SEC-05

Security Systems at Industrial Facilities

Version 2.0

Security Directives
for Industrial Facilities

2017

KINGDOM OF SAUDI ARABIA

MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

THIS PAGE INTENTIONALLY LEFT BLANK

Version 2.0
Page 2 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

Version History

Item Description Effective Date

1 Original Issue  12 Jumada II, 1431 A.H
 26 May, 2010
2 Version 2.0  5 Rajab, 1438
 2 April, 2017

This Security Directive supersedes all previous Security Directives issued by the High
Commission for Industrial Security (HCIS), Ministry of Interior.

Version 2.0
Page 3 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

THIS PAGE INTENTIONALLY LEFT BLANK

Version 2.0
Page 4 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

Table of Contents

1 PURPOSE ................................................................................................................................................ 7

2 SCOPE ..................................................................................................................................................... 7

3 ACRONYMS & DEFINITIONS .................................................................................................................... 7

4 REFERENCES ........................................................................................................................................... 8

5 GENERAL REQUIREMENTS ...................................................................................................................... 9

5.1 REQUIRED SECURITY SYSTEMS.......................................................................................................................... 9

5.2 SYSTEM DESIGN CONSTRAINTS......................................................................................................................... 9
5.3 ACCESS CONTROL SYSTEM ............................................................................................................................ 12
5.4 AUTOMATIC LICENSE PLATE RECOGNITION SYSTEM............................................................................................ 18
5.5 INTRUSION DETECTION & ASSESSMENT SYSTEM ................................................................................................ 20
5.6 ID MANAGEMENT SYSTEM............................................................................................................................ 26
5.7 VIDEO ASSESSMENT & SURVEILLANCE SYSTEM .................................................................................................. 26
5.8 CAMERA SPECIFICATIONS .............................................................................................................................. 29
5.9 PLANT CONTROL ROOM ............................................................................................................................... 30
5.10 INTEGRATION REQUIREMENTS ................................................................................................................... 31
5.11 SECURITY CONTROL CENTER ..................................................................................................................... 31

6 APPLICATION OF REQUIREMENTS......................................................................................................... 33

7 PROOF OF COMPLIANCE ....................................................................................................................... 34

Version 2.0
Page 5 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

THIS PAGE INTENTIONALLY LEFT BLANK

Version 2.0
Page 6 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

1 Purpose
The purpose of this Security (SEC) directive is to provide requirements for the deployment
of security systems at industrial facilities under the jurisdiction of the HCIS.

2 Scope
This Directive provides the minimum requirements for companies and establishments
that are subject to the supervision of the High Commission for Industrial Security (HCIS),
Ministry of Interior, for security systems used at industrial facilities.

3 Acronyms & Definitions

ACS Access Control System
ALPR Automatic License Plate Recognition System
CPU Central Processing Unit
CR Card Readers
ERP Emergency Response Plan
FO Facility Operator: the owner, operator or lessee of a facility
FOV Field of View
FSC Facility Security Classification
GCC Gulf Cooperation Council
GIS Geographic Information System
HCIS High Commission for Industrial Security
HD High Definition television
HDD Hard Disc Drive
IDAS Intrusion Detection and Assessment System
IDMS Identification Card Management System
LAN Local Area Network
LRS Long Range Surveillance
LWIR Long Wave Infra-Red
OCR Optical Character Recognition
OS Operating System
PCR Plant Control Room
PIN Personal identification Number
PIV Personal Identification Verification Card
PoC Proof of Compliance
PTZ Pan-Tilt-Zoom
SCC Security Control Center
SED Single Entry Device
Shall Indicates a mandatory requirement
Should Indicates an advisory recommendation
SRA Security Risk Assessment
SSD Solid State Disc
UPS Uninterruptible Power Supply
VASS Video Assessment & Surveillance System

Version 2.0
Page 7 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

4 References
This directive adopts the latest edition of the references listed.
ANSI/SIA CP-01- American National Standard Institute/Security Industry Association –
2014 False Alarm Reduction Standard
IEC 60529 Degrees of protection provided by enclosures (IP Code)
ISO 110641-1 Principles for the Design of Control Centers
ISO 110641-2 Principles for the Arrangement of Control Suites
ISO 110641-3 Control Room Layout
ISO 110641-4 Layout & Dimensions of Work stations
ISO 110641-5 Display and Controls
ISO 110641-6 Environmental requirements for Control Centers
ISO 110641-7 Principles for the Evaluation of Control Centers
SAF-04 Fire Protection Systems and Equipment
SAF-20 Pre-Incident Planning and Management of Emergencies
SEC-01 General Requirements for Security Directives
SEC-02 Security Fencing
SEC-04 Security Lighting
SEC-06 Security Devices
SEC-07 Power Supplies
SEC-08 Security Communications and Data Networks
SEC-09 Structures housing Security Equipment
SEC-11 Identification Cards
SEC-12 Cyber Security
SEC-15 Security Management at Industrial Facilities

Version 2.0
Page 8 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5 General Requirements
Industrial facilities, under the jurisdiction of the HCIS, shall install security systems at each
industrial facility and integrate them into an integrated operating environment at a SCC.

This directive provides the specific requirements for each required security system and
the integration requirements at the SCC.

5.1 Required Security Systems

The following security systems shall be installed at each facility as required by the
facility FSC:

 Access Control System (ACS)

 Automatic License Plate Recognition System (ALPR)
 Intrusion Detection & Assessment System (IDAS)
 ID Management System (IDMS)
 Video Assessment & Surveillance System (VASS)

5.2 System Design Constraints

All security systems shall meet the constraints and requirements stated in this
section.

