Be assured that Your Control System is Secure
Both the American Petroleum Institute (API) and the Instrument Society of America (ISA) recommend security standards in API1164 and ISA99 for securing data and control systems.
In 2007, the U.S. Department of Defense (DoD) initiated the Information Assurance Certification and Accreditation Process (DIACAP) for systems and software. This accreditation program covers many key risk areas, including update management, field security and internet security.
Although financially focused, the Sarbanes-Oxley Act of 2002 (SOX) requires increased responsibility, accountability and control to help eliminate loss and corruption of essential data from all levels of a company.
What does this mean to you?
- Varec is working to the strict U.S. DoD DIACAP security standards that meet or exceed API and ISA recommendations for all future measurement, control and automation software releases.
- FuelsManager securely records all information for internal use. Essentially, an audit trail is created of all changes and events within the system to provide complete transparency and process accountability.
- Varec® will work with your facility’s IT department to configure the system according to any additonal company standards in additon to our default security within a FuelsManager® network configuration, the security level used by almost all customers, including the U.S. Department of Defense (DoD).
- Your Security Administrators are able to set user privileges across the system. The following are some examples of user privileges:
- Whether a user has add/edit/delete or copy privileges to a database.
- Which tanks are visible to which groups of users through user-defined tag categories
- Which alarms are indicated to which groups and users via user-defined alarm categories
- Who can display and create real-time graphics
- Which users can modify the database
- Which users can issue operator commands
- Which users can acknowledge alarms
- Which users can create reports
- Apply user privileges to a particular group of tanks, such as specifying that a group of users can modify the high-high and low-low alarm limits for tanks 1-10 but not tanks 11-20.