KINGDOM OF SAUDI ARABIA

MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SECURITY DIRECTIVES
FOR INDUSTRIAL FACILITIES

SEC-05

Integrated Security System

l ! !
i i

Issue Date: 12/6/I43IH / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
KINGDOM OF SAUDI ARABIA
MINISTRY OF INTERIOR
HIGH COMMISSION FOR INDUSTRIAL SECURITY

SECURITY DIRECTIVES
FOR INDUSTRIAL FACILITIES

SEC-05

Integrated Security System

i
(

Issue Date: 12/6/1431H/ 26/05/2010

RESTRICTED
|
All Rights reserved to HC1S. Copying or distribution prohibited jvithout written permission from HCIS
 Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security LUJl

Secretariat General
SEC-05 Integrated Security System

Table of Contents

1.0. ADMINISTRATION 3
1.1. SCOPE 3
1.2. APPLICATION 3
1.3. CONFLICTS & DEVIATIONS 3
2.0. DEFINITIONS 4

3.0. REFERENCES 5

4.0. GENERAL REQUIREMENTS 6

4.1. INTRODUCTION 6
4.2. INTRUSION DETECTION & ASSESSMENT SYSTEM (IDAS) 6
4.3. ACCESS CONTROL SYSTEM 13
4.4. VIDEO ASSESSMENT & SURVEILLANCE SYSTEM (VASS) 21
4.5. ID MANAGEMENT SYSTEM (IDMS) 26
4.6. COMPUTER INSTALLATION IN SECURITY SYSTEMS 27
4.7. SECURITY SYSTEMS INTEGRATION 30
4.8. FACILITY DESIGN REQUIREMENTS FOR HOUSING SECURITY SYSTEMS 31
4.9. PLANT CONTROL ROOM 32
4.10. SECURITY CONTROL CENTER (SCC) 33

5.0. APPLICATION OF REQUIREMENTS 34

i
I

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 2 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security U«ll Ujil

Secretariat General UJI iiL-Vl

SEC-05 Integrated Security System

1.0. Administration
1.1. Scope

This Directive provides the minimum requirements for companies and establishments
that are subject to the supervision of the High Commission for Industrial Security
(HCIS), Ministry of Interior, for integrated security systems at industrial facilities.

1.2. Application

This Directive is applicable to all facilities, including new projects, the expansion of
existing facilities, and upgrades. For application to existing facilities, the Operator
shall assess his facilities against the requirements of these Directives and coordinate
with the General Secretariat of the High Commission for Industrial Security (HCIS) to
comply with the Security, Safety, and Fire Protection requirements according to these
Directives and add to or modify the existing facilities as required. Where the HCIS
has assessed deficiencies in existing facilities during a survey, comparing the current
state of the facilities to the requirements of these Directives, those identified
deficiencies shall be corrected by the Operator.

1.3. Conflicts & Deviations

Where implementation of a requirement is unsuitable or impractical, where other

equivalent company or industry Standards and Codes are followed, or where any
conflict exists between this Directive and other company standards and Codes, the
deviations shall be resolved by the HCIS. Deviation lower than the requirements of
this directive shall be listed and submitted in a report of compliance or non-
compliance, with justification and reason, for each applicable requirement of these
security directives, and approval shall be received from the HCIS prior to
implementation. The documents shall be retained by the company in its permanent
engineering files. j j (
/ I i i

Issue Dale: 12/6/1431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 3 of 34
i i
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security ULJI *at

Secretariat General JAJl

SEC-OS Integrated Security System

2.0. Definitions

HCIS High Commission for Industrial Security. The HCIS is part of the
Ministry of the Interior. It is responsible for the development, and
implementation, of security, safety and fire protection strategies
Kingdom-wide.
Operator: Company or owner of a facility.
Shall: Indicates a mandatory requirement.
Should: Indicates a recommendation or that which is advised but not
required.
ACS Access Control System: A system that permits, or denies, access to
a facility after evaluation of credentials.
Biometrics Biometrics is the study of methods for uniquely recognizing
humans based upon one or more intrinsic physical or behavioral
traits.
IDMS Identification Card Management System: A system to manage the
design, creation and retrieval of identification cards.
IDAS Intrusion Detection and Assessment System: Detects intrusion
attempt at perimeter, allows video surveillance and annunciates an
alarm.
ISS Integrated Security System
PIN Personal Identification Number
PTZ Pan-Tilt-Zoom: A method of mounting a surveillance camera that
allots it to pan, tilt and zoom while being controlled from a remote
location.
SED Single Entry Device: A physical device that allows entry to a
facility under the control of the ACS.
UPS Uninterruptible Power Supply
i i i
An uninterruptible power supply (UPS), also known as an uninterruptible
power source, is a device which maintains a continuous supply of electric
power to connected equipment by supplying power from batteries when
utility power is not available.
VASS Video Assessment & Surveillance System: A system using video

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 4 of 34
Kingdom of Saudi Arabia
Ministry of Interior
LLJI ieAl
High Commission for Industrial Security
Secretariat General iA»ll iil.'sll

SEC-05 Integrated Security System

cameras to view a designated area.

3.0. References
This directive adopts the latest edition of the references listed.
The selection of material and equipment, and the design, construction, maintenance,
operation and repair of equipment and facilities covered by this Security Directive
shall comply with the latest edition of the references listed in each Security Directive,
unless otherwise noted.

IEC 60529 Degrees of protection provided by enclosures (IP Code)

Issue Date: I2/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 5 of 34
Kingdom of Saudi Arabia
Ministry of Interior V/jj
High Commission for Industrial Security yriijl LUl iiJ.1

Secretariat General SiCSlI

SEC-05 Integrated Security System

4.0. General Requirements

4.1. Introduction

4.1.1. Facilities shall be protected by an Integrated Security System (ISS) in

accordance with the requirements stated in this Security Directive.
4.1.2. The integrated environment of the ISS may be placed locally, or
remotely, as needed due to operational requirements. The definition of
integration is described in section 4.7 of this Security Directive.
4.1.3. This Security Directive defines procedures and technical requirements
for the ISS. The four primary systems in the ISS consist of the
Intrusion Detection & Assessment System (IDAS), Access Control
System (ACS), Identification Management System (IDMS) and Video
Assessment & Surveillance System (VASS).
4.1.4. The type of ISS used in a facility shall be based on the facility
classification.
4.1.5. The ISS shall be monitored 24 hours a day, seven days a week, in a
security control center by trained operators who will be familiar with
the procedures, limitations and capabilities of managing the ISS.
4.1.6. All cameras used in the IDAS, ACS and VASS shall comply with the
requirements for type, image quality, housing, placement and field of
view specified in 4.4.1. through 4.4.5. of this directive.
4.1.7. All ISS components shall comply with the requirements of SEC-12,
section 4.6.7. for encryption when transiting public networks.
I

4.2. Intrusion Detection & Assessment System (IDAS') /

The IDAS consists of perimeter sensors and cameras connected to a computer system
that will analyze and localize the sensor data, trigger an alarm when an intrusion is
detected and display pre and post alarm and live video from the camera in the area
where the alarm , was triggered, to security personnel tasked with monitoring the
system.
Issue Date: 12/6/I431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 6 of 34
 Kingdom of Saudi Arabia
Ministry of Interior i-LuiJi i'/jj
High Commission for Industrial Security LLJl
I.UI
Secretariat General
SEC-05 Integrated Security System

The IDAS shall meet the following requirements:

4.2.1. Design

The IDAS design shall be based on a comprehensive evaluation of the site and
available technologies to determine the optimal design.

