handbook preview security - rail industry safety and standards … · security handbook vol 1...

V1.00August 2009

Managing Security Related Risks in Rail Organisations

Australian Rail NetworkSecurity HandbookVolume 1

Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009

Security Handbook Vol 1Managing Security Related Risks in Rail Organisations

�

Important Notice and DisclaimerThe Ra�l Industry Safety & Standards Board (“RISSB”) prov�des a range of products �nclud�ng:

Standards;Codes of Pract�ce;Rules; Gu�del�nes; and Handbooks

collect�vely called the “RISSB Products”.

RISSB does not undertake a full r�sk assessment of the RISSB Products �t develops due to the d�verse operat�ng env�ronments operat�ng across Austral�a. Rather �t �dent�fies the hazards that must be addressed on the Austral�an Ra�l Network and develops products to accommodate these.

Respons�b�l�ty rests w�th the ra�l organ�sat�on, should �t choose to adopt a RISSB Product, to ensure that the RISSB Product �s safe for use on the network on wh�ch �t �s �ntended to be used. Th�s would �nclude a r�sk assessment.

RISSB and all persons act�ng for RISSB �n prepar�ng a RISSB Product d�scla�m any l�ab�l�ty or respons�b�l�ty to any person for any consequences ar�s�ng d�rectly or �nd�rectly from the use by the ra�l �ndustry or ra�l organ�sat�ons of the RISSB Product �n whole or �n part, and whether or not �n conjunct�on w�th, or as a supplement to, the gu�del�nes wh�ch the ra�l �ndustry or ra�l organ�sat�on currently uses.

Users of the RISSB Products should be aware that, wh�le us�ng the RISSB Products, they must also comply w�th any relevant Commonwealth, State or Terr�tory leg�slat�on relevant to the�r operat�ons.

Adherence to the RISSB Products does not replace or exclude the appl�cat�on of such leg�slat�ve requ�rements. Users are respons�ble for mak�ng the�r own enqu�r�es �n relat�on to the appl�cat�on of leg�slat�on, and the framers of the RISSB Products accept no respons�b�l�ty �n th�s regard.

Adherence to the RISSB Products does not necessar�ly ensure compl�ance w�th any relevant nat�onal gu�del�nes, standards and codes of pract�ce. Users are respons�ble for mak�ng the�r own enqu�r�es �n relat�on to compl�ance w�th nat�onal, standards, gu�del�nes and codes of pract�ce.

Wh�le all reasonable care has been taken �n the preparat�on of th�s RISSB Product, �t �s prov�ded to ra�l operators w�thout any legal l�ab�l�ty on the part of RISSB and RISSB publ�shers, authors, consultants and ed�tors each take no respons�b�l�ty for loss suffered by any person result�ng �n any way form the use, or rel�ance on th�s RISSB Product.

AcknowledgementThe Ra�l Industry Safety and Standards Board w�shes to gratefully acknowledge the contr�but�ons of Accred�ted Ra�l Organ�sat�ons �n the preparat�on of th�s document, and �n part�cular the grant�ng of perm�ss�on to use and adapt ex�st�ng mater�al. In order to protect the �ntegr�ty of the or�g�nal documents, contr�buted mater�al has not been spec�fically attr�buted to any operator.

Th�s Handbook has been developed to prov�de a gu�dance framework wh�ch can be adopted by ra�l organ�sat�ons who w�sh to do so. They are not a Mandatory requ�rement. All Commonwealth, State and Terr�tory leg�slat�on has pr�or�ty over the content prov�ded �n these HANDBOOKs.

Copyright All r�ghts reserved RISSB 2009. The content of th�s document (except for content expl�c�tly marked as or�g�nat�ng from other sources) �s owned by RISSB and may not be reproduced or transm�tted by any means �n whole or �n part w�thout wr�tten perm�ss�on from the copyr�ght owner. Current financ�al members of RISSB may ut�l�se and reproduce the text or d�agrams conta�ned here�n use w�th�n the context of the�r own ra�l operat�ons. No photographs conta�ned here�n may be reproduced w�thout perm�ss�on.

