Title Page

  • Executive Summary

  • Conducted on

  • Prepared by

  • Location

Site Condition

  • Are there any 'temporary' measures in place which should be permanent or removed? i.e. signage, barriers etc

  • Are there any general site husbandry issues? i.e. netting, pest control, cabling, ducts, storage of materials etc

  • Are site welfare facilities in good condition and clean?

  • Are legionella checks completed where there is a water supply?

  • Is there redundant equipment within our control awaiting removal from site?

  • Are there any issues with civil assets including pits, structural steelwork, access roads etc?

  • Are there any trees in the easement surrounding the site that are either?<br>Growing over the pipeline Growing over the fence?

  • Is there any corrosion on site which requires patch painting?

  • Is installed flange protection in good condition?

  • Are the outfall areas identified, clear, accessible?

  • Are all gas leaks controlled under TR32? i.e. work orders raised and site risk assessment completed

  • In relation to emergency exits and evacuation routes:<br>Are there any emergency exits on site?<br>• Can emergency exits be easily identified?<br>• Can emergency exit gates operate correctly and can be opened fully?<br>• Are emergency evacuation routes are clear of all obstructions (including vegetation)?<br>• Is the direction personnel need to go to an area of safety obvious?<br>Is there an emergency telephone number visible from outside the site in the event of an emergency?

  • Are first aid kits available? Are the first aid kits within date?

Plant, Tools & Equipment

  • Are statutory engineering records (lifting equipment/PSSR) valid and available on site?

  • Is the workshop racking secure & marked with the Safe Working Load (SWL)?

  • Do all power tools have the required guards and stops?

  • Is lifting equipment on a register, inspected and displayed on ID tags?

  • Is mobile plant<br>* being used<br>* located correctly <br>* within the required service date

  • Are safety notices displayed? E.g. ear / eye protection?

  • Are flexible hoses being managed? i.e. tagged, in date & registered

  • Is there an up-to-date portable flexible hose register available on site ?

  • Are the flexible hoses tagged appropriately? (following sample check)

  • Is there an up to date register of portable electrical equipment available on site ?

  • Are ladders located on site?

  • Are hand tools in good condition and fit for purpose? Calibrated where appropriate.

  • Are emergency rescue plans available for access equipment? i.e. MEWPs

  • Is all emergency access equipment inspected and within date?

  • Are simple lift plans in place and available for use? i.e for cabs, workshops and deliveries

  • Are Portable Regulator registers available on site?

  • Are pressure set points are available on site?

  • Are Valve numbers and position indicators clearly visible? (following sample check)

  • Where there is a bypass around a slam shut valve, are interim measures implemented i.e. signage and locked closed where available?

Environment

Site Log

  • Is site log correctly completed - sample check to confirm.

  • What issues have you recently found and fixed?

Fuel/Oil Storage

  • Is fuel/oil stored in a safe, contained area in/on bunds and free from spills and leaks?

  • Is tank and bunding integrity visually ok / evidence of maintained?

  • Are bunds free from liquids and debris?

  • Are there adequate provisions for dealing with a spill?

  • Are emergency spill kits available and fully sealed?

Drainage and Outfall

  • Are roads and pathways clear of oil?

  • Is the site interceptor clear from oil?

  • Carry out a visual inspection of the outfall to confirm the location. Is the outfall adequately marked?

  • Does the site pen stock valve operate correctly?

  • Is the valve key/handle easily located?

  • Have you had any spills in the last month - confirm reported and remediated appropriately?

Waste Compliance

  • Are Waste Transfer Notes (WTNs) correct and appropriately stored in the environmental folder - Part Es received? (refer to ENV/81)

  • Do the WTNs correlate with the returns from waste contractors?

  • Are waste areas tidy and free from litter?

  • Are waste containers correctly labelled with their contents?

  • Are the sites waste receptacles easily identified and is it clear which waste goes in them?

  • Is waste being correctly deposited and managed i.e. no oily rags in general waste, no sharp objects on show, no waste overflowing etc.?

Data & Security & Operational Technology

Data & Security

  • Have site visitor procedures been complied with?

  • Have external visitors satisfied our requirements with site visitor procedures?

  • Is there any portable media that has been scanned on an up to date National Grid computer?

  • Is a ‘Clear desk policy’ being adopted? i.e. sensitive information unattended and disposed of correctly.

  • Are unattended computer screens unlocked?

  • Confirm the gates and barriers are in closed position.

  • Carry out a visual inspection of the fence, doors and windows. Confirm if they are fit for purpose i.e good condition and secure

Operational Technology

  • Is the control room secure and only authorised personnel allowed to enter?

  • Is the "Password Master List"  up to date?

