Engineering Procedure 09 January 2024

SAEP-120
Execution Requirements for Security Projects
Document Responsibility: Security Standards Committee

Previous Revision: 14 September 2023 Next Revision: 09 January 2029

Contact: (ANWAHZA) Page 1 of 31
Saudi Aramco: Company General Use © Saudi Arabian Oil Company, 2024
 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Table of Content
SUMMARY OF CHANGES ..................................................................................................................................................... 3

SCOPE............................................................................................................................................................................. 4

CONFLICTS AND DEVIATIONS .................................................................................................................................... 4

REFERENCES .................................................................................................................................................................. 4

TERMINOLOGY ............................................................................................................................................................. 5

SECURITY CONTRACTORS AND CONSULTANTS REQUIREMENTS ......................................................................... 7

SECURITY SUBMITTALS GENERAL REQUIREMENTS................................................................................................. 8

GENERAL REQUIREMENTS OF SECURITY DRAWINGS ............................................................................................. 9

PROJECT SUBMITTALS SPECIFIC REQUIREMENTS ................................................................................................. 11

ROLES AND RESPONSIBILITIES ................................................................................................................................. 21

APPENDICES ........................................................................................................................................................................ 23

APPENDIX A ........................................................................................................................................................................ 23

DOCUMENT HISTORY ........................................................................................................................................................ 31

© Saudi Arabian Oil Company, 2024 Page 2 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Summary of Changes

Paragraph Number
Change Type
Previous Revision Current Revision Technical Change(s)
(Addition, Modification, Deletion,
14 September 2023 09 January 2024 New)

Introduction of the project

screening process to
1.1 1.1 New determine the requirements
of HCIS submissions and
approval
Specification of the warranty
5.4 5.4 Addition activation milestone to take
better advantage of warranty.
New requirement added to
optimize manpower and
5.5 New
resources and increase
reliability
Modify the package submittal
6.2.8 6.2.7 Modification method as hard copies are no
longer required
Deleted since hard copy
6.2.13 Deletion
submittals aren’t required
Addition of required facility
7.2.2 7.2.2 Addition
layout drawings
Statement modified to raise
7.2.5 7.2.5 Modification awareness to cybersecurity
requirements
Addition of declaration of
8 8 Modification compliance forms per stage as
instructed by HCIS
Modified requirements for
8.4 8.4 Modification
stage-4 certificates’ approvers
Clarification of some of the
9.1 9.1 Addition Execution Agency’s
responsibilities were
Clarification of some of the
9.2 9.2 Addition proponent’s responsibilities
were
Addition of ISSD
9.3 9.3 Addition
responsivities

© Saudi Arabian Oil Company, 2024 Page 3 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Scope
This procedure outlines the minimum mandatory requirements for executing all security projects
at Saudi Aramco facilities. The span covers project planning to completion. The scope includes:
• Security contractors and consultants qualification requirements.
• Security Risk Assessment Study Requirement.
• Security Drawings requirements.
• HCIS submittals and mandatory approval requirements stipulated in section 8 for each stage.
Application
This procedure is applicable and shall be invoked when executing all fixed-scope projects that
provide or require new or upgraded security countermeasures at Saudi Aramco facilities.
All facilities under HCIS jurisdiction require strict compliance with HCIS requirements of workflow
submission and approval, package content, construction, installation and contractor selection.
Facility upgrade and expansion projects shall be screened by ISSD to determine the requirements
of HCIS submissions and approval.
Third-party projects application and conditions are detailed in SAES-O-201.
Requirement Definition
This document uses ‘requirement’ language. Please note the following definitions:
Shall mandatory
Should or must recommendation, strongly preferred
May permissible/optional
Can possible or capable
Handling and Distribution
This document is classified as Company General Use. See GI-0710.002.

Conflicts and Deviations

Any conflicts between this document and other applicable Mandatory Saudi Aramco Engineering
Requirements (MSAERs) shall be addressed to the EK&RD Manager.
Any deviation from the requirements herein shall follow internal company procedure SAEP-302.

References
All referenced specifications, standards, codes, drawings, and similar material are considered part
of this Engineering Procedure to the extent specified, applying the latest version, unless
otherwise stated.
Saudi Aramco References
Saudi Aramco Engineering Procedures
SAEP-302 Waiver from a Mandatory Saudi Aramco Engineering Requirement.
SAEP-303 Engineering Reviews of Project Documentation.
SAEP-334 Retrieval, Certification, and Submittal of Saudi Aramco Engineering and
Vendor Drawings.

Saudi Aramco Engineering Standards

SAES-A-202 Saudi Aramco Engineering Drawing Preparation.

© Saudi Arabian Oil Company, 2024 Page 4 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

SAES-O-201 General Requirement for Security Directives.

SAES-O-205 Security Systems for Industrial Facilities.
SAES-O-208 Wired and Wireless Communications for Security Application.

Saudi Aramco General Instructions

GI-0710.002 Classification of Sensitive Information.
GI-0710.011 Photography and filming of Saudi Aramco Restricted Facilities and Operating
Areas.
GI-0002.710 Mechanical Completion and Performance Acceptance of Facilities.

Other References
American Petroleum Institute
ANSI/API STD Security Risk Assessment Methodology for the Petroleum and Petrochemical
780 Industries, Latest Edition.

HCIS Security Directives

SEC-01 to SEC- Security Directives for Industrial Facilities issued by the High Commission for
19 Industrial Security.

Terminology
Acronyms
ACS Access Control System.
ALPR Automatic License Plate Recognition.
COD Concept of Design Document.
SAROs Saudi Aramco Reviewing Organizations.
EK&RD Engineering Knowledge & Resources Division.
ISSD Industrial Security Support Department
FEL Front-end Loading.
FSC Facility Security Classification.
HCIS High Commission for Industrial Security. Refer to SAES-O-201 for full
definition.
IDAS Intrusion Detection and Assessment System. Refer to SAES-O-205 for
full definition.
LRS Long Range Surveillance System. Refer to SAES-O-205 for full
definition.
PIC Preliminary Inspection Checkpoint.
SCC Security Control Center.
SEC Security Directives for Industrial Facilities issued by HCIS.
SECNET Security Network. Refer to SAES-O-208 for full definition.
S&IS Safety and Industrial Security.