•••••

Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009


��

Non-Mandatory and non-normativeIt was formally determ�ned and agreed at the Ra�l Safety Consultat�ve Forum (RSCF) on 31 July 2008 that gu�dance �s not enforceable or mandatory. These RISSB Handbooks have been developed by �ndustry, for �ndustry only. RISSB members are free to ut�l�ze the content of th�s document e�ther �n whole, �n part, or not at all.

Document Control

Document DetailsDocument Name: Manag�ng Secur�ty Related R�sk �n Ra�l Organ�sat�ons

Vers�on Number: 1.00

Documentat�on Status: Work�ng Draft

√ Approved for Issue

Arch�ved

Next Scheduled Rev�ew Date: September 2014

Version HistoryVers�on Number Date Reason/Comments

V0.01 June 2005 In�t�al draft

V0.02 September 2005 Second Draft

V0.03 October 2005 Th�rd Draft

V0.04 January 2006 Fourth Draft – Comm�ttee for Comments

V0.05 June 2006 F�fth Draft – Comm�ttee for Comments

V0.06 July 2006 S�xth Draft – Industry Consultat�on

V0.07 September 2006 Seventh Draft – Industry Consultat�on

V0.08 January 2007 E�ghth Draft – Industry Consultat�on (Inclus�on of Emergency Management Plann�ng Informat�on �n Sect�on 4, and CCTV COAG and AS references �n Related Documents sect�on)

V0.09 September 2007 N�nth Draft – Rework document �nto a HANDBOOK. M�nor amendments to text. Changed HOTUP Techn�que to the HOT or NOT Techn�que to al�gn w�th ARA Secur�ty Awareness Poster and Ra�l Industry Secur�ty Awareness Tra�n�ng Package.

V0.10 September 2007 Tenth Draft – Include amendments recommended by Legal Adv�ce (Bradley.Allen Lawyers) Ref: SEP 701388 LPH dated 23 Aug 2007

V0.11 November 2008 Rev�ew and changed to Handbook

V0.12 May 2009 Approved for �ssue by RISSB Board & ARA Execut�ve

V1.00 August 2009 Publ�shed

Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009


��

Related DocumentsAn up to date l�st of related and support�ng documents can be found v�a the Ra�l Industry Safety Standards Board web s�te at http://www.rissb.com.au.

Standards

AS/NZS 4360:2004 R�sk management, Sydney: SAI GlobalAS 4421:1996 Guards and patrols, Sydney: SAI GlobalAS 1725:2003 Cha�n-l�nk fabr�c secur�ty fenc�ng and gates, Sydney: SAI GlobalAS/NZS 3016:2002 Electr�cal �nstallat�ons - Electr�c secur�ty fences, Sydney: SAI GlobalAS/NZS 4255.1:1994 Secur�ty seals - Class�ficat�on, Sydney: SAI GlobalAS/NZS 4255.2:1994 Secur�ty seals - Use, Sydney: SAI GlobalAS/NZS 7799.2:2003: Informat�on secur�ty management - Spec�ficat�on for �nformat�on secur�ty management systems, Sydney: SAI GlobalHB 231:2004 Informat�on secur�ty r�sk management HANDBOOKs, Sydney: SAI GlobalAS/NZS ISO/IEC 17799:2001 Informat�on technology - Code of pract�ce for �nformat�on secur�ty management, Sydney: SAI GlobalAS 2201.1:1998 Intruder alarm systems - Systems �nstalled �n cl�ent’s prem�ses, Sydney: SAI GlobalAS 2201.2:2004 Intruder alarm systems - Mon�tor�ng centres, Sydney: SAI GlobalAS 2201.3:1991 Intruder alarm systems - Detect�on dev�ces for �nternal use, Sydney: SAI GlobalAS 2201.4:1990 Intruder alarm systems - W�re-free systems �nstalled �n cl�ent’s prem�ses, Sydney: SAI GlobalAS 2201.5:1992 Intruder alarm systems - Alarm transm�ss�on systems, Sydney: SAI GlobalDR 04220 Intruder alarm systems - Part 5: Alarm transm�ss�on systems, Sydney: SAI GlobalAS/NZS 3749.1:2003 Intruder alarm systems - Road veh�cles - Performance requ�rements, Sydney: SAI GlobalAS/NZS 3749.2:1997 Intruder alarm systems - Road veh�cles - Installat�on and ma�ntenance, Sydney: SAI GlobalAS 3745:2002 Emergency control organ�zat�on and procedures for bu�ld�ngs, structures and workplaces, Sydney: SAI GlobalAS 2931:1999 Select�on and use of emergency procedure gu�des for the transport of dangerous goods, Sydney: SAI GlobalAS 4145.1:1993 : Locksets - Glossary of terms, Sydney: SAI GlobalAS 4145.2:1993 : Locksets - Mechan�cal locksets for doors �n bu�ld�ngs, Sydney: SAI GlobalRa�lway Safety and Corr�dor Management Act 1992 (NZ)Secur�ty Industry Act 2003 (ACT)Secur�ty Industry Act 1997 (NSW) & Secur�ty Industry Amendment Act 2005 (NSW)Secur�ty and Invest�gat�on Agents Act 1995 (SA)Secur�ty Prov�ders Act 1993 (Qld)Secur�ty and Invest�gat�ons Agents Act 2002 (Tas)Pr�vate Secur�ty Act 2004 (V�c)Secur�ty and Related Act�v�t�es (Control) Act 1996 (WA)Pr�vate Invest�gators and Secur�ty Guards Act 1974 (NZ)Secur�ty Leg�slat�on Amendment (Terror�sm) Act 2002 (Commonwealth)Commonwealth Places (Appl�cat�on Of Laws) Act 1970 (Commonwealth)Intell�gence Serv�ces Act 2001 (Commonwealth)

