ogp 494 integrating safety in major projects

8/12/2019 OGP 494 Integrating Safety in Major Projects

http://slidepdf.com/reader/full/ogp-494-integrating-safety-in-major-projects 1/16

Integrating security in major projects -principles & guidelines

OGP Report No. 494April 2014

International Association o Oil and Gas Producers



Disclaimer hilst every effort has been made to ensure the accuracy o the in ormation contained in this publication, neither theGP nor any o its members past present or uture warrants its accuracy or will, regardless o its or their negligence, assu

liability or any oreseeable or un oreseeable use made thereo , which liability is hereby excluded. onsequently, suchis at the recipient’s own risk on the basis that any use by the recipient constitutes agreement to the terms o this disclaimeTe recipient is obliged to in orm any subsequent recipient o such terms.

Copyright notice Te contents o these pages are © Te nternational ssociation o il and as roducers. ermission is given toreproduce this report in whole or in part provided (i) that the copyright o GP and (ii) the source are acknowledged.

ll other rights are reserved. ny other use requires the prior written permission o the GP.

Tese erms and onditions shall be governed by and construed in accordance with the laws o ngland and ales.isputes arising here fom shall be exclusively subject to the jurisdiction o the courts o ngland and ales.

Global experience

Te International Association o Oil & Gas Producers has access to a wealth o technical knowledge andexperience with its members operating around the world in many different terrains. We collate and distilthis valuable knowledge or the industry to use as guidelines or good practice by individual members.

Consistent high quality database and guidelinesOur overall aim is to ensure a consistent approach to training, management and best practicethroughout the world. Te oil and gas exploration and production industry recognises the need todevelop consistent databases and records in certain elds. Te OGP’s members are encouraged touse the guidelines as a starting point or their operations or to supplement their own policies andregulations which may apply locally.

Internationally recognised source of industry information

Many o our guidelines have been recognised and used by international authorities and sa ety and

environmental bodies. Requests come rom governments and non-government organisations around the world as well as rom non-member companies.

ublications



Revision history Version Date Amendments1 April 2014 First issued

Integrating security in major projects -principles & guidelines

OGP Report No. 494April 2014



ii

International Associat ion of Oil a nd Gas Producers

© OGP

Acknowledgements:

Tis document was produced by OGP’s Security Committee.



iii

Integrating security in major projects - principles & guidelines

© OGP

Contents

Introduction 1

Project management and security 1

1. Concept or initiation 2

2. Design and planning 4

3. Execution 6

4. Monitoring and control 7

5. Closure or look-back 8



iv


© OGP



1


© OGP

Introduction

Project management & security Troughout the oil and gas industry project management is a key and core skill, and critical orsuccess ul development o mineral resources. Tere are multiple project management models andmethods, including individual processes developed or major operators as well as more generic, butno less use ul, systems or smaller partners. What all have in common is a methodical and plannedapproach encompassing at least ve phases in a project’s li e cycle. Tese are:

• Concept or initiation;

• Design & planning;

• Execution;

• Monitoring & control; and

• Closure or look-back.

For the purposes o this document we will use this ve-element model.

raditionally, security considerations have been brought into projects at a late stage, or even afer thecommissioning o the completed acility. In recent years it has become increasingly apparent that thereare considerable benets in terms o cost, efficiency and reliability to be gained i security is integratedinto project management rom the outset. Te industry has ound that retro-tting security hardwareis both costly and time-consuming, and that almost inevitably the results are less than satis actory.

e strongly recommend that signicant security risks and challenges should be actored in to early project decisions, including the key decision on whether to proceed with a project or not. ailure to appreciate, understand, or plan or signicant security eventualities can have major repercussions or a project and its owner, and will almost always lead to signicant avoidable cost increases anddelay.

In this document we will set out best practice, based on actual experience, or integrating security planning and execution into the project li ecycle.

Views expressed are those o the OGP Security Committee, and do not necessarily reect those oindividual member companies.



2


© OGP

1. Concept or initiation

1.1Security planning or any major project should commence as early as possible in the project cycle. Televel o security engagement will depend largely on the nature o the project, and on the geographicallocation(s) in which it will be conducted. Te overriding purpose o integrating security provision and planning is to ensure that the project can be completed without avoidable delay or additional costs. Asalways, the priority or security planning is the protection o li e and prevention o injury, ollowed bythe protection o the company’s assets, reputation and property.

As a general guideline, the ollowing points should always be considered when determining the levelo security engagement required in any given project:

• Te location o the completed project;

• Te location(s) o critical elements o the project, such as abrication yards, and transportationand supply chain routes;

• Te availability o critical personnel or replacements or critical components or equipment;

• Te size and composition o work orce required at various stages o the project;

• Prevailing security conditions and threats in all o the above;

• Criticality o the project to the company/ies concerned.

