&RD Coordinator.
Any deviation from the requirements herein shall follow company procedure SAEP-302, Waiver
of a Mandatory Saudi Aramco Engineering Requirement.
For any deviation requests against the HCIS Security Directive (SEC) requirements, see SAES-
O-201.

3. Security Contractors Requirements

Only qualified and HCIS-licensed security consulting firms and contracting firms shall be hired to
provide any related work to Security Projects under HCIS jurisdiction.
Note: List of HCIS licensed contractors and consultants are available online at the HCIS central Licensing
Unit (). Access is available to Industrial Security Support Department, who may advise the Execution
Agency of updated listing, noting that the list is Confidential and shall not be released to any entity outside
Saudi Aramco, including General Engineering Services Contractors.

Security Consultant

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 5 of 21
SAEP-120 Execution Requirements for Security Projects

3.1.1 HCIS-licensed and independent security consulting firm(s) shall be hired to execute the
following actions per each stage of HCIS submittals.
 Stage 1: Execution of Security Risk Assessment Study
 Stage 2: Develop/Review Preliminary Security Design (if required by
ISSD)
 Stage 3: Review and endorse detailed design and device selection
developed by the security design contractor (if required by ISSD)
o Stage 4: Monitor Testing and commissioning of the security systems
(if required by ISSD)
3.1.2 The security consultant shall be independent and shall not partner with any company, or
subsidiary, engaged in execution of the facility security system installation and/or
implementation.
3.1.3 Companies selected for the role of Security Consultant for a project, are not permitted to
work on, or bid for, the installation of the security system of the same project.
3.1.4 The execution agency, in consultation with ISSD, shall validate the consultant’
qualification, resource capacity, expertise, track record during procurement planning and
prior to award action.

Security Contractor
Security design and execution contractors are responsible for executing the following elements
of HCIS workflow:
 Stage 3: Detailed Design Development and Execution, including, but not limited to:
o Design Development
o Device Selection and Procurement
o Construction
o Installation
 Stage 4: Testing and Commissioning of the security systems
Non-Disclosure Agreement
The execution agency shall execute a project-specific non-disclosure agreement with selected
consultants and contractors. The non-Disclosure Agreement shall be enforced by the Contractor
and Consultants to his employees working on the project. The agreement shall be valid for
minimum of 10 years after completion of the project.
Equipment Warranty and Support Requirements
All security equipment provided by a project shall be supported with a minimum of 2-year
warranty, and minimum of 10-year availability of manufacturers support and spare parts.

4. Security Submittals General Requirements

Project Proposals and Detailed Design Package General Requirements
4.1.1 Project Proposals and Detailed Design Security engineering packages should be
provided in one set of Security Index (Index-O) listing all required security drawings and

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 6 of 21
SAEP-120 Execution Requirements for Security Projects

documents. All Security engineering documents and studies must be marked as

“CONFIDENTIAL” while in the process of preparation until the final completion.
4.1.2 Security Risk Assessment Reports shall not be disseminated in the e-review system.
The document distribution in all phases shall be controlled to be only viewed by directly
involved individuals.

HCIS Submittal General Requirements

4.2.1 Only documents relevant to HCIS review, as defined herein, shall be included in the
submittals prepared for HCIS approval.
4.2.1 Each HCIS submittal shall consist of a main document (SRA, COD, preliminary design,
Detailed Design) and supporting documents (drawings schedules, equipment
datasheets, etc). The supporting documents shall be referred to in the text of the main
document. The specific content per each stage is provided in section 6 of this procedure.
4.2.2 Binder organization: Each section in the hardcopy binder shall have separators clearly
labeled to identify the sections.
4.2.3 Submittals Titles: Titles for included documents and sections shall exactly match the
naming specified by HCIS SEC-14, imbedded in procedure. Note that HCIS naming
convention of submittals titles and included sections does not exactly align with Saudi
Aramco naming convention. Required conversion to the titles shall be made on each
submittal.
4.2.4 Blank Sections: Where an HCIS submittal section is not applicable, the section space
holder shall be retained in the given sequence, and be labeled as “Not Applicable”.
4.2.5 Language: All HCIS-submittals shall be in English language only.
4.2.6 Page identification: All documents shall have company (Saudi Aramco) project
information on the top of each page and page number information on the bottom of each
page.
4.2.7 Reproductions: All submittals at all stages shall be made in minimum of one hard copy
and 2 identical soft copies. Additional copies may be requested if so required by
Industrial Security Support Department
4.2.8 Photographs: All photographs, if so required for the submittal, shall be in high quality
PDF format. All photography requests for operating facilities shall obtain requisite

