InTech

JAN-FEB 2018

Issue link: http://intechdigitalxp.isa.org/i/935787

Contents of this Issue

Navigation

Page 40 of 53

CCST question What standard that defines quality policy and procedures is recognized as the "de facto" requirement for doing business in Europe? A. ISA-12.12.01 C. NFPA 70 B. ISO 9000 D. CENELEC CCST answer The correct answer is B , ISO 9000. ISO 9000 is a set of standards developed in Europe that covers many aspects of quality management. The standard named ISO 9000 is ti - tled: ISO 9000:2015: Quality management systems – Fundamentals and vocabulary. ISO 9000 has also been adopted widely in the U.S. as the baseline for quality management. One standard in the ISO 9000 family is ISO 9001:2015: Quality management systems – Requirements. This is the standard for which organizations apply for certification. An organi- zation applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. ISO 9001 certification is administered by qualified certification bodies. The other answers are electrical standards, not quality standards. ISA-12.12.01 is the ISA standard for the use of nonincendive electrical equipment in hazardous locations. NFPA 70 is generally referred to as the National Electrical Code. CENELEC is the European Committee for Electrotechnical Standardization. Reference: Goettsche, L. D. (Editor), Maintenance of Instruments and Systems, Second Edition, ISA, 2005. INTECH JANUARY/FEBRUARY 2018 41 Certification Review | association news resilience to storms, and intrusion tests to verify firewall configuration. Tests in the latter coincide with the system under test, which establishes network boundaries and scope, the collaboration of CSAT and CFAT, verified configuration, and a punch list fol- low through. Consider vendor-recommended settings for each control system platform: identify vendor best practices, modify default set- tings, review overall vendor hardening cri- teria, and review architecture and apply the data flow requirements. The final life-cycle phase necessitates maintenance with the trifecta of security management, monitoring, and incident response. Security management is devel - oped through governance policies aimed at sustaining the cybersecurity risk posture of ICS. Special consideration must be given to asset management, patch management, system backups and change management. Monitoring is the detection of abnormal activity, host and network intrusion detec - tion, and periodic auditing. To summarize, the benefits of integrating cybersecurity into the ICS project life cycle are: n a common understanding of cyberrisk and securing that risk n verification that security is properly implemented n an operations staff security that is pre- pared to manage, monitor, and respond to security incidents before startup In every stage of the project life cycle, transparency is essential, especially when future projects hinge on a clear vision of success. Practical goals aligned with CFAT, CSAT, and postcommissioning are a starting point. In summation of that, a team should consist of subject-matter experts from ICS cybersecurity, information technology in - frastructure, process control, and project management. Assigning an ICS cybersecu - rity lead who works closely with all stake- holders from start to finish, with frequent communication along the way, ensures a successful cybersecurity program. n ABOUT THE AUTHOR Krish Sridhar, PE, GSEC (krish.sridhar@ aesolns.com), is a subject-matter expert on cybersecurity solutions applied to industrial control systems with aeSolutions (www. aesolns.com), a CSIA (www.controlsys.org) member company. CAP question The purpose of an industrial control system alarm system audit is all of the following except: A. Identify new points that should be added to the alarm list. B. Check that the alarm system is meeting the documented alarm system objectives. C. Ensure that alarm shelving and out-of-service procedures are followed. D. Verify that alarm monitoring reports are active and up to date. CAP answer The correct answer is A, identify new points that should be added to the alarm list. Answers B, C, and D are all examples of alarm system auditing functions listed in ANSI/ISA-18.02. There are many more tasks that should be performed in an alarm system audit, including verifying that the alarm history is current, verifying that the management of change (MOC) processes have been followed, and verifying that all documented alarms are active and match the master alarm database. Answer A is not an alarm system auditing function. The identification of points that need to be added to the alarm database begins with a management of change pro - cess. The MOC process is used to ensure that candidates for the alarm system meet the documented definition of an alarm (rationalization) and are assigned the proper classification and prioritization in the alarm system. Reference: Trevathan, Vernon L., A Guide to the Automation Body of Knowledge, Second Edition, ISA, 2006. ISA Certified Automation Professional (CAP) program Certified Automation Professionals (CAPs) are responsible for the direction, design, and deployment of systems and equipment for manufacturing and control systems. ISA Certified Control Systems Technician (CCST) program Certified Control System Technicians (CCSTs) calibrate, document, trouble- shoot, and repair/replace instrumentation for systems that measure and control level, temperature, pressure, flow, and other process variables.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2018