ANSI API St 780-2013 (2022) PDF

Full title and description

ANSI/API Standard 780:2013 (R2022) — Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries. This ANSI‑approved API standard defines a team‑based, repeatable methodology for conducting security risk assessments (SRAs) across petroleum and petrochemical fixed and mobile facilities, with forms, worksheets and examples to support consistent application.

Abstract

API Std 780 provides a structured SRA approach intended to help owners/operators identify assets, threats, vulnerabilities and consequences; estimate credible security risks; and guide selection of countermeasures. The methodology is designed to be scalable across facility types and threat spectra (theft, insider sabotage, terrorism, etc.), and includes annexes with worksheets and example assessments to support practitioners. The standard builds on prior industry SRA work and aligns with general risk‑management principles.

General information

• Status: Current (first edition 2013; reaffirmed as API STD 780:2013 (R2022)).
• Publication date: May 2013 (first edition); Final action for reaffirmation: Feb 11, 2022.
• Publisher: American Petroleum Institute (API).
• ICS / categories: 03.100 (Company organization and management / management systems); 75 (Petroleum and related technologies).
• Edition / version: 1st edition (2013); R2022 reaffirmation.
• Number of pages: Approximately 123 pages (published PDF/print formats reported at ~123 pages).

Scope

Scope: establishes a recommended, industry‑specific methodology for conducting security risk assessments applicable to petroleum and petrochemical facilities and operations (fixed and mobile). The SRA is intended to inform management decisions about the adequacy of existing security measures and the need for additional countermeasures, taking into account threats, vulnerabilities and potential consequences. The standard is intended to be applied alongside applicable laws and regulations.

Key topics and requirements

• Team‑based SRA process combining multidisciplinary expertise (security, operations, safety, emergency response, etc.).
• Five‑step approach: asset/component identification, threat assessment, vulnerability analysis, consequence estimation, and risk determination (with guidance on credible risk scenarios and ranking).
• Use of worksheets, forms and annex examples to document assessments and support repeatability and traceability.
• Guidance on scope-setting, data requirements and supporting documentation for SRAs.
• Alignment with broader risk management principles (references such as ISO 31000 and relevant regulatory citations are included).

Typical use and users

Typical users: security managers, facility/site operators, process safety and operations staff, consultants who perform SRAs, emergency planners, and regulators referencing industry best practice. Typical uses: baseline and periodic security risk assessments, vulnerability reviews for new or modified facilities, input to facility security plans, and to support security investment and mitigation prioritization.

Related standards

Commonly cited and related documents include ISO 31000 (risk management principles), other API security and facility guidelines (for example API 70 / security for offshore operations and API 781 facility security plan methodology), and API standards addressing pipeline/SCADA cybersecurity and control‑system security. API Std 780 has also been recognized in certain U.S. security programs (SAFETY Act designation/certification).

Keywords

security risk assessment, SRA, petroleum, petrochemical, risk methodology, vulnerability assessment, threat assessment, consequence estimation, API Std 780, ANSI/API 780

FAQ

Q: What is this standard?

A: API Std 780 is an ANSI‑approved API standard (first published in 2013, reaffirmed R2022) that provides a standardized methodology for performing security risk assessments in the petroleum and petrochemical industries.

Q: What does it cover?

A: It covers a stepwise, team‑based SRA methodology: identifying assets and components, assessing threats and vulnerabilities, estimating consequences, and ranking credible security risks, supported by forms, worksheets and examples. It is intended to be scalable for different facility types and threat scenarios.

Q: Who typically uses it?

A: Security professionals, operations and safety personnel, consultants performing SRAs, and organizations seeking a consistent industry methodology for evaluating security risks at petroleum and petrochemical facilities. It is also used to support facility security plans and regulatory/compliance reviews where industry best practice is required.

Q: Is it current or superseded?

A: The document is the 2013 first edition and was reaffirmed by ANSI/API in 2022 (designated API STD 780:2013 (R2022)), so it remains a current, reaffirmed industry standard.

Q: Is it part of a series?

A: API Std 780 is part of API’s suite of standards and recommended practices addressing security, risk and operational integrity in the petroleum and petrochemical sectors; it is complementary to other API guidance (facility security planning, pipeline cybersecurity, risk‑based inspection and related management standards).

Q: What are the key keywords?

A: Security risk assessment, SRA, petroleum, petrochemical, vulnerability, threat, consequence, risk ranking, countermeasures, API 780, ANSI/API Std 780.