VTT 385 – Guidelines: Integrated Management of Safety and Security Synergies in Seveso plants (SAF€RA 4STER)
[ Bron: VTT Technical Research Centre of Finland, ISBN 978-951-38-8745-2, https://doi.org/10.32040/2242-122X.2021.T385 ]
Summary
The digitalisation trend in the process-industries bring with new safety and security challenges. Modern plants are constantly investing in automation, allowing plant to operate autonomously, to different degrees. For a long time, chemical plants were not connected to networks, and thus they were not designed with cybersecurity in mind. However, now the connections to information networks outside the plant are more and more common. As a result, cyberattacks launched against the safetycritical chemical industries can cause severe safety threats, in the worst case, trigger an explosion. The probability that computer networks and information systems belonging to such sectors is attacked – and successfully so – is now higher than ever.
This document provides guidance on what to consider when designing and implementing integrated safety and security management in Seveso plants. The guidance cover different aspects of management including a) recognition of the context of organisation, b) leadership, c) planning, d) support, e) operation, f) performance evaluation and g) improvement.
Integrated management refers to connecting, coordinating and combining safety and security management activities in order to exploit synergies and to resolve conflicts between them. Understanding and recognising their similarities and differences, and their intertwined nature is essential for carrying out integration. Integration may be implemented in structures and functions, and it promotes the creation of a new integrated culture, which also needs to be managed.
The integration of activities requires motivation. The need is based on increasing cybersecurity threats concerning the plants involving major chemical hazards. The benefits of integration include convenience, improved safety and security performance, resource optimisation, and increased resilience.
The potential activities, in which safety and security management could be combined include, for example, risk assessment, incident reporting, emergency management, change management and informing the public.
Safety and security are intertwined domains, comprising both common and different aspects. Both specific safety and security knowledge and integrated management are needed. Simply combining and communicating between safety and security domains is not sufficient due to the intertwined and complex nature of present safety and security issues. A new integrative mind-set is required in the future.
