The organisation should establish and document security measures for class 3 facilities. Measures should ensure facilities are designed to a high security level, vital functions are maintained in extraordinary situations, and functionality is restored without undue delay.
Specific requirements apply to the following facility types:
- Substations and switching stations: Effective detection and rapid response, physical perimeter security at sufficient distance from non-restricted areas, high-security protection of critical components, main transformers shielded with double-reinforced concrete, redundant independent cable runs, redundancy for primary components, redundant station power (two subsystems with 6-hour UPS, 3-day stationary generator, quick-connect mobile generator), and mitigation of geomagnetically induced currents.
- Power stations: Vital components in protective rock caverns within a high-security perimeter, high fire resistance and compartmentalisation, separate access-controlled control rooms, redundant independent cable runs, redundant station power (two subsystems with 6-hour UPS, 3-day stationary unit, quick-connect mobile generator), and at least one black-start and island-operation capable unit.
- Operational control systems: Solid fire/burglary-resistant control centres as separate access-controlled fire compartments, fully redundant components and pathways, redundant station power (two subsystems with 6-hour UPS, 3-day stationary generator, quick-connect mobile generator), emergency operations room or alternative location for critical functions, and robust communication systems with 3-day emergency power runtime (up to 30 days for inaccessible sites).
- Power lines and cables: Risk-based security measures, protection or secure storage of critical cable components with spare cable available, and prompt restoration of lost functionality.
Redundancy should be achieved through electronic, electrical, and physical separation where possible. Alternative measures are acceptable if an equally high security level can be documented. Usage of Norwegian standards in compliance processes should be documented where relevant.
.svg)