•••••••

••

••••

•••

•

•

•

••••••••••••••

Secu

rity H

andb

ook V

olume

1

Prev

iew

http://www.rissb.com.au

© RISSB 2009


�v

Mar�t�me Transport and Offshore Fac�l�t�es Secur�ty Act 2003 (Commonwealth)Workplace Surve�llance Act 2005 (NSW)Pr�vacy and Personal Informat�on Protect�on Act 1998 (NSW)Surve�llance Dev�ces Act 1999 (V�c)Informat�on Pr�vacy Act 2000 (V�c)Pr�vacy Act 1988 (Commonwealth)Publ�c Records Act 2002 (Qld)Terror�sm (Commonwealth Powers) Act 2002 (Qld)Terror�sm (Commonwealth Powers) Act 2002 (NSW)Terror�sm (Commonwealth Powers) Act 2002 (SA)Terror�sm (Commonwealth Powers) Act 2002 (Tas)Terror�sm (Commonwealth Powers) Act 2003 (V�c)Terror�sm (Commonwealth Powers) Act 2002 (WA)Terror�sm (Emergency Powers) Act 2003 (NT)Terror�sm (Pol�ce Powers) Act 2002 (NSW) Terror�sm (Commun�ty Protect�on) Act 2003 (V�c)Occupat�onal Health and Safety (Commonwealth Employment) Act 1991 (Commonwealth)Occupat�onal Health and Safety Act 1989 (ACT)Occupat�onal Health and Safety Act 2000 (NSW)Work Health Act (NT)Workplace Health and Safety Act 1995 (Qld)Occupat�onal Health, Safety and Welfare Act 1986 (SA)Workplace Health and Safety Act 1995 (Tas)Occupat�onal Health and Safety Act 2004 (V�c)Occupat�onal Safety and Health Act 1984 (WA)Health and Safety �n Employment Act 1992 (NZ)Injury Prevent�on, Rehab�l�tat�on, and Compensat�on Act 2001 (NZ)Env�ronmental Plann�ng and Assessment Amendment (Infrastructure and Other Plann�ng Reform) Act 2005 (NSW)

Codes of PracticeWorkCover Code of Pract�ce – Cash �n Trans�t (2002)A Nat�onal Approach to Closed C�rcu�t Telev�s�on – Nat�onal Code of Pract�ce for CCTV Systems for the Mass Passenger Transport Sector for Counter-Terror�sm (COAG July 2006)

RISSB HANDBOOKsSecur�ty Handbook Vol 2 - Assessment of Secur�ty Related R�sks �n Ra�l Organ�sat�ons

OtherAttorney-General’s Department (2005) Nat�onal Counter-Terror�sm Plan, Canberra: CoADepartment of Transport and Reg�onal Serv�ces (2004) Gu�de to Prepar�ng a Surface Transport Secur�ty Plan, Canberra: Department of Transport and Reg�onal Serv�ces, Canberra: DOTARS.Department of Transport and Reg�onal Serv�ces (2004) Land & Water Based Mass Passenger Transport Systems, R�sk Context Statement, Canberra: Department of Transport and Reg�onal Serv�ces, Canberra: DOTARS.