5.2.1 Single Point of Failure

Security systems shall be designed so that no single component failure can
disable the system.

5.2.2 Redundancy
Security system computers shall be installed in a redundant configuration
with primary and backup computers.

Failover from the primary to the backup computer shall be automatic with
no loss of data.

FO may use fault-tolerant computers that utilize built-in hardware to provide

automatic switchover from failed components in lieu of a primary/backup
configuration. However, such devices must cover all computer components
such as CPU, memory, power supply, network, etc.

Version 2.0
Page 9 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.2.3 Hardware
Computer hardware used for security systems shall be of the latest
generation available at the time of the design completion. The hardware
shall have adequate memory and processing capacity to ensure fast response
to system requirements and user commands.

Operating system and applications shall be installed on a HDD or SSD while

data shall be stored on a separate discrete physical HDD or SSD. Disc capacity
shall be sized to maintain at least 50% spare capacity beyond expected
system requirements.

5.2.4 Operating Systems

The OS used for security system implementation must be current and have
full mainstream support from the manufacturer.

All current service packs, and other OS updates, shall be installed at the time
of system delivery.

FO may not use an OS for security systems that has been superseded by a
newer version released by the OS manufacturer.

5.2.5 Communications & Data Networks

Communications & data networks used in security systems shall be fully
compliant with SEC-08 and SEC-12.

5.2.6 Database
All data pertaining to each security system shall be stored in a relational data
base management system. The system storage shall be sized to ensure that
all system data is available online for the retention period specified in other
sections of this directive for each required system.

5.2.7 Data Backup

All system data pertaining to the security system shall be backed up on a
regular schedule. This schedule shall include daily, weekly and monthly
backups.

Incremental data backup may be on a daily basis but a full backup must be
taken at least once every 30 days. The data backup shall be stored locally and

Version 2.0
Page 10 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

also at an offsite location for disaster recovery. Access to the data backup
shall be limited to authorized users.

5.2.8 External Systems Interface

All security systems shall have a clearly defined, and documented, procedure
for providing all system data, including video, to an external system for
display and acknowledgement if required by FO or operational
requirements.

This data shall be made available to the external system after full compliance
with security authentication protocols.

All data transmitted to an external system shall use encryption, in

accordance with the requirements of SEC-08 and SEC-12, to secure the data
during transit over the network.

5.2.9 Security
All security system installations shall follow SEC-08 requirements for data
networks and SEC-12 requirements for cybersecurity to protect the system
against unauthorized access attempts.

5.2.10 Power Supply

All security systems shall be powered by an uninterruptible power supply,
backed up by an emergency power generator, fully compliant with SEC-07.

5.2.11 Environmental
All security system devices and components mounted outdoors shall be
sealed to a minimum standard of IEC 60529 and shall be rated for operation
in the environmental conditions stated in SEC-01.
Indoor devices shall have air conditioning compliant with SEC-01.
5.2.12 Installation & Maintenance
Structures that house security systems shall meet the requirements of SEC-
09. Systems shall be maintained pursuant to the requirements of SEC-15.

5.2.13 Date/Time Synchronization

All devices connected to the security systems shall have their date/time
synchronized to each other. In general, time synchronization shall be based
on the date/time setting at a single central location determined by the FO.

Version 2.0
Page 11 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.2.14 Tamper Protection

All security systems shall incorporate elements that will annunciate an alarm
if any attempt is made to tamper with system elements such as cabling,
computer equipment or field computer facility access where active system
components or terminations are located.

All junction & pull boxes, mounted externally, shall use tamper-proof screws
for all fasteners on the case that are externally accessible.

No cabling shall be visible externally and all openings into system housings
shall be sealed.

All surface mounted cables shall be encased in steel conduit.

5.3 Access Control System

The ACS comprises the hardware and software needed to electronically authenticate
a request by personnel to access a facility and to notify security personnel of any
invalid attempts.
The ACS shall meet the following requirements:
5.3.1 Architecture
5.3.1.1 The ACS shall consist of a local ACS at each facility with a central
ACS that shall store and retain all ACS personnel and access data
online for at least 36 months.
5.3.1.2 Personnel data referring to card holder short leave, vacation, lost,
stolen or revoked status shall be automatically updated in the ACS
and disseminated automatically to all ACS sites.

Personnel data updates shall be carried out in secure fashion.

5.3.1.3 All local ACS operations & functions shall continue to operate with
no loss of capability when communication links to the central ACS
are disrupted.
5.3.1.4 All local access data shall be uploaded to central system at periodic
intervals not to exceed 10 minutes.
5.3.1.5 System shall protect against tail gating.
5.3.1.6 Local & Global anti-pass back shall be enforced by the system. This
shall prevent a card holder from making an entry unless an exit has
already been recorded in the system.

Version 2.0
Page 12 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.3.1.7 FO shall ensure that non-security related access to the ACS, or ACS
data, shall not be permitted.

5.3.2 Card Readers or Biometric Readers

Card Readers (CR) or biometric readers shall be used to initiate a request for
access at a SED associated with the CR. The CR shall display the ACS response
and unlock the associated SED.
5.3.2.1 One CR may control only one SED.
5.3.2.2 Where the installation only has one SED for both entry and exit,
two CR’s shall be installed, on both the entry and exit sides of the
SED, to allow continued operation if one of the CR’s fails.
5.3.2.3 If CR controllers are used a minimum of two controllers shall be
installed with each alternate CR connected to alternate
controllers.
5.3.2.4 The ACS shall have the ability to deploy CR’s in multiple zones with
each zone having independent security access levels.
5.3.2.5 The CR shall allow or deny access based on the response from the
ACS. All access denied alarms shall be annunciated at the local
gatehouse.