1.2Having determined the actors to be considered in setting the level o security engagement in the project, it is now help ul to conduct the rst assessment o security-related risks that could adverselyaffect it. Risk assessment processes are adequately documented, and there are several methodologies tochoose rom. Te selected one should include an acceptable method o identi ying threats, assessingthe probability o a specic threat affecting the project, and determining the impact on the project iit does.

1.3For major or complex projects early investment o time and effort is conducting a thorough assessmento the prevailing threat environment surrounding all stages o the project should prove worthwhile.Te better the project team, and those responsible or security, and the better their understanding oreal and potential security issues the better equipped they will be to mitigate them and complete the project success ully.

1.4Proper security planning depends on good risk assessment, ollowed by a clear understanding o whatmeasures are needed to reduce the threat, likelihood or impact o any given risk. Te most effectivetool or monitoring progress in this respect is a risk register. Different project managers have differentapproaches to recording risks, sometimes in a number o different locations or registers. Experienceshows us that the ideal situation is or the most signicant security risks, e.g. those which could causesignicant delay or additional cost, or have some other major impact, should be recorded in the main project risk register, where they can be reviewed regularly by project decision-makers. Where this isnot possible, an acceptable alternative would be to maintain a specic security risk register, but only



3


© OGP

where the risk owner has either the authority to deal with the risk or has direct access to someone whodoes. It is not advisable to incorporate security risks in sub-sets o other risk registers where they mighteasily be overlooked.

1.5Major projects can have a li ecycle o many years. Conditions and threats can and do changeconsiderably during the li e o a project, but rarely should such changes be entirely un oreseen. o bebest prepared to meet changing security challenges an open-minded view o the threat environmentand associated risks is advised. Consequently, it may be that risks are reassessed periodically, or certaintrigger events can be identied that initiate security risk reviews. We advise security pro essionalsengaged in projects to develop agreed mechanisms to reassess risks during each and every stage o the

process.

1.6Effective security planning or major projects, and indeed in other industrial contexts, should havethe best interests o the business at its core. In short, effective security planning will enable thebusiness or project to succeed. o this end a rational appreciation o costs versus benets should beclearly understood by security pro essionals and by management o both the project owner and anycontractors involved. I the cost o security measures required ensuring the sa ety o personnel and protection o assets exceeds the value to the company o the project concerned it is better to understandthis early in the planning cycle. For very high-value projects there may be complex considerationso ongoing benets that would make investment in security measures worthwhile, but in any case

the person responsible or security planning should be com ortable as a participant in the decision-making process.

1.7Opportunities or early participation o security designers or architects exist during the concept orinitiation phase o a project. Building in key eatures, such as sa e-havens or access control equipment,can save signicant cost and disruption later, as can selection o materials and design o acilities.

1.8Finally, in the initiation stage o a project consideration should be given to the development o securitymanagement practices and procedures that allow or easy transition between the different stages oa project, and eventual incorporation within the security ramework o the acility operator. Tisis best achieved through methodical documentation and reliance on common understanding osecurity practice. o this end early liaison between those responsible or security at differing stagesand locations o the project can be seen as a sound investment o time and effort.



4


© OGP

2. Design & planning

2.1Security risk assessment should be a constant activity throughout the li e o a project. Considerationsmay change periodically, but i done effectively during the concept and initiation phase the originalrisk assessment should serve as a good oundation throughout. It can be adapted to meet speciccircumstances, or to address specic requirements at different phases o the project. For example, ithere is a abrication phase in a project that will entail deployment o company personnel to a remotelocation on a temporary basis, there may be a need to include an assessment o security risks to those personnel in the overarching risk assessment document.

2.2As a project progresses the need or active monitoring o security risks will become greater, and moresignicant. Te recording and monitoring method developed in the initial project phase shouldcontinue, and the ideal situation would be where signicant security risks are monitored and updatedthrough the project’s central risk register.

2.3Te design phase o a project presents the best opportunity to include physical security considerationsin the most cost-effective manner. For example, anti-piracy measures can be built in to offshore plat orms rather than added at a later date, or protective security measures can be designed intocritical process components. It is advisable to have an understanding o the cost elements involved,and the likely differences that would be encountered i necessary security measures needed to beretro-tted rather than installed at the construction phase. Likely cost-savings might be ound in

amending the specication o materials in construction, utilisation o a planned work orce as opposedto remobilising one at a later stage, or reduced loss o operational availability o a acility.