••••••••••••••••••••••••••••

••

•

••

•

Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009


v

Department of Transport and Reg�onal Serv�ces (2004) Land Transport Secur�ty Assessment Gu�dance Paper, Canberra: Department of Transport and Reg�onal Serv�ces, Canberra: DOTARS.NSW M�n�stry of Transport (2006) Example Ra�l Secur�ty Pol�cy & Ra�l Secur�ty Plan, Sydney: M�n�stry of Transport.Commonwealth Attorney-General’s Department (2005) Commonwealth Protect�ve Secur�ty Manual, Canberra: CoA.WorkCover NSW (2002) V�olence �n the Workplace Gu�de, Sydney: WorkCover.Austral�an Bomb Data Centre (undated) Bomb Safety Programme: HANDBOOKs for ma�l Bomb Countermeasures, Canberra: Austral�an Federal Pol�ce.Austral�an Bomb Data Centre (undated) Bombs Defus�ng the Threat, Canberra: Austral�an Federal Pol�ce.Balog, J. & Schwarz, A (1996) Tran�st Secur�ty Procedures Gu�de, US Federal Trans�t Adm�n�strat�on, San Jos é, CA. USA: MTIBalog, J. & Schwarz, A (1994) Trans�t System Secur�ty Plann�ng Gu�de, US Federal Trans�t Adm�n�strat�on, San Jos é, CA. USA: MTIBoyd, A. & Caton, J (1998) Trans�t Secur�ty Handbook, US Federal Trans�t Adm�n�strat�on, San Jos é, CA. USA: MTIBoyd, A. & Caton, J (1998) Cr�t�cal Inc�dent Management HANDBOOKs, US Federal Trans�t Adm�n�strat�on, San Jos é, CA. USA: MTIBoyd, A. & Sull�van, J.P. (1997) Emergency Preparedness for Trans�t Terror�sm, US Federal Trans�t Adm�n�strat�on, San Jos é, CA. USA: MTIJenk�ns, B.M & Edwards-W�nslow, F (2003) Sav�ng C�ty L�fel�nes: Lessons Learned �n the 9-11 Terror�st Attacks, San Jos é, CA. USA: MTIJenk�ns, B.M (2001) Protect�ng Publ�c Surface Transportat�on Aga�nst Terror�sm and Ser�ous Cr�me: Cont�nu�ng Research on Best Secur�ty Pract�ces, San Jos é, CA. USA: MTIJenk�ns, B.M (2001) Protect�ng Publ�c Surface Transportat�on Aga�nst Terror�sm and Ser�ous Cr�me: An Execut�ve Overv�ew, San Jos é, CA. USA: MTIJenk�ns, B.M (1997) Protect�ng Surface Transportat�on Systems and Patrons from Terror�st Act�v�t�es, San Jos é, CA. USA: MTIM�neta Transportat�on Inst�tute (2002) Cal�forn�a Transportat�on Secur�ty Summ�ts, San Jos é, CA. USA: MTIIISTPS (1996) Terror�sm �n Surface Transportat�on: A Sympos�um, San Jos é, CA. USA: MTISarre, R. and Prenzler, T. (2005) The Law of Pr�vate Secur�ty �n Austral�a, Sydney: Lawbook Co.Taylor, Br�an (2005) Des�gn�ng and Operat�ng Safe and Secure Trans�t Systems: Assess�ng Current Pract�ces �n the Un�ted States and Abroad, San Jos é, CA. USA: MTIUS-GAO (2005) Passenger Ra�l Secur�ty, GAO Congress�onal Report -05-851Transportat�on Research Board (2002), Spec�al Report 270 – Deterrence, Protect�on, & Preparat�on - The New Transportat�on Secur�ty In�t�at�ve, Wash�ngton DCTrans�t Cooperat�ve Research Program, 2006, HANDBOOKs for Transportat�on Emergency Tra�n�ng Exerc�ses, Report 86 (Vol 9), Transportat�on Research Board, Wash�ngton DC

•

•

•

••

•

•

•

•

•

•

•

•

•

•

•

•••

••

•Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009


1

Table of Content

Adobe Acrobat users: If you are v�ew�ng th�s document us�ng Adobe Acrobat, you are able to cl�ck on the t�tle of the Table of Content and you w�ll be d�rected to the content.