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 7 of 21
SAEP-120 Execution Requirements for Security Projects

approval pursuant to GI 710.011 “Photography and filming of Saudi Aramco Restricted

Facilities and Operating Areas”.
4.2.9 Technical Brochures: Technical brochures and manufacturer documents for the security
equipment and devices shall be presented in multi-page colored high quality PDF file.
4.2.10 Submittal Cover Data Sheet: All submittals at all stages should include an updated
submittal cover data sheet as a first page. Template for the Cover Data sheet is provided
in Appendix-A.
4.2.11 Hard copy submittals shall be developed in ring-binders with titles on the front and spine
identifying the project. The title shall include, the company name (Saudi Aramco), project
number and name, location, submittal stage (Stage 1, 2, 3, 4), Volume (x of x).
4.2.12 Electronic Format: All electronic submittals shall replicate the content, order, title and
volume number of the hard copy submittals. The following requirements shall be
observed for documents and drawings submittals respectively:
Text Documents
 Documents shall be in PDF format
 Documents shall be completed and submitted as a single PDF file, mirroring
each hard copy submittal binder.
 All soft copies of text documents shall be sized letter size with the exception
of drawings.
 The documents shall be ready to print. The printable areas shall be readily
defined for letter paper.
 Tables in text documents shall be structured, sized and oriented as needed to
ensure printout will fit across a letter size page. Larger page sized may be
used as necessary. Multi-page tables shall have headings on top of each
page.
Drawings
 All soft copy drawings shall be in high quality PDF format
 Multiple drawings on a single subject shall be included in a single, multi-page
PDF file to facilitate review.
 Drawings shall have adequate size and resolution to allow review of fine
details.

5. General Requirements of Security Drawings

Drawings Preparation and Format
5.1.1 Security drawings shall be prepared in accordance with SAES-A-202 and SAEP-334.
5.1.2 Security Drawings that contain security and non-security related elements, shall have the
non-security related elements greyed out.
5.1.3 Drawings shall be presented in a size that is adequate to read fine details. SAES-A-202
Appendix B provides an example of required sizes for security related drawings.
5.1.4 Security drawings types shall use Index-O drawing types and sizes as defined in SAES-
A-202 Appendix B.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 8 of 21
SAEP-120 Execution Requirements for Security Projects

5.1.5 All drawings included in the submittal prepared for HCIS approval shall be referenced in
the Scope of Work or main document.
5.1.6 Drawings shall be presented in a size that is adequate to view important details with
sufficient zoom. To maintain visibility of the smallest data presented on the drawings, the
drawings may be split into multiple sheets.

Drawings Content
These drawings contents provide definition levels for each submittal. The submittal
requirements are provided in paragraph 6.
5.2.1 Overview Drawings
The overview drawings shall illustrate the boundaries of the facility, facilities and roads in
the contiguous area and all parking facilities located externally within 100 meters of any
restricted area fence. The drawings shall show the boundaries and gates of the
administrative and restricted areas and any planned expansions of the facility.
In areas with adjacent facilities within 1000 meters the drawings shall include the
boundaries and designation of these adjacent facilities.
5.2.2 Facility Layout
The facility layout drawing types shall show the following (as applicable).
 Boundary fences showing fence type, layers spacing, dimensions and
clearances. This shall include perimeter fences and fences around internal
facilities.
 Isolation fences (for new construction sites and expansion sites) showing
fence type, dimensions and clearances between the mentioned fence and the
surrounding area.
 External and internal security patrol roads including connections to the facility
road system.
 All main and emergency gates showing approach roads including
connections to the facility road system. Drawings shall indicate gate
dimensions.
 All security device locations including drop arm barriers, turnstiles, crash
barriers, x-ray inspection machines, metal detector doors, cameras, and any
other system deployed for security requirement.
 All non-security cameras installed in the facility. Camera owner shall be
identified by notes in the drawing.
 Intrusion detection systems installed at the perimeter. This shall include any
equipment rooms or housing installed as part of these systems. All IDAS
zones shall be identified.
 All other security systems equipment location and physical layout. This
includes VASS, LRS, ACS, ALPRS, emergency telecom systems, and all
components.
 Security lighting installed for security compliance (perimeter and check point
lighting). The drawings shall show the light fixtures locations, types, heights,
and luminance.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 9 of 21
SAEP-120 Execution Requirements for Security Projects

