At a May 2007 meeting with the ISA-sponsored Automation Standards Compliance Institute (ASCI), an ad-hoc group of influential asset owners and suppliers of industrial automation technology and services moved forward with a plan to establish an ISA Security Compliance Institute.
The group established the mission for the proposed organization, which is to decrease the time, cost and risk of developing, acquiring, and deploying control systems by establishing a collaborative industry-based program among asset owners, suppliers, and other stakeholders.
The program will: * Facilitate the independent testing and certification of control system products to a defined set of control system security standards; * Use existing control system security industry standards where available, develop or facilitate development of interim standards where they don't already exist, and adopt new standards when they become available; * Accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements.
The standards, tests and conformance processes for control systems products will allow the products to be securely integrated. An ultimate goal of the organization is to push the conformance testing into the product development life cycle, so that the products are more intrinsically secure.
The rewards to the automation controls industry and consortium members are significant. For asset owners, a well designed and managed product security certification process results in reduced costs and time commitment in product selection and deployment. For suppliers and integrators, the certification process provides a single conformance framework and an industry stamp of approval, resulting in faster time to market and lower development and integration costs. For the standards bodies and government agencies developing industrial security specifications, the result will be better, field-tested standards that are clearly being followed by industry.
"The ISASecure designation that is expected to arise from the effort will identify and promote security standards conformant products and systems," said ASCI managing director Andre Ristaino. "Certification provides the formal recognition of a product's conformance to an industry standard security specification, creating a key differentiator for the product."
A membership prospectus summarizing the ISA Security Compliance Institute program scope, member benefits, and member commitments is being distributed to leading suppliers and users of automation controls.
The prospectus solicits Founding Strategic Members, who will provide strategic direction and funding necessary to launch the activity. The due date for membership applications is September 1, 2007. The consortium has a 21 month launch plan, with conformance certifications slated to begin in June 2009.
The ISA Security Compliance Institute will be managed by ISA through ASCI, in partnership with The Open Group, who will provide certification management expertise.
Please visit the ASCI website at www.isa.org/asci for more information about the Automation Standards Compliance Institute. Visit the ISA Security Compliance Institute (ISCI) website at www.isa.org/ISASecure for more information about the control systems security initiative.
About ASCI
The Automation Standards Compliance Institute is an ISA-owned non-profit organizational entity that will assess automation-related standards compliance. The institute's charter includes a wide range of standards compliance assessments including software or hardware products, implementation methods, solutions, companies and individuals.
