KINGDOM OF SAUDI ARABIA

MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SECURITY DIRECTIVES
FOR INDUSTRIAL FACILITIES

SEC-01

Application of Security Directives

RESTRICTED

All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

Table of Contents

1.0. ADMINISTRATION.............................................................................................................................. 3
1.1. SCOPE................................................................................................................................................... 3
1.2. APPLICATION........................................................................................................................................ 3
1.3. CONFLICTS & DEVIATIONS ................................................................................................................... 3
2.0. DEFINITIONS ....................................................................................................................................... 3
3.0. REFERENCES ....................................................................................................................................... 5
4.0. GENERAL REQUIREMENTS ............................................................................................................ 6
4.1. MINIMUM REQUIREMENTS THAT APPLY TO THIS DIRECTIVE:................................................................ 6
4.2. FACILITY CLASSIFICATION ................................................................................................................... 7
4.2.1. Class 1 Facility ............................................................................................................................... 7
4.2.2. Class 2 Facility ............................................................................................................................... 8
4.2.3. Class 3 Facility ............................................................................................................................... 9
4.2.4. Class 4 Facility ............................................................................................................................... 9
4.3. ENVIRONMENTAL REQUIREMENTS ..................................................................................................... 10
4.3.1. Indoor Air Conditioned Environment ........................................................................................... 10
4.3.2. Outdoor Environment ................................................................................................................... 10
4.4. CONTRACTOR PREREQUISITES FOR SECURITY PROJECT EXECUTION .................................................. 11
5.0. GENERAL REQUIREMENTS FOR EXECUTING SECURITY PROJECTS ............................. 14
5.1. RISK ANALYSIS .................................................................................................................................. 14
5.2. PRELIMINARY DESIGN ........................................................................................................................ 14
5.3. DETAIL DESIGN .................................................................................................................................. 15
5.4. INSTALLATION CONTRACTOR ............................................................................................................. 16
5.5. PERFORMANCE REQUIREMENTS ......................................................................................................... 17
5.6. PROGRESS REPORTS ........................................................................................................................... 17
5.7. PERFORMANCE VALIDATION .............................................................................................................. 18
5.8. MAINTENANCE & SUPPORT ................................................................................................................ 18
5.9. TRAINING ........................................................................................................................................... 19
5.10. RESPONSE TO EMERGENCY EVENTS ................................................................................................... 20
6.0. REFERENCE ....................................................................................................................................... 21

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 2 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

1.0. Administration
1.1. Scope
This Directive provides the minimum requirements for companies and establishments
that are subject to the supervision of the High Commission for Industrial Security
(HCIS), Ministry of Interior, for application of security directives.

1.2. Application
This Directive is applicable to all facilities, including new projects, the expansion of
existing facilities, and upgrades. For application to existing facilities, the Owner shall
assess his facilities against the requirements of these Directives and coordinate with
the General Secretariat of the High Commission for Industrial Security (HCIS) to
comply with the Security, Safety, and Fire Protection requirements according to these
Directives and add to or modify the existing facilities as required. Where the HCIS
has assessed deficiencies in existing facilities during a survey, comparing the current
state of the facilities to the requirements of these Directives, those identified
deficiencies shall be corrected by the Owner.

1.3. Conflicts & Deviations

Where implementation of a requirement is unsuitable or impractical, where other
equivalent company or internationally recognized Standards and Codes are followed,
or where any conflict exists between this Directive and other company standards and
Codes, the deviations shall be resolved by the HCIS. Deviation lower than the
requirements of this directive shall be listed and submitted in a report of compliance
or non-compliance, with justification and reason, for each applicable requirement of
these security directives, and approval shall be received from the HCIS prior to
implementation. The documents shall be retained by the company in its permanent
engineering files.

