This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Hazardex 2019 Conference Presentations - Security Risk Assessments for Functional Safety

Author : Colin Easton - Principal Safety Consultant, Prosalus

19 November 2018

Safety Instrumented Systems (SIS) are more vulnerable today than ever before due to the 
prevalence and sophistication of attacks specifically targeting them. This presentation will break down the requirements of BS EN 61511:2017 2 nd  Edition in the context of IEC, ISA, API and NIST requirements.

It will also provide a practical methodology for meeting the requirements of BS EN 61511:2017 2nd  Edition to be able to satisfactorily demonstrate to the regulatory authorities that the risks from security breaches have been reduced to a level that can be considered ALARP.


Attacks on SISs may be initially intended to hold a business to ransom by denial of service, the resultant consequences can be catastrophic, leading to a failure or unpredictable operation of the SIS resulting in a safety or environmental incident. These vulnerabilities are not just as a result of the availability of commercial off-the-shelf technology; high connectivity to business and manufacturing enterprise systems; requirements for remote access and availability of OEM system data in the public domain, but can also be related to the training and awareness of a business’ core staff.

 BS EN 61511:2017 2 nd  Edition and the UK HSE Operational Guidance OG-00086 introduce requirements for all owners of process safety systems to carry out a security risk assessment (SRA) to identify these threats. However, the security standards and practices for industrial automation and control systems continue to evolve while the process industry is struggling to keep abreast of the changing threat and regulatory landscape. In addition, the plethora of standards, guidance and articles being published to help address the SRA requirement has resulted in information overload.


Colin Easton is a Principal Safety Consultant at ProSalus Limited and has over 30 years of safety related experience as well as an international reputation for the provision of consultancy and training services, predominantly in the process industry sector, assisting clients to meet their safety, legislative, and regulatory obligations.

His main areas of specialisation are delivering safety training, the Functional Safety Assessment, Verification and validation of new and legacy plant safety systems, facilitation of safety studies, quantitative risk analysis and developing functional safety management systems including gap analysis

He has an MSc Eng. in Process Safety & Loss Prevention from the University of Sheffield, is an accredited TÜV Rheinland Functional Safety Senior Expert and a member of the Institute of Measurement and Control Safety Panel. 

Contact Details and Archive...

Print this page | E-mail this page