5.3.3 Card Readers

CR’s shall be able to read PIV cards configured according to the requirements
of SEC-11.

CR’s shall incorporate PIN keypads. The ACS shall use the PIV and 4 digit
minimum PIN entry or PIV and biometric read to verify access rights which
shall be validated by the ACS.

PINs shall be machine generated using a random or pseudo random

algorithm and must be changed every 6 months. FO shall ensure that
procedures are in place to notify users of PIN changes.

5.3.4 Biometric Readers

Biometric readers may use fingerprint, hand geometry, iris or any other
biometric measurement generally accepted within the security industry and
fully compliant with SEC-11.

Version 2.0
Page 13 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

Biometric readers shall validate data against a biometric template either

stored in a smart card or against a central database. Biometric data retained
in the smart card shall be encrypted as specified in SEC-11.

All biometric readers shall have the ability to verify that the measurements
are being taken from a live person and not a printed copy or a copy made
from some inanimate object.

5.3.5 Reader User interface

CR’s & biometric readers shall communicate access request status to users
as follows:
The device shall have indicators to inform the user that the device is ready,
access request is being processed, request approved or request denied. If
indicator lights are used they shall use different colors for request approval
and denial.

Displays or indicators used in such devices shall have clearly visible displays
in bright daylight conditions. Where displays are used for textual information
to the user, the fonts and stroke weight shall be adequately sized to allow
reading by users.

The system shall allow entry of a duress code on the card reader keypad to
inform the ACS about an access attempt being made under duress.

5.3.6 Single Entry Device

The SED refers to the device used to control access to and from the facility.
For personnel it is generally a turnstile and for vehicles it is a drop arm barrier
or deployable anti-vehicle barrier. The SED shall be controlled by the ACS and
shall normally be in closed or locked position unless released by the ACS after
an authenticated PIV or biometric read.

All SED’s shall be compliant with SEC-06.

5.3.7 Alarm Annunciation

The ACS shall utilize displays and printers to annunciate alarms and keep
security personnel apprised of system and access request status. All displays
and printers shall be mounted in local gatehouse with the option to remotely
annunciate the alarms at an external system.

Version 2.0
Page 14 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

The system shall require acknowledgement by security personnel of each

alarm.

Devices used for alarm annunciation are as follows:

Status Display
Displays overall system diagram and status of each device using colors to
denote system status.
Display shall include status of local computers, communication links (if
any), UPS status, access request status. All titles shall be bilingual in Arabic
& English.
Alarm Display
Display status of access request with configurable option to display selected
events.
Display shall include critical access denied messages in color. All messages
shall be bilingual in Arabic & English.
Printer
Print hardcopy, line by line, of all messages on Alarm Display.
Operator shall have option to use, or not use, the printer but the function
shall be provided.
Printer shall continue to operate, and print required messages, regardless
of communication link status.
Audio Alarm Annunciation
All alarm messages shall be accompanied by an audio tone that shall be
audible above ambient noise in the gatehouse.
A distinct audio tone shall be used when an alarm is generated due to an
access attempt by a card that is marked lost, stolen, revoked, on vacation,
expired or duress code entry.
Response Time
The alarm annunciation system shall respond to a valid/invalid access
attempt in less than 0.5 seconds and display any alarm condition.
Operation
All displays shall continue to operate, and display complete system
information, regardless of communication link status from the local ACS to
the central ACS.

Version 2.0
Page 15 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.3.8 Emergency Release

Emergency Release refers to a physical emergency switch that will allow
security personnel to initiate an emergency deployment of pre-selected
SED’s when required.

5.3.8.1 Emergency Release switch shall be protected against accidental

activation.
5.3.8.2 Only pre-selected single entry devices shall be deployed or locked.
5.3.8.3 Emergency switch activation shall be logged in ACS.
5.3.8.4 Emergency switch shall function independently of the ACS.
5.3.8.5 In the event of an emergency, gate personnel shall be permitted
to allow entry and exit of emergency vehicles.
5.3.8.6 The ACS shall permit gate personnel to initiate emergency
procedures to allow the free exit of facility personnel under
emergency conditions. As part of these procedures the ACS shall
provide the facility to update personnel access status as the actual
data is collected during an emergency.

5.3.9 ACS Cameras

The ACS shall include cameras to record ACS users and general gate area
surveillance.

Gate Surveillance: 1 fixed camera for entry side and 1 fixed camera for exit
side that monitors the approaches to the turnstiles.

Gate Assessment: 1 PTZ color camera for entry side and 1 PTZ color camera
for exit side that allows the operator to monitor different gate areas and
zoom in as needed.

User: 1 fixed camera at each CR.

5.3.9.1 All ACS cameras shall comply with the requirements stated in
section 5.8 of this directive.
5.3.9.2 User cameras shall meet the following requirements:
 Adequate wide-angle capability to display a recognizable
image of the user of the CR, for a height range (of the user) of
1.3-2.2 m.
 The camera shall be positioned to minimize the possibilities of
user obscuring a view of the face.

Version 2.0
Page 16 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

 The FO shall site the user camera to obstruct keypad view

while maintaining the ability to see faces of personnel entering
the facility.
 User camera images shall only be triggered by an access
request. A two (2) second video of the user shall be recorded
initiating with the card swipe.
5.3.9.3 The system shall have the ability to display cameras imagery locally
and/or remotely as required by the FO.
5.3.9.4 The system shall annunciate an alarm when the video signal from
the image is lost.

