1 / 49

UNDERTAKING AN OFFSHORE OIL AND GAS SECURITY ASSESSMENT

UNDERTAKING AN OFFSHORE OIL AND GAS SECURITY ASSESSMENT. A Guide. AIM To provide you with an understanding of the DOTARS Offshore Security Assessments Guidance material and how to use it to assist with the production of your Offshore Security Plans. . Note.

Angelica
Download Presentation

UNDERTAKING AN OFFSHORE OIL AND GAS SECURITY ASSESSMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNDERTAKING AN OFFSHORE OIL AND GAS SECURITY ASSESSMENT A Guide

  2. AIM To provide you with an understanding of the DOTARS Offshore Security Assessments Guidance material and how to use it to assist with the production of your Offshore Security Plans.

  3. Note • This presentation is provided to assist organisations who may not be familiar with the requirements for providing a security assessments. • It is acknowledged that a number of attendees are leaders in the field of offshore security. This presentation is aimed at assisting other industry participants who may not be as conversant of security issues or aware of the requirements. • Not intended to cover all parts of the RA, rather amplify specific areas.

  4. PURPOSE OF SECURITY ASSESSMENTS • To provide a sound risk based approach to the implementation of preventive security planning to prevent unlawful interference with offshore facilities. • Ensures a systematic and analytical process is conducted with the aim of identifying outcomes focused security measures and / or procedures that reduce the vulnerabilities of assets, individuals and operations to acceptable levels.

  5. Maritime Transport and Offshore Facilities Security Act 2003 • Requires Offshore Security Plan to include: • A security assessment for the participants operations • Set out security measures for MARSEC 1, 2 & 3 • Provisions for use of Declaration of Security; • Demonstrate implementation of Security Plan that contributes to maritime security outcomes • Complements Federal and State OH &S legislation

  6. Maritime Transport and Offshore Facilities Security Regulations 2003 • Security Assessment must include: • statement outlining risk context or threat situation • identification and evaluation of important assets, infrastructure and operations • identification of possible risks or threats and the likelihood and consequences of occurrence

  7. Maritime Transport and Offshore Facilities Security Regulations 2003(cont) • identification of existing security measures • identification of weaknesses • identification, selection and prioritisation of possible risk treatments

  8. GENERAL GUIDANCE • AS/NZS 4360 Risk Assessment • HB 436:2004 Risk Management • DOTARS Offshore Security • Assessments Guidance Paper • http://www.dotars.gov.au/transsec/oilandgas/docs/Offshore_Security_Risk_Assessment_Guidance_Paper.doc • Use simple plain English • Protected from unauthorised access

  9. AS 4360 - 2004

  10. REQUIREMENTS OF SECURITY • ASSESSMENTS • Date assessment completed • Scope - people, assets, infrastructure, facility or • facilities and operations • Summary of how the assessment was conducted • ID and evaluation of strategically important assets, • infrastructure and operations

  11. Requirements for Security Assessments (cont) • ID and assessment of possible security risks and likelihood and consequences of their occurrence • ID of existing security measures, procedures and operations • ID, selection and prioritisation of possible risk treatments

  12. Template 8.1 Offshore Industry Participants Name and Contact Details-example

  13. Template 8.5 Assets at Risk (Asset Appreciation and Criticality Analysis)-example A useful and simple rating system is Low, Medium or High with relation to the criticality of the asset in the continued productive operation of the offshore facility.

  14. TYPES OF ASSESSMENTS & PLANS Network - a security assessment covering more than one individual facility for which they are legally responsible. Covering – used for several facilities and/or offshore service providers within a single area.

  15. The Current Security Environment • Sources: • DOTARS Offshore Oil and Gas Risk Context Statement - Apr 2005 • http://www.dotars.gov.au/transsec/oilandgas/index.aspx. • Other Threat of Risk Assessments for Critical Infrastructure • Law enforcement and security agencies • Professional and Industry bodies • Company personnel and expert advisers

  16. Establishing the Context- External • Environmental and Geographical • Business and Operational • Statutory and Regulatory • Social and Cultural • Competitive • Political • Financial • Others you may deem appropriate

  17. Template 8.2 External Business Context- examples

  18. Establishing the Context - Internal • The organisational culture • Internal stakeholders • Organisational structure • Capabilities in terms of resources such as people, systems, processes and capital • Goals and objectives and the strategies that are in place to achieve them.

  19. Establishing the Context – Internal (cont) Consideration of : • Critical Assets and Resources • Critical functions and business activities • Operational capabilities • Risk management capabilities • Activities and Programs • Existing risk controls • Risk tolerance level • Limitations on risk treatments

  20. Template 8.3 Internal Business Context-example

  21. The Risk Management Context • The goals, objectives, strategies, scope and parameters of the activity, or part of the organisation to which the risk management process is being applied, should be established. • Consideration of need to balance costs, benefits and opportunities, resources required and the records to be kept should also be specified.

