Skip navigation
Go to Global Navigation
Go to Primary Contents
Go to Site Information

YOKOGAWA

Yokogawa Electric Corporation

Global

Font Size
Small Text
Medium Text
Large Text

IA Product Security Policy



Yokogawa Electric Corporation
Basic Security Policy for IA Products

1. Declaration
Measurement and control systems and devices associated with our industrial automation (hereafter referred to as the “IA”) business are becoming increasingly computerized and networked. To ease any concerns that our customers may have about using these products, appropriate measures must be taken against threats such as the destruction, theft, falsification, illegal access to and deletion of a system’s or device’s information assets, and the hijacking of such systems and devices. In order to fulfill its mission of providing customer-centric solutions, the IA business is committed to providing secure IA products that protect the integrity of our customer’s production-related information assets, while maintaining its functionality. The IA business will continually work to clarify protective measures and provide such measures to our users.

To accomplish this goal, we formulate 1) a Basic Security Policy for IA Products (hereafter referred to as the “Basic Security Policy”) to guide us in protecting our customers’ production-related information assets and 2) concrete Product Security Standards for each product category. (Hereafter the policy and standards are collectively referred to as the “IA Product Security Policy.”)

The IA Product Security Policy specifies various issues that must be addressed at each phase of the product lifecycle (planning, R&D, engineering, quality assurance, sales, after-sales services, etc.). The personnel of the IA business will take efforts to fully recognize the importance of information security and to observe all the relevant regulations to protect customers’ production-related information assets.
April 01, 2011
Satoru Kurosu
Head of IA Business Headquarters

2. Scope of the IA Product Security Policy
The IA Product Security Policy is applicable to the products of Yokogawa’s IA business.

3. Periodic Review
The IA Product Security Policy will be reviewed periodically by the Product Security Steering Committee as required to accommodate environmental changes and technical advances affecting our products.

4. Definitions
4.1 Threat
The threat is an activity that endangers product security, and includes the destruction, theft, falsification, illegal access to and deletion of a system’s or device’s information assets, and the hijacking of such systems and devices.

4.2 Vulnerability
In programmable devices, networks, and systems, the vulnerability is a weak point in the system, software, configuration, and/or specifications that can be exploited by a third party for such purposes as system hijacking and gaining access to confidential information.

4.3 Basic Security Policy
The Basic Security Policy is the supreme document in the IA Product Security Policy, and describes our basic policy on protecting the information assets of customers who use the IA products in their production operations. The Product Security Standards and the Product Security Procedures for each product category are based on the Basic Security Policy.

4.4 Product Security Standards
The Product Security Standards are prepared for each product category and set out the guidelines for protecting from security threats the information assets of customers whose production systems employ products that fall within the scope of the IA Product Security Policy.
System Security Standards

4.5 Product Security Procedures
The Product Security Procedures set out how to meet the Product Security Standards.

5. Product Categories
Product Security Standards and the Product Security Procedures are created for each of the following product categories and are available for customer use.

5.1 Production Control Systems and Software Packages
This category includes distributed control systems, safety instrumented systems, network-based control systems, factory automation systems, and related software packages.

5.2 Devices
(1) Devices on digital networks and software
Devices such as pressure transmitters, flowmeters, process analyzers, and data acquisition stations that can be connected to production control systems or digital networks
(2) Non-networked devices and software
Other devices that are not networked

6. Implementation Structure
The Product Security Steering Committee, an IA business-wide body, is charged with periodically reviewing and managing the IA Product Security Policy. This Committee is chaired by the head of the IA business and staffed by personnel from the departments described in Article 7.

The Committee’s Responsibilities
1) Periodic review and revision of the IA Product Security Policy
2) Provision of security education to the relevant departments based on the IA Product Security Policy
3) Inspection of the departments to ascertain their compliance with the IA Product Security Policy

7. Responsibility by Department

7.1 Product Planning
Product planning departments analyze the functional requirements for products by studying possible operating environments, identifying potential threats, determining necessary security and maintenance policies, and examining security requirements, and present them at planning assessments.

7.2 Product R&D
Product R&D departments study the technologies required to meet the security requirements presented at the planning phase, implement the corresponding functions on products, and verify that the requirements are met.

7.3 Quality Assurance
Quality assurance departments develop the necessary framework for product quality assurance, including the application of security patches, in cooperation with other concerned departments.

7.4 Engineering
Engineering departments deliver products in their final form to users after customizing them to their specifications. They also establish and put into operation a system that ensures such products are not exposed to security threats during this process.

7.5 Maintenance and Service
Maintenance and service departments study the services required for the safe use of products and deliver them to customers.

7.6 Sales
Sales departments seek customer feedback on the IA Product Security Policy and forward this to the Product Security Steering Committee.

7.7 Marketing
Marketing departments set up and operate a mechanism to release information required by customers including the IA Product Security Policy, and to obtain customer feedback.

Product Security Policy


Industrial Automation and Control Business
__Industrial Automation and Control Business
Shige's Coffee Break
vigilantplant.express
News
Events
VigilantPlant
__VigilantPlant
Contributing to a Sustainable Future
Operational Excellence Platform
Asset Excellence
Safety Excellence
What is VigilantPlant?
Is Your Plant a Quiet Place?
VigilantPlant Case Studies
White Papers
VigilantPlant Building Blocks
CENTUM. A History of Reliability
Vigilance
Industries
Oil & Gas
LNG Supply Chain
Refining
Petrochemical
Chemical
Pharmaceutical
Power
Water & Wastewater
Food & Beverage
Pulp & Paper
Iron & Steel
__news
__Industries
Renewable Energy
Biofuel
Biomass Power
Waste to Energy
Geothermal Power
Concentrated Solar Power
Wind Power
Success Stories
Oil & Gas
LNG Supply Chain
Refining
Petrochemical
Chemical
Pharmaceutical
Power
Water & Wastewater
Food & Beverage
Pulp & Paper
Iron & Steel
Metal Mining, Cement, Glass
Renewable Energy
More Industries
Application Notes
Oil & Gas
LNG Supply Chain
Refining
Petrochemical & Chemical
Pharmaceutical
Power
Water & Wastewater
Food & Beverage
Pulp & Paper
Iron & Steel
Metal Mining, Cement, Glass
More Industries
Download
__Download
Products
Service & Support
Product Release Information
Find Us in Your Area
IA Product Security Policy
System Security Policy
Contact Us
Solution-based Software
Plant Asset Management, PRM
Field Digital Solutions
Field Instruments
Environmental & Analytical Products
SCADA
VigilantPlant Services™
Production Control Systems
System Migration
Fieldeye CCTV Solutions
PLC:Leading Edge Controller FA-M3V
Films, Sheets
Network-based Control Systems
Safety Instrumented Systems (SIS)
Controllers, Recorders & Data Acquisition
Semiconductor Related Products & Systems
Magnetoencephalograph (MEG) Systems
Confocal Scanner Unit
Services Business
Service Business
Photonic Network Business
High-Content Analysis
Optical Fiber Sensing