5.3.10 Video Recording

All images from ACS cameras shall be recorded and retained for the intervals
specified below, from the date the image was recorded, before the data can
be overwritten.

 Gate Surveillance; 90 days

 Gate Assessment; 30 days
 User; 90 days

The video from all ACS cameras shall be stored and available for viewing,
locally and across the security network by authorized users.

5.3.11 Reporting Requirements

The ACS shall provide a set of reporting tools that shall allow authorized
system operators and gate personnel to generate reports from data stored
in the ACS database. The following pre-formatted reports shall be available
for ACS personnel to generate at any time:

5.3.11.1 On-Site Report: Lists all personnel on site with details of last access
point used, department name & contact numbers for each person.
5.3.11.2 Visitor Report: Lists all visitors to site. This report shall include,
at a minimum, visitor name, organization being visited, contact
person, exit / entry dates/time, gates used.
5.3.11.3 Card holder photographs and access records shall be available on
the local system for review by gate and SCC personnel.

Version 2.0
Page 17 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.4 Automatic License Plate Recognition System

The ALPR System consists of cameras and illuminators, connected to the ALPR
computer system, at each vehicle traffic entry lane in a Class 1, 2 or 3 facility. It
detects incoming vehicle license plates, recognizes all plate characters, validates
them against a stored list and annunciates an alarm when a discrepancy is detected.

The ALPR System shall comply with the following requirements:

 ALPR System architecture

 License plate database
 Cameras
 Illuminators
 Optical Character Recognition System
 Alarm annunciation system

5.4.1 ALPR System Architecture:

5.4.1.1 The IDMS shall consist of local ALPR workstations at a facility with
a central server for ALPR data storage and management.
5.4.1.2 All computer hardware, and support equipment, shall comply with
the system constraints specified in section 5.2 of this directive.

5.4.2 License Plate Database

5.4.2.1 The main ALPR database shall be located on the central server with
local databases at each gate using ALPR systems.
5.4.2.2 This main ALPR database shall contain data on license plates that
are suspect or are not permitted into facilities.
5.4.2.3 FO shall coordinate with local traffic authorities to acquire license
plate updates on stolen vehicles or other vehicles of interest to the
authorities. These updates shall be copied to the main ALPR
database by the 1st working day after receipt.
5.4.2.4 FO shall update the database with license plates of personnel
considered persona non grata for entry into the facilities.
5.4.2.5 Updates shall be made to the database on a daily basis and shall
be transmitted to all gates with ALPR systems within 1 hour of
update completion.

Version 2.0
Page 18 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.4.3 Cameras
5.4.3.1 ALPR cameras shall be installed in all Class 1, 2 and 3 facility Main
Gate entry traffic lanes.
5.4.3.2 The cameras shall be located a maximum of 50m from the entry
side Main Gate gatehouse on the external side where traffic is
approaching.
5.4.3.3 There shall be adequate distance to allow the ALPR system to read
and validate a license plate and annunciate an alarm before the
vehicle reaches the gatehouse.
5.4.3.4 The cameras shall either be custom made for ALPR application or
shall have adequate resolution, and other characteristics, to meet
ALPR requirements.
5.4.3.5 Camera shall have the following performance characteristics:
 Shutter speed shall be set to 1/1000 of a second to avoid image
blurring.
 Uses the appropriate shutter type to avoid distortion.
 Cameras shall have automatic exposure and iris controls to
deal with changing ambient light conditions.
 Cameras shall be able to distinguish colors used in license
plates.
5.4.3.6 Camera shall be carefully sited relative to the target capture area.
Care shall be taken to ensure that angles of incidence between
camera lens and license plate shall be selected to minimize
distortion and ensure usable images.
5.4.3.7 The camera depth of field shall be maintained within acceptable
ranges to ensure clear images.
5.4.3.8 Cameras shall comply with the environmental requirements of
SEC-01.

5.4.4 Illuminators
5.4.4.1 License plate illuminators shall be co-located with the ALPR
camera to ensure uniform illumination of the target area.
5.4.4.2 Illuminators may either be visible light or infrared as needed to
ensure clear images.
5.4.4.3 The illuminators shall be angled to minimize discomfort to
approaching drivers.

Version 2.0
Page 19 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.4.5 Optical Character Recognition System

5.4.5.1 The ALPR system shall incorporate OCR capability to extract all
relevant data, including colors, from the license plate image. This
extraction shall be fully automatic and take place without any user
intervention.
5.4.5.2 The ALPR system shall recognize all license plates from all GCC
countries. Changes in license plate layouts shall be updated in the
system within 15 days of the release of the new license plates
formats or content.

5.4.6 Alarm Annunciation System

5.4.6.1 The ALPR system shall automatically annunciate alarms in the local
gatehouse and the facility SCC.
5.4.6.2 The alarm detail shall be accompanied by audio and visual
indicators. The audio shall have distinct characteristics while the
visual indicators may be a flashing light in the gatehouse or
relevant traffic lane.
5.4.6.3 Alarm details shall be displayed to both gate & SCC personnel.
5.4.6.4 Alarm may be annunciated on a dedicated display or, if technically
feasible, on a display shared with other systems.
5.4.6.5 In all cases, alarms must be acknowledged by gate personnel.

5.5 Intrusion Detection & Assessment System

The IDAS consists of sensors and imaging systems at the facility perimeter that are
connected to the IDAS computer system. This system analyzes and localizes sensor
data, triggers an alarm when an intrusion is detected, displays pre & post alarm live
video from the camera covering the area where the alarm was triggered, slews an
assessment camera to the detection location and displays assessment camera
imagery to an operator.

