Section VI

AOS-MJN-0254-HSE

SUPPLY of PERSONAL PROTECTIVE EQUIPMENT (PPE)

CONTRACT SECURITY CLAUSE

SECURITY MODE 3

CONTRACT no.: AOS-MJN-0254-HSE 1 of 8

CONTENTS

REFERENCES ................................................................................................................................ 3
1 MAJNOON SECURITY MANAGEMENT SYSTEM ...................................................................... 4
1.1 Security Management System For MFD ................................................................................... 4
2 MAJNOON SECURITY HIERARCHY ......................................................................................... 4
2.1 Legal Operating Framework ...................................................................................................... 4
3 COMPANY COMMITMENT ................................................................................................... 4
3.1 COMPANY Disclaimer ................................................................................................................ 4
3.2 COMPANY Security Management ............................................................................................. 5
3.3 COMPANY Responsibilities ........................................................................................................ 5
3.4 COMPANY Approvals ................................................................................................................. 5
3.5 Assurance & Security Audits ..................................................................................................... 5
3.6 Use of Private Security Companies (PSC) ................................................................................. 6
3.7 Standards & Recitals .................................................................................................................. 6
4 CONTRACTOR COMMITMENT .............................................................................................. 6
4.1 Commitment to the MFD Security Management System ....................................................... 7
4.2 CONTRACTOR Management of Security .................................................................................. 7
5 SECURITY MODE .................................................................................................................. 8
5.1 COMPANY RESPONSIBILITIES .................................................................................................... 8
5.2 CONTRACTOR RESPONSIBILITIES .............................................................................................. 8
5.3 Security Management & Liaison ............................................................................................... 8
6 SECURITY PLAN AND PROCEDURES ................................... ERROR! BOOKMARK NOT DEFINED.
6.1 Security Risk Assessment.......................................................... Error! Bookmark not defined.
6.2 Security Plan .............................................................................. Error! Bookmark not defined.
6.3 Security Procedures .................................................................. Error! Bookmark not defined.
6.4 Sphere of Influence ................................................................... Error! Bookmark not defined.
7 THREAT LEVEL ................................................................... ERROR! BOOKMARK NOT DEFINED.
7.1 Security Posture ........................................................................ Error! Bookmark not defined.
7.2 Notifications .............................................................................. Error! Bookmark not defined.
7.3 Passage of Information ............................................................. Error! Bookmark not defined.

CONTRACT no.: AOS-MJN-0254-HSE 2 of 8

 REFERENCES
Ref Document Number Reference Document

A. ATPC-GEN-IFMS-HP-6180-0010 Security Contractor Auditing Procedures

B. ATPC-GEN-IFMS-HP-7180-0005 Access Control Procedure for Majnoon Field

C. ATPC-GEN-IFMS-HP-7180-0008 Security Readiness to Start (RtS) Specifications & Standards

D. ATPC-GEN-IFMS-HP-7753-0002 Rules for the Use of Force Security Guidelines

E. ATPC-GEN-IFMS-HP-7753-0001 VPSHR Guidance

F. ATPC-GEN-IFMS-HE-7180-0001 Remote Healthcare Guide

G. ATPC-GEN-IFMS-HP-7753-0013 Minimum Operating Security Standards (MOSS-I) - Infrastructure

H. ATPC-GEN-IFMS-HP-7753-0014 Minimum Operating Security Standards (MOSS-S) - Security

Contractor Services

CONTRACT no.: AOS-MJN-0254-HSE 3 of 8

1 MAJNOON SECURITY MANAGEMENT SYSTEM
1.1 Security Management System For MFD
The Security Management System for Majnoon Field Development (MFD) contains the security
performance requirements expected of all parties operating on MFD, including COMPANY and
CONTRACTOR. The MFD security management system creates a common approach to security
management and the sharing of security information, security incident data, field access. Asset
protection, the construction of assets or infrastructure and in responding to security incidents.