 Administrative and restricted areas and their boundaries and main and
emergency exits.
 Public roads located adjacent to the facility.
 Saudi Government Security Force checkpoints deployed for this facility.
Clearances from the checkpoint to the facility perimeter and road connections
shall be clearly shown. If adjacent facilities are deployed for facility protection,
their locations shall be shown.
 Gate layout and design. This covers all gates at the facility. Each gate shall
be submitted in a separate drawing set.
 Power sources and backup power services to all security facilities.
 An outline of all critical assets installed within 60 m of the inner fence.
Equipment designated as critical by the facility owner shall be clearly
identified. Clearances between the fence and all equipment within 45 m shall
be clearly identified.
 Security facilities such as gatehouses, security offices, ID offices, visitor
centers, and facility/security control centers with layout and design for each.
 Routing of security communications cabling and infrastructure within the
facility.
5.2.3 Outer Perimeter Fence Crossing
The outer perimeter fence crossing drawings shall show all product and utility pipelines
that cross the outer perimeter fence as follows:
 Pipelines that cross the outer perimeter fence. Drawings shall show elevation
views, clearances, and fence crossing details within 100 meter of both sides
of the outer perimeter fence.
 Drawings shall show the content, size, destination or source, of all product
pipelines.
 Utility pipelines shall be shown if they cross over the fence. Buried utility
pipelines shall not be shown if they are buried within 100 meter on either side
of the fence.
 All fence culverts, and their purpose, shall be shown in the drawings. Where
pipelines utilize culverts full details shall be provided.
 Sensors and cameras monitoring fence crossings shall be shown.
5.2.4 Restricted Building Layout
Building that houses security systems or is a plant process control room and
Instrumentation Buildings shall show the following:
 The entrance door leading to an area of a building of services.
 All exterior doors.
 Security systems/devices installed including access control and cameras.
5.2.5 Security Systems and Power and Communication
 Field of View (FOV) of all security cameras and radar systems deployed at
the facility.
 Obstructions in camera or radar FOV within the device range.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 10 of 21
SAEP-120 Execution Requirements for Security Projects

 Access control system layout

 Perimeter intrusion detection system layout
 Gate security equipment
 Security Control Center layout
 Security Network topology and major network devices
 Security Communication system equipment layout (radio and telephone only)
 Single line diagram: power supply for security equipment (primary, alternate,
UPS, and emergency power generator)
5.2.6 Security Device Information
The following information shall be provided in tabular form for all security systems and
devices to be installed at the facility. The table shall include the security
components/device type, manufacturer, component/device model number and HCIS
SEC compliance (Yes/No) for the following main system components:
 Security systems main components
 IDAS, LRS, and VASS main components
 Inspection devices (X-ray, metal detector, etc.)
 Anti-vehicle barriers (fixed and automated)
 Anti-climb, anti-cut fence

6. Project Submittals Specific Requirements

Projects for facilities that fall under the jurisdiction of the HCIS shall follow the following
sequential submittal stages to be submitted for and obtain HCIS requisite approvals for the
security related aspects of facility design, and assure that approvals are received from HCIS on
a timely basis.
All submittals shall be fully completed by the Execution Agency, and submitted to Industrial
Security Support Department (ISSD) for technical review, quality review, and onward
transmission to HCIS. ISSD shall be the single point of contact managing all projects’
correspondence with HCIS and shall keep the Proponent and execution agency advised of all
outcomes.
Note: All submittals to HCIS shall be executed and completed timely manner to avoid impacting the
project schedule. Submittal processing time by HCIS will vary between 1 to 3 months depending on
project complexity, submittal quality and completeness, level of conformance to HCIS requirements, and
other factors pertaining to HCIS.