4.2.2. Architecture
The IDAS shall be designed to ensure continued operation despite the failure of a
single device. Systems shall be designed to so that no single component failure can
disable the system.
Failover between primary and backup devices shall be automatic and shall not require
any User intervention.

4.2.3. Camera Type:

The IDAS shall use fixed cameras that permit constant monitoring of the perimeter
being covered by the camera. PTZ cameras shall be used to augment the fixed
cameras and for use as assessment devices to view the surrounding terrain.
Cameras shall use automatic exposure control and be capable of outputting video at
full frame rate or sub-multiples of the full frame rate. An example of this is 30 frames
per second (fps) as full frame rate and 15 fps as Zi frame rate or 7.5fps as !4 frame
rate.
Camera image quality and resolution shall be adequate so that the operator can
consistently distinguish between a human in any position or profile from an animal or
debris anywhere in the assessment zone.
I I I
The Operator shall implement procedures to ensure the safeguarding of alarm event
I
video and data when needed for further investigation.
i i i i i
4.2.4. Detection Time:
Refers to a measurement df the time an intrusion attempt is initiated to the time the
system displays an alarm for that event.
Less than or equal to 1 second from intrusion initiation.

Issue Date: 12/6/1431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 7 of 34
Kingdom of Saudi Arabia
'
Ministry of Interior i Jv-hJl i'/jj

High Commission for Industrial Security ,ÿ4*1 UJl ILAI

UUil SAA||
Secretariat General
SEC-05 Integrated Security System

4.2.5. Localization Accuracy

A measure of how closely the system can identify the specific location where the
intrusion attempt was detected.
±150 meters, or better, from where intrusion has been detected.

4.2.6. Camera Field of View

Refers to the area displayed for any fixed camera.
Camera field of view shall comply with the requirements of 4.4.5. of this
directive. Cameras shall be placed and aimed to eliminate any
interference from lights or other objects in the field of view.

4.2.7. Camera Focal Length

Refers to the capability of the camera lens to display details.
Camera focal length shall be adequate to display a person, at the furthest
limit of the area being covered. . They shall comply with the
requirements of 4.4.2. of this directive.

4.2.8. Perimeter Lighting

Refers to lighting deployed along the perimeter and adjacent areas.
Lighting shall be compliant with SEC-04 “Security Lighting” and
adequate for camera to display a clear image under all lighting conditions
within the ranges specified in SEC-04 “Security Lighting”.

4.2.9. Probability of Detection

Refers to the probability that an intrusion attempt will be detected.
This includes, movement, cutting, climbing, lifting or digging, or any combination of
these anywhere along the perimeter.
IDAS suppliers shall provide independent, third party evaluations & certifications, by
internationally recognized institutions, that verify compliance with this requirement.
Greater than or equal to 95% for the system

Issue Date: 12/6/1431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 8 of 34
i i i
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security OJl iiAl

Secretariat General JAJl UUVl

SEC-05 Integrated Security System

4.2.10. Nuisance Alarms

Refers to an alarm generated by the sensor from a known cause that is not an
intrusion attempt. Examples would be wildlife, blowing debris, or high wind speed
triggering a sensor alarm. Sensors should be selected carefully so that they are
suitable for the anticipated environmental conductions of the site to reduce the
number of nuisance alarms generated. The total number of nuisance alarms may be
averaged over the number of zones over a 30-day period.
Less than or equal to 1 alarm per zone averaged over the number of zones
over a 30 day period.

4.2.11. False Alarms

Refers to an alarm generated by the system for which there is no known cause. The
alarms may be unknown due to assessment concerns (e.g. poorlighting or camera
malfunction) or may be generated by the system. False alarms are often an indication
that the system requires maintenance. The total number of false alarms may also be
averaged over the number of zones over a 30-day period.
1 false alarm per month / system maximum

4.2.12. Sensors
4.2.12.1. The IDAS shall use at least 2 independent types of sensors to detect
an intrusion attempt into the facility and shall have video capability
around the perimeter to assess the intrusion attempt.
4.2.12.2. Sensorÿ shall be adjustable to set detection thresholds. Sensors shall
be installed as required by the individual fence configurations
specified in SEC-02 “Security Fencing”. The IDAS shall use video
cameras for intrusion assessment.
4.2.12.3. At least one of the 2 independent sensor types shall be a volumetric
sensoi;1 system to detect an intrusion attempt. This shall detect any
motion, within the covered volume, of any man sized object. This
sensor shall be augmented with a second independent sensor, using
different technology than the other sensor type that shall be selected
by the Operator to detect any intrusion attempt.

i i i

Issue Date: 12/6/1431H / 26/05/2010 |

RESTRICTED ,
AH Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 9 of 34
Kingdom of Saudi Arabia
Ministry of Interior
mMmm i
*
i'/jj

High Commission for Industrial Security

Secretariat General iAJl uuVi
SEC-05 Integrated Security System

4.2.12.4. The effective sensitivity of all sensors shall be uniform in the entire
area/volume being monitored by the sensors. Where variable
sensitivity is employed, Operator shall ensure that the sensitivity is
adequate in all locations in the sensor volume, including the edges.
Sensor overlap shall be used to cover areas at the edge to ensure
elimination of any blind spots. Each sensor area/volume shall be
fully compliant with the requirements on its own,

4.2.13. CCTV User Interface

The IDAS shall provide a full set of controls as generally used in CCTV systems.
This will allow the IDAS user to select cameras for display, use split screens, manage
PTZ cameras, etc.
The controls shall include a joystick for PTZ camera control.

