Security Risk Assessments
In the dynamic landscape of industrial operations, security risk assessments (SRAs) serve as a strategic imperative, offering a comprehensive understanding of vulnerabilities across physical infrastructure, technology systems, and protection of operational processes. SRAs are essential for organizations as they identify, mitigate, and prioritize potential risks, helping in proactive risk management, compliance maintenance, and overall operational resilience. By evaluating security vulnerabilities in protective systems, procedures, and infrastructure, assessments enable organizations to effectively allocate resources, prioritize critical threats, and mitigate or prevent security incidents, providing valuable information for informed decision-making and facilitating the development of robust business continuity and disaster recovery plans.
AcuTech’s insight into the development of methodologies for evaluating threat-based security risks positions us as a trusted global partner in the pursuit of heightened security. We specialize in a spectrum of security risk assessment services tailored to meet the unique challenges faced by modern organizations. Our expertise encompasses the identification of vulnerabilities, in-depth threat analyses considering geopolitical risks, terrorism, cyber threats, insider threats, as well as the evaluation and prioritization of potential security countermeasures.
Notably, we have played a pivotal role in assisting major companies with the implementation of the API/ANSI Standard 780—a benchmark in security risk assessment methodologies for petroleum and petrochemical facilities. The methodology, applicable to assets beyond typical operating facilities, outlines the most efficient, cost-effective, and thorough approach to assessing security risks, ensuring a wide range of assets are appropriately safeguarded.
Additionally, we support international security and safety efforts. AcuTech proudly serves public sector partners on chemical risk management and security management projects. We manage grants and capacity building programs, supporting non-proliferation objectives on behalf of federal partners. AcuTech works with international industry associations to build risk management and chemical security management capabilities, provides risk assessment services and training to partners, and we mobilize our experts to respond to major industrial incidents and security threats aimed at industrial infrastructure.
Organizations benefit from our wealth of experience in identifying security-related weaknesses and vulnerabilities, conducting threat analyses, and evaluating and prioritizing security risks. AcuTech’s extensive history is a testament to our dedication to advancing security standards across diverse sectors, and we take a proactive stance in fortifying our partner’s operations. Contact AcuTech now to explore how our expertise can empower your organization to navigate the complexities of security risk management effectively.
- ANSI/API Security Risk Assessments to identify credible threats, assess risk exposure, and providing prudent countermeasures
- Security Risk Assessment Training
- CFATs & MTSA Support
AcuTech’s consultants are well versed in codes and standards developed by industry bodies and will refer to these as well as each client’s local jurisdiction codes and standards. A sampling of the relevant codes and standards can be found below.
- API/ANSI Standard 780. The American Petroleum Institute (API) and the American National Standards Institute (ANSI) jointly published the API/ANSI Standard 780: Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries. This standard provides guidelines for assessing security risks in petroleum and petrochemical facilities, covering a wide range of assets and security issues.
- ISA/IEC 62443 Series. The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) collaborated to develop the ISA/IEC 62443 series of standards. These standards focus on the security of industrial automation and control systems (IACS). They provide a framework for conducting security risk assessments and implementing cybersecurity measures in industrial processes.
- CFATS (Chemical Facility Anti-Terrorism Standards). Administered by the U.S. Department of Homeland Security (DHS), CFATS is a regulatory program focused on enhancing security at high-risk chemical facilities. It requires facilities to conduct security vulnerability assessments and develop and implement site security plans to address identified risks.
- NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection). NERC CIP standards are designed for the protection of critical infrastructure in the electric utility industry. They include requirements for conducting security assessments and developing and implementing security plans to safeguard critical assets.
- NIST Framework for Improving Critical Infrastructure Cybersecurity. While not industry-specific, the National Institute of Standards and Technology (NIST) Framework provides a widely adopted set of guidelines for enhancing cybersecurity across various sectors, including the process industries. It includes a risk management framework that organizations can adapt to their specific needs.
- ISO 27001. Although not specific to the process industries, ISO 27001 is an internationally recognized standard for information security management systems. Organizations in the process industries may adopt this standard to manage information security risks comprehensively.
AcuTech consultants have contributed to the following standards, codes, and programs.
- AcuTech was the prime contractor to the AIChE Center for Chemical Process Safety (CCPS) for development of the CCPS “Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites” in 2002.
- This pioneering work was well received by industry and is referenced by the Department of Homeland Security (DHS) as it provided an efficient and effective method to analyze security at chemical facilities. Because of our knowledge of risk assessment and our experience with the CCPS project, we were contracted by API and NPRA to develop a Security Vulnerability Assessment (SVA) methodology tailored to the petroleum and petrochemical industry that would be based on the CCPS approach.
- In addition, AcuTech was selected by API to transform the guidance document into a US National Standard in 2013 which was published as ANSI/API Standard 780. API Standard 780 was developed for the petroleum and petrochemical industries for a broad variety of both fixed and mobile applications. The Standard provides an approach for assessing security risk widely applicable to the types of facilities operated by the industry and the associated security issues they face. The standard is intended for those responsible for conducting security risk assessments (SRAs) and managing security at these facilities. The method described in this standard is widely applicable to a full spectrum of security issues, ranging from theft to insider sabotage to terrorism.
- AcuTech served as Prime Subject Matter Contractor experts to the U.S. Department of Homeland Security (DHS) during the development of the Chemical Facility Anti-Terrorism Standards (CFATS) regulation, the suite of Chemical Security Assessment Tools (CSAT), and the Risk-Based Performance Standards (RBPS), which were instrumental in the subsequent development of the Security Directives and Baseline Security Standards in Saudi Arabia and Qatar.