  • Is the "Password Master List" held securely in the firesafe (applicable to terminals / compressors)

  • Are passwords visible on, under or above OT systems?

  • Is there a USB register in place and up to date? (applicable to compressors / terminals)

  • Are there any unknown devices connected  to site OT systems?

CAMS General

  • Cyber Security Policies -<br>Are the following; Acceptable Use, Software, Mobile Device, Back Up, Cloud, Password, Access Control, Internet Acceptable, User Access Management, Physical Security, Logging and Monitoring, Software, Anti-Malware, Electronic Messaging, Patch Management Policies posted on Site noticeboards? <br>If not, how are they communicated on to site personnel?

  • Cyber Security Standards - <br>Are the Firewall Configuration Standard, Secure Configuration Standard easily accessible on site and by what means available or communicated?

  • Secure Configuration - <br>Hardware inventory, <br>Configuration Specification

  • User and Administration Accounts - <br>system owners, <br>admin user accounts, <br>cyber essentials poster,

  • Malware Protection -<br>incident response plan, <br>ransomware; phishing protection, protecting apps and access, secure data backup

  • Software Patching - <br>software inventory is this in Cloud?

Section 1. Management Procedure Statements

  • Is there any OT related work ongoing and is the work in conformance with the Work Instruction and RAMS?

  • Check the workers Cyber STC certification is current and in date?

  • Check the site log book for visitors confirms STC was checked?

  • Is the Site Password Master List up-to-date?

  • Is there any records supporting Changing Passwords process is effective? Sect 1.3.3 & 1.3.4<br>Annual Password Expiry<br>Leavers / Movers (within 7 days) / Password Compromise(within 24 hours)<br>Confidentiality destroying written records of the new passswords apart from the Master List in Fire Safe<br>Do certain backup types need the old password to access them so make sure old passwords have been also stored in the fire safe?

  • Check the system access review has been carried out quarterly?

  • Are workers on the OT systems protecting the login credentials (User ID & Password) in a way to prevent others viewing them?

  • Have screens been locked or logged out of an OT system if leaving the workstation area?

  • Can you see any OT systems sited in non-secure areas and have port blockers been fitted to USB ports and Ethernet ports?

  • If an OT system is being used in a non-secure area check the declaration of devices was checked and compliant regards to scanned for viruses before permitted work commences?

  • Is there evidence (maybe checklist) that Post Maintenance Checks have been carried out before the contractor leaves the site for the final time?

  • Check shared OT data shall conform to SEC1 1.9 requirements (check list?)

Section 2. TTL Acceptable Use

  • Is there any evidence of legacy TTLs and non-standard devices on site?

  • If yes to above line has a ticket via Service Now or Field Force been generated?

  • If there is a host machine and has it any permanently stored files or additional installed software?

  • Is there any evidence of VMs having added, removed or alterations or core applications on Operating Systems inclusive of security applications/settings?

  • Is the communal TTL Device updated and securely stored on-site.

  • Check device holders sharing their TTL completed the sharing tracker Appendix J?

  • If there is an account holder TTL User present, check how they received approval from the device holder?

  • Check what TTL passwords and pins have been shared (Bitlocker PIN & External Back Up Drive PIN Only?)

  • Have the TTLs and Virtual Machines automatic updates of systems software, window patches and security controls (Anti-Virus)? If no check last updates (if possible?)

  • Is the VM updated before importing data to 3rd parties, or after use when the VM hasn’t been used?

  • Is the VM left connected in the update mode and if not check it has been connected to the network monthly to apply security updates?

  • Is there evidence the TTL is shut down when not in use?

  • Is there evidence that a TTL communal device has been backed up quarterly as a minimum?

  • Check if the TTL is backed up on any major tested changes like installation of new business applications etc?

  • Is the back up device being kept separate to the TTL device (not stored together)?

  • Check the Back up device hasn’t any sticker notes or labels with password or PIN visible?

  • Is there any evidence of screen sharing happening on TTL devices and is the correct communal HDMI in use?

  • Is MS Teams via One Net Device in use for sharing screen?

  • Is there any data storage or transfers happening and if yes has it been classified correctly Confidential or Strictly Confidential aligned using the correct options aligned with options Secure Azure Storage Explorer (Cloud), Virtual Drive (V & M), Virtual Machines, Enterprise OneDrive, Separate Encrypted Back-up drive, Encrypted USB, DVD/CD RW?

  • Was files transferred from original vendor or trusted sources scanned before saved onto Azure Storage Explorer?

  • If new OT software is to be installed confirm it has the appropriate licence and is installed?

Section 3. Removable Media & Collaborative Devices

  • Is there any removable media connected to the OT system?