4.2.14. Displays

The IDAS shall provide the User with multiple displays that will allow easy visual
monitoring of IDAS camera outputs.
The multiple display setup shall include, as a minimum, the following:
Display 1: Overview Map Display with all alarm location data.
Display 2: Split-screen display, preset or user selected, automatically
switches to alarm zone display when alarm is triggered.
Display 3: Index Display for cycling through a random, or user selected,
series of images from IDAS fixed and PTZ cameras. User shall
have the choice to create an index of selected cameras tliat are
displayed simultaneously and updated at user selectable or
preset intervals.
Display 4: PTZ camera display
Camera imagery from PTZ cameras shall normally be displayed at any acceptable
sub-multiple of the full frame rate & resolution but in ,no event less than seven (7)
frames per second during non-alarm conditions.
i I
All displays shall be minimum 20” size flat screen displays. Displays shall be capable
of displaying video images consistent and compatible with the quality and resolution
required to distinguish between human crawlers and small animals.

Issue Dale: 12/6/1J31H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 10 of 34 i
l i
I

Kingdom of Saudi Arabia

Ministry of Interior
LUl ;aj,l
High Commission for Industrial Security
Secretariat Genera! UbJl UL-Sll
SEC-05 Integrated Security System

4.2.15. Alarm Annunciation

The IDAS shall annunciate the alarm locally and, if required by the Operator, at a
remote site. The remote site shall be capable of receiving the alarm data & video and
sending back an acknowledgement to the IDAS system as specified in the External
System Interface section below. Regardless of the existence of a remote site, the local
users shall have the ability to interact with the system and manage all alarms. This
facility shall be configurable by the Operator.
The alarm displays shall display all alarm indications in all detection zones as well as
individual device status. All device or component failures shall be annunciated on
alarm displays at the facility where the system is installed. If the system uses remote
management then these alarms shall also be displayed at the remote location.
System shall incorporate alarms about faults within the system such as, but not limited
to, elevated temperatures in equipment rooms, device failures or communication
failures between system and sensors.
When an alarm occurs the IDAS shall immediately switch a designated display to
playback pre alarm video and live video from the alarmed zone cameras. A PTZ
camera shall be automatically slewed to the alarm zone to allow further assessment by
the operators. The recording system shall continue to record while the event that
initiated the alarm is displayed using the pre-alarm and post-alarm recording
specifications in 4.2.16.
The system shall allow alarms to be displayed in different colors depending on the
Operator assigned priority. Tamper/loss of signal shall be assigned a high priority.
The system shall annunciate an alarm when the video signal from a camera is lost.

4.2.16. Video Recording

Refers to a device that will digitally record a video of the perimeter when an alarm is
generated.
Recording of IDAS camera imagery is only required during an alarm event and only
for the fixed and PTZ cameras associated with the alarm. The Operator shall have the
choice of manually recording the video when needed.
All video recorded for alarms from both the fixed and PTZ cameras associated with
the alarm shall be stored and available for viewing up to 30 days from the date the
video was taken.
i i i i

Issue Dnte: 12/6/1431 H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 11 of 34
Kingdom of Saudi Arabia
Ministry of Interior
mmmm
— j
Mi# %
LLJl feJU
High Commission for Industrial Security
Secretariat General ouJi vuVi
SEC-05 Integrated Security System

User shall size digital recording capacity to permit recording under all scenarios and
still maintain at least 50% spare storage capacity.
Alarm recording shall be at the pixel dimension and frame rate specified in 4.4.2.
Pre -Alarm recording - 5-20 seconds configurable
Post-Alarm recording- 5-20 seconds configurable

4.2.17. Power Supply

Power supplied for the system, including cameras, sensors and recording system, shall
be powered by an uninterruptible power source fully compliant with SEC-07 “Power
Supply” with the exception of UPS backup time in equipment shelters which shall be
a minimum of 2 hours at its full rated capacity.

4.2.18. External System Interface

Refers to the interface required for the IDAS to transmit alarm data and video to an
external system & receive acknowledgement of alarms from the external system.
4.2.18.1. The Operator shall ensure that the IDAS supplier clearly documents
the ability of the IDAS to be remotely monitored and controlled.
4.2.18.2. The system shall have the ability, if required by the Operator, to
transmit all system data to an external system, including video, and
receive acknowledgements in a fully documented format and
protocol.
4.2.18.3. The Operator may elect to use any interface format as long as all
system data, including video, can be transparently sent to an
external system for display and alarm acknowledgement, the
interface requirements are fully defined and the interface is installed
in the IDAS. | jI
4.2.18.4. All data transmitted to an external system shall use encryption to
secure the data during transit over the network.
i i' i I
iff1
4.2.19. System Interface
The IDAS shall provide security personnel with a full range of controls for managing,
selecting, zooming and otherwise controlling all cameras, acknowledging alarms and
acquiring data from the system.
Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 12 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security
Secretariat General
SEC-05 Integrated Security System

The IDAS shall provide a map display for displaying the overall system. The map
display shall permit the optional use of bilingual labels in Arabic and English. The
display shall use color icons to annunciate perimeter status.

4.2.20. Network
The IDAS shall operate on a dedicated local network. It shall use redundant networks
for all IDAS systems including field devices such as cameras & sensor interfaces.
Failover between networks shall be automatic.
Any field device failure shall not impact network performance.

4.2.21. Tamper Protection

The IDAS shall incorporate elements that will annunciate an alarm if any attempt is
made to tamper with IDAS system elements such as cabling, computer equipment or
field computer facility access where active IDAS components are located.
All junction & pull boxes, mounted externally, shall use tamper-proof screws for all
fasteners on the case that are externally accessible.
All surface mounted cables shall be encased in steel conduit.

4.2.22. System Security

Access to the IDAS shall be protected by user ID’s and passwords, at a minimum, and
an audit trail shall be maintained to log all User and user activities.

4.2.23. Environmental
l
All devices mounted externally shall be sealed to a minimum standard of IEC 60529
and shall meet the environmental conditions stated in SEC-01 ‘‘Application of
Security Directives”.