2.0. Definitions

HCIS High Commission for Industrial Security. The HCIS is part of the

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 3 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

Ministry of the Interior. It is responsible for the development, and

implementation, of security, safety and fire protection strategies
Kingdom-wide.
Owner: Company or owner of a facility.
SD Security Directives
Shall: Indicates a mandatory requirement.
Should: Indicates a recommendation or that which is advised but not
required.
ACS Access Control System: Manages access to facilities
API American Petroleum Institute: An organization that defines
requirements for petroleum facilities.
EVD Explosive Vapor Detector: Detects presence of explosives
FAT Factory Acceptance Test: Test conducted at contractor facility to
verify compliance with requirements
SAT Site Acceptance Test: Test conducted after equipment installation
at its final location to verify compliance with requirements
IDAS Intruder Detection & Assessment System: Detects intrusion
attempt at perimeter, allows video surveillance and annunciates an
alarm.
IMO International Maritime Organization: An organization that defines
security and safety of ships and ports.
ISPS International Ship & Port Security: A set of regulations that
defines security of ships and port facilities. ISPS is part of the
IMO.
ISS Integrated Security System: Provides an integrated environment to
detect and delay intruders, monitor security environment and
annunciate alarms generated from facility security systems.
SCC Security Control Center: A facility that monitors the complete
security environment in a designated area and manages alarms and
responses to security events.
SOW Scope of Work: A study that defines the requirements for security,
safety and fire protection at a facility.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 4 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

3.0. References
This directive adopts the latest edition of the references listed.
The selection of material and equipment, and the design, construction, maintenance,
operation and repair of equipment and facilities covered by this Security Directive
shall comply with the latest edition of the references listed in each Security Directive,
unless otherwise noted.

API Security Vulnerability Assessment Methodology for the Petroleum

and Petrochemical Industries

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 5 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

4.0. General Requirements

4.1. Minimum requirements that apply to this Directive:
4.1.1. The High Commission for Industrial Security (HCIS) reserves the right to
modify and/or make changes, as deemed necessary, to the Security
Directives without prior notice.
4.1.2. The national security of Saudi Arabia, including the security of the economy
and the well being of its population, depends directly on physical and
operational safety of a range of facilities across Saudi Arabia. The
criticality of each facility varies depending on the product or service
provided. Therefore, the High Commission for Industrial Security (HCIS)
shall have the ultimate authority on classifying all facilities.
4.1.3. Facilities shall have adequate levels of protection as defined within these
Security Directives.
4.1.4. The level of protection at each facility shall be dictated by its security
classification. HCIS reserves the exclusive right to classify facilities
according to its internal criteria or any new security requirements.
4.1.5. Guidelines are provided with this Security Directive in order to permit the
Owner to develop a preliminary evaluation of facility classification.
4.1.6. The owner shall develop a detailed risk analysis that shall be used as the
basis of facility classification.
This risk analysis, and the facility classification, shall be submitted to HCIS
for approval prior to detailed design development or implementation.
4.1.7. The information contained herein will be used to define the levels of
protection required for facilities in the Kingdom of Saudi Arabia (KSA) that
fall under the supervision of the High Commission for Industrial Security
(HCIS) of the Ministry of Interior, Kingdom of Saudi Arabia.
4.1.8. The details of protection required for each facility is described in individual
Security Directives that cover each aspect of the requirement.
4.1.9. Owners who operate offshore or marine facilities shall ensure that they
provide an adequate level of security measures to protect these facilities.
Owners shall apply aspects of the International Ship and Port Facility
Security Code (ISPS), issued by the IMO, that apply to their offshore or
marine facilities.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 6 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

Companies that operate marine facilities shall define an exclusion zone

around each marine facility. They shall ensure that adequate warning signs
are deployed on strategically located buoys advising incoming traffic that
they are entering a restricted area. These warning signs shall comply with
prevailing Saudi Arabian and international marine standards on sign
construction and design. Owner shall be responsible for ensuring all
required permissions and standards for buoy deployment are complied with
and that the buoys are maintained in good condition.

Owner shall deploy marine barriers to protect marine facilities. Deployment

of these barriers shall not compromise safety considerations for the facility.
4.1.10. These Security Directives supersede all older SSD’s previously issued by
the HCIS.

4.2. Facility Classification

Facilities shall be classified based on a four (4) level classification methodology. The
general criterion for each level is defined in the sections below.

