Ensuring that the cybersecurity aspects of industrial automation and control systems (IACS) are well managed in a project is a multi-step process that starts at the beginning of a project, even before the supplier is selected.

Simply specifying cybersecurity requirements is not enough, as the maturity of the cybersecurity solutions that can be implemented to meet these requirements can vary widely from supplier to supplier.

To properly manage the cybersecurity risk of an IACS system, the solutions need to be discussed and technically validated by specialists who understand the IACS world. We provide security FAT and SAT testing services – tailored to your cybersecurity requirements – to ensure that the cybersecurity aspects of IACS projects are properly addressed and implemented. Specific security FAT and SAT test procedures will be written that can be incorporated into your cybersecurity framework and policy.

It is important to understand that during our testing, NO changes are made to the systems under test, except for the specific settings required for authentication testing.

The result of these security FAT and SAT tests will be a series of reports that include the following information:

  • Non-compliance issues against the agreed requirements checklist (included in the FAT and SAT reports)
  • After the FAT: Detected vulnerabilities and weaknesses in the design and configuration of the information systems being tested. Items to be resolved, mitigated, or accepted for risk mitigation are indicated.
  • After the SAT: Issue Verification Report in which the previously discovered risks are either marked as resolved, not resolved, or to be accepted as residual risk and/or mitigated in some other way. Any newly discovered issues are also mentioned.

Contact us for more information