I I 1 1 1

4.3. Access Control System

Issue Date: 12/6/1431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 13 of 34
Kingdom of Saudi Arabia
Ministry of Interior -
S -Is-ljJl ijljj

High Commission for Industrial Security LbJl IU.I

Secretariat General oUJl UUSII

SEC-05 Integrated Security System

The Access Control System (ACS) comprises the hardware and software needed to
electronically authenticate a request by personnel to access a facility and to advise security
personnel of any invalid attempts. The ACS shall operate on a dedicated local network.
The local ACS consists of card readers or biometric readers, computer systems to validate the
request and local displays to advise security personnel of system status and access request
status. This local ACS shall be connected to a central ACS for data storage of all local ACS
logs and access data. The central ACS shall be used for reporting and data management.
The ACS shall meet the following requirements:

4.3.1. Architecture
4.3.1.1. The ACS shall consist of a local ACS at each facility with a central
ACS that shall store and retain all ACS personnel and access data
online for at least 36 months.
4.3.1.2. Personnel data referring to card holder short leave, vacation, lost,
stolen, revoked shall automatically be updated in the ACS and
disseminated automatically to all sites.
4.3.1.3. The ACS shall be designed with full redundancy at all levels to
ensure continued operation despite the failure of a single device.
4.3.1.4. Failover, and restore, between primary and backup devices shall be
automatic and shall not require any User intervention.
4.3.1.5. All local ACS operations & functions shall continue to operate with
no loss of capability when communication links to the central ACS
are disrupted.
4.3.1.6. All access data shall be uploaded to central system at periodic
intervals not to exceed 1 0 minutes.

| I |
4.3.2. Card Readers or Biometric Readers
Refers to devices that are used to initiate a request for access to the ACS, receive the I

response, and operate an associated single entry device. The readers may, use cards i
with PIN and/or biometrics as the access requesting mechanism.
o One reader minimum shall be installed per single entry device (SED) where
multiple single entry devices are installed.

lilt

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 14 of 34
i i ° i i i
Kingdom of Saudi Arabia
Ministry of Interior i i'/jj
High Commission for Industrial Security LUl igAI

Secretariat General U.LJI UL.SH

SEC-05 Integrated Security System

o Where the installation only has one SED, two card readers shall be installed at
both the entry and exit sides of the SED to allow continued operation if one of
the card readers fails.
° If reader controllers are used a minimum of two controllers shall be installed
with each alternate card reader connected to alternate controllers.

° The ACS shall have the ability to deploy readers in multiple zones with each
zone having independent security access levels.
• The readers shall allow or deny access based on the response from the ACS.
All access denied alarms shall be annunciated at the local gatehouse.

4.3.2.1. Card Readers

Card readers shall be able to read cards configured according to the
requirements of SEC-1 1.
Card readers shall incorporate PIN keypads. The ACS shall use card and 4
digit minimum PIN entry or card and biometric read to verify access rights
which shall be validated by the ACS.
PINS shall be machine generated using a random or pseudo random algorithm
and must be changed every 6 months. The Operator shall ensure that
procedures are in place to notify users of PIN changes.

4.3.2.2. Biometric Readers

° Biometric readers may use fingerprint, hand geometry, iris or any other
biometric measurement generally accepted within the security industry.
i
° Biometric readers shall validate data against a biometric template
either stored in a smart card or against a central j database. Biometric
data retained in the smart card shall be encrypted.
° All biometric readers shall have the ability to verify that the
measurements are being taken from a live person and not a printed)
copy or a copy made from some inanimate object'.

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED ,
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 15 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security LixJi *g.i

Secretariat General C-UJl iL.ÿ1

SEC-05 Integrated Security System

4.3.3. Reader User interface

Refers to the method the card or biometric reader uses to communicate access
decisions to the card holder after an access attempt.
4.3.3. 1 . The device shall have indicators to inform the user that the device is
ready, access request is being processed, request approved and
request denied. This can be dedicated indicator lights, flashing
lights or alphanumeric display. If indicator lights are used they
shall use different colors for request approval and denial.
4.3.3.2. Alphanumeric displays used in such devices shall have clearly
visible displays in bright daylight conditions.
4.3.3.3. The system shall allow the use of a duress code on the card reader
keypad to inform security personnel about a forced access attempt.

4.3.4. Single Entry Device

Refers to the device used to conti-ol access to and fi-om the facility. For personnel it is
generally a turnstile or door and for vehicles it is a drop gate. The single entiy device
shall be controlled by the ACS and shall normally be in closed or locked position
unless released by the ACS after a valid card or biometric read.
All single entry devices shall be compliant with SEC-06 “Security Devices”.

4.3.5. Alarm Annunciation

Refers to the displays and printers used to keep security personnel apprised of system
and access request status. All devices shall be mounted in local gatehouse with the
option to remotely annunciate the alarms at an external system.
The system shall require acknowledgement by security personnel of each alarm.
Devices used for alarm annunciation are as follows:
Status Display
i Displays overall system map and status of each device using colors to denote
system status.
Display shall include status of local computers, communication links (if any),
UPS, access request status. All titles shall be bi-lingual in Arabic & English.
Alarm Display

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 16 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security LUII ij>i

Secretariat General
SEC-05 Integrated Security System

Displays status of access request with configurable option to display selected

events.
Display shall include critical access denied messages in color. All messages
shall be bi-lingual in Arabic & English.
Printer
Prints hardcopy, line by line, of all messages on Alarm Display.
Operator shall have option to use, or not use, the printer but the function shall
be provided.
Printer shall continue to operate, and print required messages, regardless of
communication link status.
Audio Annunciation
All alarm messages shall be accompanied by an audio tone that shall be
audible above ambient noise in the gatehouse.
A distinct audio tone shall be used when an alarm is generated due to an
access attempt by a card that is marked lost, stolen, revoked, on vacation or
expired.
Response Time
The alarm annunciation system shall respond to a valid/invalid access attempt
in less than 0.5 seconds and display any alarm condition.
Operation
All displays shall continue to operate, and display complete system
information, regardless of communication link status.

4.3.6. Emergency Release

Refers to a physical emergency switch that will allow security personnel to initiate an
emergency release of selected single entry devices when required.
4.3.6.1. ' Emergency Release switch shall be protected against accidental
activation.
4.3.6.2. Only selected single entry devices shall be released.
i i i
4.3.6.3. 1 Emergency switch activation shall be logged in ACS.
4.3.6.4.I Emergency switch shall function independently of the ACS.
4.3.6.5. In the event of an emergency gate personnel shall be able to allow
entry and exit of emergency vehicles.

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 17 of 34
Kingdom of Saudi Arabia
Ministry of Interior a-Jrt* i'/ij
High Commission for Industrial Security VJUJl

Secretariat General wJi

SEC-05 Integrated Security System

4.3.6.6. The ACS shall permit gate personnel to initiate emergency

procedures to allow the free exit of facility personnel under
emergency conditions. As part of these procedures the ACS shall
provide the facility to update personnel access status as the actual
data is collected during an emergency.