2.4I security measures are considered appropriate, it is advisable to engage the services o qualied andexperienced architects, engineers or designers with specialist security knowledge. Tese can ofendene accurately the specications o materials or the design o a acility with specic risks in mind.Specialisms can include blast and ballistic effect modeling where there is a risk o terrorism or violentattack, perimeter construction, or anti-piracy measures.

2.5

Te design phase also allows or the inclusion o measures to reduce the impact o a security incidentshould it occur; enhanced sa ety and li e-support acilities or example. Ofen such acilities arestipulated by international regulations, but there may be opportunities to enhance or amend thespecications to a level above the regulatory requirements. For example, provision o one sa e havenor citadel might be a requirement, but the risk assessment indicates that one or more additional sa ehavens, perhaps smaller in scale would provide better protection or personnel in the event o anemergency. Similarly, it might be pre erable to build in acilities that would allow or shelter in place

or an extended period above the minimum specied by regulations.

2.6In a similar vein, inclusion o electronic devices and communication equipment, or wiring to acilitatetheir use, should be considered at the design stage. Te ability to communicate with the outside world,or to control or shut down a acility rom inside a sa e haven can signicantly reduce the impact o amajor security incident.



5


© OGP

2.7 With many acilities there is severe pressure on accommodation space when it becomes operational. I arisk assessment indicates that addition o security personnel in certain circumstances might be neededto reduce a risk, consideration can be given at the design stage to supplementary accommodation,either permanent or temporary, being made available rom time to time.

2.8Te design and planning phase o a project is the time when thorough examination o project planscan be made to identi y requirements or specic security plans at various stages o development andexecution o a project. For example, there may be a need to transport items to the project site that are very difficult to replace, in which case attention should be given to security risks that could resultin the loss, damage or delay o the items concerned. Ofen such items might be large and requireseaborne transportation through hostile waters, in which case appropriate marine security plansshould be agreed with all parties concerned. Similarly, as mentioned in paragraph 2.1 above, theremay be abrication yards in remote locations that produce critical items or the project. Security atthese locations would probably be the responsibility o the site managers, but there is an opportunityto minimise risks to the project through security liaison and collaboration.

2.9Another example o a project security risk that might need specic planning and attention mightbe supply chain raud and integrity o components and materials. Major projects are attractiveopportunities or criminals or unscrupulous businesses seeking to make or maximise prot. Te

design and planning stage o a project should be the time when appropriate due diligence enquiriesare made on prospective suppliers, and the right audit and materials approval rights are built-in tocontracts to prevent raud and material substitutions.

2.10Tis collaboration can ofen be encouraged or acilitated by including security provisions in contracts with suppliers, abricators, and shippers. Capturing security provisions in contracts at the design phase reduces con usion and conict at later stages, and consequently reduces unplanned cost anddelay. ypical inclusions in contracts to mandate security as a consideration can include a requirementto share security plans and allow security audits, or to collaborate in the orm o a security oversightgroup made up o the companies concerned in the project. Te utility o these contractual agreements

cannot be overstated when it comes to executing projects in higher risk environments.2.11A signicant risk to major projects is industrial unrest and labour relations. Tese can cause signicantdelay and additional costs, as well as endangering individuals and reputations. It is advisable there oreto include security planning in mobilisation and demobilisation plans at the planning stage.

2.12Finally, the project planning stage is the appropriate time to consider long-term security provision

or the project acility and or its trans er to operational status once the project is concluded. It isimportant that processes and equipment involved in security provision are compatible with thesecurity structures put in place by the eventual operator.



6


© OGP

3. Execution

3.1 Without doubt, the most demanding and complex period o any project is the execution phase. Tisis when all the preparation and planning are put to the test, and when variations can occur at shortnotice. Advice to security practitioners can be summarised briey: review your previous assessmentsand planning, and implement them. Consequently, this section o the document is short.

3.2I recorded properly, security risks would be monitored both by security pro essionals and by the project management team and any adjustments or remedial action would be generated by the riskmonitoring process. Te aim during a dynamic phase is always to reduce security risks to acceptablelevels by minimising or removing one or more o the three components: threat, likelihood or impact.

3.3Deployment o a dedicated security pro essional as a member o the project team is desirable, butnot always possible. Across the industry there are examples o utilising non-security personnel asthe responsible person on a project, with appropriate support rom the project company or projectmanagement team. Tere are also examples o a security pro essional being deployed to cover securitytogether with other roles where they are qualied and competent to do so. For example, a securitymanager might also be responsible or travel, accommodation and logistics, or a supply chain managermight also have the security port olio. Te important actor is the project owner’s commitment tothe security o the project, and its success ul and timely completion. I security has been properlyengaged during the concept and design and planning stages, the execution phase should present ew

unexpected challenges. Where this has not been the case, and there are security risks, those responsibleor security in the project-owning company may need to condense all the steps recommended in theearly phases into the execution phase.