The following table summarizes all submittals, reflecting SEC-14 requirements. Sections 6.1 to
6.4 provide mandatory instructions and further details for each submittal stage.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 11 of 21
SAEP-120 Execution Requirements for Security Projects

Saudi Aramco
HCIS Mandatory Submittal Contents
Pre-requisite approval before
Submittal (Refer to sections 6.1 to 6.4 for
Project Milestone onward transmittal
Stage details)
to HCIS

Stage 1  Part 1: Security Risk Assessment

Security Risk  Part 2: Conceptual Design FEL-2 DBSP
Assessment  Part 3: Concept for Security ISSD/SE&PED
(SRA) and Organization, Policy and Procedure Or 30% Project Division Head
Conceptual Manual, and Training Plan Proposal
Design Development

Stage 2
60% Project ISSD/SE&PED
Preliminary  Preliminary Design Document
Proposal Division Head
Design

 Detailed Design Document reviewed

Stage 3 by the Security Consultant 60% Detailed ISSD/SE&PED
Detail Design  Proof of Compliance to all applicable Design Division Head
SEC-1 to SEC-19 requirements
- Proponent
Executive
 Operational Readiness Certificate 100% Construction Management
- S&IS Executive
Stage 4 Management
Operational - Execution Agency
Readiness  Security Compliance Certificate 100% Construction - ISSD/SE&PED
Division Head

 Security Organization ISSD/SE&PED

100% Construction
 Testing and commissioning Division Head

STAGE-1 HCIS Submittal: Security Risk Assessment and Conceptual Design

The submittal format shall comply with SEC-14, Section 6.1.3.2 and shall consist of three parts.
Part 1: Security Risk Assessment (SRA):
The SRA binder shall consist of three sections:
Section 1: The SRA document shall comply with SEC-15 section 3.0.
The Security Risk Assessment shall be executed at an early stage of the project
proposal in order to meet the Stage-1 submittal timeline.
Section 2: All drawings as listed in SEC-15 appendix B, section 3.4.2
Section 3: The Business Criteria Analysis (BCA) and supporting documentation as specified in
SAES-O-201.
All appendices and documentation submitted with the SRA shall be referenced in the context
and text of the SRA.
Part 2: Concept of Design
The Concept of Design shall translate the SRA physical Security countermeasures
recommendations into a more tangible conceptual overview of the physical security system and
basic layout of the security system. It shall consist of three section:
Section 1: 10% Conceptual Design Document, which shall include the following:

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 12 of 21
SAEP-120 Execution Requirements for Security Projects

 Summary: An overall description of the facility and the security countermeasures that will
be installed to provide the specified level of security.
 Project Overview and Site/Facility Description
 Summary from the SRA, critical assets, FSC, and physical security recommendations
 A site-specific conceptual description of the physical security design and security
infrastructure.
 A site-specific conceptual description of the security systems required for the security
design of the facility.
 Specific security countermeasures for areas in which SRA recommendations and/or
compliance with FSC requirements cannot be achieved.
Note: Formal request for waiver shall be included during the next STAGE-2 submittal.

Section 2: Site-specific drawings covering items and related equipment listed in section 7.2 of
this standard
Section 3: Summary of waiver request with Justification for each non-compliance of HCIS
Security Directives as identified in the SRA. Refer to SAES-O-201, for details on government
waiver request.
Part 3: Security Organization, Procedures Manual and Training Plan
This part of STAGE-1 submittal is mandatory if required by ISSD based on assessment of the
project complexity, facility type and location. The content shall include:
Section 1: Overview of the Security Organization at the facility, including the number of fixed
and patrol security posts, the total number of proposed security personnel.
Section 2: Overview of the security policy, procedure and post orders.
Section 3: Initial Training program for the security personnel to operate the security equipment
provided for the project. The abbreviated Training Plan shall specify the security training
requirements, execution schedule, training type (formal/informal) and a strategy.
STAGE-2 HCIS Submittal: Preliminary Design
A Stage-2 Preliminary Design package shall be submitted to HCIS for approval.
The submittal shall be completed at no later the 60% Project Proposal stage, and shall be
based upon approved COD from STAGE-1 submittal. Timing is crucial in order to allow
sufficient time for HCIS comments to be received and addressed during FEL phase.
The submittal format, content, and sequence shall strictly be as follows, based on SEC-14,
Section 6.2.2. In addition, all general submittal requirements shall be followed:
Section 1: General Requirements and Design Criteria
Section 1.1 General Requirement: General description of the facility/site, project overview,
project requirement and summary of pervious HCIS comments.
Section 1.2 Security Design Criteria: General design criteria and specifications applicability for
the preliminary design of the security countermeasures. This shall include, but not limited to,
compliance specifications, codes and standards for the security systems and security
infrastructure.
It shall also provide an overview of the security systems communication and integration at the
local/regional Security Control Center. The section shall include a description of each system,
sub-system and provide a layout of all the elements and components in the SCC. This section