4.3.7. Cameras
Refers to cameras that provide gate area surveillance ability and user suiveillance
cameras.
Area Surveillance: 1 PTZ color camera for entry side and 1 PTZ color
camera for exit side.
User Surveillance: The user surveillance cameras shall have the ability to
record ACS users either at the card reader or after passing through the single
entry device.
° The Area surveillance camera shall provide imagery at 320x240, or higher,
pixel dimensions with a minimum frame rate of 7.5 frames per second.
o The User surveillance camera shall provide imagery at 640x480, or higher,
pixel dimensions and 15 frames per second, or higher, frame rate to ensure
clear images of ACS users.

° User surveillance cameras shall have adequate wide angle ability to display a
recognizable image of the user of the card reader, for a height range (of the
user) of 1.3-2.2 m.
o The operator shall place the camera to obstruct keypad view while maintaining
the ability to see faces of personnel entering the facility.

° The system shall have the ability to display cameras imagery locally and/or
remotely as required by the Operator.
° All camera imagery shall be recorded in digital format as defined under Video
Recording in 4.3.8.
° The system shall annunciate an alarm when the video signal from the camera
is lost.

4.3.8. Video Recording

Issue Dale: 12/6/1431H/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 18 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security jV-SU UJl

Secretariat General
SEC-05 Integrated Security System

Refers to a device that will digitally record the video output from the area and user
surveillance cameras.
All images from Area surveillance cameras (as defined in 4.3.7.) shall be recorded
and retained for a 30 day period, from the date the date the video was recorded, before
the data can be overwritten. The resolution and frame rate shall be as specified in
4.3.7.

All images of ACS users from the User surveillance cameras (as defined in 4.3.7.)
shall be stored and available for viewing, locally and across the network, up to 90
days from the date the image was taken. The resolution and frame rate shall be as
specified in 4.3.7.

4.3.9. Date/Time Synchronization

All devices connected to the local & central ACS shall have their date/time
synchronized to each other. In general, time synchronization shall be based on the
date/time setting at the central ACS.

4.3.10. Power Supply

4.3.10.1. Power supplied for the system, including computers, card readers,
cameras and recording systems, shall be powered by an
uninterruptible power source backed up by an emergency power
generator as required by SEC-07 “Power Supply”.
4.3.10.2. In the event of a power failure to the gatehouse, turnstiles or drop
gates, power shall be automatically supplied from an emergency
power generator as specified in SEC-07 “Power Supply”.
4.3.10.3. Upon restoral of the main power supply the power shall revert to the
main source with no User intervention.
4.3.10.4. Power supply to the ACS shall be fully compliant with SEC-07
“Power Supply”. i i

4.3.11. External System Interface

Refers to the interface required for the ACS to transmit alarm data and video to an
external system & receive acknowledgement of alarms from the external system.
~
Issue Date: 12/6/143111/ 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 19 of 34
Kingdom of Saudi Arabia
Ministry of Interior <. J.-Ui-iii i'/jj
LUI
High Commission for Industrial Security
Secretariat General
SEC-05 Integrated Security System

4.3.11.1. The Operator shall ensure that the ACS supplier clearly documents
the ability of the ACS to be remotely monitored.
4.3.11.2. The system shall provide the ability to transmit all system data to an
external system, including video, and receive acknowledgements in
a fully documented format and protocol.
4.3.11.3. The Operator may elect to use any interface format as long as all
system data, including video, can be transparently sent to an
external system for display and alarm acknowledgement, the
interface requirements are fully defined and the interface is installed
in the ACS.
4.3.11.4. All data transmitted to an external system shall use encryption to
secure the data during transit over the network.

4.3.12. Reporting Requirements

The ACS shall provide a set of reporting tools that shall allow authorized system
operators and gate personnel to generate reports from data stored in the ACS database.
The following pre-formatted reports shall be available for ACS personnel to generate
at any time:
4.3.12.1. On-Site Report: Lists all personnel on site with details of last
access point used. This report shall include contact numbers for
each person.
4.3.12.2. Visitor Report: Lists all visitors to site. This report shall
include, at a minimum, visitor name, organization being visited,
contact person, exit / entry dates, gates used.
4.3.12.3. Card holder photographs and access records shall be available on
the local system for review by gate and SCC personnel.

4.3.13. Functional Requirements

The ACS shall have the following installed and operational capabilities:
i i 1 i
4.3.13.1. Biometric readers installed at locations where biometric based
systems are deployed.
4.3.13.2. System shall protect against tail gating.

i i i i

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS Copying or distribution prohibited without written permission from HCIS
Page 20 of 34
Kingdom of Saudi Arabia
Ministry of Interior
LLJI iJ.1
High Commission for Industrial Security
Secretariat General SAJI SjL«Vl

SEC-05 Integrated Security System

4.3.13.3. Local anti-pass back shall be enforced by the system. This shall
prevent a card holder from making an entry unless an exit has
already been recorded in the system.
4.3.13.4. Local system shall continue to function with no degradation even
when communication links to the central ACS are disrupted.
4.3.13.5. All User and access activities shall be stored in the system and be
available for review by system personnel.

4.3.14. Environmental
All devices mounted externally shall be sealed to a minimum standard of IEC 60529
and shall meet the environmental conditions stated in SEC-01 “Application of
Security Directives”.

4.4. Video Assessment & Surveillance System fVASS)

The integrated security system shall include Closed Circuit Television System (CCTV)
abilities to monitor main gates and critical buildings and areas of the facility. The system
shall annunciate an alarm when the video signal from the camera is lost. It shall operate on a
dedicated, local network.

The VASS shall meet the following requirements:

4.4.1. Camera Type

All cameras shall be color cameras. The Operator may optionally augment this with a
separate camera capable of multi-spectral operation such as day/night or thermal /
infra-red. In all cases the color camera shall be installed as the primary device.
Cameras shall use either fixed type or Pan-Tilt-Zoom (PTZ) type camera mounts.
Fixed cameras shall be used for surveillance and for alarm detection while PTZ
cameras shall be used for assessment.

4.4.2. Camera Image Quality

Issue Date: 12/6/143111/2(1/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 21 of 34
Kingdom of Saudi Arabia tmmmw «_Lui.di -.'/jj
Ministry of Interior
High Commission for Industrial Security mgm UJI *ij,i

Secretariat General oUJl UDSN

SEC-05 Integrated Security System

Camera image quality and resolution shall be adequate so that the operator can
consistently distinguish between a human in any position or profile from an animal or
debris anywhere in the assessment zone.
A minimum of 6 horizontal TV lines resolution subtending a 30 cm object are required
for distinguishing a human crawler from animals.

