Master Planning User Guides for - Process Industry

The following are a set of diagrams for a Process Industry Owner/Operator, a Vendor, EPC, and Service Provider.

These diagrams show important interfaces between each of these Principal Roles. Interfaces are always the most difficult part of enterprise integration, so the intent is to help each of these organizations to understand what they must do, and why. Each section below also shows an example Cybersecurity Master Plan for that organization. Of course, this “set” is based on assumptions about what a typical Process Industry Owner/Operator might decide to incorporate in their cybersecurity corporate procedures, design practices, and plant operating procedures. Similarly, it is assumed that the Vendors, EPCs, and Service Providers will have decided in their own Cybersecurity Master Plans to respond to the requirements of a typical Process Industry Owner/Operator.

Owner / Operators

PERA User Guides are available for Process Industry Owner/Operators including:

• Creating a Corporate Cybersecurity Master Plan
  This includes establishing corporate and site cybersecurity policies, standards, and practices for a new or existing Enterprise. It also includes implementation of projects approved as part of the Cybersecurity Master Plan.


• Cybersecurity Program Implementation and Support
  These may include large projects such as new plants, or samller projects such as upgrade of an IACS control system. In either case, it is assumed that an approved set of cybersecurity policies, standards and practices exist that may be followed with only minor corrections or updates.

Each User Guide provides a list of relevant standards, Professional Roles, Typical Opportunities, example Master Planning Reports and other "starter materials" to help with creating the Master Plan.

Vendors

PERA User Guides are available for Process Industy Vendorss including:

• Creating a Corporate Cybersecurity Master Plan
  This includes establishing corporate and site cybersecurity policies, standards, and practices for a new or existing Enterprise. It also includes implementation of projects approved as part of the Cybersecurity Master Plan.


• Enterprise Project Master Planning
  These may include large projects such as new plants, or samller projects such as upgrade of an IACS control system. In either case, it is assumed that an approved set of cybersecurity policies, standards and practices exist that may be followed with only minor corrections or updates.

Each User Guide provides a list of relevant standards, Professional Roles, Typical Opportunities, example Master Planning Reports and other "starter materials" to help with creating the Master Plan.

Engineer, Procure, and/or Construct Contractors

PERA User Guides are available for Process Industy EPCs including::

• Creating a Corporate Cybersecurity Master Plan
  This includes establishing corporate and site cybersecurity policies, standards, and practices for a new or existing Enterprise. It also includes implementation of projects approved as part of the Cybersecurity Master Plan.


• Enterprise Project Master Planning
  These may include large projects such as new plants, or samller projects such as upgrade of an IACS control system. In either case, it is assumed that an approved set of cybersecurity policies, standards and practices exist that may be followed with only minor corrections or updates.

Each User Guide provides a list of relevant standards, Professional Roles, Typical Opportunities, example Master Planning Reports and other "starter materials" to help with creating the Master Plan.

Service Providers

PERA User Guides are available for Process Industry Service Providers including::

• Creating a Corporate Cybersecurity Master Plan
  This includes establishing corporate and site cybersecurity policies, standards, and practices for a new or existing Enterprise. It also includes implementation of projects approved as part of the Cybersecurity Master Plan.


• Enterprise Project Master Planning
  These may include large projects such as new plants, or samller projects such as upgrade of an IACS control system. In either case, it is assumed that an approved set of cybersecurity policies, standards and practices exist that may be followed with only minor corrections or updates.

Each User Guide provides a list of relevant standards, Professional Roles, Typical Opportunities, example Master Planning Reports and other "starter materials" to help with creating the Master Plan.