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 13 of 21
SAEP-120 Execution Requirements for Security Projects

shall include the design requirements, specifications and operational objectives of the sub-
systems and components.
Section 2: Physical Security Infrastructure
Shall provide description for each element of the physical security infrastructure.
It shall be based on Stage-1 Conceptual Design Document with addition of more details to the
site-specific conceptual description of the physical security design concept, physical security
countermeasures, security devices, and security staffing basis.
Section 3: System Design Document
Shall provide description of the electronic/technological security systems together with the
human interface and procedures required to provide a complete security function.
Section 4: Scope of Work
A detailed Scope of Work (SOW) document shall be included to provide clear understanding of
all components of the security countermeasures at the facility, and lists existing
countermeasures versus countermeasures proposed by the subject project. All Drawings shall
be references in the Scope of Work Section.
Section 5: Equipment Identification Schedule
Shall tabulate all security devices and main components for the security systems provided by
the project. The list shall address existing security equipment.
Section 6: Waiver Requests
Formal waiver requests against HCIS standards shall be synchronized and made part of this
submittal, and be based on waiver requests identified and highlighted in STAGE-1 submittal, in
addition to new waivers.
Refer to SAES-O-201, Section 2 for details on HCIS waiver request contents, format, and
workflow requirements.
Internal Saudi Aramco waivers transaction according to SAEP-302 shall precede the submittal
of any waiver request. The Saudi Aramco waiver request number shall be referenced in the
submittal.
Section 7: Drawings
The set of applicable drawings as defined in section 5 shall be provided. All drawings shall be
referenced in the Scope of Work Section.
STAGE-3 HCIS Submittal: Detailed Design
The Stage-3 Detailed Design submittal shall be submitted to HCIS, and based upon 30% or
60% detailed design stage, and approved STAGE-2 submittal. The submittal shall certify
compliance with all SEC-1 to SEC-19 applicable requirements. It shall strictly follow the format,
content sequence, and sections titles as shown below, based on SEC-14, Section 6.3.2:
Section 1: General Requirements
Including the general description of the facility/site and the project overview.
 A detailed Scope of Work (SOW) shall consist of all the construction, installation and
integration security infrastructure and security systems scope that will be implemented
within the project.
 Review report of the detailed design documentation. The execution agency shall consult
with ISSD as to whether this review shall be conducted by external consultant.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 14 of 21
SAEP-120 Execution Requirements for Security Projects

 Certificate of compliance of applicable Security Directives (SECs) SEC-1 to SEC-19, and

