In our last post, we looked at three tools you may already use to help provide a safely functioning system at the front end – HAZOP, HAZID, and FMECA – and recommended their use for CyberSecurity. In this post, we’ll take a look at how to use HAZOPs to address CyberSecurity.
First, here is an overview of the HAZOP methodology:
![](http://athensgroupservices.com/wp-content/uploads/2019/03/cyber-security-chart.png)
Here is our recommended approach to addressing CyberSecurity within each phase of the HAZOP:
- In the Definition Phase:
- Within Scope and Objectives define:
- System Network Topology including all access points
- External Users including contractor access, application access, classes of users
- Internal Users including application access, classes of users
- Within Responsibilities define:
- Access policies
- User responsibilities
- Management of Change Policy
- Within the Team include at least one CyberSecurity subject matter expert (SME)
- Within Scope and Objectives define:
- In the Preparation Phase include:
- Within the Plan include keywords related to CyberSecurity; e.g. “more secure”, “less secure”, “access”
- Within Data Collection include:
- Formats for operational access logs
- Current activity logs for existing or “as like” assets
- Typical network traffic
- Within Estimate the Time include at a minimum 4 hours focused on CyberSecurity
- In the Examination Phase include:
- For each system part defined, ensure the design intent includes CyberSecurity
- For the remainder of the HAZOP follow each of the Examination Phase activities
- “Identify possible remedial/mitigating measures” is NOT optional. It is essential that CyberSecurity measures are identified and included during the design phase of any project.
- In the Documentation and Follow-Up Phase include:
- Ensure there are specific CyberSecurity actions
- Record and monitor any CyberSecurity action items and risks identified in the HAZOP
That’s it for recognizing CyberSecurity in your HAZOP. Next, we’ll look at putting CyberSecurity into your HAZID.
![](http://athensgroupservices.com/wp-content/uploads/2019/03/cyber-security.jpg)
Read the blog entries on our website – www.athensgroupservices.com, join our LinkedIn Group, and subscribe to our newsletter.