The major components of an IDAS are as follows:

 Cameras & Sensors

 Alarm Detection & Annunciation
 User Interface & Displays
 Performance Requirements

Version 2.0
Page 20 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.5.1 Cameras & Sensors

Cameras and sensors are deployed around the facility perimeter fence as
specified in SEC-02.

Cameras
5.5.1.1 All IDAS cameras & sensors shall be geospatially mapped so that
their location, and imagery, can be accurately displayed on a GIS
map.
5.5.1.2 Camera specifications may be found in section 5.7. & 5.8 in this
directive.
5.5.1.3 The IDAS shall use two separate camera types:
 Perimeter Surveillance: Fixed cameras that permit
constant monitoring of the section of perimeter being covered
by the camera.
 Perimeter Assessment: PTZ cameras that automatically
slew to an alarm location within their covered area.

Cameras may be optical and/or thermal as required by the SRA.

5.5.1.4 Cameras shall have auto adjustment capability to adapt to varying

lighting and environmental conditions.

Sensors
The IDAS shall use at least 2 independent types of sensors to detect an
intrusion attempt into the facility. The general requirements of sensors are
as follows:

5.5.1.5 Multi-spectral sensors shall be used to detect intrusions using

different parts of the electromagnetic spectrum.
5.5.1.6 Sensors shall be adjustable to set detection thresholds.
5.5.1.7 One of the sensors shall detect an intrusion attempt at a specific
point.
5.5.1.8 A volumetric sensor shall detect any motion, within the covered
volume, of any man sized object on the inside of the anti-
personnel fence.
5.5.1.9 Sensors shall not be degraded in intense fog levels, rain or during
a sandstorm.
5.5.1.10 Sensors shall be deployed in the locations specified in SEC-02.
5.5.1.11 The effective sensitivity of all sensors shall be uniform in the entire
area/volume being monitored by the sensors. Where variable

Version 2.0
Page 21 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

sensitivity is employed, FO shall ensure that the sensitivity is

adequate in all locations in the sensor volume, including the edges.
5.5.1.12 Sensor overlap shall be used to cover areas at the sensor coverage
edge to ensure elimination of any blind spots.

5.5.2 Intrusion Detection & Annunciation

Intrusions shall be detected by the sensors and annunciated at a local or, if
required by FO, remote SCC.

Intrusion Detection
FO may use discrete sensors, as specified above, for intrusion detection or
may use the perimeter surveillance fixed cameras as one of the intrusion
sensors. Where the fixed cameras are used as one of the intrusion sensors
the following conditions apply:

5.5.2.1. Sensor must be effective in all weather conditions including fog,

rain or sandstorms.
5.5.2.2. Camera imagery shall utilize a Video Analytics System, as
specified in section 5.7.3, to detect an intrusion attempt by
analysis of the incoming video.

Alarm Annunciation
The IDAS shall annunciate the alarm locally or, if required by the FO, at a
remote SCC.

5.5.2.3. Alarm annunciation shall use a GIS map to display accurate alarm
location data.
5.5.2.4. The SCC shall be capable of receiving the alarm data & video and
sending back an acknowledgement to the IDAS system.
5.5.2.5. Regardless of the existence of a remote SCC, the local users shall
have the ability to interact with the system and manage all
alarms.
5.5.2.6. The alarm displays shall display all alarm indications in all
detection zones as well as individual device status.
5.5.2.7. All device or component failures shall be annunciated on alarm
displays at the facility where the system is installed.
5.5.2.8. If the system uses remote management then these alarms shall
also be displayed at the remote SCC.
5.5.2.9. System shall incorporate alarms about faults within the system
such as, but not limited to, elevated temperatures in equipment

Version 2.0
Page 22 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

rooms, device failures or communication failures between

system and sensors.
5.5.2.10. When an alarm occurs the IDAS shall immediately switch a
designated display to playback pre alarm video and live video
from the alarmed zone cameras.
5.5.2.11. The Perimeter Assessment camera shall be automatically slewed
to the alarm zone to allow further assessment by the operators.

5.5.3 User Interface & Displays

5.5.3.1 CCTV Interface
The IDAS shall provide a full set of controls as generally used in CCTV
systems. This will allow the IDAS user to select cameras for display,
use split screens, manage PTZ cameras, etc.

The controls shall include a joystick for PTZ camera control.

5.5.3.2 User Interface

The IDAS shall provide SCC personnel with a full range of controls for
managing, selecting, zooming and otherwise controlling all cameras,
acknowledging alarms and acquiring data from the system.

The IDAS shall provide a map display for displaying the overall system.
The map display shall permit the optional use of bilingual labels in
Arabic and English. The display shall use color icons to annunciate
perimeter status.

5.5.3.3 Displays
The IDAS shall provide SCC personnel with multiple displays that
allow easy visual monitoring of IDAS camera outputs.

The multiple display setup shall include, as a minimum, the following:

Display 1: Overview Map Display with all alarm location data.

Display 2: Split-screen display, preset or user selected,

automatically switches to alarm zone display when alarm is
triggered.

Display 3: Index Display for cycling through a random, or user

selected, series of images from IDAS fixed and PTZ cameras. User
shall have the choice to create an index of selected cameras that

Version 2.0
Page 23 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

are displayed simultaneously and updated at user selectable or

preset intervals.

Display 4: PTZ camera display

All displays shall be minimum 1080p, or higher, capable displays sized

32” or larger. Displays shall be adequately sized to permit users to
clearly see details.