incorporation of HCIS comments to STAGE-2 submittal.
Section 2: Security System Design Document (Stage 3)
 Detailed SCC design document, including design perimeter, specifications,
requirements, and architecture.
 System Design Document: Detailed Design of the security systems communication and
integration at the Local/regional Security Control Center. The section shall include a
description of each security system, sub-system and provide a layout of all the elements
and components in the SCC. This section shall include the design requirements,
specifications and operational objectives of the sub-systems and components.
 Vendor data sheets, specifications and certificates for all security devices, equipment
and components.
Section 3: Physical Security Infrastructure
 Detailed Design Document for each element of the physical security infrastructure,
physical security countermeasures and technology.
 Detailed Design Layout Drawings for the construction of all security buildings, including
gatehouses, other security operation facilities, and all buildings housing security
equipment.
 Building material and equipment specifications and performance certifications, such as
for buildings with ballistic protection requirements.
Section 4: Security Fencing
 Specifications, calculations, and design documents considering the site-specific soil
condition
 Site perimeter layout drawing (showing: fence, barriers, patrol roads, lighting, clear
zones)
 Test reports and performance certificate for anti-vehicle barriers, and anti-personnel
fences as applicable.
 Material Data Sheet and specifications for all fence layers
 Detailed Design drawings:
o Layout and facility plot plan drawings for facility perimeter fences and other
fences described in the Preliminary Design
o Layout and installation details drawing for each fence penetration in the facility
perimeter
o Layout and installation details of each emergency gates and heavy equipment
gates
o Security patrol roads (Layout drawings only)
o Temporary fences and demolitions along the fences
Section 5: Security Gates
One sub-section shall be provided per gate, and shall include:
 Specifications and design document for layout and installation
 Detailed Design Drawings for the layout and installation details of all security devices,
security equipment, communication components at each gate

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 15 of 21
SAEP-120 Execution Requirements for Security Projects

 Gatehouse Building Materials datasheet and specification

 Test report and certificate for the crash-rated road blockers and bollards
Section 6: Security Lighting
 Specifications and design document and calculation for security lighting
 Detailed design and installation details drawings for all security lighting
 Datasheet and specifications for the lighting luminaires
Section 7: Security Control Center
Applicable for both new, upgraded and interfaced to SCC, and shall include:
 SCC Detailed Design Drawing, including design perimeters and specification documents
for main components
 SCC layout drawings
 List of systems and functions integrated into the SCC
 Integration software(s) at the SCC
 Material and equipment datasheet and specifications
 Security manning requirements by the project
Section 8: Intrusion Detection and Assessment System
 Detailed design layout drawings and installation details drawings
 CCTV camera field-of-view calculation
 Material and equipment datasheet and specifications
Section 9: Access Control System (ACS)
 Installation details and layout drawings for the ACS components at each location
 Material Equipment datasheet and specifications
Section 10: Video Assessment and Surveillance System
 Detailed design and installation drawings for the layout and installation details
 CCTV camera field-of-view calculation
 Material and equipment data sheets and specifications
Section 11: Data Network and Communications
Data Network
 Security data network (SECNET) topology, capacity and bandwidth
 Security data network interface equipment, and connection method to backbone and
other networks
 Data network cabling overview and drawings for the gatehouse, SCC, ACS, IDAS and
VASS locations
Communications
 Wired communication at PIC
 All gatehouse wired and wireless communications
 SCC wired and radio communications
 Security radio equipment list and specifications

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 16 of 21
SAEP-120 Execution Requirements for Security Projects

 Radio coverage map in the facility location

 CCTV storage calculations for all systems requiring video recording (ALPR, VASS,
IDAS, ACS)
Section 12: Power Supply
 Detailed design and installation drawings for the emergency power generator
 Detailed design and installation drawings for the UPS system
 Power and UPS calculation
 Material and equipment data sheets and specifications
Section 13: Waiver Request
 New waiver requests, if applicable.
 Summary of waiver requests included in STAGE-2 and their HCIS resolution
Section 14: Proof of Compliance
 Proof of compliance (PoC) certificate tables as specified in each directives SEC-1 to
SEC-19
Section 15: Operational Readiness Progress Report
 Updated organizational procedure. Or progress status for new procedures applicable to
the facility.
 Training programs to be conducted by the contractor or in-house by the facility operator
Section 16: Project Milestone Schedule
The project schedule shall ONLY include the start date, major milestone dates, and completion
date of the project.
STAGE 4 HCIS Submittal: Operational Readiness
STAGE-4 is the final stage of the security project submittal. Proponent and Execution agency
shall confirm that all submittal in previous stages are submitted on a timely manner to HCIS as
specified in this procedures before full operation of the facility.
ISSD shall review the submittal and further submit to HCIS for approval.
The submittal as specified in SEC-14, section 6.4, shall include the following:
Section 1: Certifications
Certificate # 1: Operational Readiness Certification
 Shall be signed by the contractor, execution agency, and approved by ISSD
 Testifies that:
o All security systems are operational in all respects
o The systems have been pre-commissioned and completed site acceptance test.
o Warranty and maintenance services are in place to support the system
o SOPs have been developed and implemented
o Security personnel have been trained to fully operate the systems
Certificate # 2: Security Compliance Certification
 Shall be developed based on the certification template provided in SEC-14 paragraph
6.4.1.1.2

