Preface
This is the first edition of CSA Z246.1, Security management for petroleum and natural gas industry systems. This Standard uses the concept of a security management program, and in particular risk management, to address security issues. This Standard provides a performance-based approach for use by the operator to establish governance, conduct planning, implement security operations (including detection and mitigation practices), and refine the security management program through change management and audit processes. This approach allows users to apply this Standard across the petroleum and natural gas industry.
Scope
1.1
This Standard specifies criteria for establishing a security management program for petroleum and natural gas industry systems to ensure security threats and associated risks are identified and managed. This Standard provides mitigation and response processes and procedures to prevent and minimize the impact of security incidents that could adversely affect people, the environment, assets, and economic stability.
1.2
This Standard applies to all petroleum and natural gas industry systems (as illustrated in Figures 2 and 3), including
(a) pipeline systems handling
(i) oil;
(ii) gas;
(iii) oil-field water;
(iv) liquid products;
(v) multi-phase fluids;
(vi) slurries; and
(vii) system supports, including (1) meter stations; (2) compressor stations; (3) pump stations; (4) tank farms; (5) terminals; and (6) all assets that support Items (1) to (5);
(b) liquefied natural gas (LNG) production, storage, and handling facilities;
(c) storage of hydrocarbons in underground formations; (d) petrochemical installations, including
(i) refineries;
(ii) gas processing plants;
(iii) liquefied petroleum gas plants;
(iv) synthetic natural gas plants; and
(v) coal gasification plants; and
(d) oil and gas production, treatment, processing, and storage operations not covered in Items (a) to (d).
1.3
This Standard does not apply to offshore petroleum and natural gas platforms.
1.4
The requirements of this Standard are applicable to all operators, regardless of the size or number of their assets.
1.5
In CSA Standards, shall is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; should is used to express a recommendation or that which is advised but not required; may is used to express an option or that which is permissible within the limits of the standard; and can is used to express possibility or capability. Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material. Notes to tables and figures are considered part of the table or figure and may be written as requirements. Annexes are designated normative (mandatory) or informative (non-mandatory) to define their application.