The security management system details the policies and the security requirements expected of all
parties operating on MFD. The security management system creates a common approach to security
management and the sharing of security information, security incident data, field access, asset
protection, the construction of assets or infrastructure and the response security incidents.

All parties engaged in MFD activities shall comply with the requirements of the security management
system irrespective of whether parties are operating under the company security management
system, the contractor security management system or bridging between both.

This clause sets out the obligations of the contractor required to meet the company minimum
security requirements when working on MFD projects.

2 MAJNOON SECURITY HIERARCHY

The MFD Security Management System is owned by BOC Security. Any activity, carried out in support
of all MFD activities, shall be conducted in accordance with the MFD Security Management System.
IFMS Security shall manage the MFD Security Management System on behalf of BOC and shall be
responsible for the overall MFD Security. Any activity, carried out in support of EPCM MFD activities,
shall be conducted in accordance with the MFD Security Management System, but accountable to
EPCM Security.

COMPANY Security Department ensures that security services are at an approved standard and will
review all plans and procedures to be implemented by CONTRACTOR working on MFD projects.

It shall be the responsibility of CONTRACTOR to request the current COMPANY Minimum Operating
Security Standards documents from COMPANY in order to ensure the intended security
arrangements follow current COMPANY standards. Should any qualification be required on any of
the security standards a meeting with COMPANY security management team should be arranged in
order to seek clarification.

2.1 Legal Operating Framework

COMPANY and CONTRACTOR agree that security provided by either PARTY, shall be provided in
compliance with relevant Iraqi laws and with respect to the human rights of both PARTIES, their
workers, employees, staff and contractors and with respect to third-party persons, including but not
limited to: Majnoon local communities, visitors and bystanders.

3 COMPANY COMMITMENT
3.1 COMPANY Disclaimer
COMPANY shall manage Security Risk to ‘As-Low-As-Reasonably-Practicable’ (ALARP).

CONTRACT no.: AOS-MJN-0254-HSE 4 of 8

COMPANY will endeavour to support CONTRACTOR with agreed Security Services. However, Iraq is
a difficult country in which to operate and there may be times when, through no fault of COMPANY,
security services are not available. These situations may include but are not limited to: the prevailing
security situation; Government of Iraq regulatory, licencing or permit issues or COMPANY’s Security
Provider’s operational constraints. CONTRACTOR shall not make claim or hold COMPANY liable for
any delays, injuries or losses due to any reduction of security services beyond COMPANY’S control
or breach of security services.
The CONTRACTOR is not relieved from any liability or obligation under this CONTRACT.
3.2 COMPANY Security Management
COMPANY will support CONTRACTOR with those security services as detailed below.
The COMPANY shall ensure that the management of security is executed in compliance with the MFD
Security Management System. COMPANY shall approve Security Risk Registers, all Security plans
and any Security procedures to be implemented by the CONTRACTOR. Where appropriate,
COMPANY shall conduct Readiness to Start (RtS) audits of CONTRACTOR, and CONTRACTOR’s Private
Security Company (PSC) where used; other periodic audits; visits and inspections to provide
assurance and compliance.
3.3 COMPANY Responsibilities
Irrespective of the Security Mode definition, COMPANY shall always be responsible for:
1) MFD Field Access. COMPANY shall be responsible for the Access Control and Screening of
people, vehicles and materials entering MFD, but not including the administration of Field Access.
2) MFD Boundary Perimeter. COMPANY shall be responsible for the detection, tracking and
response to any MFD Field incursions via the MFD Boundary Perimeter
3) MFD Security Bubble. COMPANY shall be responsible for the security of the MFD Security
Bubble, permitting unescorted Journey Management within the protected zone (Majnoon
Security Bubble).
4) MFD Security Iraqi Security Force (ISF), Oil Protection Force (OPF) and Strike Force (SF)
Response. COMPANY shall be responsible for the coordination and deployment of ISF, OPF and
SF in response to Security Incidents.
3.4 COMPANY Approvals
COMPANY shall ensure that the CONTRACTOR utilises a Security Management System that is fit for
purpose and considers those Security Risks to which the CONTRACTOR is exposed.
Therefore, COMPANY’s approval is required the following:
1) Security Manager or Security Focal Point. CONTRACTOR shall appoint a Security Manager or
Security Focal Point. CONTRACTOR shall provide CV for the Security Manager or Security Focal
Point.
2) Security Field Access Administrator. CONTRACTOR shall appoint a Security Field Access
Administrator. CONTRACTOR shall provide CV for the Security Field Access Administrator for
approval.
3.5 Assurance & Security Audits
Where applicable, items listed at COMPANY Approvals may be subject to a Readiness to Start (RtS)
audit and regular Level of Defence (LOD) audits. COMPANY Audit regime is:

CONTRACT no.: AOS-MJN-0254-HSE 5 of 8

1) Security Auditing Process is detailed at Document Reference A.
2) Readiness to Start Process is detailed at Document Reference C.
3.5.1 Readiness to Start
CONTRACTOR Security plan, Key Security Personnel, processes, procedures and Security
infrastructure shall be subject to Readiness to Start (RtS) audit prior to mobilisation. The RtS
requirements are detailed at Document Reference C.
Where CONTRACTOR utilises a Private Security Company (PSC) provider, both CONTRACTOR and PSC
SUB-CONTRACTOR shall be subject to Readiness to Start (RtS) audit prior to mobilisation.
3.5.2 Security Plan and Procedures
1) CONTRACTOR shall submit a preliminary Security Plan during the tendering stage. All Security
documents and Plans shall be aligned to the MFD Security Management System.
2) The CONTRACTOR shall submit a final Security Plan, for approval, within thirty (30) days of the
CONTRACT EFFECTIVE DATE, or 14 days prior to mobilisation to site, whichever is earlier.
3) The Security Plan shall be subject to audit by the COMPANY.
4) The COMPANY reserves the right to reject plans with insufficient detail, which may lead to a
delay in CONTRACTOR activity.
5) COMPANY shall not be liable for any losses or consequence resulting from CONTRACTOR’s
inability to meet COMPANY security standards.
3.5.3 Maintenance of Plans, Registers and Procedures
1) The CONTRACTOR shall ensure that Security Plans remains up-to-date. Updates shall be made
to reflect any changes in: the SCOPE of WORK, the Security Situation, lessons identified and any
other recommendations from the COMPANY.
2) CONTRACTOR may seek assistance and/or advice from the COMPANY Security Department as
required.
3.6 Use of Private Security Companies (PSC)
Where the CONTRACTOR is a Private Security Company (PSC) or has a SUB-CONTRACTOR that is a
PSC, it is the CONTRACTOR’s responsibility to ensure that the PSC:
1) Is fully legally compliant as detailed at para 3.3 Legal Operating Framework
2) Completes an RtS. This shall be in addition to the CONTRACTOR’s RtS, when the PSC is a SUB -
CONTRACTOR
3) Complies with COMPANY Guidelines at Reference E. on Voluntary Principles for Security &
Human Rights (VPSHR)
4) Complete with COMPANY Guidelines at Ref D. on Rules for the Use of Force (RUF)
3.7 Standards & Recitals
MFD and COMPANY Security standards are detailed in the References to this document.

4 CONTRACTOR COMMITMENT
The responsibility for the security of CONTRACTOR, its business, personnel, facilities, property,
materials, equipment, products and intellectual properties shall lie with the CONTRACTOR.