4.2.1. Class 1 Facility

A Class 1 facility is defined as any facility whose destruction, or serious

damage, could seriously damage the Kingdom’s economy or gravely disrupt
the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.1.1. Loss presents an unacceptable financial risk.
4.2.1.2. Loss of function/capacity cannot be made up by other existing
facilities.
4.2.1.3. Directly and seriously impacts hydrocarbon exports.
4.2.1.4. Major threat to environment or population due to damage or
destruction.
4.2.1.5. Critical infrastructure, regardless of capital investment or availability
of alternates.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 7 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

Class 1 Facility Examples

Examples of facilities that are classified as Class 1 are as follows:
4.2.1.6. Major Oil & Gas production, processing, transportation and export.
4.2.1.7. Major Oil Refining and Storage.
4.2.1.8. Major Electricity Generation Facilities.
4.2.1.9. Major Water Desalination Facilities.
4.2.1.10. Major Commercial & Industrial Sea Ports.
4.2.1.11. Major Telecommunications facilities.
4.2.1.12. Major pumping facilities for oil and water.
4.2.1.13. Major facilities using or producing chemicals whose flammability,
explosiveness, toxicity and evaporability may cause serious harm to
the environment or population if the facility is damaged or destroyed.
4.2.1.14. Manufacture and storage of commercial explosives.
4.2.1.15. Infrastructure that supports, or contains facilities or services, that are
deemed important to the national interest.
4.2.1.16. Primary computer facilities that manage the above items.

4.2.2. Class 2 Facility

A Class 2 facility is defined as any facility whose destruction, or serious

damage, could cause short term damage to the Kingdom’s economy or
temporarily disrupt the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.2.1. Loss of function/capacity can be compensated for short periods by
other existing facilities.
4.2.2.2. Directly impacts hydrocarbon exports but will not significantly reduce
them.
4.2.2.3. Possible threat to environment or population due to damage or
destruction.
4.2.2.4. Critical infrastructure, regardless of capital investment or availability
of alternates.

Class 2 Facility Examples

Examples of facilities that are classified as Class 2 are as follows:

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 8 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

4.2.2.5. Support facilities for hydrocarbon production, processing,

transportation & export.
4.2.2.6. Hydrocarbon plants, such as major GOSP’s.
4.2.2.7. Facilities using or producing chemicals whose relatively low
flammability, explosiveness, toxicity and evaporability present
medium level risk to the environment or population if the facility is
damaged or destroyed.
4.2.2.8. Infrastructure that supports, or contains facilities or services, that are
deemed important to the national interest.
4.2.2.9. Primary computer facilities that manage the above items.

4.2.3. Class 3 Facility

A Class 3 facility is defined as any facility whose disruption, or serious

damage, could cause minimal or no damage to the Kingdom’s economy or
would not disrupt the well being of its population.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.3.1. Loss of function/capacity can be compensated for an extended period
by other existing facilities.
4.2.3.2. No direct impact on oil exports.
4.2.3.3. No threat to environment or population due to damage or destruction.

Class 3 Facility Examples

Examples of facilities that are classified as Class 3 are as follows:
4.2.3.4. Minor Sea Ports.
4.2.3.5. Low Capacity Electricity Generation. (See SAF-19 for details of
Power Generation Facilities).
4.2.3.6. Minor Telecommunications Facilities.
4.2.3.7. Bulk Plants.

4.2.4. Class 4 Facility

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 9 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

A Class 4 facility is defined as any facility considered a support facility,

either adjacent to, or remote to, Class 1, 2 or 3 facilities.
Such facilities are characterized by meeting ANY of the following criteria:
4.2.4.1. Loss of function/capacity can be compensated for an extended period
by other existing facilities.
4.2.4.2. No direct impact on oil exports.
4.2.4.3. No threat to environment or population due to damage or destruction.

Class 4 Facility Examples

Examples of facilities that are classified as Class 4 are as follows:
4.2.4.4. Supply Warehouses.
4.2.4.5. Office Support facilities.

4.3. Environmental Requirements

All devices installed for Security Directive compliance shall be capable of operating
continually when subjected to the environmental conditions of the installation site.

