ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.

Slides:



Advertisements
Similar presentations
Radiopharmaceutical Production
Advertisements

Internal Control–Integrated Framework
ISO 9001:2000 Documentation Requirements
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
More CMM Part Two : Details.
Quality Improvement/ Quality Assurance Amelia Broussard, PhD, RN, MPH Christopher Gibbs, JD, MPH.
Dr. Julian Lo Consulting Director ITIL v3 Expert
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Office of Inspector General (OIG) Internal Audit
Workplace Safety and Health Program
Quality Assurance/Quality Control Policy
project management office(PMO)
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
FPSC Safety, LLC ISO AUDIT.
A Review ISO 9001:2015 Draft What’s Important to Know Now
RJC Certification - (COP 9) Bribery and Facilitation Payments Training Module – March 2014.
Seafood HACCP Alliance for Training and Education Chapter 10 Principle 6: Establish Verification Procedures.
Chicagoland IASA Spring Conference
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Introduction to ISO New and modified requirements.
Introduction to Software Quality Assurance (SQA)
Basics of OHSAS Occupational Health & Safety Management System
Effective Management and Compliance 1 ANA GRANTEE MEETING  FEBRUARY 5, 2015.
Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.
Page 1 Internal Audit Outsourcing The Moss Adams Approach to Internal Audit Outsourcing Proposed SOX 404 Changes.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Uncertainty management in Statoil (Risk and opportunity management)
DCIPS Implementation Project Plan Update Army G2 Intelligence Personnel Management Office (IPMO) April 6, 2009.
Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.
ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.
5-1 Lesson 5 | Common Issues & Challenges. Describe how RSAs address project schedule (time), project cost, and agency liability concerns. Explain the.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
Chapter 9: Introduction to Internal Control Systems
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
IAEA International Atomic Energy Agency Methodology and Responsibilities for Periodic Safety Review for Research Reactors William Kennedy Research Reactor.
Page 1 | Proprietary and Copyrighted Information Structure of the Code Don Thomson, Task Force Chair IESBA Meeting New York, USA November 30 – December.
2015 Pipeline Safety Trust Conference November 20 th, 2015 | New Orleans, LA API RP 1175 Pipeline Leak Detection Program Management – New RP Highlights.
ISO Registration Common Areas of Nonconformances.
Internal Auditing ISO 9001:2015
EO Dataset Preservation Workflow Data Stewardship Interest Group WGISS-37 Meeting Cocoa Beach (Florida-US) - April 14-18, 2014.
February,  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice.
Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM.
A LOOK AT AMENDMENTS TO ISO/IEC (1999) Presented at NCSLI Conference Washington DC August 11, 2005 by Roxanne Robinson.
Consultancy expertise for ISO design and implementation
INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014
Flooding Walkdown Guidance
Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>
Outcome TFCS-11// February Washington DC
CMMI – Staged Representation
RECORDS AND INFORMATION
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
IS4550 Security Policies and Implementation
CHAPTER 4 PROPOSAL.
CHAPTER 4 PROPOSAL.
2019 Meeting 1 Northern Ontario Safety Group.
Mr Mirco Barbero European Commission, IAS.C1
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Radiopharmaceutical Production
Nonconformity Writing
Presentation transcript:

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004

2 ISA–The Instrumentation, Systems, and Automation Society Ground Rules n Two hours and an 80+ page document l stay focused, identify and record actions, and move on n Points requiring analysis or discussion will be taken offline n Our objective is to get commitment to produce a revised document l consistent with our plans for 6 month cycle l we need names!

3 ISA–The Instrumentation, Systems, and Automation Society Agenda n Introductions & confirm participation(0:15) n Review suggested improvements(1:00) n Brainstorm additional opportunities(0:20) n Identify leads for major sections(0:15) n Plans for ongoing meetings(0:10) n Adjourn11:30 Sharp

4 ISA–The Instrumentation, Systems, and Automation Society Introductions

5 ISA–The Instrumentation, Systems, and Automation Society Suggested Improvements (From Bob Webb: March 19) n General Topics for attention n Additional clarity n Improvements by section n Annexes

6 ISA–The Instrumentation, Systems, and Automation Society Topics for Attention n Make the document of more practical use by providing examples, checklists, etc. n More information on components “attached” to M&CS: l e.g., historians, optimizers, supervisory systems n Personnel and personnel policies l aligned with TR #1

7 ISA–The Instrumentation, Systems, and Automation Society Additional Clarity n Better description or definition of policies, procedures, programs, etc. n More in depth treatment of existing network security functions and features during inventory and assessment phase n Addition of more details on configuration management and change control

8 ISA–The Instrumentation, Systems, and Automation Society Improvements by Section n Section 10.2: Comprehensive treatment of steps to address vulnerabilities n Section 19: Addition of guidance on routine security reporting and analysis n Section 20: Addition of guidance on periodic audit and compliance measures n Section 21: Add guidance on re-evaluation of security countermeasures, when triggered by external events and/or audit and assessments.

9 ISA–The Instrumentation, Systems, and Automation Society Annexes n Annex A: General cleanup n Annex B: More examples and guidance on audit and vulnerability assessment processes l Include checklists as examples l This may be the appropriate place to relocate material from section 9 l Make some general statements about appropriate content n Annex C: Addition of guidance on steps suppliers and consultants should be using to protect themselves and their clients. n Include a typical “business case” as a separate annex

10 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 6: Developing a program (18 pages) l creating a program vs. extending an existing program (IT and process safety) l policies vs. standards l functional or performance characteristics with security implications n Section 7: Define Risk Goals (1 page) l related to the question of “what’s different” l expand with examples l may be appropriate to combine with section 6, or more appropriately, section 9

11 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 8: System Assessment (6 pages) l include safety instrumented systems and burner management systems l go back to introduction to make sure that the basic reference model is well described and understood; know the scope n Section 9: Conduct Risk Assessment & Gap Analysis (12 pages) l should the specifics of this section be placed in an annex? current version is 12 pages l focus on general principles in the text

12 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 10: Select Countermeasures (5 pages) l reference change mgmt in TR1 n Section 11: Procure Countermeasures l build vs. buy l this is where compromises have to be made l the only step listed is “create spec”, but there are other steps, such as evaluate alternatives

13 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 12: Define Test Plans (3 pages) l x n Section 13: Test Countermeasures l x

14 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Sections 14 & 15: Integration Test l x n Sections 16 & 17: Validation Test l x

15 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 18: Finalize Operations Measures l Management of changes is referenced in 18.3; is this similar to that in 10.3? l section 18.4 says to establish audit frequency; may want frequency not be public n Section 19: Reporting and Analysis l x

16 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Section 20: Audit & Compliance l x n Section 21: Re-Evaluation l x

17 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Annex C: Supplier Practices l we need to be challenged to “raise the bar” on the security of products offered. l PCSRF is doing this, as is CIDX; do we have to do so also? l How do we hold suppliers accountable? l This topic may be big enough for another working group?

18 ISA–The Instrumentation, Systems, and Automation Society Meeting Schedule and Plans n Regular conference calls l Frequency? l Length?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.