  • Check internal users media is correct, maintained v aligned usage policy, dataAshur Pro USB FD blue colour, Portable Solid-State Drives with AES 256 encryption. Removable Media where dispensation has been granted supporteed by 3rd party Security Conduct Form followed the device declaration?

  • Check no personal laptops, mobile telephones, storage devices are connected. Downloads of unauthorised software from the internet. Connections created via wireless hotspots for smartphones to connect OT systems to the internet. Connect any NG media that does not satisfy media criteria.

  • Check if any dispensation has been approved for continued use of non-standard removable media, if yes, check for the Supervisors and Cyber Security Team approval?

  • Check that a central record of all requests and outcomes is in place and maintained?<br>

  • Check where the back up media is stored, fire safe?

  • Is the storage media clearly marked strictly confidential?

  • Check the site log is correctly populated with USB Storage devices on site?

  • Check for evidence removable media storage has been correctly scanned for virus and malware?

  • TTL is the preferred device to scan USBs but if not available still use a Corporate Laptop after checking it has the latest version of the anti-virus software by opening windows explorer righ click the device icon choose scan for threats from options and selecting clean when complete select close. Is a Corporate laptop being used and check the above is done?

  • Check there are no gaps in the local site register and all USB flash drives and external SSDs and hard drives are recorded and up to date?

  • Check collaborative Computing devices not in use, are disconnected and powered down, disabled etc?

Section 4. Personnel

  • Is there any evidence of site staff not providing site induction?

  • Is there any people on site not displaying their ID badge?

  • Is there any evidence of visitors not being supervised at all times maintaining OT security?

  • Check the visitors log and any missing entries like time departed? Temp Access cards returned?

  • Are all security doors closed to prevent visitors unauthorised entry into secure areas?

  • Check anyone using mobile technology including cameras in a secure area has authorisation by the area manager?

  • Check unoccupied secure areas including cabinets are secure with closed locked doors when not in use?

  • Check where the keys are stored and secure? (Ref T/PM/MAINT/13 supports maintenance of site boundaries)

  • Check the OT system Asset Register is established and maintained for the site?

  • Is there evidence in the OT System Asset Register assets are being tracked?

  • Check the OT system Component Tracker is in place and correctly filled in covering Data Removed from site, Name of Individuals accountable for asset whilst removed from site, New Location of Asset, Custodian of Asset at new location, Expected date of return of asset. Evidence of encryption used for CD's, DVD's, USB's, TTL's etc? (Form Appendix G should be used)

  • Check the opposite to line 77 for receipt of Components - Date received at site, Name of individual taking receipt of asset, Previous Location of asset, Date Viurs Scanned, Expected date asset is to be returned to owning site and evidence it was scanned before connecting to OT system?

  • Check the asset register confirms asset disposal includes, Date of disposal, Confirmation that date has been erased / sanitised and confirmation was received of destruction for date for devices destroyed off-site?

  • Check the site has the correct confidential waster arrangements in place and or shredder for OT drawings and documentation?

  • Check site waste skips for evidence of computer equipment or associated assets are not inside it.

Section 6. Cyber Security Incidents

  • Check with site personnel if they have ever found or suspected any Cyber Security Incidents occurring on this site; examples unauthorised access to a system or its data? Changes to system hardware, firmware, or software characteristics without NG knowledge, instruction or consent? Theft or loss of information? Technicians detecting unusual system behaviour? Viruses in systems? Any deviation or break in a documented process or control, Removal of port blockers without permission by visitors (internal or 3rd party), USBs, phones etc left connected to OT equipment?

  • Check if the site has made any reports covering security concerns, weaknesses and possible breaches?

  • Check if the site has had any equipment lost or stolen from site and how was it reported?

Section 7 Configuration Management

  • Is the OT Asset Register correctly filled out with date aligned with Appendix H - Site Name, Device Location, Device Type, Device Manufacturer Make, Device Model, Purpose, Operation System Installed, Software Installed, Firmware Installed, Anti-Virus software brand name installed, Anti-Virus version installed?

  • Check the engineering topology (LAN/WAN Communications diagrams) is maintained and accurate T/PM/RE/20 Building Info Modelling (BIM) Project and Operational Drawings.

  • Check OT System Back Up / Rollback of Changes process is followed correctly; backing up sufficient data to recreate the system on a new pc. Ensuring all descriptive content of software/firmware is included in the backup. Checking the file has saved (e.g. content size). Following Manufacturers Instructions. Creating a local version of all backups. Only use SSD with optional AES 256 encryption for storing backups, unless a dispensation has been approved to use different media like Samsung T5 SSDs? Have all previous backups been saved? Compliant using removable media? Is the Tracking and logging register up-to-date? Has the current version been uploaded to the Central Database? Backups done at least Annually? Ref: T/PM/MAINT/6

  • Check changes to the OT systems conforms to T/PM/G/35 and the current Operating System (OS) version is fully backed up and if need complete the checks of any removable media containing the patch update?