4.3.1. Indoor Air Conditioned Environment

All devices installed indoors, or in an environmental cabinet, for Security

Directive compliance, shall be cooled with redundant split or central air-
conditioning units.

4.3.2. Outdoor Environment

4.3.2.1. Equipment to be installed outdoor shall be designed to operate

without air conditioning or forced air ventilation system and
under the conditions of environment detailed below, and shall
meet the specified performance when subjected to the full range
of these conditions.
4.3.2.2. Ambient Temperature Range: -10o C to +65o C (excluding
temperature rise in cabinet)

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 10 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

4.3.2.3. Ambient Relative Humidity Range: 5% to 100%, non-

condensing
4.3.2.4. The normal airborne dust concentration shall be considered as 1
mg/ml. During sandstorm conditions, dust concentrations
reaching 500 mg/ml are encountered and winds may gust to 112
km/hr.
95% of all dust particles are less than 20 micrometers and 50%
of all particles are less than 1.5 micrometers in size. Compounds
present in the dust include those of sodium, calcium, silicon,
magnesium and aluminum.
When in wet condition (100% humidity), these compounds
function as electrolytes and can result in severe corrosion of
other materials.
4.3.2.5. Other pollutants present (ppm vol. /vol. in atmosphere, worst
case) are:
H2S: 20 ppm (vol/vol)
CO: 100 ppm (vol/vol)
NOx: 5 ppm (vol/vol)
SO2: 10 ppm (vol/vol)
O3: 1 ppm (vol/vol)
Hydrocarbons: 150 ppm (vol/vol)

4.4. Contractor Prerequisites for Security Project Execution

4.4.1. Designers, suppliers, contractors and systems for security related projects at
facilities classified under the Security Directives shall be approved by
HCIS.
4.4.2. The Owner shall be responsible for providing HCIS with required data at
least three(3) months before the scheduled security related project initiation.
This will allow a complete evaluation by HCIS of the project and the
proposed contractors.
4.4.3. Contractors and suppliers shall be certified by the Ministry of Interior and
the Ministry of Commerce & Industry.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 11 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

4.4.4. The contractor shall be licensed by the competent authority at the Ministry
of Interior (the General Directorate of Public Security). The certification
shall clearly indicate that the contractor is authorized to engage in security
related work. It shall specify the nature and type of authorized activity and
shall be included in the commercial registration certificate issued by the
Ministry of Commerce and Industry.
4.4.5. The Commercial Registration (CR) certificate issued by the Ministry of
Commerce & Industry shall clearly specify that the contractor is authorized
to conduct security related work. It shall clearly state the vendors line of
business as either importing, designing, installing or maintenance of security
systems.
4.4.6. Contractors engaged in executing safety and/or fire protection related work
shall follow the requirements stated in the Safety Directives issued by the
HCIS.
4.4.7. The Owner shall submit qualification data to the HCIS for approval of all
contractors selected for design and installation of security related work.
Contract award for design, installation or maintenance shall not proceed
until such approvals are received from the HCIS.
The data submitted to the HCIS shall include, but not be limited to, the
following:
A) Valid copies of commercial registration, showing license specified in
4.4.5. above.
B) Chamber of Commerce membership
C) Registration & classification certificate issued by the Ministry of
Municipal & Rural Affairs.
D) Company profile
E) Full names and details about company owners, director, senior project
personnel, system designer and installation management..
F) List of previous projects of a similar nature that have been executed.
List must show the type of work, size of project, dates and user of the
executed project.
G) Whether company performing the work is a subsidiary or part of
another organization
H) Head office address & contact details for all prime and sub-
contractors.

4.4.8. The Owner shall ensure that the company selected for security related work
shall have adequate engineering capabilities and qualified manpower to

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 12 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

design, install, test and maintain the system and execute all work
requirements.
4.4.9. The Owner shall submit to HCIS full details of all Saudi and foreign
companies participating in the work.
HCIS reserves the exclusive right to approve or reject any company
proposed to perform the work.

