This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Hazardex 2018 Conference - 19. Cybersecurity - What should Safety Instrumented System integrators be doing?

31 January 2018

Chris Parr - Technical Authority for Functional Safety, Sella Controls. 
Thurs 9.30 – 10.10: Seminar room

There is increasing momentum in the process industries to address cyber security risks associated with Industrial Automation and Control systems (IACS) and the publication of the UK Health and Safety Executive Operational guidance (OG-0086) on the subject matter is likely to see this focus increase.

Safety Instrumented Systems (SIS) are recognised as a primary protective layer for many Oil and Gas and Petrochemical facilities. Whilst the specification, design techniques and assessment of the integrity of these systems is well understood through industry guidance and standards such as BS EN 61508 and BS EN 61511, best practise for protecting these systems from security threats throughout their lifecycle is less clear. However, it does appear that IEC 62443 “Security for industrial automation and control systems” will become the de-facto guidance and is referenced in both BS EN 61511 and the HSE’s operational guidance.

System Integrators play a key role in the design, modification and maintenance of Basic Plant Control Systems and Safety Instrumented Systems and in the majority of projects they provide turnkey solutions for the control and automation aspects of the project to the end users. This raises the question of how these system integrators handle security issues and if their practices and procedures sufficiently reduce security vulnerabilities in the design, operation and maintenance phases of the lifecycle.

IEC 62443 part 2-4 covers the security program requirements for IACS service providers. It gives specific requirements of what a system integrators management system should include to give confidence to asset owners that the integration and maintenance activities that they complete include appropriate security measures. The standard covers subjects such as staffing, solution hardening, network security, user security and patch management.

This presentation will introduce Part 2-4 of IEC 62443 and explain why compliance is good for both the system integrator and their clients. It will also draw on the presenter’s own experience of applying the standard in a safety systems integrator environment and highlight the challenges and opportunities faced.


Chris Parr is a Functional Safety Specialist and EC&I Engineer with over 22 years’ experience in the specification, design modification and maintenance of process control and safety instrumented systems across multiple industry sectors.

Chris is a TÜV Rheinland certified functional safety expert (FS-Expert, SIS, ID:260/15) and Chartered Engineer and is currently the Technical Director for SELLA CONTROLS, a supplier of safety critical control systems to the Oil & Gas, Rail and Petrochemical industries. Chris leads the company’s functional safety consultancy business and is an approved SIL study facilitator and functional safety assessor for a number of organisations.

In addition, he is a director of CASS (Conformity Assessment of Safety-related System), a UKAS accredited Functional Safety Management assessment scheme.


Contact Details and Archive...

Print this page | E-mail this page

CSA Sira Test