© Saudi Arabian Oil Company, 2024 Page 5 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

SOP Standard Operating Procedure.

SRA Security Risk Assessment.
DBSP Design Basis Scoping Paper.
VASS Video Assessment and Surveillance System.
MCC Mechanical Completion Certificate.
Definitions
Concept of Design A site-specific design document, defining the physical security
Document: components and countermeasures that will be installed at the facility.
Execution Agency: The Saudi Aramco organization executing a security project.
Security Project: Any project, whether it is security-dedicated or part of a corporate
project, providing new or upgraded physical security countermeasures
for existing, expanded, new or upgraded Saudi Aramco facilities.
Operational A document that certifies that security equipment are operational in all
Readiness respects, tested, commissioned on site, personnel have been trained
Certification:
and support is in place.
Physical Security All countermeasures provided to protect the facility from physical
Countermeasures: security threats. The countermeasures include but not limited to:
perimeter security, security systems and devices, security
communication and cybersecurity.
Security Drawings: Any Saudi Aramco Engineering Drawing, disciplined to specify physical
security countermeasures of the facilities. The drawings types are
defined in Appendix-A of SAES-A-202.
Security Lighting: Includes perimeter security lighting, area lighting, gatehouse lighting,
and checkpoint lighting, and emergency lighting.
Security A document that certifies that the execution of the project has been
Compliance carried out as specified in the detail design approved by HCIS and lists
Certification:
any non-compliance items and the committed time to rectify them.
Security Risk A methodical study that shall determine and classify the facility’s assets,
Assessment: determine critical assets, evaluate the asset’s vulnerabilities, evaluate
threats and pathways that can exploit these vulnerabilities, assess the
existing and proposed security countermeasures, and conclude with
security recommendations, in order to formulate a baseline of security
requirements. The SRA is also required to support any waivers or
additional security countermeasures.
System Design A set of integrated engineering document that establishes the basis,
Document: concept, perimeters or a design supported by required engineering
drawings, illustration, security system.

© Saudi Arabian Oil Company, 2024 Page 6 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Security Contractors and Consultants Requirements

Only qualified and HCIS-licensed security consulting and contracting firms shall be hired to
provide any related work to Security Projects under HCIS jurisdiction.
Note:
List of HCIS licensed contractors and consultants are available online at the HCIS Central Licensing
Unit. Access is available to ISSD, who may advise the Execution Agency of updated listing, noting
that the list is constantly updated by HCIS and it is confidential and shall not be released to any
entity outside Saudi Aramco, including General Engineering Services Contractors.

Security Consultant
5.1.1 HCIS-licensed and independent security consulting firm(s) shall be hired to execute the following
actions per each stage of HCIS submittals.
• Stage 1: Development of Security Risk Assessment Study.
• Stage 2: Develop/Review Preliminary Security Design based on Project Proposal.
• Stage 3: Review and endorse detailed design and device selection developed by the security
design contractor (if required by ISSD).
• Stage 4: Monitor testing and commissioning of the security systems (if required by ISSD).
5.1.2 The security consultant shall be independent and shall not partner with any company, or
subsidiary, engaged in execution of the facility security system installation and/or
implementation.
5.1.3 Companies selected for the role of Security Consultant for a project, are not permitted to work
on, or bid for, the installation of the security system of the same project.
5.1.4 The Execution Agency, in consultation with ISSD, shall validate the consultant’s qualification,
resource capacity, expertise, track record during procurement planning, and prior to award
action.
Security Contractor
Security design and execution contractors are responsible for executing the following elements
of HCIS workflow:
• Stage 3: Detailed Design Development and Execution, including, but not limited to:
o Design Development.
o Device Selection and Procurement.
o Construction.
o Installation.
• Stage 4: Testing and Commissioning of the security systems.
The Execution Agency, in consultation with ISSD, shall validate the contractor’s qualification,
resource capacity, expertise, track record during procurement planning, and prior to award
action.
Non-Disclosure Agreement
The Execution Agency shall execute a project-specific non-disclosure agreement with selected
consultants and contractors. The non-Disclosure Agreement shall be enforced by the Contractor
and Consultants to their employees working on the project. The agreement shall be valid for
minimum of 10 years after completion of the project.
Warranty and Support Requirements
All security equipment and software provided by a project shall be supported with a minimum of
2-year warranty, activated after commissioning and handover, and with a minimum of 10-year
availability of manufacturers support and spare parts.

© Saudi Arabian Oil Company, 2024 Page 7 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Asset Ownership Demarcation

During DBSP development, ISSD and respective facility proponents in which security systems are
installed, shall develop asset ownership demarcation and maintenance responsibilities
agreement covering the auxiliary equipment supporting the security systems. These equipment
include and are not limited to electrical, HVAC, lighting and structures.

Security Submittals General Requirements

DBSP, Project Proposals and Detailed Design Package General Requirements
6.1.1 DBSP, Project Proposals and Detailed Design Security engineering packages shall be provided in
one set of Security Index (Index-O), listing all required security drawings and documents related
to security. SAROs shall conform to SAEP-303 when conducting the formal engineering reviews.
6.1.2 Risk assessment requests shall be requested from ISSD through a Service Catalog CRM.
Security Risk Assessment Reports shall not be distributed in the e-Review System. The document
distribution in all phases shall be controlled to be only viewed by directly involved individuals.
HCIS Submittal General Requirements
6.2.1 Only documents relevant to HCIS review, as defined herein, shall be included in the submittals
prepared for HCIS approval. Packages submitted to ISSD by the execution agency shall be
initiated through Service Catalog CRM.
6.2.2 HCIS submittals shall consist of each stage’s required documentations (SRA, COD, Preliminary
Design, Detailed Design and declaration of compliance forms, illustrated in Appendix.1) and
supporting documents (drawings schedules, equipment datasheets, etc.). The supporting
documents shall be referred to in the text of the main document. The specific content &
required documents per stage are provided in Section 8 of this procedure.
6.2.3 Submittals Titles: Titles for included documents and sections shall exactly match the naming and
sequence specified by HCIS SEC-14, imbedded in procedure. Note that HCIS naming convention
of submittals titles and included sections does not exactly align with Saudi Aramco naming
convention. Required conversion to the titles shall be made on each submittal.
6.2.4 Blank Sections: Where an HCIS submittal section is not applicable, the section space holder shall
be retained in the given sequence, and be labeled as “Not Applicable”.
6.2.5 Language: All HCIS-submittals shall be in English language only.
6.2.6 Page Identification: All documents shall have company (Saudi Aramco) project information on
the top of each page and page number information on the bottom of each page.
6.2.7 All submittals at all stages shall be submitted to ISSD through soft copies in the specific order
mentioned in Section 8.
6.2.8 All photographs, if so required for the submittal, shall be in high quality PDF format. All
photography requests for operating facilities shall obtain requisite approval pursuant to GI-
0710.011 “Photography and filming of Saudi Aramco Restricted Facilities and Operating Areas”.
6.2.9 Manufacturer technical datasheets and brochures for security hardware and software systems
shall be presented in colored high-quality PDF file and not a scanned copy.
6.2.10 Submittal Cover Data Sheet: All submittals at all stages should include an updated submittal
cover data sheet as a first page. Template for the Cover data sheet is provided in Appendix-A of
SAES-A-202.
6.2.11 The following requirements shall be observed for documents and drawings submittals
respectively:

© Saudi Arabian Oil Company, 2024 Page 8 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Text Documents:
• Documents shall be in protected PDF format.
• All soft copies of text documents shall be sized letter size with the exception of drawings.
• The documents shall be ready to print. The printable areas shall be readily defined for letter
paper.
• Tables in text documents shall be structured, sized and oriented as needed to ensure
printout will fit across a letter size page.
• Larger page sized may be used as necessary. Multi-page tables shall have headings on top
of each page.

Drawings:
• All soft copy drawings shall be in high quality PDF format.
• Multiple drawings on a single subject shall be included in a single, multi-page PDF file to
facilitate review.
• Drawings shall have adequate size and resolution to allow review of fine details.

General Requirements of Security Drawings

Drawings Preparation and Format
7.1.1 Security Drawings shall be prepared in accordance with SAES-A-202 and SAEP-334.
7.1.2 Security Drawings that contain security and non-security related elements, shall have the non-
security related elements greyed out.
7.1.3 Drawings shall be presented in a size that is adequate to read fine details. SAES-A-202 Appendix
B provides an example of required sizes for security related drawings.
7.1.4 Security Drawings types shall use Index-O drawing types and sizes as defined in SAES-A-202
Appendix B.
7.1.5 All drawings included in the submittal prepared for HCIS approval shall be referenced in the
Scope of Work or main document.
7.1.6 Drawings shall be presented in a size that is adequate to view important details with sufficient
zoom. The drawings may be split into multiple sheets in order to maintain visibility of the
smallest data presented in the drawings.
Drawings Content
These drawings contents provide definition levels for each submittal.
The submittal requirements are provided in Section 8.
7.2.1 The overview drawings shall illustrate the boundaries of the facility in addition to roads in the
contiguous area located externally within 100 meters of any restricted area fence. The drawings
shall show the boundaries and gates of the administrative and restricted areas and any planned
expansions of the facility. In areas with adjacent facilities within 1,000 meters, the drawings shall
include the boundaries and designation of these adjacent facilities.
7.2.2 Facility Layout
The facility layout drawing types shall show the following (as applicable):
• Boundary fences: showing fence classification or type in addition to dimensions and
clearances within the fence components and to other nearby equipment or facilities. This
shall include perimeter fences and fences around internal facilities.
• Isolation fences: (for new construction sites and expansion sites) showing fence classification
or type, dimensions, and clearances between the mentioned fence and the surrounding area.

© Saudi Arabian Oil Company, 2024 Page 9 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

• External and internal security patrol roads with dimensions and clearance including
connections to the facility road system.
• External and internal clear zone with dimensions and clearance to the surrounding area.
• All approaching roads to the main, computer, PIC and emergency gates including
connections to the facility road system.
• All security device and equipment locations including drop arm barriers, turnstiles, crash
barriers, X-ray inspection machines, metal detector doors, and any other system deployed
for security requirement.
• All non-security cameras installed in the facility. Camera owner shall be identified by notes
in the drawing.
• All intrusion detection system components installed at the perimeter. This shall include any
equipment rooms or housing installed as part of the system. All intrusion detection system
zones shall be identified.
• All other security systems equipment location and physical layout. This includes VASS, LRS,
ACS, ALPRS, emergency telecom systems, and all components.
• Security lighting installed for security compliance (perimeter, area and check point lighting).
The drawings shall show the light fixtures locations, types, heights, and luminance.
• Administrative and restricted areas and their boundaries and main security gates and
emergency exits.
• Public roads located adjacent to the facility.
• Saudi Government Security Force checkpoints deployed for this facility. Clearances from the
checkpoint to the facility main gate and road connections shall be clearly shown. If adjacent
facilities are deployed for facility protection, their locations shall be shown.
• Gate layout and design. This covers all gates at the facility. Each gate shall be submitted in a
separate drawing set.
• Power sources and backup power services to all security facilities.
• An outline of all critical assets installed within 60 m of the facility perimeter fence.
Equipment designated as critical by the facility owner shall be clearly identified. Clearances
between the fence and all equipment within 45 m shall be clearly identified.
• Security facilities such as gatehouses, security offices, ID offices, visitor centers, inspection
areas and facility/security control centers with layout and design for each.
• Routing of security communications cabling and infrastructure within the facility.
• HVAC system and its infrastructure utilities route to the end-user.
• Fire system and its infrastructure utilities route to the end-user.
7.2.3 Outer Perimeter Fence Crossing
The outer perimeter fence crossing drawings shall show all product and utility pipelines or
cabling that cross the outer perimeter fence as follows:
• Pipelines that cross the outer perimeter fence. Drawings shall show elevation and depth
views, clearances, and fence crossing details within 100 meters of both sides of the outer
perimeter fence.
• Drawings shall show the content, size, destination or source of all product pipelines or
cabling.
• Utility pipelines or cabling shall be shown if they cross over the fence. Buried utility pipelines
or cabling shall be shown if they are buried within 100 meters on either side of the fence.
• All fence culverts, and their purpose, shall be shown in the drawings. Where pipelines utilize
culverts, full details shall be provided.
• Guardrails details shall be shown at the transition point where the pipeline enters/exits the
ground.
• Sensors and cameras monitoring fence crossings shall be shown.