The Owner shall ensure that all companies participating in the work are
approved by HCIS prior to work initiation.
4.4.10. The Owner shall ensure that the company selected for security related work
shall have prior technical experience inside or outside the Kingdom in
similar work that matches the scope, and magnitude, of the current work.
4.4.11. The primary contractor shall formally assume, certified in writing, total
responsibility for executing all phases of the work. All sub-contractors shall
be approved by HCIS prior to any contract award. The procedures for
approval of sub-contractors shall be the same as for the primary contractor.
4.4.12. Contractors receiving bid documents or working on security system design,
installation, support or maintenance shall sign Non-Disclosure Agreements
(NDA) specifying that the contractor shall maintain all work related
documents in confidence and not disclose them to any third party without
prior written approval of the Owner.
4.4.13. Contractors performing security related work shall formally certify, in
writing, that they shall provide, for the life of the system, after-sales
services, support and spare parts for all devices and systems installed.
4.4.14. The Owner shall provide HCIS with a detailed list of major system and
equipment for all security related work. The list shall include model
numbers, descriptions, manufacturer and local agent.
4.4.15. HCIS shall have the right to reject any of the systems or equipment. In case
any system or equipment is rejected by HCIS the Owner shall replace it with
approved system or equipment or submit additional system or equipment
details for approval.
4.4.16. The Owner shall ensure that any other prerequisites deemed necessary by
the user or required by current rules and regulations in effect in this regard
are also included in the project scope.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 13 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

4.4.17. There shall be no outstanding objections, reservations or claims by any

other party against the contractor executing the work.
4.4.18. Owner shall not permit any start on security related work until HCIS
approval for the specific work is received.
4.4.19. All submissions to HCIS shall be in writing.

5.0. General Requirements for Executing Security Projects

HCIS shall approve all security related work executed by companies that fall under
the supervision of the Security Directives. HCIS approvals shall be secured as
detailed in the following sections.

5.1. Risk Analysis

5.1.1. The Owner shall prepare a risk analysis detailing the potential risk areas and
the system design requirements that shall mitigate this risk.
5.1.2. The Risk Analysis shall follow the methodology stated in the American
Petroleum Institute (API) document entitled “Security Vulnerability
Assessment Methodology for the Petroleum and Petrochemical Industries”.
5.1.3. The Owner shall use the methodology outlined in this document to conduct
a structured, comprehensive Risk Analysis for each facility.
5.1.4. The risk analysis shall take into account facility criticality and surrounding
terrain.
5.1.5. The risk analysis shall be submitted for review by HCIS.

5.2. Preliminary Design

5.2.1. The Owner shall prepare a preliminary design package that details the Scope
of Work (SOW), main and auxiliary elements of security related work and
site specific requirements.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 14 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

5.2.2. The preliminary design package shall include the following at a minimum:
5.2.2.1. Site Layouts showing main security related activity, device
locations and system locations.
5.2.2.2. Area covered by the Access Control System (ACS), Intrusion
Detection System (IDS) and Video Surveillance System (VSS)
when installed. Information shall also be provided for any
additional systems installed by the Owner above and beyond the
directive requirements.
The preliminary design shall provide, at a minimum, general
details on ACS location & number of card readers, IDS zones,
layout & hardware/software, VSS cameras, zones &
hardware/software.
5.2.2.3. Details of fencing, lighting, patrol road, security control room
and clearances for each site. The information provided shall
include the position of each element relative to each other and
the facility.
5.2.2.4. Location and installation details for main gates, restricted area
gates and emergency gates. This section shall provide details of
all devices that shall be installed at each of these gates.
5.2.3. The data listed in section above shall be submitted to HCIS for review and
approval before commencing detail design, bidding and contract award for
design and installation.