Cameras used for alarm detection shall have a fixed frame rate of 30 frames per
second and pixel dimensions of 640x480 or greater. Cameras used for assessment
may have variable frame rates and pixel dimensions but must automatically switch to
full frame rate of 30 frames per second and 640x480 pixel dimensions minimum
when an alarm is activated.

4.4.3. Camera Housings

4.4.3.1. All cameras shall be installed in housings designed to protect them
from the ambient environmental conditions listed in SEC-01
“Application of Security Directives”.
4.4.3.2. The camera and its housing shall be fully certified for operation in
the environmental conditions stated in SEC-01 “Application of
Security Directives”. No additional cooling or fans are permitted.
4.4.3.3. Housings shall be certified to an internationally recognized standard
such as IP-66 or better.
4.4.3.4. Power and data cables from the camera shall be installed in armored
conduit to prevent tampering. Boxes used for camera power and
data connections shall use tamperproof screws externally on the box
and shall be placed out of easy reach. No cabling from the camera
shall be visible externally and all openings into the camera housing
shall be sealed.
4.4.3.5. Explosive - proof camera housings shall be used when dictated by
operational requirements.
i i i
i I i
4.4.4. Camera Placement
4.4.4.1. Cameras shall be placed based on local topography, camera type
and lens type.

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 22 of 34
Kingdom of Saudi Arabia
Ministry of Interior i •>— l-Ut fljtjj

High Commission for Industrial Security LLJl

Secretariat General w*Ji

SEC-05 Integrated Security System

4.4.4.2. The Operator shall develop a study that defines the actual field of
view of each camera/lens combination used and identifies blind
spots. The study shall consider the actual focal length of the camera
lens, pole height, local topography and obstructions in the camera
field of view.
4.4.4.3. The study shall identify all areas visible to the camera to at least
lkm past the outer perimeter (IDAS) and 5-1 01cm for long range
cameras while ACS cameras shall allow clear view of the
designated gate area.
4.4.4.4. Local terrain shall be used to determine the optimal camera
mounting pole height that will meet the requirements of this
Security Directive.

4.4.5. Camera Field of View

Refers to the area displayed for any specific camera.
The camera field of view shall cover the entire width of the detection zone at the near
field and have adequate resolution at the far field to distinguish between a person and a
nuisance alarm. The smallest profile size of a human (i.e. standing, crouching, belly
crawling, etc.) shall be discernible in all areas of the detection zone.

Clear zone width and length, camera resolution and sensitivity, camera location and
smallest human profile shall all be considered when determining lens focal length. All
camera views shall overlap the views from adjacent cameras in the detection zone so
that there are no blind spots along the detection zone.

4.4.6. Camera Frame Rate

-
Camera frame rate shall be selectable from 1 30 frames per second during non¬
alarm conditions with the option to provide up to 30 frames per second if selected by
the User. During alarms the frame rate from the camera in the alarmed zone shall
automatically be increased to a minimum of 1 5 frames per second at the resolution
specified in 4.4.2. i i i
r f i I

4.4.7. Lighting

Compliant with SEC-04 “Security Lighting” and adequate for camera to display a
clear image under all ambient conditions.
Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED ,
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 23 of 34
i i i i t
Kingdom of Saudi Arabia
S-lÿUl-dl Sjljj
Ministry of Interior
ytuji UJI
High Commission for Industrial Security
Secretariat General oUi siL-Vi
SEC-05 Integrated Security System

4.4.8. Video Recordimz

Refers to a device that will record a video of the cameras.
4.4.8.1. All video data shall be recorded in digital format.
4.4.8.2. User shall be able to select any camera for full time recording if
required.
4.4.S.3. Operator shall select frame rate and pixel dimensions in compliance
with the requirements of 4.4.2.
4.4.8.4. All video from cameras shall be stored and available for viewing,
across the network, up to 30 days from the date the video was taken.
4.4.8.5. All recorded camera imagery shall have location & time/date
displayed on the video.

4.4.9. Power Supply

Power supplied for the cameras, and recording system, shall be powered by an
uninterruptible power source fully compliant with SEC-07 “Power Supply”.

4.4.10. External System Interface

Refers to the technical details required to transmit video to an external system. The
Operator shall ensure that the CCTV supplier clearly documents this requirement and
demonstrates its viability.
4.4.10.1. The system shall provide the ability to transmit all video to an
|external system if so required by the Operator.
4.4.10.2. The Operator may elect to use alternate interface formats and that
are acceptable as long as all video can be transparently sent to an
external system for display.
4.4.10.3. i The interface shall permit the external system to select and monitor
any cameras or group of cameras. !
4.4.10.4.: All data transmitted to an external system shall use encryption to
secure the data during transit over the network.

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 24 of 34
• <II
Kingdom of Saudi Arabia
Ministry of Interior
LUl
High Commission for Industrial Security
Secretariat Genera! w«Ji

SEC-05 integrated Security System

4.4.11. Imagery Processing

4.4.11.1. The VASS shall process incoming video imagery from

IDAS/ACS/VASS cameras to assist the operator in rapidly locating
and determining the cause of the sensor alarms by identifying
motion in the camera scene and where potential risk exists in the
area being monitored.
4.4.11.2. The processing shall allow the detection of abnormal behavior such
as, but not limited to, activity at a time when no activity is expected,
packages left behind, entry into a restricted area or approach to a
restricted area.
4.4.11.3. The system analyzing the video imagery shall have the ability for
the Operator to add new rules as required by local topography.
4.4.11.4. The system shall be designed to permit the incorporation of future
analysis rules using a plug-in type architecture where new rules can
be readily incorporated by the Operator.
4.4.11.5. It shall have the ability to accept and integrate sensor inputs from
other systems into its video processing algorithms.

4.4.12. Geo-Spatial Processing

4.4.12.1. The VASS shall be geo-spatially aware and have the ability to
overlay, and relate, camera imagery to Geographical Information
System (GIS) maps of the area under surveillance.
4.4.12.2. This shall require that all camera installations have geo-spatial
coordinates for each location.
i

4.4.13. Long-Range Surveillance

4.4.13.1. VASS systems shall have the ability to monitor the ai;ea contiguous
to the facility perimeter to' evaluate situations as they are
developing. While facilities in developed areas will require short
range monitoring, facilities in isolated areas will require longer
range monitoring.

