RP 781 Security Plan

Assets may be categorized in many ways such as:

  1. people,
  2. hazardous materials (used or produced),
  3. information,
  4. environment,
  5. equipment,
  6. facilities,
  7. activities/operations, and
  8. company reputation.

Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards



A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.

Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.

Adapted from: DHS Risk Lexicon.

Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies ( as of 11 November 2015, Global Standards



An identifiable resource with intrinsic financial value that is owned or controlled by the company and which provides benefits to its stakeholders.

For the OMS, only tangible assets are relevant. A company may operate assets that are wholly owned or partly owned through joint ventures or other arrangements. Typically, an asset is a facility, or group of facilities, and may comprise land or sea acreage, buildings, plant, engineered structures, hardware or software, fixed or mobile equipment, vessels, aircraft: and road vehicles, terminals, pipelines, offices or retail outlets.

Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards


An asset is any person, environment, facility, material, information, business reputation, or activity that has a positive value to an owner. The asset may have value to a threat, as well as an owner, although the nature and magnitude of those values may differ.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards



Anything that has value to an individual, an organization or a government.

  • NOTE Adapted from ISO/IEC 27000 to make provision for individuals and the separation of governments from organizations (4.37).

Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards


Person, structure, facility, information, material, or process that has value.

Sample Usage: Some organizations use an asset inventory to plan protective security activities.

Extended Definition: includes contracts, facilities, property, records, unobligated or unexpended balances of appropriations, and other funds or resources, personnel, intelligence, technology, or physical infrastructure, or anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned; from an intelligence standpoint, includes any resource – person, group, relationship, instrument, installation, or supply – at the disposal of an intelligence organization for use in an operational or support role.

Annotation: In some domains, capabilities and activities may be considered assets as well. In the context of the National Infrastructure Protection Plan, people are not considered assets.

Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance



Any person, facility, material, information, business reputation, or activity that has value to an operator.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards


Facilities and associated infrastructure, e.g. structures, wells, pipelines, reservoirs, accommodation & support services.

Source: OGP Report No. 415, Asset integrity – the key to managing major incident risks, International Association of Oil & Gas Producers, December 2008. Global Standards



Physical or logical object owned by or under the custodial duties of an organization, having either a perceived or actual value to the organization.

  • NOTE: In the case of industrial automation and control systems the physical assets that have the largest directly measurable value may be the equipment under control.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Comments are closed.