© Saudi Arabian Oil Company, 2024 Page 10 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

7.2.4 Restricted Building Layout

Building that houses security systems, or a plant process control room or critical buildings
highlighted in the SRA, and Security Control Center shall show the following:
• The entrance door leading to abovementioned areas.
• Security systems/devices installed including access control and cameras.
7.2.5 Security Systems Power and Communication
The following set of drawings shall be prepared, in which the related cybersecurity controls and
measures must be implemented. For further guidance, refer to Project Cybersecurity
Requirements for ISO Network (Latest version can be obtained from ISSD).
• Field of View (FOV) of all security cameras and LRS deployed at the facility.
• Obstructions in camera and LRS FOV within the device range.
• Access control system equipment layout and block diagram.
• Perimeter intrusion detection system equipment layout and block diagram.
• Video Surveillance system equipment layout and block diagram.
• Gate security equipment.
• Security Control Center layout.
• Security Network topology and major network devices.
• Security Communication system equipment layout (radio and telephone only).
• Single line diagram: power supply for security equipment (primary, alternate, UPS, and
emergency power generator).
7.2.6 Security Device Information
The following information shall be provided in tabular form for all security systems and devices
to be installed at the facility. The table shall include the security components/device type,
manufacturer, licenses, component/device model number, and HCIS SEC compliance (Yes/No)
for the following main system components:
• Security systems main components.
• IDAS, LRS and VASS main components.
• Inspection devices (X-ray, metal detector, etc.).
• Anti-vehicle barriers (fixed and automated).
• Anti-climb, anti-cut fence.

Project Submittals Specific Requirements

Projects for facilities that fall under the jurisdiction of the HCIS shall follow the following
sequential submittal stages to be submitted for and obtain HCIS requisite approvals for the
security related aspects of facility design, and assure that approvals are received from HCIS on a
timely basis.
All submittals shall be fully completed by the Execution Agency, and submitted to Industrial
Security Support Department (ISSD) for technical review, quality review, and onward transmission
to HCIS. ISSD shall be the single point of contact managing all projects’ correspondence with
HCIS and shall keep the Proponent and Execution Agency advised of all outcomes.
Note:
All submittals to HCIS shall be executed and completed in a timely manner to avoid impacting the
project schedule. Submittal processing time by HCIS usually varies between 1 to 3 months or more,
depending on project complexity, submittal quality and completeness, level of conformance to HCIS
requirements, and other factors pertaining to HCIS.
Table 1 summarizes all submittals, reflecting SEC-14 requirements. Sections 8.1 to 8.4 provide
mandatory instructions and further details for each submittal stage.

© Saudi Arabian Oil Company, 2024 Page 11 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

© Saudi Arabian Oil Company, 2024 Page 12 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Table 1: STAGE-1 to 4 HCIS Submittal

Mandatory Submittal Contents
HCIS Pre-requisite
(Refer to sections 8.1 to 8.4
Submittal Stage Project Milestone
for details)

• Security Risk Assessment

• Conceptual Design
• Concept for Security Organization, Policy
Stage 1 and Procedure Manual and Training Plan
Security Risk Assessment Development FEL-2 DBSP
(SRA) and Conceptual
Design (COD)

Stage-1 Declaration of Compliance

Preliminary Design
Stage 2 60%
Preliminary Design Project Proposal
Stage-2 Declaration of Compliance
Detailed Design Document reviewed by the
Security Consultant*
Stage 3 60%
Detail Design Detailed Design
Stage-3 Declaration of Compliance

Operational Readiness Certificate

Stage 4 100%
Security Compliance Certificate
Operational Readiness Security Construction

Stage-4 Declaration of Compliance

*if required by ISSD

Note:
Project sponsor signature is required for each stage’s declaration of compliance form, following IPT
review & signatures.

© Saudi Arabian Oil Company, 2024 Page 13 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

STAGE-1 HCIS Submittal: Security Risk Assessment and Conceptual Design

The submittal format shall comply with SEC-14, Section 6.1.3.2 and shall consist of three parts.

Part 1: Security Risk Assessment (SRA)

The SRA folder shall consist of three sections:
• Section 1: The SRA document shall comply with SEC-15 Appendix B, Section 3.0.
The Security Risk Assessment shall be executed at an early stage of the project proposal in
order to meet the Stage-1 submittal timeline.
• Section 2: All drawings as listed in SEC-15 Appendix B, Section 3.4.2.
• Section 3: The Business Criteria Analysis (BCA) and supporting documentation as specified
in SAES-O-201.
All appendices and documentation submitted with the SRA shall be referenced in the context
and text of the SRA.

Part 2: Concept of Design

The Concept of Design shall translate the SRA physical Security countermeasures
recommendations into a more tangible conceptual overview of the physical security system and
basic layout of the security system. It shall consist of three sections:
• Section 1: 10% Conceptual Design Document, which shall include the following:
o Summary: An overall description of the facility and the security countermeasures that will be
installed to provide the specified level of security.
o Project Overview and Site/Facility Description.
o Summary from the SRA, critical assets, FSC, and physical security recommendations.
o A site-specific conceptual description of the physical security design and security
infrastructure.
o A site-specific conceptual description of the security systems required for the security design
of the facility.
o Specific security countermeasures for areas in which SRA recommendations and/or
compliance with FSC requirements cannot be achieved.
• Section 2: Site-specific drawings covering items and related equipment listed in Section 7.2
of this procedure.
• Section 3: Summary of waiver requests with Justification for each non-compliance of HCIS
Security Directives as identified in the SRA. Refer to SAES-O-201, for details on government
waiver request.