  22. Defining the risk management context: • Determining resources and expertise • needed • Defining the risk reporting criteria • Defining the Likelihood (Probability or • Frequency) criteria • Defining the Impact (Consequence) criteria • Defining the Risk Rating criteria • Outlining the local security risk context

  23. Specific issues to consider: Roles and responsibilities of various parts of the organisation participating in the risk management process; and Relationships between the project or activity and other projects or parts of the organisation.

  24. Template 8.4. Risk Management Context-examples

  25. Consideration of risks resulting in: • Unlawful interference with offshore oil and gas • operations • Death or injury • Adverse social impact • Adverse economic impact • Adverse environmental impact • Symbolic effect • Business disruption and losses • Damage to offshore oil and gas business / • reputation • Significantly reducing public confidence in • offshore oil and gas production and supply.

  26. Table 8. 11 Consequence Assessment Criteria - example

  27. Advanced version of consequence table p.33

  28. Table 8.9 Likelihood Assessment Criteria -example

  29. The Current Security Environment • Sources: • DOTARS Offshore Oil and Gas Risk Context Statement - Apr 2005 • http://www.dotars.gov.au/transsec/oilandgas/index.aspx. • Other Threat of Risk Assessments for Critical Infrastructure • Law enforcement and security agencies • Professional and Industry bodies • Company personnel and expert advisers

  30. IDENTIFYING SECURITY RISKS OIP’s should consider the following terrorist related risk areas: • Bomb or explosive device, including suicide bombings • Hijacking and hostage siege • Deliberate infringement of exclusion zones • Sabotage • Arson • Hoax calls and scare tactics • Blockage of transport routes

  31. IDENTIFYING SECURITY RISKS - cont… • Tampering with supplies, essential equipment or systems • Unauthorised access or use of various equipment, including cyber attack • Unauthorised access to secure areas • Use of industry transport to carry those intending to cause a security incident and their equipment • Use of a mode of industry transport or industry facility infrastructure as a weapon or a means to cause damage or destruction • Use of a ship, helicopter or aircraft to transport explosives, hazardous goods or weapons.

  32. RISK CATEGORIES AND SOURCES OF HARM • Vandalism – vandals • Misappropriation and sabotage - disgruntled insiders • Interference - violence prone individuals or groups (politically motivated or otherwise) • Crime - criminals • Terrorism – terrorists

  33. Table 8.6 RISKS, HAZARDS AND ASSOCIATED RISK EVENTS- examples

  34. Table 8.6 RISKS, HAZARDS AND ASSOCIATED RISK EVENTS- examples Cont..

  35. RISK SCENARIOS - one method • Used to determine how the various risks might be realised and unfold • Use previous security incidents (security history) • Security history must be viewed in the context • Operators must consider own unique risk scenarios • Consider possible risk scenarios to determine how the risk may be initiated and realised • It is important that significant risk causes and scenarios are identified.

  36. Table 8.7 RISK SCENARIOS- example

  37. Table 8.10 ESTIMATED LIKELIHOOD OF RISKS BEING REALISED- example

  38. Table 8.18.RISK TREATMENTS FOR HEIGHTENED ALERT LEVELS- example

  39. RISK SCENARIOS • Used to determine how the various risks might be realised and unfold • Use previous security incidents (security history) • Security history must be viewed in the context • Operators must consider own unique risk scenarios • Consider possible risk scenarios to determine how the risk may be initiated and realised • It is important that significant risk causes and scenarios are identified.

  40. Table 8.7 RISK SCENARIOS- example

  41. Table 8.8 EXISTING SECURITY CONTROLS – Summary for Assets - example

  42. Table 8.10 ESTIMATED LIKELIHOOD OF RISKS BEING REALISED- example

  43. Table 8.12 ESTIMATED CONSEQUENCE OF RISKS IF REALISED- example

  44. Table 8.14 RISK RATING TABLE -example * Note – only general information is required for risk treatment options. However, details of proposed security measures/procedures and desired outcomes should be outlined in table 8.16 Risk Treatment Implementation Schedule.

  45. Table 8. 16 RISK TREATMENT IMPLEMENTATION SCHEDULE - example This Implementation Schedule must be included with assessment and plan

  46. Table 8.16.RISK TREATMENTS FOR HEIGHTENED ALERT LEVELS- example

  47. SUMMARY • Please be aware of the DOTARS Offshore Security Assessments Guidance Paper. • This is the minimum requirement. If your assessment process exceeds this requirement please ensure that there is a clear explanation of the methodology, acronyms and relevant data and sources used.

  48. SUMMARY cont • Ensure there is linkage with the outcomes of the Risk Assessment with the Security Plan. • Complete your plan in accordance with the Guide on preparing an Offshore Security Plan for Offshore Facility Operators. • Please liaise with the local DOTARS office or Veena Rampal on 02 6274 7648

  49. QUESTIONS?

More Related