CONTRACT no.: AOS-MJN-0254-HSE 6 of 8

4.1 Commitment to the MFD Security Management System
CONTRACTOR agrees that its services and activities shall be completed in compliance with the MFD
Security Management System and where relevant to CONTRACTOR services, facilities, personnel and
activities, the as detailed in the following Standards References:
1) Infrastructure & Facilities. Reference G: Minimum Operating Security Standards (MOSS-I) –
Infrastructure:
2) Security Procedures and Security Contractors. Reference H: Minimum Operating Security
Standards (MOSS-S) - Security Contractor Services:
Where CONTRACTOR fails to meet COMPANY MFD Security Management System requirements,
CONTRACTOR shall become responsible for any and all Security Risks and liabilities pertaining to
those requirements and any consequences thereto.
4.2 CONTRACTOR Management of Security
As per the terms detailed in the CONTRACT, the CONTRACTOR shall be deemed to have understood
the extent and nature of the WORK and to have fully understood the Security processes detailed
within this document. Additionally, the CONTRACTOR understands that it shall be the
CONTRACTOR’s responsibility to have informed the COMPANY of any deficiencies, omissions,
contradictions or ambiguities, prior to entering into the CONTRACT.
1) The CONTRACTOR shall communicate and agree with COMPANY; the extent, limits, boundaries
and exemptions or exceptions of its security sphere of influence; prior to the issue of the
CONTRACTOR’s Security Plan.
2) CONTRACTOR shall be responsible for the implementation of the MFD Security Management
System in relation to this CONTRACT.
3) COMPANY shall assess the overall effectiveness of CONTRACTOR’s security against the MFD
Security Management System. Where required, CONTRACTOR shall address COMPANY’s
recommendations. The implementation of COMPANY’s recommendations shall be carried out
at CONTRACTOR’s own cost.
4) Where the COMPANY determines that the CONTRACTOR has failed to comply with CONTRACT
Security obligations; then the COMPANY, at its own discretion, reserves the right to assume
control of all or any of the CONTRACTOR’s security responsibilities. Where this occurs, the
COMPANY shall provide the CONTRACTOR three (3) months’ notice and any additional costs,
including those to the COMPANY, shall be borne by the CONTRACTOR.
Nevertheless, CONTRACTOR failure to comply with CONTRACT Security obligations such
violation shall constitute a material breach of the CONTRACT and shall entitle COMPANY to
terminate the CONTRACT in accordance with CONTRACT provisions.
4.2.1 Security Management Elements Allocated
CONTRACTOR shall be responsible for, and the management of:
1) Receipt of and Ownership of Security Risk (those transferred to CONTRACTOR)
2) Ownership of Security Management Systems, including:
a) Security Programme Management & Administration
b) Physical Security
c) Procedural Security
d) Process Control

CONTRACT no.: AOS-MJN-0254-HSE 7 of 8

 e) Personnel Security – including: security and criminal vetting of all staff; control of
grievances; protection of vulnerable staff and Journey Management

5 SECURITY MODE
The following Security Mode shall apply to this CONTRACT:
Security Mode 3: CONTRACTOR operates within its own Security MS that has no interface with
COMPANY Security Management System.
COMPANY may wish to guide and influence security performance under this type of contract.
5.1 COMPANY RESPONSIBILITIES
Under conditions of Security Mode 3, the COMPANY is responsible for the following activities:
NIL
5.2 CONTRACTOR RESPONSIBILITIES
1) CONTRACTOR shall be the sole owner of all Security Risks under CONTRACTOR’s own Risk
Management Framework
2) Security Risks are managed under CONTRACTOR’s Security Management System (MS) and has
no interface with the COMPANY Security MS. Work is conducted outside COMPANY’s sphere of
influence and is not required to report security performance data and incidents to COMPANY.
5.3 Security Management & Liaison
COMPANY may wish to guide and influence security. Where COMPANY does have a prevailing
influence over the contract, CONTRACTOR will be classed as a Security Mode 2C, ATPC-GEN-IFMS-
HP-7753-0006. In this case, the influence is over that WORK conducted solely for COMPANY and
excludes WORK not supporting MFD business.
5.3.1 Security Administration.
CONTRACTOR shall be entirely responsible for their own Security Administration in relation to the
WORK

CONTRACT no.: AOS-MJN-0254-HSE 8 of 8