Part 3: Security Organization, Procedures Manual, and Training Plan

This part of STAGE-1 submittal is mandatory if required by ISSD based on assessment of the
project complexity, facility type and location. The content shall include:

• Section 1: Overview of the Security Organization at the facility, including the number of
fixed and patrol security posts in addition to the total number of proposed security
personnel.
• Section 2: Overview of the security policy, procedure and post orders.
• Section 3: Initial Training program for the security personnel to operate the security
equipment provided for the project. The abbreviated Training Plan shall specify the security
training requirements, execution schedule, training type (formal/informal), and a strategy.

© Saudi Arabian Oil Company, 2024 Page 14 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Part 4: Stage-1 Declaration of Compliance

The Declaration of Compliance form is mandated in the stage-1 submittal to declare, in a
checklist form, that the requirements for this stage submittal are met unless noted otherwise in
waivers section.

© Saudi Arabian Oil Company, 2024 Page 15 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

STAGE-2 HCIS Submittal: Preliminary Design

A Stage-2 Preliminary Design package shall be submitted to HCIS for approval.
The submittal shall be completed at no later than 60% Project Proposal stage, and shall be based
upon approved COD from STAGE-1 submittal. Timing is crucial in order to allow sufficient time
for HCIS comments to be received and addressed during FEL phase.
The submittal format, content, and sequence shall strictly be based on SEC-14, Section 6.2.2. In
addition, all general submittal requirements shall be followed:
Section 1: General Requirements and Design Criteria
• Section 1.1: General Requirement: General description of the facility/site, project overview,
project requirement and summary of pervious HCIS comments.
• Section 1.2: Security Design Criteria: General design criteria and specifications applicability
for the preliminary design of the security countermeasures. This shall include, but not limited
to, compliance specifications, codes and standards for the security systems and security
infrastructure. It shall also provide an overview of the security systems communication and
integration at the local/regional Security Control Center. The section shall include a
description of each system, sub-system, and provide a layout of all the elements and
components in the SCC. This section shall include the design requirements, specifications
and operational objectives of the sub-systems and components.
Section 2: Physical Security Infrastructure
Shall provide description for each element of the physical security infrastructure. It shall be based
on Stage-1 Conceptual Design Document with addition of more details to the site-specific
conceptual description of the physical security design concept, physical security
countermeasures, security devices and security staffing basis.
Section 3: System Design Document
Shall provide description of the electronic/technological security systems together with the
human interface and procedures required to provide a complete security function.
Section 4: Scope of Work
A detailed Scope of Work (SOW) document shall be included to provide clear understanding of
all components of the security countermeasures at the facility, and lists existing countermeasures
versus countermeasures proposed by the subject project. All drawings shall be references in the
Scope of Work Section.
Section 5: Equipment Identification Schedule
Shall tabulate all security devices and main components for the security systems provided by the
project. The list shall address existing security equipment.
Section 6: Waiver Requests
Formal waiver requests against HCIS standards shall be synchronized and made part of this
submittal, and be based on waiver requests identified and highlighted in STAGE-1 submittal, in
addition to new waivers.
Refer to SAES-O-201, Section 2 for details on HCIS waiver request contents, format, and
workflow requirements.
Internal Saudi Aramco waivers transaction according to SAEP-302 shall precede the submittal of
any waiver request. The Saudi Aramco waiver request number shall be referenced in the
submittal.

© Saudi Arabian Oil Company, 2024 Page 16 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Section 7: Drawings
The set of applicable drawings as defined in Section 7 shall be provided. All drawings shall be
referenced in the Scope of Work Section.
Section 8: Stage-2 Declaration of Compliance
The Declaration of Compliance form is mandated in the stage-2 submittal and it declares, in a
checklist form, that requirements for this stage submittal are met unless noted otherwise in
waivers section.

STAGE-3 HCIS Submittal: Detailed Design

The Stage-3 Detailed Design submittal shall be submitted to HCIS, and based upon 30% or 60%
detailed design stage and approved STAGE-2 submittal. The submittal shall certify compliance
with all SEC-1 to SEC-19 applicable requirements. It shall strictly follow the format, content
sequence, and sections titles as shown below, based on SEC-14, Section 6.3.2:
Section 1: General Requirements
Including the general description of the facility/site and the project overview.
• A detailed Scope of Work (SOW) shall consist of all the construction, installation and
integration of security infrastructure and security systems scope that will be implemented
within the project.
• Review report of the detailed design documentation. The Execution Agency shall consult
with ISSD as to whether this review shall be conducted by external consultant.
• Certificate of compliance of applicable Security Directives (SECs) SEC-1 to SEC-19, and
incorporation of HCIS comments to STAGE-2 submittal.
Section 2: Security System Design Document (Stage 3)
• Detailed SCC design document, including design perimeter, specifications, requirements,
and architecture.
• System Design Document: Detailed Design of the security systems communication and
integration at the Local/regional Security Control Center. The section shall include a
description of each security system, sub-system and provide a layout of all the elements and
components in the SCC. This section shall include the design requirements, specifications
and operational objectives of the sub-systems and components.
• Vendor data sheets, specifications and certificates for all security devices, equipment, and
components.
Section 3: Physical Security Infrastructure
• Detailed Design Document for each element of the physical security infrastructure, physical
security countermeasures, and technology.
• Detailed Design Layout Drawings for the construction of all security buildings, including
gatehouses, other security operation facilities and all buildings housing security equipment.
• Building material and equipment specifications and performance certifications, such as for
buildings with ballistic protection requirements.
Section 4: Security Fencing
• Specifications, calculations, and design documents considering the site-specific soil
condition.
• Site perimeter layout drawing (showing: fence, barriers, patrol roads, lighting, clear zones).
• Test reports and performance certificate for anti-vehicle barriers, and
anti-personnel fences as applicable.
• Material Data Sheet and specifications for all fence layers.
• Detailed Design drawings:

© Saudi Arabian Oil Company, 2024 Page 17 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

