Security Risk Assessments
In the dynamic landscape of industrial operations, security risk assessments (SRAs) serve as a strategic imperative. They provide a comprehensive understanding of vulnerabilities across physical infrastructure, technology systems, and operational processes. SRAs are essential for organizations because they identify, mitigate, and prioritize potential risks to information assets, supporting proactive risk management, compliance, and overall operational resilience. By evaluating security vulnerabilities in protective systems, procedures, and infrastructure, assessments enable organizations to allocate resources effectively. They also help prioritize critical threats and prevent security incidents. They also provide valuable information to support informed decision-making and help develop robust business continuity and disaster recovery plans. AcuTech’s expertise in developing methodologies for evaluating threat-based security risks positions us as a trusted global partner in enhancing security.
Comprehensive Security Risk Assessment Services
AcuTech’s insight into the development of methodologies for evaluating threat-based security risks positions us as a trusted global partner in the pursuit of heightened security. We specialize in a spectrum of security risk assessment services tailored to meet the unique challenges faced by modern organizations. Our expertise encompasses identifying vulnerabilities. It also includes conducting in-depth threat analyses that account for geopolitical risks, terrorism, cyber threats, and insider threats. In addition, we aid in evaluating and prioritizing potential security countermeasures.
Leadership in ANSI/API 780 Security Risk Assessment Methodology
Notably, we have played a pivotal role in the development of the ANSI/API Standard 780 Security Risk assessment methodology. We have since assisted major companies in implementing the Security Risk Assessment methodology. The methodology serves as the benchmark for security risk assessment methodologies for petroleum and petrochemical facilities. It applies to assets beyond typical operating facilities. The methodology outlines the most efficient, cost-effective, and thorough approach to assessing security risks. It ensures appropriate safeguards for a wide range of assets across multiple industries.
Global and Public Sector Security Support
Additionally, we support international security and safety efforts. AcuTech proudly serves public sector partners on risk management and security management projects. We manage grants and capacity building programs, supporting non-proliferation objectives on behalf of federal partners. AcuTech works with international industry associations to build risk management and security management capabilities and provides risk assessment services and training to partners. We mobilize our experts to respond to major industrial incidents and security threats targeting industrial and governmental infrastructure.
Partnering to Strengthen Security and Resilience
AcuTech consultants developed the API/NPRA Security Vulnerability Assessment (SVA) Methodology and authored the second and third editions of the API Security Guidelines for the Petroleum Industry, as well as the ANSI/API Standard 780 Security Risk Assessment (SRA) Methodology. AcuTech employs a proprietary template and the SVAPro™ software to conduct Standard 780 SRAs.
Organizations benefit from our wealth of experience in identifying security-related weaknesses and vulnerabilities, conducting threat analyses, and evaluating and prioritizing security risks. AcuTech’s extensive history is a testament to our dedication to advancing security standards across diverse sectors. We take a proactive stance in fortifying our partners’ operations. Contact AcuTech to explore how our expertise can help your organization navigate the complexities of security risk management.
- ANSI/API Security Risk Assessments. Identify security gaps and business prudent countermeasures
- Security Risk Assessment/Security Survey. Identifying credible threats, assessing risk exposures, analyzing gaps, and providing cost-effective countermeasures
- Threat Assessment and Vulnerability Analysis
- ANSI/API Standard 780 SRA Training
AcuTech’s consultants are well versed in codes and standards developed by industry bodies and will refer to these as well as each client’s local jurisdiction codes and standards. The following section lists a sampling of the relevant codes and standards.
- ANSI/API Standard 780 Security Risk Assessment Methodology. The American Petroleum Institute (API) and the American National Standards Institute (ANSI) jointly published Standard 780: Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries. This standard offers guidelines for evaluating security risks in petroleum and petrochemical facilities, covering a broad range of assets and security concerns within the industry. Standard 780 also applies to other sectors with high-value assets.
- ISA/IEC 62443 Series. The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) collaborated to create the ISA/IEC 62443 standards series. These standards focus on the security of industrial automation and control systems (IACS). They offer a framework for conducting security risk assessments and implementing cybersecurity measures in industrial processes.
- CFATS (Chemical Facility Anti-Terrorism Standards). Managed by the U.S. Department of Homeland Security (DHS), CFATS is a regulatory program aimed at improving security at high-risk chemical facilities. It mandates facilities to conduct security vulnerability assessments and create and implement site security plans to mitigate identified risks.
- NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection). NERC CIP standards are designed for the protection of critical infrastructure in the electric utility industry. They include requirements for conducting security assessments and developing and implementing security plans to safeguard critical assets.
- NIST Framework for Improving Critical Infrastructure Cybersecurity. Although not industry-specific, the National Institute of Standards and Technology (NIST) Framework offers a widely used set of guidelines for strengthening cybersecurity across various sectors, including the process industries. It features a risk management framework that organizations can tailor to their specific needs.
- ISO 27001. Although not specific to the process industries, ISO 27001 is an internationally recognized standard for information security management systems. Organizations in process industries may adopt this standard to comprehensively manage information security risks.
Our consultants have contributed to the following standards, codes, and programs.
- AcuTech was the prime contractor to the AIChE Center for Chemical Process Safety (CCPS) for development of the CCPS “Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites” in 2002.
- This pioneering work was well received by industry and is referenced by the Department of Homeland Security (DHS) as it provided an efficient and effective method to analyze security at chemical facilities. Based on our risk assessment expertise and experience with the CCPS project, API and NPRA contracted us to develop a Security Vulnerability Assessment (SVA) methodology tailored to the petroleum and petrochemical industry, grounded in the CCPS approach.
- In addition, AcuTech was selected by API to transform the guidance document into a US National Standard in 2013 which was published as ANSI/API Standard 780. API Standard 780 was developed for the petroleum and petrochemical industries for a broad variety of both fixed and mobile applications. The Standard provides a widely applicable approach for assessing security risk across the types of facilities operated by industry and the associated security issues they face. The standard is intended for those responsible for conducting security risk assessments (SRAs) and managing security at these facilities. The method described in this standard is widely applicable to a full spectrum of security issues, ranging from theft to insider sabotage to terrorism.
- AcuTech served as Prime Subject Matter Contractor experts to the U.S. Department of Homeland Security (DHS) during the development of the Chemical Facility Anti-Terrorism Standards (CFATS) regulation, the suite of Chemical Security Assessment Tools (CSAT), and the Risk-Based Performance Standards (RBPS), which were instrumental in the subsequent development of the Security Directives and Baseline Security Standards in Saudi Arabia and Qatar.