5.5.3.4 Video Recording

All images from Perimeter Surveillance & Perimeter Assessment
cameras associated with an alarm and during an alarm event shall be
recorded and retained for the intervals specified below before the
data can be overwritten.

 Pre -Alarm recording: 5-20 seconds configurable

 Post-Alarm recording: 5-20 seconds configurable
 Perimeter Surveillance: 60 days
 Perimeter Assessment: 60 days

Alarm recording shall be at full HD 1080p resolution and 30fps.

The video shall be stored and available for viewing, locally and across
the network.

5.5.4 Performance Requirements

5.5.4.1 Probability of Detection
The IDAS system shall have a probability of detection capability of
95% that an intrusion attempt will be detected. This includes
movement, cutting, climbing, lifting or digging, or any combination of
these anywhere along the perimeter.

FO shall provide independent, third party evaluations &

certifications, by internationally recognized institutions that verify
compliance with this requirement.

5.5.4.2 Localization Accuracy

The IDAS shall localize an alarm event within ±75 meters of where the
intrusion occurs.

This localization may either be carried out in hardware or software.

Version 2.0
Page 24 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

Hardware Localization
Hardware localization is generally accomplished by limiting the size
of detection zones and using its specific physical location as the
localization parameter.

Software Localization
Software localization can be accomplished by using the geospatial
coordinates of cameras, and the GIS display map, to localize an
intrusion. This does require that the camera FOV be correlated to GIS
coordinates so that the location can be accurately specified on a GIS
map.

5.5.4.3 Nuisance Alarms

Refers to an alarm generated by the sensor from a known cause that
is not an intrusion attempt. Examples would be wildlife, blowing
debris, or high wind speed triggering a sensor alarm. Sensors should
be selected carefully so that they are suitable for the anticipated
environmental conductions of the site to reduce the number of
nuisance alarms generated.

The nuisance alarm rate is measured as total number of nuisance

alarms may be averaged over the number of zones over a 30-day
period.

This rate shall not exceed 1 alarm per zone averaged over the number
of zones over a 30 day period.

5.5.4.4 False Alarms

Refers to an alarm generated by the system for which there is no
known cause. The alarms may be unknown due to assessment
concerns (e.g. poor lighting or camera malfunction) or may be
generated by the system. False alarms are often an indication that
the system requires maintenance.

The total number of false alarms shall be averaged over the number
of zones over a 30-day period and shall not exceed 1 false alarm per
month maximum.

System Manufactures shall ensure the design features of IDAS control

panels and their associated arming and disarming devices are

Version 2.0
Page 25 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

designed in accordance with ANSI/SIA CP-01-2014 to reduce the

incidence of false alarm.

5.6 ID Management System

The IDentification card Management System (IDMS) shall manage, print, issue, and
retrieve machine readable PIV cards for all personnel requiring access to company
facilities.

The general requirements for the IDMS are as follows:

5.6.1 The IDMS shall produce, track and manage SEC-11 compliant PIV cards for
issue to eligible personnel including both employees and contractors.
5.6.2 The IDMS shall consist of local IDMS workstations at a facility with a central
IDMS server that shall store and retain all IDMS data online for at least 5
years.
5.6.3 All local IDMS workstation operations shall function with no loss of capability
when communication links to the central IDMS are disrupted.
5.6.4 All card data shall be automatically replicated to the central IDMS at regular
intervals of 10 minutes or less.
5.6.5 FO shall ensure that IDMS workstations are available in reasonable proximity
to each facility using these PIV cards.
5.6.6 The IDMS shall provide data online to the ACS and other systems that use PIV
cards.
5.6.7 PIV cards and PIV card management shall be fully compliant with the
requirements of SEC-11.

5.7 Video Assessment & Surveillance System

The VASS provides surveillance capability for FO to monitor perimeters, gates,
critical buildings and critical areas of the facility. The SRA shall designate the areas
to be covered by the VASS.
5.7.1 VASS Camera Performance
5.7.1.1 VASS shall provide active surveillance capability under all weather
conditions including low light, dense fog and sand storms.
5.7.1.2 Cameras that are used for surveillance and alarm generation must
be fixed while assessment cameras shall use PTZ mounts to allow
operators to move the camera and zoom in to the area of interest.

Version 2.0
Page 26 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.7.1.3 All VASS optical cameras shall be color cameras capable of low light
operation. These shall be augmented by thermal cameras in
selected locations to provide all weather capability.

5.7.2 Geospatial Mapping Requirements

5.7.2.1 All cameras shall be geospatially mapped to provide physical
coordinates of each device.
5.7.2.2 FO shall use this capability to display imagery and alarm data on GIS
maps that correlate each camera location to the map.

5.7.3 VASS Imagery Processing

5.7.3.1 All images from fixed cameras shall be processed by a Video
Analytics System to facilitate the process of alarm detection and
annunciation.
5.7.3.2 The video analytics system shall assist an operator in rapidly
locating and determining the cause of sensor alarms by identifying
activity in the camera scene where potential risk exists in the area
being monitored.
5.7.3.3 The processing shall allow the detection of abnormal behavior such
as, but not limited to, activity at a time when no activity is expected,
packages left behind, entry into a restricted area or approach to a
restricted area.
5.7.3.4 The VASS analyzing the video imagery shall have the ability for the
operator to add new rules as required by local topography.
5.7.3.5 It shall have the ability to accept and integrate sensor inputs from
other systems into its video processing algorithms.