 Layout and facility plot plan drawings for facility perimeter fences and other fences
described in the Preliminary Design.
 Layout and installation details drawing for each fence penetration in the facility
perimeter.
 Layout and installation details of each emergency gates and heavy equipment gates.
 Security patrol roads (layout drawings only).
 Temporary fences and demolitions along the fences.
 Sectional drawings of all fence crossings layout and interfaces with underground
utilities.
Section 5: Security Gates
One sub-section shall be provided per gate, and shall include:
• Specifications and design document for layout and installation.
• Detailed Design Drawings for the layout and installation details of all security devices, security
equipment, communication components at each gate.
• Gatehouse Building Materials datasheet and specification.
• Test report and certificate for the crash-rated road blockers and bollards.
Section 6: Security Lighting
• Specifications and design document and calculation for security lighting.
• Detailed design and installation details drawings for all security lighting.
• Datasheet and specifications for the lighting luminaires.
Section 7: Security Control Center
Applicable for both new, upgraded and interfaced to SCC, and shall include:
• SCC Detailed Design Drawing, including design perimeters and specification documents for
main components.
• SCC layout drawings.
• List of systems and functions integrated into the SCC.
• Integration software(s) at the SCC.
• Material and equipment datasheet and specifications.
• Security manning requirements by the project.
Section 8: Intrusion Detection and Assessment System
• Detailed design layout drawings and installation details drawings.
• CCTV camera field-of-view calculation.
• Material and equipment datasheet and specifications.
Section 9: Access Control System (ACS)
• Installation details and layout drawings for the ACS components at each location.
• Material Equipment datasheet and specifications.
Section 10: Video Assessment and Surveillance System
• Detailed design and installation drawings for the layout, field-of-view and installation details.
• CCTV camera field-of-view calculation.
• Material and equipment data sheets and specifications.
Section 11: Data Network and Communications
Data Network:
• Security data network (SECNET) topology, capacity, and bandwidth.
• Security data network interface equipment, and connection method to backbone and other
networks.

© Saudi Arabian Oil Company, 2024 Page 18 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

• Data network cabling overview and drawings for the gatehouse, SCC, ACS, IDAS, and VASS
locations.

Communications:
• Wired communication at PIC.
• All gatehouse wired and wireless communications.
• SCC wired and radio communications.
• Security radio equipment list and specifications.
• Radio coverage map in the facility location.
• CCTV storage calculations for all systems requiring video recording (ALPR, VASS, IDAS, ACS).
Section 12: Power Supply
• Detailed design and installation drawings for the emergency power generator.
• Detailed design and installation drawings for the UPS system.
• Power and UPS calculation.
• Material and equipment data sheets and specifications.
Section 13: Waiver Request
• New waiver requests, if applicable.
• Summary of waiver requests included in STAGE-2 and their HCIS resolution.
Section 14: Proof of Compliance
• Proof of Compliance (PoC) certificate tables as specified in SEC-1 to SEC-19.
Section 15: Operational Readiness Progress Report
• Updated organizational procedure or progress status for new procedures applicable to the
facility.
• Training programs to be conducted by the contractor or in-house by the facility operator.
Section 16: Project Milestone Schedule
The project schedule shall ONLY include the start date, major milestone dates, and completion
date of the project.
Section 17: Stage-3 Declaration of Compliance
The Declaration of Compliance form is mandated in the stage-3 submittal and it declares, in a
checklist form, that requirements for this stage submittal are met unless noted otherwise in
waivers section.

© Saudi Arabian Oil Company, 2024 Page 19 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

STAGE 4 HCIS Submittal: Operational Readiness

STAGE-4 is the final stage of the security project submittal. Proponent and Execution Agency
shall confirm that all submittals in previous stages are submitted on a timely manner to HCIS as
specified in this procedure before full operation of the facility.
ISSD shall review the submittal and further submit to HCIS for approval.
The submittal as specified in SEC-14, Section 6.4, shall include the following:
Section 1: Certifications
Certificate # 1: Operational Readiness Certification
• Shall be initiated by Execution Agency, reviewed by ISSD and proponent representatives,
signed by the approved HCIS contractor(s) & Project Manager, then approved by ISSD
Director for onward submittal to HCIS.
• The certificate testifies that:
o All security systems are operational in all respects.
o The systems have been pre-commissioned and completed, and that the site acceptance test
was approved.
o Warranty and maintenance services are in place to support the system.
o Security personnel have been trained to fully operate the systems.
Certificate # 2: Security Compliance Certification
• Shall be developed based on the certification template provided in SEC-14 paragraph
6.4.1.1.2.
• Shall be issued by ISSD, approved by ISO VP.
• Its purpose is to testify that the execution of this project has been carried out as specified in
the detail design approved by HCIS, reiterates all exceptions or non-compliance items
approved by HCIS, and provide a committed timeline to comply with pending non-
compliance items.
Section 2: Installation and Testing
• Site Acceptance Test Report (Summary and approval page only).
• Training documentation, including training/course content, and proof of attendance.
• List of Standard Operating Procedures (SOPs) for the security systems installed.
• List of as-built drawings.
Section 3: Security Organization
• Security policy, procedures and post order manual.
• Organizational chart of the updated Area Industrial Security Operations Department.
• Maintenance Plan for security infrastructure and equipment.
• Security Posts Manning Plan.
Section 4: Land Water Interface
All facilities with land/water interface shall submit a specific plan and procedure for co-operation
with and liaison with Maritime Government Forces having jurisdiction in the project area. This
section shall be developed by ISSD.
Section 5: Stage-4 Declaration of Compliance
The Declaration of Compliance form is mandated in the stage-4 submittal and it declares, in a
checklist form, that requirements for this stage submittal are met unless noted otherwise in
waivers section.

