After completing the security risk assessments and gathering the information necessary to understand your OT security baseline, the next stage of a comprehensive industrial cyber security program is to create a set of well-defined policies and procedures.
Policies and Procedures Development
Security documentation, along with management support, is the cornerstone of any Operational Technology (OT) cyber security program.
Policies and procedures will define the security organisation and the workflows, describing the specific roles and reporting structures that should be in place to effectively manage cyber security technology and bridge gaps between people, process and technology. Policies and procedures will cover areas such as:
- Asset management
- Access control
- Incident management
- Business continuity plans
- Compliance management
- Communications management
- Security system maintenance
We have a set of 36 policy and procedures templates available following our best practices and the IEC-62443 standard, ready to be shared with you. It takes approximately 24 months to write a complete set of policies and procedures; however, with our templates available, you could have a customised set in 6 months.
Ensure Compliance with Effective Policies and Procedures
With the implementation of the European-wide Network and Information Security Directive (NIS) for critical infrastructure, and regulatory changes to other process industry sectors; having a comprehensive set of policies and procedures will keep your organisation in compliance with the latest regulations. Organisations who invest time in developing policies and procedures realise the following benefits:
- Efficient and effective auditing and compliance reporting
- Increased organisation cyber security maturity
- Increased organisation awareness
- Enhanced cyber security culture
Yokogawa’s cyber security consultants can help support the implementation of your policies and procedures. Using industry best practices developed over many years of experience, our cyber security experts:
- Collaborate with your organisation to develop strategies for effectively communicating policies, standards and procedures for measuring good security practices and compliance
- Provide customisable OT security policies and procedures to expedite the development of security documentation according to your organisation’s specific requirements
- Keep staff up-to-date on industry cyber security standards and recommended practices
- Provide ongoing management of your policies, procedures and standards to ensure those documents are kept current and relevant
Looking for more information on our people, technology and solutions?Contact Us