- Home>
- Products & Solutions:
- Industrial Automation and Control Business:
- __Industrial Automation and Control Business>
- News:
- Events:
- VigilantPlant:
- Industries:
- Renewable Energy:
- Success Stories:
- Application Notes:
- Download:
- Products:
- Service & Support:
- IA Product Security Policy:
- Contact Us:
- Industries_old:
- IA Product Security Policy
IA Product Security Policy
Yokogawa Electric Corporation
Basic Security Policy for IA Products
Basic Security Policy for IA Products
1. Declaration
Measurement and control systems and devices associated with our industrial automation (hereafter referred to as the “IA”) business are becoming increasingly computerized and networked. To ease any concerns that our customers may have about using these products, appropriate measures must be taken against threats such as the destruction, theft, falsification, illegal access to and deletion of a system’s or device’s information assets, and the hijacking of such systems and devices. In order to fulfill its mission of providing customer-centric solutions, the IA business is committed to providing secure IA products that protect the integrity of our customer’s production-related information assets, while maintaining its functionality. The IA business will continually work to clarify protective measures and provide such measures to our users.
To accomplish this goal, we formulate 1) a Basic Security Policy for IA Products (hereafter referred to as the “Basic Security Policy”) to guide us in protecting our customers’ production-related information assets and 2) concrete Product Security Standards for each product category. (Hereafter the policy and standards are collectively referred to as the “IA Product Security Policy.”)
The IA Product Security Policy specifies various issues that must be addressed at each phase of the product lifecycle (planning, R&D, engineering, quality assurance, sales, after-sales services, etc.). The personnel of the IA business will take efforts to fully recognize the importance of information security and to observe all the relevant regulations to protect customers’ production-related information assets.
April 01, 2011
Satoru Kurosu
Head of IA Business Headquarters
Satoru Kurosu
Head of IA Business Headquarters
2. Scope of the IA Product Security Policy
The IA Product Security Policy is applicable to the products of Yokogawa’s IA business.
3. Periodic Review
The IA Product Security Policy will be reviewed periodically by the Product Security Steering Committee as required to accommodate environmental changes and technical advances affecting our products.
4. Definitions
4.1 Threat
The threat is an activity that endangers product security, and includes the destruction, theft, falsification, illegal access to and deletion of a system’s or device’s information assets, and the hijacking of such systems and devices.
4.2 Vulnerability
In programmable devices, networks, and systems, the vulnerability is a weak point in the system, software, configuration, and/or specifications that can be exploited by a third party for such purposes as system hijacking and gaining access to confidential information.
4.3 Basic Security Policy
The Basic Security Policy is the supreme document in the IA Product Security Policy, and describes our basic policy on protecting the information assets of customers who use the IA products in their production operations. The Product Security Standards and the Product Security Procedures for each product category are based on the Basic Security Policy.
4.4 Product Security Standards
The Product Security Standards are prepared for each product category and set out the guidelines for protecting from security threats the information assets of customers whose production systems employ products that fall within the scope of the IA Product Security Policy.
| System Security Standards |
4.5 Product Security Procedures
The Product Security Procedures set out how to meet the Product Security Standards.
5. Product Categories
Product Security Standards and the Product Security Procedures are created for each of the following product categories and are available for customer use.
5.1 Production Control Systems and Software Packages
This category includes distributed control systems, safety instrumented systems, network-based control systems, factory automation systems, and related software packages.
5.2 Devices
(1) Devices on digital networks and software
Devices such as pressure transmitters, flowmeters, process analyzers, and data acquisition stations that can be connected to production control systems or digital networks
(2) Non-networked devices and software
Other devices that are not networked
6. Implementation Structure
The Product Security Steering Committee, an IA business-wide body, is charged with periodically reviewing and managing the IA Product Security Policy. This Committee is chaired by the head of the IA business and staffed by personnel from the departments described in Article 7.
The Committee’s Responsibilities
1) Periodic review and revision of the IA Product Security Policy
2) Provision of security education to the relevant departments based on the IA Product Security Policy
3) Inspection of the departments to ascertain their compliance with the IA Product Security Policy
7. Responsibility by Department
7.1 Product Planning
Product planning departments analyze the functional requirements for products by studying possible operating environments, identifying potential threats, determining necessary security and maintenance policies, and examining security requirements, and present them at planning assessments.
7.2 Product R&D
Product R&D departments study the technologies required to meet the security requirements presented at the planning phase, implement the corresponding functions on products, and verify that the requirements are met.
7.3 Quality Assurance
Quality assurance departments develop the necessary framework for product quality assurance, including the application of security patches, in cooperation with other concerned departments.
7.4 Engineering
Engineering departments deliver products in their final form to users after customizing them to their specifications. They also establish and put into operation a system that ensures such products are not exposed to security threats during this process.
7.5 Maintenance and Service
Maintenance and service departments study the services required for the safe use of products and deliver them to customers.
7.6 Sales
Sales departments seek customer feedback on the IA Product Security Policy and forward this to the Product Security Steering Committee.
7.7 Marketing
Marketing departments set up and operate a mechanism to release information required by customers including the IA Product Security Policy, and to obtain customer feedback.