5.3. Detail Design

5.3.1. The Owner shall prepare a detail design package that provides detailed
technical specifications, engineering design and list of bidders for main
design elements. All information provided to HCIS shall be up to date at
the time of submission.
5.3.2. During construction, the Owner shall ensure that ongoing construction sites
shall be surrounded by a category 4 fence and adequate separation
maintained from existing facilities.
5.3.3. A copy of the detail design package shall be provided to the HCIS for
approval at least three months prior to awarding the bid, ordering materials

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 15 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

or initiating any work specified under the detail design package. This data
shall include the items listed below. The Owner shall be responsible for any
delay that may occur due to non-compliance with the time requirements
mentioned above of failing to demonstrate compliance with the
requirements in the HCIS security directives related to the project work.
The Owner is required to meet HCIS time requirements for approvals and
ensure full compliance with the security directives.
5.3.4. The details design package shall include a list of contractors on the bidders
list. The certification of the contractors, as specified under section 4.4. of
this security directive, shall be supplied as part of this package.
5.3.5. A compliance list showing compliance or non-compliance, with justification
and reasons, for each applicable aspect of the HCIS security directives &
project specifications shall be provided as part of this package.
5.3.6. A list of all equipment, hardware, software, and devices shall be provided as
part of this package:
5.3.6.1. Manufacturers name for each system or equipment
5.3.6.2. Certificate for material compliance that shows that material complies
with required standards
5.3.6.3. Period in which device has been available in local and international
markets
5.3.6.4. Local users of the product.
5.3.6.5. Name & address of local agent
5.3.6.6. Local agent Commercial Registration as specified in section 4.4. of
this security directive.
5.3.7. The proposed work execution schedule shall be provided as part of this
package.
5.3.8. Copies of original manufacturer catalogs and device specifications shall be
provided as part of this package.
5.3.9. The technologies, devices and systems to be supplied for the project shall be
obtained from credible and reputable sources and manufacturers. The full
identities of all sources and manufacturers shall be accurately disclosed in
the documentation sent to HCIS.

5.4. Installation Contractor

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 16 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

The installation contractor shall be certified as specified in section 4 of this security

directive.

5.5. Performance Requirements

5.5.1. The Owner shall ensure that all systems and devices used for security
compliance shall incorporate the latest technologies.
5.5.2. Systems deployed for security directive compliance shall operate in an
integrated environment as specified in security directive SEC-05 “Integrated
Security System”.
5.5.3. Alarm prioritization shall be a part of all systems.
5.5.4. All critical system devices such as, but not limited to, computers and
networks, shall operate in a fully redundant mode as specified in security
directive SEC-05 “Integrated Security System”.
5.5.5. System components shall have the capability for future expansion. The
system shall have at least 50% spare capacity when it is initially deployed.
This spare capacity includes, but is not limited to, computer memory and
disc space.
5.5.6. Systems shall have no single point of failure in their design.
5.5.7. System components and devices shall have tamper sensors and shall
annunciate an alarm for any attempt to open, modify, remove, or cut system
devices and communications cabling.
5.5.8. Systems shall be designed around open architecture to permit easy
integration of technology advances.
5.5.9. All main system components shall have the ability to send data, text or
video, as applicable, to an external system, when main system is configured
to do so. All external system communications and data transfers shall be in
full compliance with all security considerations mentioned in the Security
Directives.

5.6. Progress Reports

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 17 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

The Owner shall provide HCIS with progress reports every six months on the
progress of security related work.

5.7. Performance Validation

5.7.1. System performance shall be validated by a Factory Acceptance Test (FAT)
which shall verify compliance with all detail design and functional
requirements. All major exceptions shall be cleared prior to shipment to the
installation site.
The documented results of the FAT shall be used as the basis of system
acceptance by the Owner. The system contractor shall produce a FAT
certificate certifying full compliance with all requirements which shall be
signed by both the system contractor and the Owner or his representative.
The FAT documentation shall be available for examination by HCIS.
5.7.2. Installations at each site shall be validated by a Site Acceptance Test (SAT)
which shall verify compliance with all installation & performance
requirements.
The documented results of the SAT shall be used as the basis of site
acceptance by the Owner. The SAT documentation shall be available for
examination by HCIS.

