Tuesday, 1 December 2015

For the reliable provision of cybersecurity management services!

Yokogawa has received a Type 1 report on the internal controls that it employs in the provision of production control system secured remote solution services at its customers' plants. This report complies with the ISAE3402 international standard and the SSAE16 U.S. standard, both of which address the adequacy and effectiveness of the internal controls at service organisations.

With the growing threat of cyber-attacks, there is an urgent need to strengthen the security of plant production control systems. In addition to control systems, Yokogawa provides comprehensive solution services that address its customers' security needs. Yokogawa designs, constructs, and manages various control system security solutions that make use of information systems infrastructure. To help it improve the reliability and value of these services, and thereby ensure the stable operation of its systems, Yokogawa has obtained an ISAE3402/SSAE16 internal controls report on the service delivery and service support processes supporting the secured remote solution services that it offers in markets outside Japan.

Based on an objective evaluation, this report attests to the adequacy and effectiveness of Yokogawa's internal controls for its secured remote solution services providing customers with the assurance they need to commission these services without conducting their own audits. In addition, customers can submit such reports for evaluations of service organisation internal controls that are required under regulations such as the U.S. Sarbanes-Oxley Act (SOX), thus reducing their auditing workload.

As a result of the rising use of information technology and advances that are being achieved through the introduction of Industrial Internet of Things (IIoT) technology in plant operations, it is expected that operation technology (OT) and information technology (IT) will become more closely integrated. With its solid track record in helping companies make optimum use of their control systems, Yokogawa is well positioned to provide services that incorporate cyber-security management and other types of information technology solutions in control systems. Yokogawa will use such evaluations from independent organisations to provide its customers with optimum, highly reliable services.

In compliance with a practical guideline, this report is issued by the auditor of a service organisation to the auditors who are responsible for the auditing of the service organisation's clients' financial statements in order to provide assurances as to the design and implementation of the service organisation's internal controls. As a practical guideline, the International Auditing and Assurance Standards Board (IAASB) issued the International Standard on Assurance Engagements (ISAE) 3402 in December 2009. In April 2010, the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) issued the Statements on Standards for Attestation Engagements (SSAE) 16, which is similar to ISAE3402. There are Type 1 and Type 2 reports: Type 1 evaluates the adequacy of a service organisation's internal controls, while Type 2 evaluates the effectiveness of the implementation of the internal controls over a certain period of time, as well as their adequacy.

No comments:

Post a Comment