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HC1S. Copying or distribution prohibited without written permission from HCIS
Page 25 of 34
Kingdom of Saudi Arabia
Ministry of Interior
UJl iiJ.1
High Commission for Industrial Security
Secretariat General
SEC-05 Integrated Security System

4.4.13.2. In general, facilities in open areas shall have the ability to monitor
surrounding areas. While facilities in built-up areas shall have the
ability to monitor areas up to 1km from the facility.
4.4.13.3. Facilities in open areas shall base the camera monitoring range on
the time required to deploy a response from the nearest security
post. In no event shall this be less then lion.
4.4.13.4. Facilities shall use either radar {facilities in open areas only),
thermal sensors or night vision sensors to detect activity in the
monitored area. These sensors, after their output has been
processed, as specified in the Imagery Processing section, shall be
used by the system to automatically slew a camera to the area of
interest and annunciate an alarm.
4.4.13.5. Radar shall be optimized to detect personnel and vehicle sized
targets. The radar beam shall automatically be blanked or turned
off when the beam emission points towards the facility being
protected.
4.4.13.6. This VASS ability shall be used to complement the IDAS which
monitors actual intrusion attempts at or inside the perimeter.

4.4.14. VASS Locations

4.4.14.1. All main facilities shall have VASS compliant surveillance cameras
at main gates, facility entrances, perimeter fences and critical
buildings and areas of the facility.
4.4.14.2. These cameras shall be monitored remotely if so required by the
Operator.

4.5. ID Management System (TOMS)

The integrated security system shall include an identification card management
system to print'and issue machine readable ID cards for all personnel requiring access
to company facilities.
The general requirements for the IDMS are as follows:

Issue Dale: 12/6/1431H/ 26/05/2010

RESTRICTED
Al! Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 26 of 34
Kingdom of Saudi Arabia
Ministry of Interior
LUl iÿAl
High Commission for Industrial Security
oUll til.S/I
Secretariat Genera!
SEC-05 Integrated Security System

4.5.1. The IDMS shall produce, track and manage ID cards for issue to
eligible personnel including both employees and contractors.
4.5.2. The IDMS shall consist of local IDMS workstations at each facility
with a central IDMS that shall store and retain all IDMS access data
online for at least 5 years.
4.5.2.1. The central IDMS shall be designed with full redundancy at all
levels to ensure continued operation despite the failure of a single
device.
4.5.2.2. Failover, and restore, between primary and backup devices shall be
automatic and shall not require any User intervention.
4.5.2.3. All local IDMS workstation operations shall function with no loss
of capability when communication links to the central IDMS are
disrupted.
4.5.2.4. All card data shall be sent to the central IDMS at regular intervals of
1 5 minutes or less.
4.5.3. A minimum of two IDMS workstations shall be deployed at each local
facility.
4.5.4. Operator shall ensure that IDMS workstations are available in
reasonable proximity to each plant using these identification cards.
4.5.5. The IDMS shall provide data online to the ACS and other systems that
use identification cards.
4.5.6. ID cards and ID card management shall be fully compliant with the ID
card requirements stated in this Security Directive & SEC-1 1
“Identification Cards”.

4.6. Computer Installation in Security Systems

All computers installed in security systems shall follow specific guidelines in order to
ensure reliable operation.'
The requirements are as follows:

4.6.1. Redundancy

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 27 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security tun

Secretariat General
SEC-05 Integrated Security System

All computers shall be installed in a redundant configuration with automatic failover

from the active system to the backup system with no loss of data.

4.6.2. Single Point of Failure

Systems shall be designed to so that no single component failure can disable the
system.

4.6.3. Hardware
Computer hardware and software used for security systems shall be of the latest
generation available at the time of the design completion.

4.6.4. Communications
When configured for connectivity to an external system, Systems shall employ
redundant communications links, in compliance with SEC-08 “Communications”, and
employ route diversity in the physical link installation to the nearest communication
central office.

4.6.5. Database
All system data pertaining to the security system shall be stored in a relational data
base management system. The system storage shall be designed to ensure that all
system data is available online for a minimum 24 month period, or greater.
Specific periods for various systems are specified in eaclÿ section.

4.6.6. Backup

All security system data shall be backed up on a regular cycle.

4.6.7. Storage

All computer systems shall be configured with at least 50% spare disc storage beyond
expected system requirements.

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 28 of 34
Kingdom of Saudi Arabia
Ministry of Interior
High Commission for Industrial Security jSti U«ll IUJ.I

Secretariat General
:U*J| CUVl
SEC-05 integrated Security System

4.6.8. External Systems Interface

All security systems shall have a clearly defined, and documented, procedure for
providing all system data, including video, to an external system for display and
acknowledgement if required by Operator or operational requirements.
This data shall be made available to the external system after full compliance with
security authentication protocols. This capability shall be implemented if dictated by
operational requirements.
All data transmitted to an external system shall use encryption, in accordance with the
requirements of SEC-12, to secure the data during transit over the network.

4.6.9. Security

All computer systems shall apply a robust array of current security tools to protect the
system against unauthorized access attempts.

4.6.10. Power Supply

Security systems shall be powered by a uninterruptible power supply, backed up by an
emergency power generator, fully compliant with SEC-07 “Power Supply”.

4.6.11. Environmental
All security system components shall be rated for the environmental conditions they
are used in as specified in SEC-01 “Application of Security Directives”.

Issue Dale: 12/6/1431H / 26/0S/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 29 of 34
Kingdom of Saudi Arabia
Ministry of Interior --UUII i'/jj
5

WJl
High Commission for Industrial Security
Secretariat General i-Ult cuVi

SEC-05 Integrated Security System

4.7. Security Systems Integration

Security systems shall present an integrated view to security personnel. This does not
preclude individual system installation on physically discrete computers as technology
limitations may preclude the optimal solution of a single, common hardware platform for all
systems.
All security systems deployed in facilities shall meet the following requirements:

4.7.1. All installations shall have the ability to present security personnel
with a single interface and user environment for all installed security
systems.
This will allow security personnel to manage the system from this
environment without regard to the physical system distribution on
different platforms.
Provision of this ability requires that all such systems transparently
share data across secured links and permit the integration of security
data with imagery from cameras and sensor activations.
This integrated environment shall be presented to security personnel
across multiple displays that share common design and management
techniques.
4.7.3. Integration at a data level, as specified in this requirement, allows
individual specialized management in each system’s own specialized
environment.
4.7.4. All IDAS and ACS installations can continue to install specialized
system monitoring equipment as dictated by individual system
requirements, i j i

This translates to a local monitoring facility for the IDAS and local
displays for ACS while maintaining full external system connectivity
to the integrated environment which may be at a different location or
could be co-located at the same location.
4.7.5. ISS components installed in the field shall have tamper sensors
connected to the ISS that will annunciate an alarm when any attempt is
made to access the component.
4.7.6. Site Acceptance Tests (SAT) for new installations shall be conducted
to verify ISS operation prior to acceptance by the Operator. The SAT
procedures and documentation shall be filed and available for review.