5.7.4 Camera Placement

5.7.4.1 Cameras shall be placed based on local topography and applicable
requirements.
5.7.4.2 The Operator shall carry out a study that defines the actual field of
view of each camera/lens combination used and identifies blind
spots. The study shall consider the actual focal length of the camera
lens, camera pole height, local topography and obstructions in the
camera field of view.
5.7.4.3 Camera coverage shall overlap so there are no blind spots between
adjacent cameras.
5.7.4.4 ACS cameras shall allow clear views of the designated gate area.

Version 2.0
Page 27 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.7.4.5 Local terrain shall be used to determine the optimal camera

mounting pole height that will meet the requirements of this
Security Directive.

5.7.5 Lighting
Areas where cameras are deployed shall have lighting, fully compliant with
SEC-04, to ensure optical cameras can display a clear image under all ambient
lighting conditions.

5.7.6 Long-Range Surveillance

5.7.6.1 Long Range Surveillance (LRS) cameras shall have a range of 2km+.
5.7.6.2 Operator shall deploy LRS where required by SRA
recommendations or HCIS. LRS may be required on the marine side
of water facilities or at remote facilities.
5.7.6.3 LRS systems shall have the ability to monitor the area contiguous to
the facility perimeter to evaluate situations as they are developing.
5.7.6.4 Facilities in open areas shall base the camera monitoring range on
the time required to deploy a response to an alarm from the
nearest security post. In no event shall this be less than 2 km.
5.7.6.5 Facilities shall use either radar (facilities in open areas only) or
thermal sensors to detect activity in the monitored area under all
conditions. These sensors, after their output has been processed,
as specified in 5.7.3, shall be used by the system to automatically
slew the LRS camera to the area of interest and annunciate an
alarm.
5.7.6.6 Radar shall be optimized to detect personnel and vehicle sized
targets. The radar beam shall automatically be blanked or turned
off when the beam emission points towards the facility being
protected.
5.7.6.7 This LRS shall be used to complement the IDAS which monitor
actual intrusion attempts at or inside the perimeter.

Version 2.0
Page 28 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

5.7.7 Video Recording

All images from VASS cameras shall be recorded and retained for the
intervals specified below, from the date the image was recorded, before the
data can be overwritten. Recording shall be triggered by any motion in the
camera field of view.

 Fixed Surveillance: 90 days

 Assessment: 30 days
 Alarm Events: 90 days

The video from all cameras shall be stored and available for viewing, locally
and across the network.

5.8 Camera Specifications

All cameras shall comply with the following requirements:

5.8.1 Image Quality

5.8.1.1 All optical cameras shall operate at full High-Definition (HD)
resolution of 1920x1080 pixels with progressive scan (1080p) at 30
frames/per second or higher.
5.8.1.2 Thermal cameras shall operate at 320x240 pixels, or higher,
resolution in Long Wave Infra-Red (LWIR) at 30 frames/per second.
5.8.1.3 Cameras shall use automatic exposure control and be capable of
outputting video at full frame rate or sub-multiples of the full frame
rate.
5.8.1.4 Optical cameras may operate at fractional HD resolution and frame
rate under normal conditions but must switch to full HD resolution
and frame rate under alarm conditions.

The minimum resolution that can be used is 720p resolution at 7.5

frames per second.

5.8.2 Focal Length & Zoom Capability

All cameras shall have adequate focal length so that the operator can
consistently distinguish between a human in any position or profile from an
animal and debris anywhere in the covered zone.

Version 2.0
Page 29 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

Assessment cameras shall have adequate zoom capability so that an

operator can distinguish facial features of an intruder anywhere within the
covered zone.

5.8.3 Field of View

5.8.3.1 The cameras field of view shall be adequate to cover the entire area
under surveillance and be able to distinguish between a person and
a nuisance alarm.
5.8.3.2 The smallest profile size of a human (i.e. standing, crouching, belly
crawling, etc.) shall be discernible in all areas of the detection zone.
5.8.3.3 Clear zone width and length, cameras resolution and sensitivity,
cameras location and smallest human profile shall all be considered
when determining lens focal length.
5.8.3.4 All camera views shall overlap the views from adjacent camera in
the detection zone so that there are no blind spots along the
detection zone.

5.8.4 Interface
All cameras shall be able to connect directly to a LAN for transmission of
imagery without any need for an external interface. LAN requirements are
specified in SEC-08.

5.8.5 Alarm Generation

The system the camera is connected to shall annunciate an alarm when the
video signal from a camera is lost.

5.8.6 Camera Housing

All camera shall have housings sealed to IP-66 or higher and shall meet the
environmental constraints specified in SEC-01.

5.9 Plant Control Room

Plant Control Rooms present a special case for security compliance. The PCR may
either be the main PCR for the facility or local PCR’s designated critical by the FO. It
shall be safeguarded against intruders and unauthorized visitors by the deployment
of an ACS at the control room entrance door.

The ACS used at this facility shall be a scaled down version of the full ACS specified
in this directive. It shall include at least two card readers on the entry side and a
camera to permit plant control room personnel to observe personnel requesting

Version 2.0
Page 30 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

access. The ACS shall be powered by a UPS and access to a backup power generator
when power to the ACS is interrupted.

5.10 Integration Requirements

All security systems shall be integrated into a common environment at the SCC. This
section addresses requirements specifically for security systems.

