Embedded systems

iFACTS Embedded systems - Web based management and control of Embedded systems

It has lately been realised how vulnerable  Embedded systems, or SCADA systems (Supervisory Control and Data Acquisition) are. Today these systems can be built on standard software and available through the internet or LAN/WAN.

Often the plants or machinery that are controlled by Embedded systems are the very base of society infrastructure such as Water reservoir, Power distribution grid, TV&Radio broadcasting, Telecom or manufacturing machines/equipment.

Controlling the Embedded systems have become an important part in Risk Management and Business Continuity. But since these systems are deeply integrated in Processes, Facilities and IS/IT, one major challenge is to identify and analyse the entire scope. Where are the weak links?

iFACTS Embedded systems provides management with a consequent reporting and monitoring of all the Embedded systems, presented as a performance score 0-100%. It also generates the dependency map to other objects in the chain.

Web technology helps the Embedded system responsible with documentation and analysis. Common work steps are to document the Embedded system in terms of technical description, content, dependencies, objectives, responsibilities and classification.

A web questionnaire can be used to measure to what degree the Embedded system is following guidelines and other requirements.

Embedded system risk assessment can be performed and followed up on.

The list below shows all the available Embedded system management variables. These can be turned on or off depending on purpose and ambition.

Data and output

• Inventory and classification - of the Embedded system. Information gathering such as technical description, responsibilities, roles, classification, applicable law. Finalizing all steps in the inventory step gives a score of 100%.
• GAP analysis - web questionnaire to check current status. Result presented in the range 0-100%.
• Risk assessment - scenario based risk assessment. Results in a Consequence-Probability matrix with risk acceptance level. Score depending on if there is preventive actions planned for all scenarios over risk acceptance.
• Requirement fulfillment - a requirement list is generated from the settings in classification, law and risk assessment. These requirements needs to be fulfilled in order to be "green". "Yellow" means active and "red" means passed due date.
• Objectives - in the measurement portal different measure sessions are created and then continuously measured. For example: Availability or downtime. Fulfillment of objectives displays in the range 0-100%.
• Plans fulfillment - a plan requirement list is generated from the settings in classification, law and risk assessment. The plan needs to be done in time to be "green". "Yellow" means active and "red" means passed due date.
• Dependency mapping - in the dependency component the Embedded system is mapped for dependencies with other organizational assets and activities. A red dependency means that the requirements do not match and will result in a lower score.
• Events - from the management work in the steps above, deviations and nonconformities will emerge. These are integrated into the Event module and monitored for follow up and action such as management approval. The Event score is calculated from number of green, yellow and red events.

Implementation and roll out can be done instantly with high efficiency using web technology.

iFACTS Embedded systems functionality

Dynamic setup of organizational structure and roles in the main administration, creation of company tree and roles. Connection to active directory.

Dynamic setup of inventory content  All the steps in the Embedded systems inventory wizard are created by the administrator.

Requirement trigger   Classification, applicable law and risk assessment can trigger requirements from the requirement list.

Plan trigger   Classification, applicable law and risk assessment can trigger plans from the PPP plan list.

Calculation   supports entering a calculation for each asset for example Business Impact Analysis, BIA.

Dependency component  to establish dependency connection between organizational assets and activities. Presented in a graph with critical line and dependency information.

Integration   with Risk management, GAP, Event, Audit, Riskportfolio, INSMAN and the ONTRACK dashboard.

Event monitoring  with connection to management approval and other roles and responsibilities.

Audit  connected to the Audit module for automated audits and inspection programs.

Report generator  a wide variety of reports/settings can be created and saved as templates.  All of these reports can be exported to Excel, Word, PDF, Text

Search can be conducted according to selection on all registered data, for example, organization, type, status, category, role etc.