Beruflich Dokumente
Kultur Dokumente
Publications
Global experience
The International Association of Oil & Gas Producers has access to a wealth of technical knowledge and
experience with its members operating around the world in many different terrains. We collate and distil
this valuable knowledge for the industry to use as guidelines for good practice by individual members.
Disclaimer
Whilst every effort has been made to ensure the accuracy of the information contained in this publication, neither the
OGP nor any of its members past present or future warrants its accuracy or will, regardless of its or their negligence, assume
liability for any foreseeable or unforeseeable use made thereof, which liability is hereby excluded. Consequently, such use
is at the recipients own risk on the basis that any use by the recipient constitutes agreement to the terms of this disclaimer.
The recipient is obliged to inform any subsequent recipient of such terms.
Copyright notice
The contents of these pages are The International Association of Oil and Gas Producers. Permission is given to
reproduce this report in whole or in part provided (i) that the copyright of OGP and (ii) the source are acknowledged.
All other rights are reserved. Any other use requires the prior written permission of the OGP.
These Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales.
Disputes arising here from shall be exclusively subject to the jurisdiction of the courts of England and Wales.
Revision history
Version
1
Date
April 2014
Amendments
First issued
Acknowledgements:
This document was produced by OGPs Security Committee.
ii
OGP
Contents
Introduction 1
Project management and security
1. Concept or initiation
3. Execution
5. Closure or look-back
OGP
iii
iv
Design
OGP
Security requirements
New assessment
Commissioning
Lookback
Change in threats
Monitoring
Execution
Risk assessment
Concept
Operations
Introduction
OGP
1. Concept or initiation
1.1
Security planning for any major project should commence as early as possible in the project cycle. The
level of security engagement will depend largely on the nature of the project, and on the geographical
location(s) in which it will be conducted. The overriding purpose of integrating security provision and
planning is to ensure that the project can be completed without avoidable delay or additional costs. As
always, the priority for security planning is the protection of life and prevention of injury, followed by
the protection of the companys assets, reputation and property.
As a general guideline, the following points should always be considered when determining the level
of security engagement required in any given project:
The location of the completed project;
The location(s) of critical elements of the project, such as fabrication yards, and transportation
and supply chain routes;
The availability of critical personnel or replacements for critical components or equipment;
The size and composition of workforce required at various stages of the project;
Prevailing security conditions and threats in all of the above;
Criticality of the project to the company/ies concerned.
1.2
Having determined the factors to be considered in setting the level of security engagement in the
project, it is now helpful to conduct the first assessment of security-related risks that could adversely
affect it. Risk assessment processes are adequately documented, and there are several methodologies to
choose from. The selected one should include an acceptable method of identifying threats, assessing
the probability of a specific threat affecting the project, and determining the impact on the project if
it does.
1.3
For major or complex projects early investment of time and effort is conducting a thorough assessment
of the prevailing threat environment surrounding all stages of the project should prove worthwhile.
The better the project team, and those responsible for security, and the better their understanding of
real and potential security issues the better equipped they will be to mitigate them and complete the
project successfully.
1.4
Proper security planning depends on good risk assessment, followed by a clear understanding of what
measures are needed to reduce the threat, likelihood or impact of any given risk. The most effective
tool for monitoring progress in this respect is a risk register. Different project managers have different
approaches to recording risks, sometimes in a number of different locations or registers. Experience
shows us that the ideal situation is for the most significant security risks, e.g. those which could cause
significant delay or additional cost, or have some other major impact, should be recorded in the main
project risk register, where they can be reviewed regularly by project decision-makers. Where this is
not possible, an acceptable alternative would be to maintain a specific security risk register, but only
OGP
where the risk owner has either the authority to deal with the risk or has direct access to someone who
does. It is not advisable to incorporate security risks in sub-sets of other risk registers where they might
easily be overlooked.
1.5
Major projects can have a lifecycle of many years. Conditions and threats can and do change
considerably during the life of a project, but rarely should such changes be entirely unforeseen. To be
best prepared to meet changing security challenges an open-minded view of the threat environment
and associated risks is advised. Consequently, it may be that risks are reassessed periodically, or certain
trigger events can be identified that initiate security risk reviews. We advise security professionals
engaged in projects to develop agreed mechanisms to reassess risks during each and every stage of the
process.
1.6
Effective security planning for major projects, and indeed in other industrial contexts, should have
the best interests of the business at its core. In short, effective security planning will enable the
business or project to succeed. To this end a rational appreciation of costs versus benefits should be
clearly understood by security professionals and by management of both the project owner and any
contractors involved. If the cost of security measures required ensuring the safety of personnel and
protection of assets exceeds the value to the company of the project concerned it is better to understand
this early in the planning cycle. For very high-value projects there may be complex considerations
of ongoing benefits that would make investment in security measures worthwhile, but in any case
the person responsible for security planning should be comfortable as a participant in the decisionmaking process.
1.7
Opportunities for early participation of security designers or architects exist during the concept or
initiation phase of a project. Building in key features, such as safe-havens or access control equipment,
can save significant cost and disruption later, as can selection of materials and design of facilities.
1.8
Finally, in the initiation stage of a project consideration should be given to the development of security
management practices and procedures that allow for easy transition between the different stages of
a project, and eventual incorporation within the security framework of the facility operator. This
is best achieved through methodical documentation and reliance on common understanding of
security practice. To this end early liaison between those responsible for security at differing stages
and locations of the project can be seen as a sound investment of time and effort.