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 17 of 21
SAEP-120 Execution Requirements for Security Projects

 Shall be issued by the execution agency, approved by the Proponent Executive Director,
and concurred by S&IS Executive Director.
 Its purpose is to testify that the execution of this project has been carried out as
specified in the detail design approved by HCIS, reiterates all exceptions or non-
compliance items approved by HCIS, and provide a committed timeline to comply with
pending non-compliance items.
Section 2: Installation and Testing
 Site Acceptance Test Report (Summary and approval page only)
 Training documentation, including training/course content, and proof of attendance.
 List of Standard Operating Procedures (SOPs) for the security systems installed
 List of as-built drawings
Section 3: Security Organization
 Security policy, procedures and post order manual
 Organizational chart of the updated Area Industrial Security Operations Department
 Maintenance Plan for security infrastructure and equipment
 Security Posts Manning Plan
Section 4: Land Water Interface
All facilities with land/water interface shall submit a specific plan and procedure for co-operation
with and liaison with Maritime government forces having jurisdiction in the project area. This
section shall be developed by ISSD.

7. Responsibilities
Execution Agency
The execution agency shall be responsible for the following:
 Verify the applicable security drawings requirements, indexes, types for the security project
in consultation with ISSD.
 For projects including security and other non-security scope, designate a package
development plan such that all security submittals are produced in a standalone,
designated volume including all package contents including studies, Scope of Work,
Security Risk Assessment studies. The presentation of the project design package for
internal review (e-review) should be fully contained within the job order. This will facilitate
preparation of the distinct submittal packages required for HCIS approval.
 Integrate the Security Project Execution Requirement into the overall project schedule.
 Assure that responsible project resources have access to view the HCIS security
directives. Refer to SAES-O-201 for procedure to obtain access.
 Only hire qualified and HCIS-licensed security contractors, designers, and consulting firms
to execute any security related study, design, and construction.
 Insure sufficient internal and external resources to plan, execute, and apply required
corrections to the security project submittals to HCIS.
 Fully develop submittal packages for HCIS approval, and submit the packages for ISSD
approval on a timely manner.
 Designate security drawings and certify an as-built stage.

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 18 of 21
SAEP-120 Execution Requirements for Security Projects

 Assure that security drawings are properly reviewed and accepted by required
departments and organization.
 Update security drawings (per markup prints) as per SAEP-334.
 Shred and dispose security drawings’ electronic files, hard copies and prints when no
longer needed.
 Comply with G.I. 710.002 “CLASSIFICATION OF SENSITIVE INFORMATION”
requirements for confidential documents.
Proponent Organization
The proponent organization shall be in minimum responsible for the following:
 Develop the Business Criteria Analysis form. Refer to SAES-O-201 for BCA procedures.
 Approve the Security Compliance Certification (part of Stage-4 submittal)
 Review all interfaces between the security requirements and other facility elements.
Industrial Security Support Department (ISSD)
ISSD shall be responsible for the following:
 Review Security Risk Assessment Studies, and HCIS Submittal Packages, received from
the Execution Agency prior to submittal to HCIS.
 Conduct internal Saudi Aramco reviews (e-reviews) for the security system submittals.
 Forward all 4-stage submittals to HCIS, manage all related correspondence, and keep the
Proponent and execution agency informed of outcomes.
 Continually inform the Execution Agencies of best practices regarding submittals to HCIS.
Drawing Management Unit (DMU) of Engineering Knowledge and Resources
Division (EK&RD)
 Provide temporary ISO access detail of security Drawings browsed by any users when
requested by ISO.
 Maintain drawings access as per SAEP-334.
 Comply with GI-710.002 “CLASSIFICATION OF SENSITIVE INFORMATION”
requirements for confidential documents.