5.10.1 The SCC shall present an integrated view to security personnel for all
installed security systems. This does not preclude individual security system
installation on physically discrete computers as technology limitations may
preclude the optimal solution of a single, common hardware platform for all
systems.
5.10.2 The SCC shall have the ability to present security personnel with a single
interface and user environment for all installed security systems. This will
allow security personnel to manage the systems from this environment
without regard to the physical system distribution on different platforms.
5.10.3 Provision of this ability requires that all individual security systems
transparently share data across secured links and permit the integration of
security data with imagery from cameras and sensor activations.
5.10.4 This integrated environment shall be presented to security personnel across
multiple displays that share common design and management techniques.
5.10.5 All ACS, ALPR, IDAS, IDMS, & VASS installations may continue to install
specialized system monitoring equipment as dictated by individual system
requirements.

5.11 Security Control Center

All security systems described above shall be integrated into a single command &
control environment at the SCC. The SCC shall be tasked with managing and
coordinating security assets and activities in a designated area.

5.11.1 The SCC design and layout shall comply with the requirements of ISO 110641-
1 through 7.
5.11.2 The SCC shall be operated 24 hours a day, seven days a week, by trained
operators who are familiar with the procedures, limitations and capabilities
of managing the SCC.
5.11.3 The SCC integration platform software shall integrate the capability to
manage ACS, ALPR, IDAS, IDMS, & VASS from the SCC console.
5.11.4 SCC operators shall have all SCC functions available to them in a single, multi-
display console that integrates all security systems, communications

Version 2.0
Page 31 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

systems, surveillance, video and dispatch capability for mobile security

assets. This shall allow the operator to manage and coordinate all security
assets, in the area under his control, without having to access other systems.
5.11.5 The SCC operator shall manage and acknowledge all security system alarms,
communicate with personnel via radio, hotlines or landlines, monitor gates
and perimeter, view surveillance imagery from surveillance systems and
dispatch security assets as needed, all from the single SCC console.
5.11.6 The SCC shall serve as a resource during activation of the facility Emergency
Response Plan (ERP). The ERP is defined in SAF-20.
5.11.7 An ACS, with a video camera at the SCC door monitored inside the SCC, shall
be used to manage access to the SCC.
5.11.8 Fire detection and fire protection systems, compliant with SAF-04, shall be
installed in the SCC.
5.11.9 Computer installations in the SCC shall comply with the requirements of
section 5.2 of this directive.
5.11.10 The SCC operator work area shall have no offices other than those required
for SCC personnel.
5.11.11 The SCC shall have the ability to view and manage gates and facilities. Main
gate cameras and crash barriers shall be monitored from the SCC. The
ability to manage emergency activation and deactivation of the crash
barriers from the SCC shall be provided.
5.11.12 The structure housing the SCC shall comply with the requirements of SEC-
09.
5.11.13 All data required for the SCC function shall be provided to the operator at
this console.
5.11.14 Personnel data and imagery shall be available to the SCC operator from the
ACS.
5.11.15 All voice communications into and out of the SCC shall be recorded and
maintained for 12 months.
5.11.16 Large Screen Displays shall be used to provide a continuous overview of
the status of all areas under the SCC’s control. Typically, this shall be
accomplished using a video wall.
5.11.17 The SCC shall be powered by a dedicated UPS and emergency power
generator as specified in SEC-07.
5.11.18 Security system components installed in the field shall have tamper
sensors connected to the SCC that will annunciate an alarm when any
attempt is made to access the component.

Version 2.0
Page 32 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

6 Application of Requirements
This section lists how the requirements of this security directive apply to facilities based
on their FSC.

Facility Security Classification (FSC)

REQUIREMENT
1 2 3 4 5
System Design Constraints   
Access Control System   
Automatic License Plate Recognition System   
ID Management System     
Intrusion Detection & Assessment System  
Video Assessment & Surveillance System    
Camera Specifications    
Plant Control Room   
Integration Requirements   
Security Control Center   

Version 2.0
Page 33 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

7 Proof of Compliance
FO shall provide HCIS with a Proof of Compliance (PoC), as part of the Stage 3 workflow,
to explain and demonstrate how the FO is complying with specific requirements in this
directive. This will augment the Stage 3 submission which covers all items.

This PoC shall provide details for each of the requirements listed below. PoC submissions
shall be supported with manufacturer’s brochures or catalogs ONLY where they are
relevant to the response.

In all cases the responses shall be specific in nature and include adequate technical details
to demonstrate compliance to HCIS:

SEC-05
Requirement FO Response
Reference
1. 5.2 System Design Constraints Submit system design document showing how each
security system complies
2. 5.3 ACS
3. 5.4 ALPR
Submit system layout drawing, datasheets for main
4. 5.5 IDAS components and system design document showing
technical details for each security system
5. 5.6 IDMS
6. 5.7 VASS
7. 5.8 Camera Specifications Provide camera and housing specifications &
datasheets
8. 5.9 PCR Submit PCR ACS drawing and layout
9. 5.10 Integration of Systems Submit details of integration platform, systems &
functions that have been integrated, system layout
drawing and a brief overview of how the system
operates and interacts with the operator.
10. 5.11 SCC SCC design specification documents & overview
drawing showing layout.
Submit evidence of ISO 110641-1 through 7
compliance

Version 2.0
Page 34 of 36
 Kingdom of Saudi Arabia
Ministry of Interior ‫َوز َارة الداخليـَّـة‬
High Commission for Industrial Security ‫اهليئة العليا لألمن الصناعي‬
Secretariat General ‫األمانة العامة‬
SEC-05 Security Systems at Industrial Facilities

THIS PAGE INTENTIONALLY LEFT BLANK

Version 2.0
Page 35 of 36
 Ministry of Interior
High Commission for Industrial Security
Riyadh
Kingdom of Saudi Arabia