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 30 of 34
Kingdom of Saudi Arabia
Ministry of Interior i'/jj
High Commission for Industrial Security jj-OO LLJl

Secretariat General oUJl

SEC-05 Integrated Security System

4.8. Facility Design Requirements for housing security systems

Security systems shall be housed in secured facilities that have adequate structural, electrical
and environmental safeguards.
These facilities shall be classified by location as follows:

TYPE A: Located within company administrative office areas.

TYPE B: Installed at a local facility close to a gate house or other security
facility.
TYPE C: Installed in the field to contain interface equipment to security system
field components.
Each one of these installations shall comply with the requirements stated below.

4.8.1. All structures housing security system components shall be of concrete

or Concrete Masonry Unit (CMU) construction with steel rebar
reinforcements. Structure may be an independent structure or located
within a building. Buildings constructed of CMU shall use rebar and
grout in each core.
4.8.2. Type A: Structures in office buildings can be located as needed as
long as they comply with the remaining requirements in this section.
Type B: Structures at facilities shall be located within 50m of the local
gate house on the inside of the facility perimeter fence.
j
Type C: Field structures can be placed as 1 required by system !
installation requirements but shall be inside the facility perimeter
fence. ;
4.8.3. Ingress into this structure shall be via a steel door fully compliant with,
the requirements stated in SEC-09 “Doors” and use a locking system
compliant with SEC- 10 “Locks”. Access to these locations shall be
restricted to authorized personnel.
4.8.4. Independent structures (Type B) shall have their front door in direct
line of sight to the gatehouse. t (

Issue Date: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 31 of 34
Kingdom of Saudi Arabia
Ministry of Interior
LLJl iiil
High Commission for Industrial Security
Secretariat General oUll liL.*/!
SEC-05 Integrated Security System

4.8.5. Structures shall have two separate, independent air conditioning

systems when air conditioning is required. A/C systems may be any
combination of central and split type systems.
Window type units are specifically excluded from this application due
to dust ingress concerns.
4.8.6. All openings to the outside environment shall be sealed against dust
ingress. This shall include appropriate weather stripping on all doors.
4.8.7. The room shall be sized such that, with all equipment installed there
shall be at least 1.5m clearance in all directions from the security
equipment installation.
Wall mounted equipment shall require this clearance in front and sides
only.
4.8.8. All power supplies for security systems shall be fully compliant with
the requirements stated in SEC-07 “Power Supply”.
The UPS used for the security system shall be mounted either in the
same room as the equipment, or, if required by electrical codes or
safety considerations, be mounted in a separate room adjacent to this
room.
Generators shall be housed in a structure compliant with local
electrical and building codes and shall be fully compliant with SEC-07
“Power Supply”.

4.9. Plant Control Room

Plant Control Rooms present a special case for security compliance. This facility contains
controls for all elements of facility operation. It shall be safeguarded against intruders and
unauthorized visitors by the deployment of an Access Control System (ACS) at the control
room entrance door.

The ACS used at this facility shall be a scaled down version of the full ACS specified in this
directive. It shall include at least two card readers on the entry side and a camera to permit
plant control room personnel to observe personnel requesting access. The ACS shall have a
UPS and access to a backup power generator when power to the ACS is interrupted.

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 32 of 34
Kingdom of Saudi Arabia
i-Luuji s'j'jj
Ministry of Interior
LLJl 5iJ,l
High Commission for Industrial Security
Secretariat General w*ii uuyi

SEC-05 integrated Security System

4.10. Security Control Center (SCC-)

The Security Control Center (SCC) shall house command and control systems and functions
to manage and coordinate security assets and activities in an area.
4.10.1. The structure housing this SCC shall comply with the requirements of
Sections 4.8 of this Security Directive. Where possible, the SCC shall
be constructed underground.
4.10.2. No part of the SCC area shall have doors or windows leading directly
to the exterior of the building.
4.10.3. The SCC shall have raised floors, as used in computer rooms, to
facilitate wiring.
4.10.4. The SCC operator work area shall have no offices other than those
required for SCC personnel.
4.10.5. An access control system, with a video camera at the SCC door
monitored inside the SCC, shall be used to manage access to the SCC.
4.10.6. Power supply to the SCC shall be fully compliant with SEC-07 “Power
Supply”. A dedicated UPS shall be provided for the SCC. Non SCC
equipment shall not be connected to this UPS.
4. 1 0.7. Redundant air conditioning systems shall be used for the SCC.
4.10.8. Fire detection and fire protection systems shall be installed in the SCC.
4.10.9. Computer installations in the SCC shall comply with the requirements
of Sections 4.6 of this Security Directive.
4.10.10. The SCC shall have the ability to view and manage gates and facilities.
Main gate cameras and crash barriers shall be monitored from the
SCC. The ability to manage emergency activation and deactivation of
the crash barriers from the SCC is required but implementation of this
ability shall be decided by the Operator in consultation with HCIS.
4.10.11. Integration of SCC functions shall comply with the requirements of
Sections 4.7 of this Security Directive.
4.10.12. SCC operators shall haye all SCC functions available to them in, a
single, multi-display console. The console shall be designed with a
single common interface to all SCC functions. This shall allow the
operator to manage and coordinate all security assets, in the area under
his control, without having to access other systems.

Issue Dale: 12/fi/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS. Copying or distribution prohibited without written permission from HCIS
Page 33 of 34
Kingdom of Saudi Arabia
3 JUljdl Sjljj
Ministry of Interior
High Commission for Industrial Securin’
Secretariat Genera!
SEC-05 Integrated Security System

Ail data required for the SCC function shall be provided to the operator
at this console.
4.10.13. Personnel data and imagery shall be available to the SCC operator.
4.10.14. All voice communications into and out of the SCC shall be recorded
and maintained for 12 months.
4.10.15. Large Screen Displays shall be used to provide a continuous overview
of the status of all areas under the SCC’s control.

5.0. Application of Requirements

This section lists how the elements of this security directive apply to facilities depending on their classification
using the criteria stated in section 4.2 of SEC-01.

ELEMENT
:
vÿ|g| mm
IH
Intrusion Detection & Assessment System /
(IDAS)

Access Control System A/ y

Video Assessment & Surveillance System
(VASS)
✓ s ✓

ID Management System s ✓
Computer Installation in Security Systems v' s s
Facility Design requirements for Housing
Security Systems
/ s y

Security Control Center s

Issue Dale: 12/6/1431H / 26/05/2010

RESTRICTED
All Rights reserved to HCIS Copying or distribution prohibited without written permission from HCIS
Page 34 of 34