8. Terminology
Acronyms
ACS Access Control System
ALPR Automatic License Plate Recognition
COD Concept of Design Document Execution Agency
EK&RD Engineering Knowledge & Resources Division – Saudi Aramco
FEL Front-End Loading
FC Functional Classification (for electrical substation facilities)
FSC Facility Security Classification
HCIS High Commission for Industrial Security. Refer to SAES-O-201 for full definition

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 19 of 21
SAEP-120 Execution Requirements for Security Projects

IDAS Intrusion Detection and Assessment System. Refer to SAES-O-205 for full
definition.
LRS Long Range Surveillance System. Refer to SAES-O-205 for full definition
PIC Preliminary Inspection Checkpoint
SCC Security Control Center
SEC Security Directives for Industrial Facilities (HCIS)
SECNET Security Network. Refer to SAES-O-208 for full definition
S&IS Safety and Industrial Security
SOP Standard Operating Procedure
SRA Security Risk Assessment
VASS Video Assessment and Surveillance System. Refer to SAES-O-205 for full
definition
Definitions
Concept of Design Document A site-specific design document, defining the physical
security components and countermeasures that will be
installed at the facility.
Execution Agency The Saudi Aramco organization executing a security
project.
Security Project Any project providing new or upgraded physical security
countermeasures for existing, expanded, new or upgraded
Saudi Aramco facilities.
Operational Readiness
Certification A document that certifies that the security equipment are
operational in all respects, tested and commissioned on
site, personnel have been trained, support is in place.
Physical Security Countermeasures All countermeasures provided to protect the facility from
physical security threats. The countermeasures include but
not limited to: perimeter security, security systems and
devices, security communication, cyber security
Security Drawings Any Saudi Aramco Engineering Drawing, disciplined to
specify physical security countermeasures of the facilities.
The drawings types are defined in Appendix-A of SAES-A-
202.
Security Lighting Includes perimeter security lighting, area lighting,
gatehouse lighting, and checkpoint lighting, and
emergency lighting.
Security Compliance Certification A document that certifies that the execution of the project
has been carried out as specified in the detail design
approved by HCIS, list any non-compliance items, and
committed time to rectify them.
Security Risk Assessment A methodical study that shall determine and classify the
facility’s assets, determine critical assets, evaluate the
asset’s vulnerabilities, evaluate threats and pathways that
can exploit these vulnerabilities, assess the existing and

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 20 of 21
SAEP-120 Execution Requirements for Security Projects

proposed security countermeasures, and conclude with

security recommendations, in order to formulate a baseline
of security requirements. The SRA is also required to
support any waivers or additional security
countermeasures.
The SRA development shall implement the methodology of
the American Petroleum Institute (API) Standard 780,
Security Risk Assessment Methodology for the Petroleum
and Petrochemical Industries, latest edition.
System Design Document A set of integrated engineering document that establishes
the basis, concept, perimeters or a design supported by
required engineering drawings, illustration, security
system.

9. References
All referenced specifications, standards, codes, forms, drawings and similar material shall be of
the latest issue (including all revisions, addenda, and supplements) unless stated otherwise.
Saudi Aramco Documents
SAEP-302 Waiver from a Mandatory Saudi Aramco Engineering Requirement
SAEP-334 Retrieval, Certification and Submittal of Saudi Aramco
Engineering and Vendor Drawings
SAEP-14 Project Proposal
SAEP-303 Engineering Reviews of Project Documentation
SAES-A-202 Saudi Aramco Engineering Drawing Preparation
SAES-O-201 General Requirement for Security Directives
SAES-O-205 Integrated Security Systems
GI 2.710 Mechanical Completion and Performance Acceptance of Facilities
GI 710.002 Classification of Sensitive Information
GI 710.011 Photography and filming of Saudi Aramco Restricted Facilities and
Operating Areas

Industry Codes and Standards

ANSI/API Standard 780 Security Risk Assessment Methodology for the Petroleum and
Petrochemical Industries, latest edition
Other References
HCIS Security Directives
SEC-01 General Requirements for Security Directives
SEC-14 Security Project Management
SEC-15 Security Management at Industrial Facilities

September 20, 2017 ©Saudi Aramco 2017. All rights reserved. Company General Use Page 21 of 21