© Saudi Arabian Oil Company, 2024 Page 20 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Roles and Responsibilities

Execution Agency
The Execution Agency shall be responsible for the following:
• Verify the applicable security drawings requirements, indexes, types for the security project
in consultation with ISSD.
• For projects including security and other non-security scope, designate a package
development plan such that all security submittals are produced in a standalone, designated
volume including all package contents including studies, Scope of Work, Security Risk
Assessment studies. The presentation of the project design package for internal review (e-
Review) should be fully contained within the job order. This will facilitate preparation of the
distinct submittal packages required for HCIS approval.
• Integrate the Security Project Execution Requirement into the overall project schedule.
• Assure that responsible project resources have access to view the HCIS Security Directives.
Refer to SAES-O-201 for procedure to obtain access.
• Only hire qualified and HCIS-licensed security contractors, designers, and consulting firms to
execute any security related study, design, and construction. To acquire the updated HCIS-
licensed contractors, ISSD shall be contacted.
• Insure sufficient internal and external resources to plan, execute, and apply required
corrections to the security project submittals to HCIS.
• Fully develop submittal packages for HCIS approval, and submit the packages for ISSD
approval on a timely manner.
• Fully comply with the HCIS review outcome, ruling and decisions in feedback to submittal
packages.
• Rectify unapproved deviations from the HCIS approved packages.
• Designate security drawings and certify an as-built stage.
• Assure that security drawings are properly reviewed and accepted by required departments
and organization.
• Update security drawings (per markup prints) as per SAEP-334.
• Shred and dispose security drawings’ electronic files, hard copies and prints when no longer
needed.
• Comply with GI-0710.002 “CLASSIFICATION OF SENSITIVE INFORMATION” requirements for
confidential documents.
Proponent Organization
The proponent organization is the facility owner and shall be in minimum responsible for the
following:
• Fill the Business Criteria Analysis form through a senior operation representative. Refer to
SAES-O-201 for BCA procedures.
• Review all interfaces between the security requirements and other facility elements.
• Rectify any unapproved changes to the security-related infrastructure that took place after
stage-4 or MCC approval.
Industrial Security Support Department (ISSD)
ISSD shall be responsible for the following:
• Review Security Risk Assessment Studies and HCIS Submittal Packages, received from the
Execution Agency prior to submittal to HCIS.
• Conduct internal Saudi Aramco reviews (e-Reviews) for the security package submittals.
• Approve the security systems SAT (Site Acceptance Test) procedure and witness the SAT.
• Approve and witness the FAT (Factory Acceptance Test) procedure if required by ISSD.

© Saudi Arabian Oil Company, 2024 Page 21 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

• Solely present all projects to HCIS. Submit all stage submittals, manage all related
correspondence, attend all meetings, and keep the Proponent and Execution Agency
formally informed of outcomes through a minimum of manager-level letter.
• Continually inform the Execution Agencies of best practices regarding submittals to HCIS.
• Certify Mechanical Completion of security system as per GI 2.710.
Drawing Management Unit (DMU) of Engineering Knowledge and Resources Division
(EK&RD)
• Provide temporary ISO access detail of Security Drawings browsed by any users when
requested by ISO.
• Maintain drawings access as per SAEP-334.
• Comply with GI-0710.002 “CLASSIFICATION OF SENSITIVE INFORMATION” requirements for
confidential documents.

© Saudi Arabian Oil Company, 2024 Page 22 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

Appendices
Appendix A

HCIS Stage-1 Submittal Completion & Review Form

Instructions: This form shall be completed by the BI Proponent, receive IPT recommendation and Project
Sponsor Approval as per the given signature block.
The completed form along with the completed HCIS Stage-1 package required by SAEP-120, shall be
submitted to ISSD for further handling in obtaining mandatory HCIS approval

Project Information
BI # BI Title
IPT Leader Security Consultant
TSU IPT member GES Contractor
Project Progress Form completion date

Part 1 - Security Risk Assessment (SRA) Y/N

1 Conducted by an HCIS approved consultant

2 Covers the entire facility (including expansion areas covered by the project)

3 including The SRA document, and all drawings as listed in SEC-15 Appendix B | 3.4.2.
Business Criteria Analysis is completed and reviewed by Security Classification
4
Committee
Part 2 - Concept of Design (COD)
COD is defining the physical security elements and components to be installed and their
5
location and function. The design meets the FSC as approved by HCIS.
COD consist of a 10% Conceptual Design Document (CDD) for the physical security
6
Infrastructure and security system with attached relevant drawings.
All Risks, Vulnerabilities, and Countermeasures related to the project were identified
7
correctly.
Part 3- Security Org., Policy & Procedures Manual & Training Plan
Submission includes the Concept security organization, security posts & number of
8
personnel required
Submission includes concept for development of Security Policy, Procedures and Post
9
Orders to be developed (as applicable)
Submission includes Concept for development of a formal & informal Security Training
10
program.
Security Org., Policy & Procedures Manual & Training Plan submission will be
11
developed and fully prepared in stage 4.

© Saudi Arabian Oil Company, 2024 Page 23 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

IPT Recommendation

IPT Role Name Signature

Execution Agency Representative

ISSD Representative

IPT Leader

Project Sponsor Approval Signature

© Saudi Arabian Oil Company, 2024 Page 24 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

HCIS Stage-2 Submittal Completion & Review Form

Instructions: This form shall be completed by the execution agency, receive IPT recommendation and
Project Sponsor Approval as per the given signature block.

The completed form along with the completed HCIS Stage-2 package required by SAEP-120, shall be
submitted by the IPT to ISSD for further handling in obtaining mandatory HCIS approval

Project Information
BI # BI Title
IPT Leader Security Consultant
TSU IPT member GES Contractor
Project Progress Date

Part 1 - Preliminary Design Y/N

1 Based on the HCIS approved COD from Stage 1

2 Provides a summary of previous HCIS comment on the COD

3 Provides general description of the facility/site

4 Provides general project overview & requirements

Part 2 - Design Criteria

Attached PD provides the general design criteria and specifications applicable for the
5
preliminary design
The PD’S criteria and specifications includes, but not limited to, compliance specifications,
6 codes and standards for the project and the design of the security system and security
infrastructure
The attached PD provides the detailed requirements for the engineering design basis of
7
the security system

Part 3- Physical Security Infrastructure (PSI) & System Design Document (SDD)

Conceptual Design Document is developed based on the approval of the submitted COD
of stage 1 with the addition of more detail to the site-specific conceptual description of
8
the
Physical Security design, security infrastructure and security management basis
provides a description for each element of the physical security infrastructure, physical
9 security measures and technology together with the human interface and procedures
Required to provide the security system and organization for facility protection

© Saudi Arabian Oil Company, 2024 Page 25 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

All The (electronic/technological components) for the security design is developed to a

10
Stage 2 Security Systems design document
Attached (SDD) provides an overview of the Security Systems, a description of each
11
system, subsystem and provide a layout of all the elements and components in the SCC

Part 4- Scope of Work (SOW), Drawings and Waiver Requests

Provides a clear understanding on what the security project will consist of and all the
12 construction, installation and integration of security infrastructure and security systems
required for the project that will be carried out by the Security Contractor
Describes each area and element of the security system to be constructed/installed,
13
referencing all the specific drawings relevant to the section

14 All the attached drawings comply with SEC14 section 5.6 and 6.2.1.5

15 The attached formal waiver requests comply SEC-01, section 7.

IPT Recommendation

IPT Role Name Signature

Execution Agency Representative

ISSD Representative

IPT Leader

Project Sponsor Approval Signature

© Saudi Arabian Oil Company, 2024 Page 26 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

HCIS Stage-3 Submittal Review & Completion Form

Instructions: This form shall be completed by the Execution Agency, receive IPT recommendation and
Project Sponsor Approval as per the given signature block.

