Security management for petroleum and natural gas industry systems
Security is always top-of-mind for operators of petroleum and natural gas industry systems. Z246.1-13 Security Management for Petroleum and Natural Gas Industry Systems provides a performance-based approach for operators to establish governance, conduct planning, implement & improve security operations (including detection & mitigation practices) and refine the security management program through change management and audit processes.
This revised Standard specifies criteria for establishing a security management program to identify and manage security threats and associated risks with the objective of preventing and minimizing the impact of security incidents that could adversely affect people, the environment, assets and economic stability.
This is the second edition of CSA Z246.1, Security management for petroleum and natural gas industry systems. It supersedes the previous edition published in 2009.
This Standard uses the concept of a security management program, and in particular risk management, to address security issues. This Standard provides a performance-based approach for use by the operator to establish governance, conduct planning, implement and improve security operations (including detection and mitigation practices), and refine the security management program through change management and audit processes. This approach allows users to apply this Standard across the petroleum and natural gas industry.
This Standard is one of several security risk management tools. Operators should work with other industries, as well as governmental agencies, in order to effectively manage the security of their energy infrastructure. A security management program should complement existing programs and should consider the risks and criticality of the assets being protected. Therefore, this Standard should be read in conjunction with other security legislation, safety legislation, best practices, policies, standards, and applicable codes (e.g., CSA Z662, CAN/CSA-ISO 31000, and CSA Z1600).
This Standard specifies criteria for establishing a security management program for petroleum and natural gas industry systems to ensure security threats and associated risks are identified and managed. This Standard provides mitigation and response processes and procedures to prevent and minimize the impact of security incidents that could adversely affect people, the environment, assets, and economic stability.
This Standard applies to all petroleum and natural gas industry systems (as illustrated in Figures 2 and 3), including
pipeline systems handling
system supports, including
all assets that support Items 1) to 5);
liquefied natural gas (LNG) production, storage, and handling facilities;
storage of hydrocarbons in underground formations;
petrochemical installations, including
gas processing plants;
liquefied petroleum gas plants;
synthetic natural gas plants; and
coal gasification plants; and
oil and gas exploration, development, production, treatment, processing, and storage operations not covered in Items a) to d).
This Standard does not apply to offshore petroleum and natural gas platforms.
The requirements of this Standard are applicable to all operators, regardless of the size or number of their assets.
In this Standard, shall is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; should is used to express a recommendation or that which is advised but not required; and may is used to express an option or that which is permissible within the limits of the standard.
Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material.
Notes to tables and figures are considered part of the table or figure and may be written as requirements.
Annexes are designated normative (mandatory) or informative (non-mandatory) to define their application.