  • Check the OT Asset Register has all necessary details of changes, the correct backup of the new version is done and check the system changes have been completed. Finally was the Engineering Topology Diagram updated?

  • Check if unnecessary applications not supporting a user or business need have been removed or disabled?

Hazardous Substances

COSHH

  • Are the CoSHH storage arrangements adequate? i.e. signage, locked, ventilated, protected from damage, away from drains, bunded etc

  • Complete sample check of availability of Safety Data Sheets for substance on site or in vehicles. Confirm there is an up to date site inventory of substances?

  • Confirm personnel are aware of the process to obtain new/existing CoSHH Assessments? i.e. from the online database

Asbestos

  • Has the site been surveyed for asbestos?

  • Is there an up to date Asbestos Management Plan available for the site?

  • Has the Asbestos Management Plan been reviewed within the last 6 months?

  • Are all Asbestos Containing Materials (ACMS) clearly labelled?

  • What are the arrangements if any unexpected asbestos containing materials are discovered?

Cylinder Management

  • Are gas cylinders stored in a well-ventilated place e.g. outside in a locked, caged area with suitable warning signs?

  • Are gas cylinders segregated to store used and full cylinders separately?

  • Are gas cylinders secured to prevent falling over?

  • Are gas cylinders secured to prevent falling over?

  • Are used cylinders inventory being managed?

  • Is handling equipment available (trolleys and lifters)

Hazardous Coatings

  • Is any Coal Tar Wrap or Lead Paint on site?

  • Is any Coal Tar Wrap or Lead Paint likely to be disturbed during activities?

Breaking Containment

  • Are suitable arrangements in place for the management of any hazardous substances which may arise from breaking containment (e.g. NORM, Benzene etc.) such as PPE, RPE, containment and disposal?

  • Ensure that NORM waste is not stored on site - any NORM waste produced from activities should be sent to Bacton before the works on site conclude

  • Is there any NORM stored on site?

  • How long has it been there?

  • When will it be removed?

Pipelines & AGI's

  • Check the pipeline marker posts at site - are they visible? i.e. clear of vegetation and a minimum number of 2.

  • At road crossings is there a marker post on each side of the road including at least one Aerial Marker Post?

  • Are there any signs of damage or signs of intrusion on the site perimeter?

  • Is any asbestos on site included in a register with an appropriate management plan in place?

  • Do all Electrical and Instrumentation assets within hazardous areas have an appropriate EX tag?

  • Is site signage in place and appropriate? Is the emergency number visible?

  • Are Valves numbers and position indicators clearly visible? (sample check)

  • Are remote valves locked in the correct position?

  • Is there any evidence of fly tipping or unsolicited use of the site?

  • Are there appropriate measures in place to prevent animal damage at the site?

  • Is there redundant equipment within our control awaiting removal from site?

  • Are there any 'temporary' measures in place which should be permanent or removed? i.e. signage, barriers etc

  • Are there any general site husbandry issues? i.e. netting, pest control, cabling, ducts, storage of materials etc

  • Are site welfare facilities in good condition and clean?

  • Are legionella checks completed where there is a water supply?

  • Is there redundant equipment within our control awaiting removal from site?

  • Are there any issues with civil assets including pits, structural steelwork, access roads etc?

  • Are there any trees in the easement surrounding the site that are either?<br>Growing over the pipeline<br>Growing over the fence

  • Is there any corrosion on site which requires patch painting?

  • Is installed flange protection in good condition?

  • Are the outfall areas identified, clear, accessible?

  • Are all gas leaks controlled under TR32? i.e. work orders raised and site risk assessment completed

  • In relation to emergency exits and evacuation routes:<br>Are there any emergency exits on site?<br>• Can emergency exits be easily identified?<br>• Can emergency exit gates operate correctly and can be opened fully?<br>• Are emergency evacuation routes are clear of all obstructions (including vegetation)?<br>• Is the direction personnel need to go to an area of safety obvious?<br>Is there an emergency telephone number visible from outside the site in the event of an emergency?

  • Are first aid kits available? Are the first aid kits within date?

Vehicles

  • Is the vehicle clean inside and out?

  • Is the vehicle tidy inside and out?

  • Is there any damage to the vehicle?

  • Are the lights working?

  • Are the wipers working?

  • Are there any items stored within the cab that could potentially become a projectiles in event of an accident?

  • Are all tools stored correctly and secured?

  • Is the log book completed and up to date? i.e. proof of daily checks being completed

  • Has the vehicle been weighed? If not arrange for it to go to a public weigh bridge as required

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.