The completed form along with the completed HCIS Stage-3 package required by SAEP-120, shall be
submitted to ISSD for further handling in obtaining mandatory HCISD approval

Project Information
BI # BI Title
IPT Leader Security Consultant
TSU IPT member GES Contractor
Project Progress Date

Part 1 - General Requirements Y/N

Attached document provides a Security Consultant review report of the detail design
1
documentation that compliance with SEC Directives.
Attached document includes A general description of the facility/site and the project
2
overview.

3 Attached document provides a detailed project description and scope of work document

Part 2 - System Design Document

Provides detailed SCC design documentation, the detail design parameters, specifications
4
and requirements
5 Includes SCC Architecture description.
Provides Function description, main requirements, architectural description and technical
6
description for each subsystem.

7 Provides all Network integration of all security sub-systems and security equipment.

Part 3- Physical Security Infrastructure (PSI)

Includes Detailed PSI design documentation, the detail design parameters, specifications
8
and requirements for each building/element or equipment for the PSI
Provides Detailed Design drawings for the construction of all security buildings, such as
9 gatehouses, search facilities, security control center and all buildings where security system
equipment will be housed.

10 Provides design parameters for the buildings

© Saudi Arabian Oil Company, 2024 Page 27 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

11 Provides Building material and equipment specifications & certifications

Part 4- Physical and nonphysical Security system

Attached document provides a full detail of the Specifications, calculations & design
12 document for layout and installation of all the physical security system such as but not
limited to Security gate, security fence, and security lighting
Attached document provides a full detail of the Specifications, calculations & design
13 document for layout and installation of all the nonphysical security system such as but not
limited to Data Networks & Communications

IPT Recommendation

IPT Role Name Signature

Execution Agency Representative

ISSD Representative

IPT Leader

Project Sponsor Approval Signature

© Saudi Arabian Oil Company, 2024 Page 28 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

HCIS Stage-4 Submittal Completion & Review Form

Instructions: This form shall be completed by the execution agency, receive IPT recommendation and
Project Sponsor Approval as per the given signature block.

The completed form along with the completed HCIS Stage-4 package required by SAEP-120, shall be
submitted to ISSD for further handling in obtaining mandatory HCISD approval

Project Information
BI # BI Title
IPT Leader Security Consultant
TSU IPT member GES Contractor
Project Progress Date

Part 1 - Certification Y/N

Operational Readiness Certification (ORC) is signed by The FO & installation contractor on the
1
all the following criteria mentioned at SEC14 Section 6.4.1.1.1.
Security Compliance Certification is submitted and signed by CEO or the facility executive
2
management and in compliance with the formant mentioned in SEC14 section 6.4.1.1.2

Part 2 - Installation & Testing

The submitted Site Acceptance Test (SAT) results summary for all security systems
3
implemented by the project
The submission includes Training program, training/course contents and proof of attendance
4
for security personnel on security system and equipment installed

5 The submission includes a list of SOPs for the security system installed

The submission includes As-Built drawings (soft copy only) as specified in SEC14 section
6
5.3&6.3.

Part 3- Security Organization

Includes documents submitted by the FO that demonstrates security policies, security

7 procedures and Security Post Orders for the security organization mentioned in SEC14 Section
6.4.1.3
Includes plan & procedure for co-operation and liaison with the Maritime Forces responsible
8
for the protection of the marine area and assets located off-shore.
ONLY: For facilities have land/water interface, the procedure shall include the communications
9 between the role players as well as the responsibility for situational awareness, early warning
and response.

© Saudi Arabian Oil Company, 2024 Page 29 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee SAEP-120
Issue Date: 09 January 2024 Execution Requirements for Security Projects
Next Revision: 09 January 2029

IPT Recommendation
IPT Role Name Signature

Execution Agency Representative

ISSD Representative

IPT Leader

Project Sponsor Approval Signature

© Saudi Arabian Oil Company, 2024 Page 30 of 31

Saudi Aramco: Company General Use

 Document Responsibility: Security Standards Committee
Issue Date: 09 January 2024
Next Revision: 09 January 2029
Document History
September 2023
14 September 2023
27 December 2020
17 July 2019
20 September 2017
30 June 2014
16 September 2008
Saudi Aramco: Company General Use
SAEP-120
Execution Requirements for Security Projects
Major revision Major revision to address changes such as:
• Enforcement of new HCIS
requirements
• Roles & responsibilities section
• Issuers, reviewers and approvers of
stage-4 certificates
• Overall enhancement and clarification
of multiple requirements across the
standard.
Editorial revision Editorial revision to change the position of
Coordinator to Manager in section 2
Major revision Editorial revision to:
• Change the next revision date from 09
September 2020 (3 years cycle) to 09
September 2022 (5 years cycle)
• Align table at section 8 with the
requirements in paragraph 8.4
Editorial revision Editorial revision to comply with the
format specified in SAEP-134.
Major revision Major revision with the following changes:
• Title changed from “Security Drawings
for Saudi Aramco Facility” to
“Execution Requirements for Security
Projects”
• Expanded scope to include all project
execution requirements, and aligned
with April 2017 HCIS Security
Directives, specifically SEC-14 Security
Projects Management.
Major revision Revised to comply with 3-year cycle,
reaffirmed contents.
New New Saudi Aramco Engineering
Procedure, titled “Security Drawings for
Saudi Aramco Facility.”
© Saudi Arabian Oil Company, 2024 Page 31 of 31