3.4Apart rom the ongoing risk assessment process and implementation o security plans, there may berequirements in the execution phase to respond to changes, planned and unplanned, or to emergenciesor incidents. o that end, it is advisable to practice drills and procedures with security personnel, e.g.guards, or government security orces as appropriate, bearing in mind local laws, company policies andthe provisions o the Voluntary Principles on Security and Human Rights as applicable. In addition,it is important or the person responsible or security to be aware o developments on the project, and

o any circumstances that could affect the security risk assessment, or example dissatis action amongelements o the work orce. Tere should always be contingency plans in place to deal with arisingsituations, ideally considered in advance and included in the overall security planning package. I thisis not the case, it is important that those responsible or security have the appropriate experience andleadership to respond rationally and proportionally to the situation in question.



7


© OGP

4. Monitoring & control

4.1Te ourth phase o a project, or the purposes o this document theonitoring & control phase, isthe period o consolidation and quality assurance that takes place between the execution o a projectand the commissioning o the nished product. In many ways this can be a period o increased risk;especially o there have been cost overruns or delays. It will also be the period in which unscrupulousindividuals may wish to cause delay in order to extend contracts or increase revenue, or to extractadditional benets rom the project owner. In any event, it is a time when security awareness and vigilance should be maintained at an appropriate level.

4.2Te risk assessment that has been constantly monitored and updated throughout the project remainsthe key element to maintaining the correct security posture at this stage. Some risks will have beeneliminated, such as those pertaining to transportation and abrication, while others, such as thoseconcerning work orce demobilisation or the physical protection o critical assets will come to the

ore. It is advisable to update security processes and procedures to meet changing risks, ideally in amanner that is planned and designed to acilitate the transition rom project to operational status othe acility. As such, the operational security risk environment o the acility concerned becomes more prominent and relevant to security planning and practice during this phase.

4.3As the project prepares or the transition to operations, so the security unction should also be preparing or it. Tis might include inducting new personnel, or training security providers rom the

operational acility on aspects o the project. I security assessment and planning has been conductedas advised in this document there should be no untoward surprises and the transition will be smooth. Where there is any kind o disconnect between the security elements o the project and the operationit may be necessary to implement some remedial action to ensure the continued security o project personnel and assets. Tis is especially true i the project is now located in a relatively high risk areacontrolled by the operator, and protected by his security provisions. Te remedial action re erred tomight include, or example, inclusion o the operator’s security unction in project security meetings,and vice-versa, or conducting a joint review o project and operation security procedures to ensure thatthere are no unresolved conicts or contradictions.

4.4

Among the preparatory tasks or transition during this phase, the ollowing are examples o the kindso issue that might be considered:

• Dening and monitoring security per ormance metrics;

• Developing ongoing standard operating procedures to aid ull integration with the operation;

• Adapting security plans to meet any remaining project deviations; and

• Dening critical components o security in rastructure i changes are needed.



8


© OGP

5. Closure or look-back

5.1Te nal project phase entails bringing the project to a close, handing it over to the operation, andreviewing each phase retrospectively to identi y opportunities or improvements in uture projects,and to recti y any perceived aws in project planning or execution. It is advisable to ollow this path

rom the security perspective, as much as rom any other.

5.2One suggested method or achieving a comprehensive look-back is to reconvene the security oversightgroup re erred to in paragraph 2.10 above, or to capture eedback obtained rom its members at therelevant time. Tis, coupled with examination o risk assessments and any security incidents thatoccurred would provide an efficient narrative against which to measure the effectiveness o the security planning employed.



For urther in ormation and publications, please visit our website at:

www.ogp.org.uk



209-215 Black riars RoadLondon SE1 8NLUnited Kingdom

elephone: +44 (0)20 7633 0272Fax: +44 (0)20 7633 2350

165 Bd du Souverain4th FloorB-1160 Brussels, Belgium

elephone: +32 (0)2 566 9150Fax: +32 (0)2 566 9159

Website: www.ogp.org.uk e-mail: [email protected]

OGP is a global organisation that has been active ornearly 40 years, acilitating continual improvement inupstream (exploration and production) health sa ety andenvironmental issues as well as improvements in engineeringand operations. OGP, with offices in London and Brussels,represents publicly-traded private and state-owned oil and gascompanies, eld service companies and industry associations.Its members produce more than hal o the world’s oil andover one-third o its gas. More in ormation about OGP

and the production o gas rom shale can be ound at:http://www.ogp.org.uk

About us:

ogp 494 integrating safety in major projects

Documents