exida explains Blog

The thought of tackling a threat model (TM) might not be the most appetizing to some people.   Doing a quick Internet search, someone could get stuck under a mountain of acronyms and terms.  I mean, what is a CVSS anyway?  And then there are the diagrams, attack trees and feedback loops that…

Read More...

Machinery related hazards continue to result in hundreds of deaths and thousands of serious injuries each year. In 2019, 2,963 deaths occurred in the construction, transportation and warehousing, agriculture, forestry, fishing and hunting, and manufacturing industries in the United States¹. Additionally, serious injuries continue to pose a major challenge…

Read More...

Similar to the thought experiment “If a tree falls in a forest and no one is around to hear it, does it make a sound?”, we ask - If an alarm is generated, and the operator fails to acknowledge it, was it really an alarm? A prevalence of unacknowledged…

Read More...

Part of the changes to the IEC61511 standard in 2016, some five (5) years ago now, was to emphasize the need to do a better job with regards to the Operations and Maintenance phase of the safety lifecycle.  One of the key aspects of the Operation and Maintenance phase…

Read More...

Study after study finds that something like 80% of industrial incidents (give or take) are caused by Human Error. Incidents involving human error often include a failure of the operator to respond to an alarm, which is often directly or indirectly caused by nuisance alarms. Poor alarm management has…

Read More...

During a recent exida webinar we received the following question:

We tend to see more failures with actuated valves, than what manufacturers published failure rates would indicate! Any reason?

There are several reasons. Some manufacturers publish data based on field return data where they classify failures caused by customers…

Read More...

With the drive for digitalization and the Internet of Things the expression “Content is King”, coined by Bill Gates, has now been replaced by “Data is King”. This is especially TRUE in functional safety where the safety and reliability predictions generated from a Failure Modes, Effects & Diagnostics Analysis…

Read More...

Two common gaps exida encounters when evaluating vendor compliance against the IEC 62443-4-1, IEC 62443-4-2 and IEC 62443-3-3 standards are:

1. Inadequate or unclear Security Guidelines.    
2. A lack of documentation on the security audit records (AKA logs).   

Improving compliance in these areas is also a very cost-effective…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here , part 2 here, and part 3 here . Certification provides you with the opportunity to work with an experienced cyber team here at exida, and…

Read More...

In the book “The Checklist Manifesto: How to Get Things Right”, Atul Gawande, surgeon and best-selling author, tackles the problem of how to prevent human error in an age where professionals grapple with the increasing complexity of their responsibilities. Errors,…

Read More...

Want to improve your safety lifecycle and be more compliant with IEC 61508?  Focus on the things that have the most benefit.  Like what?  What are some of these valuable things?  

One of the major deficiencies I see while doing certification assessments is…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here and part 2 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber…

Read More...

Understanding operator decision-making is a good first step in improving operator effectiveness. Operator decision-making depends on the person (their level of expertise) and the situation (how familiar). A popular behavioral model from Rasmussen proposes that operator response can be broken into three levels; skill-based behavior, rule-based behavior, and knowledge-based behavior as shown in…

Read More...

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...

No, you probably don’t want to hurt me.  But if your product is used in a safety application, and my job depends on your product doing its job, will it hurt me if it fails?

With so many of us doing more things differently during the COVID pandemic, I wonder if…

Read More...