1. Introduction 41.1 Background 41.2 Structure and Appl�cat�on 41.3 Purpose 5

2. Roles and Responsibilities 72.1 Develop�ng The Secur�ty R�sk Management Program 7

3. Security Risk Management 93.1 Overv�ew 93.2 Integrated Safety, Secur�ty and Emergency R�sk Management Model 93.3 R�sk Assessment 9

4. Rail Transport Security Risk Management Strategies 174.1 Ra�l Transport System Character�st�cs 174.2 Secur�ty-�n-depth Pr�nc�ple 174.3 Personnel Secur�ty And Pre-employment Screen�ng 194.4 Secur�ty Awareness and Tra�n�ng 214.5 Credent�als And Credent�al�ng Ident�ficat�on Cards 224.6 Lock�ng and Key Control 234.7 Access Management 254.8 Fenc�ng and Gates 264.9 Intruder Detect�on and Alarm Systems 274.10 Closed C�rcu�t Telev�s�on 274.11 Secur�ty Officers / Patrols / Alarm Response 284.12 L�ght�ng 284.13 Emergency Management 29

Secu

rity H

andb

ook V

olume

1

Prev

iew

© RISSB 2009


2

Table of Content (Cont.) 5. Information Management and Security 335.1 Establ�sh�ng Informat�on Management Pol�cy 335.2 Ident�fy�ng Sens�t�ve Informat�on 335.3 How Can ROs Determ�ne Wh�ch Informat�on to Protect 345.4 Controll�ng Access to Sens�t�ve Informat�on 345.5 Shar�ng Informat�on 355.6 Inc�dent Report�ng and Record�ng 355.7 Pr�vacy 36

6. Security Exercises 386.1 Rat�onale For Secur�ty Exerc�ses 386.2 State and Terr�tor�es Regulated Exerc�se Requ�rements 38

7. List of Annexes 44Annex A Glossary of Offic�al Secur�ty & Emergency R�sk Management Terms 45Annex B Example Secur�ty R�sk Management Program Roles & Respons�b�l�t�es Matr�x 49Annex C Example Ra�l Transportat�on Secur�ty Level System - Saferra�lways 55Annex D Ident�ficat�on Po�nts Table 59Annex E Overv�ew of Secur�ty/ Emergency Exerc�se Types 60

Secu

rity H

andb

ook V

olume

1

Prev

iew

1

1 Introduction


Secu

rity H

andb

ook V

olume

1

Prev

iew

1.Introduction1.1Background1.2Structure and Application1.3Purpose2.Roles and Responsibilities2.1Developing The Security Risk Management Program3.Security Risk Management3.1Overview3.2Integrated Safety, Security and Emergency Risk Management Model3.3Risk Assessment4.Rail Transport Security Risk Management Strategies4.1Rail Transport System Characteristics4.2Security-in-depth Principle4.3Personnel Security And Pre-employment Screening4.4Security Awareness and Training4.5Credentials And Credentialing Identification Cards4.6Locking and Key Control4.7Access Management4.8Fencing and Gates4.9Intruder Detection and Alarm Systems4.10Closed Circuit Television4.11Security Officers / Patrols / Alarm Response4.12Lighting4.13Emergency Management5.Information Management and Security5.1Establishing Information Management Policy5.2Identifying Sensitive Information5.3How Can Ros Determine Which Information to Protect5.4Controlling Access to Sensitive Information5.5Sharing Information5.6Incident Reporting and Recording5.7Privacy6.Security Exercises6.1Rationale For Security Exercises6.2State and Territories Regulated Exercise Requirements7.List of AnnexesAnnex A – Glossary of Official Security & Emergency Risk Management TermsAnnex B – Example Security Risk Management Program Roles & Responsibilities MatrixAnnex C – Example Rail Transportation Security Level System - SaferrailwaysAnnex D – Identification Points TableAnnex E – Overview Of Security/ Emergency Exercise Types