CSA Z246.1-17 Security management for petroleum and natural gas industry systems.
4.1 Governance Security governance involves setting organization-wide policies and processes to define how the SMP should be appropriately integrated into the organization’s overall management system. Security governance includes management commitment and accountability. Organizational policies provide clear direction, commitment, responsibility, and oversight and define the security environment.
4.2 Accountability SMP governance shall include a) senior management accountability for the SMP; b) roles and responsibilities for the development, implementation, control, review, continual improvement, and approval of the SMP across the organization; c) responsibility for the SMP, including sufficient resources to implement and maintain it; d) security policy that provides clear direction, accountability, and oversight for the SMP; and e) SMP awarenes, roles and responsibilities, accountability, training, and continual improvement for employees and on-site personnel.
4.3 Implementation The operator shall implement a documented SMP to ensure security incidents and threats to operations are identified and associated risks are managed with appropriate measures to minimize the impact of security incidents adversely affecting people, the environment, assets, and economic stability,
4.4 Competence The operator shall ensure that any persons responsible for the SMP within the organization or on the organization’s behalf are competent on the basis of education, training, and/or experience. 4.5 External relationships The operator should establish external relationships that a) include contracts and agreements with security partners and third parties that address the organization’s security processes; and b) ensure other security partners and third party processes are aligned with the operator’s SMP, where applicable. 4.6 Internal relationships The operator shall ensure internal processes are aligned with and/or integrated into the SMP, where applicable.