5.8. Maintenance & Support

5.8.1. The Owner shall ensure that all security installations are supported with a
complete maintenance and support infrastructure.
5.8.2. The system contractor shall provide all details and tools required for system
maintenance. This shall include maintenance manuals, software
diagnostics, special tools, calibration equipment and procedures.
5.8.3. The maintenance manuals shall contain recommended maintenance
intervals, procedures and recommended spare parts lists.
5.8.4. The Owner shall be responsible for implementing a maintenance strategy to
meet recommended maintenance requirements for all equipment.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 18 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

5.8.5. All emergency backup generators shall be started up and maintained as

specified in SEC-07. Once a month the auto-switch switchgear shall be
tested.

Generator maintenance logs for the current calendar year shall be available
for inspection by HCIS if requested.
5.8.6. All components shall have regularly scheduled preventive maintenance
(PM) at least once every 6 months with the exception of emergency backup
generators which must be tested as stated in section 4.5 of SEC-07. The
actual PM performed shall be documented and available for review for at
least one calendar year.
5.8.7. The Owner shall have a facility, manned 24 hours a day, 7 days a week,
available for field personnel to report failures via telephone, radio or
security system telemetry.
5.8.8. Owner shall be responsible for classifying system failures as critical or non-
critical failures. Critical failures shall be rectified as soon as possible.
5.8.9. System failures and alarms shall be analyzed quarterly by the Owner to
identify potential problem areas. This quarterly review shall be used as the
basis for the development of strategies to rectify the problems identified.
5.8.10. The Owner shall maintain documentation for all security equipment
installed. This documentation shall include full contact details of
component manufacturers, part numbers, recommended spare parts and
maintenance manuals needed for each security installation.
5.8.11. The Owner shall maintain a full set of As Built drawings for all security
systems and civil work. The drawings shall be maintained as soft copy in an
easily accessible format. The Owner shall maintain an index of all drawings
pertaining to all security related work.

5.9. Training
The Owner shall ensure that training is provided to security personnel in the operation
and support of all security related systems and devices.
The operational training requirements are as follows:

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 19 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

5.9.1. Training shall be provided to security personnel, assigned to a location with

a new security installation, prior to system or device deployment.
5.9.2. The training shall cover procedures, general system operation, failure
reporting procedures, methods for handling reported errors and alarms,
alarm acknowledgement and response.
5.9.3. The Owner shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personnel name, date and type
of training provided.
5.9.4. Personnel assigned to locations with security installations shall undergo a
short training period prior to assuming their new duties.

The support training requirements are as follows:

5.9.5. Personnel directly involved in system support shall be provided training in
all aspects of systems software, hardware, diagnostics and preventive
maintenance.
5.9.6. The Owner shall maintain logs of all training activities. The logs shall list
all training provided to personnel and include personnel name, date and type
of training provided.

5.10. Response to Emergency Events

The Owner shall setup the infrastructure, procedures and personnel to develop a
cohesive, rapid response to an emergency event. This shall include the management
of fixed and mobile security assets using a proven command and control system
where an overview and details of emergency events shall be available to operators.
Personnel designated for a rapid response force shall be provided with additional
training as needed to meet expected emergencies.
The safety directives issued by HCIS shall be used as the basis of defining, preparing
and training for emergencies.

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 20 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

6.0. Reference
The table below provides guidelines for security directive usage based on facility
classification;

Directive Title Class 1 Class Class Class

2 3 4

X X X X
Application of Security
SEC-01 Directives
SEC-02 Security Fencing X X X X
SEC-03 Security Gate X X X X
SEC-04 Security Lighting X X X X
-Perimeter Lighting X X X
-Checkpoint Lighting X X X X
SEC-05 Integrated Security System

X X
-Perimeter Intrusion Detection
System
-Access Control System X X
-Video Surveillance System X X X
SEC-06 Security Devices
-X-Ray X X X
-Crash Barrier X X X
-Turnstile X X X
-Drop-gate X X X
-Bullet-Proof Glass X X X
SEC-07 Power Supply
-Emergency Generator X X X
-UPS X X

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 21 of 22
 KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SEC 01 - Application of Security Directives

Directive Title Class 1 Class Class Class

2 3 4
SEC-08 Communications X X X X
SEC-09 Security Doors X X X X
SEC-10 Security Locks X X X X
SEC-11 Identification Cards X X X X
SEC-12 Information Protection X X

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 22 of 22