OGP
OGP
2.7
With many facilities there is severe pressure on accommodation space when it becomes operational. If a
risk assessment indicates that addition of security personnel in certain circumstances might be needed
to reduce a risk, consideration can be given at the design stage to supplementary accommodation,
either permanent or temporary, being made available from time to time.
2.8
The design and planning phase of a project is the time when thorough examination of project plans
can be made to identify requirements for specific security plans at various stages of development and
execution of a project. For example, there may be a need to transport items to the project site that are
very difficult to replace, in which case attention should be given to security risks that could result
in the loss, damage or delay of the items concerned. Often such items might be large and require
seaborne transportation through hostile waters, in which case appropriate marine security plans
should be agreed with all parties concerned. Similarly, as mentioned in paragraph 2.1 above, there
may be fabrication yards in remote locations that produce critical items for the project. Security at
these locations would probably be the responsibility of the site managers, but there is an opportunity
to minimise risks to the project through security liaison and collaboration.
2.9
Another example of a project security risk that might need specific planning and attention might
be supply chain fraud and integrity of components and materials. Major projects are attractive
opportunities for criminals or unscrupulous businesses seeking to make or maximise profit. The
design and planning stage of a project should be the time when appropriate due diligence enquiries
are made on prospective suppliers, and the right audit and materials approval rights are built-in to
contracts to prevent fraud and material substitutions.
2.10
This collaboration can often be encouraged or facilitated by including security provisions in contracts
with suppliers, fabricators, and shippers. Capturing security provisions in contracts at the design
phase reduces confusion and conflict at later stages, and consequently reduces unplanned cost and
delay. Typical inclusions in contracts to mandate security as a consideration can include a requirement
to share security plans and allow security audits, or to collaborate in the form of a security oversight
group made up of the companies concerned in the project. The utility of these contractual agreements
cannot be overstated when it comes to executing projects in higher risk environments.
2.11
A significant risk to major projects is industrial unrest and labour relations. These can cause significant
delay and additional costs, as well as endangering individuals and reputations. It is advisable therefore
to include security planning in mobilisation and demobilisation plans at the planning stage.
2.12
Finally, the project planning stage is the appropriate time to consider long-term security provision
for the project facility and for its transfer to operational status once the project is concluded. It is
important that processes and equipment involved in security provision are compatible with the
security structures put in place by the eventual operator.
OGP
3. Execution
3.1
Without doubt, the most demanding and complex period of any project is the execution phase. This
is when all the preparation and planning are put to the test, and when variations can occur at short
notice. Advice to security practitioners can be summarised briefly: review your previous assessments
and planning, and implement them. Consequently, this section of the document is short.
3.2
If recorded properly, security risks would be monitored both by security professionals and by the
project management team and any adjustments or remedial action would be generated by the risk
monitoring process. The aim during a dynamic phase is always to reduce security risks to acceptable
levels by minimising or removing one or more of the three components: threat, likelihood or impact.
3.3
Deployment of a dedicated security professional as a member of the project team is desirable, but
not always possible. Across the industry there are examples of utilising non-security personnel as
the responsible person on a project, with appropriate support from the project company or project
management team. There are also examples of a security professional being deployed to cover security
together with other roles where they are qualified and competent to do so. For example, a security
manager might also be responsible for travel, accommodation and logistics, or a supply chain manager
might also have the security portfolio. The important factor is the project owners commitment to
the security of the project, and its successful and timely completion. If security has been properly
engaged during the concept and design and planning stages, the execution phase should present few
unexpected challenges. Where this has not been the case, and there are security risks, those responsible
for security in the project-owning company may need to condense all the steps recommended in the
early phases into the execution phase.
3.4
Apart from the ongoing risk assessment process and implementation of security plans, there may be
requirements in the execution phase to respond to changes, planned and unplanned, or to emergencies
or incidents. To that end, it is advisable to practice drills and procedures with security personnel, e.g.
guards, or government security forces as appropriate, bearing in mind local laws, company policies and
the provisions of the Voluntary Principles on Security and Human Rights as applicable. In addition,
it is important for the person responsible for security to be aware of developments on the project, and
of any circumstances that could affect the security risk assessment, for example dissatisfaction among
elements of the workforce. There should always be contingency plans in place to deal with arising
situations, ideally considered in advance and included in the overall security planning package. If this
is not the case, it is important that those responsible for security have the appropriate experience and
leadership to respond rationally and proportionally to the situation in question.
OGP
OGP
5. Closure or look-back
5.1
The final project phase entails bringing the project to a close, handing it over to the operation, and
reviewing each phase retrospectively to identify opportunities for improvements in future projects,
and to rectify any perceived flaws in project planning or execution. It is advisable to follow this path
from the security perspective, as much as from any other.
5.2
One suggested method for achieving a comprehensive look-back is to reconvene the security oversight
group referred to in paragraph 2.10 above, or to capture feedback obtained from its members at the
relevant time. This, coupled with examination of risk assessments and any security incidents that
occurred would provide an efficient narrative against which to measure the effectiveness of the security
planning employed.
OGP
For further information and publications, please visit our website at:
www.ogp.org.uk
About us:
OGP is a global organisation that has been active for
nearly 40 years, facilitating continual improvement in
upstream (exploration and production) health safety and
environmental issues as well as improvements in engineering
and operations. OGP, with offices in London and Brussels,
represents publicly-traded private and state-owned oil and gas
companies, field service companies and industry associations.
Its members produce more than half of the worlds oil and
over one-third of its gas. More information about OGP
and the production of gas from shale can be found at:
http://www.ogp.org.uk