Professional Documents
Culture Documents
1 Scope............................................................ 2
2 Conflicts and Deviations............................... 2
3 Referenced Documents................................. 3
4 Instructions.................................................... 3
5 Responsibilities............................................ 14
6 Definitions.................................................... 15
7 Abbreviations............................................... 17
1 Scope
• Networks and Systems hardware and software such as Process Automation Network
(PAN), Distributed Control Systems (DCSs), Emergency Shutdown Systems (ESD),
Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition
(SCADA) systems, Terminal Management Systems (TMS), networked electronic
sensing systems, Power Monitoring System (PMS), Vibration Monitoring (VMS)
and other monitoring, diagnostic and related industrial automation and control
systems.
2.1 Any conflicts between this Procedure and other applicable Saudi Aramco
Engineering Standards (SAES's), Materials System Specifications (SAMSS's)
Standard Drawings (SASDs), or industry standards, codes, and forms shall be
resolved in writing to the Manager, Process & Control Systems Department of
Saudi Aramco, Dhahran.
2.2 Direct all requests to deviate any mandatory security requirement from this
procedure in writing to the Manager, Process & Control Systems Department
of Saudi Aramco, Dhahran who shall follow internal company procedure
SAEP-302.
Page 2 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
3 Referenced Documents
The requirements contained in the following documents apply to the extent specified in
this procedure.
Company Policy
INT-7 Data Protection and Retention
Page 3 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
4 Instructions
In this procedure, the terms "must", "shall", "should" and "can" are used. When must or
shall is used, the item is a mandatory requirement. When should is used, the item is
strongly recommended but not mandatory. When can is used, compliance may further
enhance the system security but compliance is optional.
The following are requirements for plants networks and systems security:
b) The user of this procedure must exercise sound professional judgment concerning
its use and applicability under user's particular circumstances. The user must also
consider the applicability of any government regulatory, Saudi Aramco standards,
and safety practices before implementing this procedure.
Page 4 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
Page 5 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
Page 6 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
b) The first suffix will always start with a numeric in the range 0-9,
and the second character of the suffix will be in the ranges A-Z,
0-9.
Page 7 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
(URL: http://corpplan/LRPD1/corporat.htm)
b) Classification of Sensitive Information "GI-0710.002",
dated 15 January 2002 (URL: http://gi/html/data/0710_002.pdf).
Page 8 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
c) All special access paths, doors and short-cuts used for developing the
application shall be removed prior to moving the application to production.
Commentary Note:
Page 9 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
Firewalls shall:
detection.
c) Dedicated firewall hardware shall be used to interface a PAN to the
Corporate Network.
Page 10 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
Aramco IT
Network
Plant
Proxy MIS MIS
Historian
Server 1 n
Firewall Firewall
Under Plant Control
( Active) ( Hot Standby)
(or IT Control with
SLA)
Server to Server
Connection
through Firewall
Process Automation
Network
Figure 1
Page 11 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
4.5.1 Monitoring
All available network and system logs shall be examined and monitored
on both a periodic basis and when abnormal activities may indicate
problems. PAN Administrator shall control and validate the access to
these log files.
Commentary Note:
The PAN Administrators shall perform and maintain regular reviews for
the following:
vi) IA&CS are synchronized with an accurate time and date stamps.
Page 12 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
The following are the requirements for Disaster Recovery Planning (DRP) for
Saudi Aramco IA&CS excluding Decision Support Systems (DSS). For further
information of DSS Disaster Recovery Plan, refer to SAEP-1050.
d) The Plant is responsible for developing a DRP that covers all critical
IA&CS installed in the plant which by losing plant production will be
impacted.
e) The DRP shall define the data backup strategy including the systems to
backup, files to backup, the storage media, the locations of the storage and
the storage rotation.
f) The DRP shall be included as part of the overall plant process disaster
response plan.
Page 13 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
h) A minimum of one copy set of the data backup and recovery shall be
stored and maintained at a secure, off-site location.
n) The testing of the DRP plan should be done off line in a testing
environment and not on the actual system if the off line systems are
available. Testing the recovery procedure should be documented.
ii) Name and Badge number of employee responsible for removing the
data;
iv) Specific data which was removed such as number of CD's and
DVD's;
vi) The employee's signature at check-out of data if using hard copy log
book;
Page 14 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
viii) The employee's signature when the data is returned to the safe
location if using hard copy log book.
d) Isolate delivery and loading areas from any critical systems. These areas
are often likely sources of attack or damage from potentially hazardous
materials.
5 Responsibilities
Page 15 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
6 Definitions
Backup: A reserve copy of data that is stored separately from the srcinal, for use if
the srcinal becomes lost or damaged.
Page 16 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
Industrial Automation & Control S ystems (IA&CS): IA&CS include the following:
• Networks and Systems hardware and software such as Process Automation Network
(PAN), Distributed Control Systems (DCSs), Emergency Shutdown Systems (ESD),
Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition
(SCADA) systems, Terminal Management Systems (TMS), networked electronic
sensing systems, and monitoring (such as VMS AND PMS), diagnostic, and related
industrial automation and control systems.
Integrity: The quality of a system reflecting the logical correctness and reliability of
the operating system, the logical completeness of the hardware and software
implementing the protection mechanisms, and the consistency of the data structures and
occurrence of the stored data.
ISA: Stands for "The Instrumentation, Systems, and Automation Society". ISA is a
leading, global, nonprofit organization that sets standards for automation.
Service Level of Agreement (SLA): SLA is a contract between the service provider
(e.g., Information Technology) and the proponent (the plant) to document and specify
the service level expected such as response time for problem resolution and technical
staff qualifications requirements.
Security Domain: is a domain that establishes the scope of threat analysis for
controllable assets in pre-defined physical or logical perimeter boundaries.
Page 17 of 18
Document Responsibility: Communications SAEP-99
Issue Date: 20 April 2008
Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security
For a comprehensive list of security related terms and definitions, please refer to the
ISA Security Standard: "Security for Industrial Automation and Control Systems Part 1:
Terminology, Concepts and Models" ISA-d99.00.01, February 2007.
7 Abbreviations
IP - Internet Protocol
Revision Summary
28 October 2007 New Saudi Aramco Engineering Procedure.
20 April 2008 Minor revision to clarify the use of individual user accounts and physical and logical network
separation.
Page 18 of 18