Achilles Certified Practices™ Program Benefits

Cyber security best practice benchmarks for manufacturers of industrial process automation, control & optimization systems.

The Benefits of Practices Certification

Over the last decade, Process Control Systems (PCS) have moved from standalone environments to highly integrated, increasing computerized, often networked environments. These changes have provided the Industry with opportunities to optimize and improve operational effectiveness, leading to increased quality, reliability and profitability.  The introduction of PCS inter-connectivity creates risks, including substantial security risks.  PCS can be accessed by unknown entities utilizing available network or direct connections.  PCS can be manipulated, maliciously or accidentally, with potentially disastrous effects on production and safety.  To mitigate exposure to risk, you must ensure that your product or service has an acceptable level of inherent security.  The question is how to achieve this level of security? More importantly, what level of security is required and how can this be established or verified?

Wurldtech Security Technologies offers a solution with the Achilles Practices Certification (APC), the only available security standard in Industrial Automation and Process Control.  APC is based on the global Industry standard Security Requirements for Vendors defined by the WIB, a consortium of leading End User organizations, System Integrators and Vendors.  APC offers a coherent, simple, out-of-the-box solution to build and support security mechanisms in the products and services used in today's control systems.  An APC Certification testifies that a product or service meets an established security benchmark.

End Users are increasingly mandating proof of a Vendor's or System Integrator's security qualifications, such as APC Certification.  As a Vendor or System Integrator, this Certification can also be used as a testimony of security quality, a competitive advantage independent of any End User-Client mandate.

Vendor Benefits from APC Conformance

End Users and Operators place strong emphasis on improved process control security.  Vendors who demonstrate and produce evidence showing the existence and practice of recognized security policies and practices receive special consideration for their automation solutions with built-in security.  The first competitive win pays for the cost of certification.

Vendors further realize a public relations boost through the visible display of their certification award at trade shows, on their web sites, and promotional advertising by Wurldtech.  Vendors are also better shielded from liability exposure because they have built into their system and services best security practices and security mechanisms that can be effectively managed by the End User.  Having processes and policies implemented according to an acknowledged and verified international standard helps to negotiate reduced FAT/SAT efforts between Vendors and End Users.  Expected savings in this area range from 25% to 75% depending on the level of certification and specific End User requirements. 

End User Benefits from APC Conformance

End Users have built security mechanisms into their automation systems that are well aligned with their IT security policies and tailored to their operational requirements.  Effective security management is now cost effective because security is part of the Vendor's design, development, and qualification program.  It is no longer an afterthought that must be bolted on and managed by third party specialists.  Rather, security is managed in accordance with a centralized policy and executed by every organizational unit that has responsibility for process control functions requiring the appropriate level of security assurance.  Security management becomes part of the day-to-day operating procedures, a transparent action which becomes second nature and is accepted with little or no resistance.  End Users can tell regulatory agencies they are deploying secure systems with upgradeable capabilities to address the rapidly changing threat landscape.  Investing in security primarily is a premium on mitigating direct impact risks related to reliability, continuity, and operational quality, which can lead to potential lost revenue.  It also mitigates indirect risks to reputation, and environmental or societal impact, which will lead to lost customers or claims. 

Project Cost Information

An APC project is budgeted based on a fixed set of pre-defined activities and time boxed limited support by the Wurldtech Assessement team as well as the Vendor performing a full self-assessment and evidence gathering against stated requirements.  This is to ensure the direct project cost is at a reasonable and fixed level:

The Achilles Practices Certificate has a validity period of 12 months, annual re-application for certification is required.  Re-certification will be performed at a discounted level, depending on the level of change since the last certification. 

Wurldtech Expert Consulting Services is offered to:

  • Help prepare the warrants and gather the evidence for Vendor Submittal
  • Assist in correct interpretation of the Vendor situation
  • Assist in organizational and procedural change management as required or recommended
The typical project duration of three to six months depends on the candidate's internal organization and security focus.