7 Steps to Industrial Control System Cybersecurity | exida
 

exida Academy.

exida Academy provides comprehensive Functional Safety, ICS Cybersecurity, and Alarm Management training for today's industry professional.

Overview

exida Academy

The mission of exida Academy is to share our evolving knowledge and skills with end users and original equipment manufacturers with the intention that they will in turn design, build, operate, and maintain optimally safe, secure, and cost-effective automation systems as applicable to their functional responsibility.

Our courses are available on a variety of platforms, ranging from public classes and self-paced online training to week-long custom, on-site training workshops. Courses are provided at the Beginner, Practitioner, and Expert levels.

The exida Academy Global Course Schedule can be viewed here

Our Course Catalog can be found below, and is categorized by the following:

  • Alarm Management
  • Automotive Safety
  • Engineering Tools
  • Functional Safety
  • Industrial Cybersecurity
  • Robot & Machine Safety

Request a Quote for On-Site Training   

Practitioner Certificate Programs

All attendees can earn a practitioner certificate by attending related exida academy training classes and passing a subsequent exam.

exida offers the following programs:

  • FSP (Functional Safety Practitioner)
  • CSP (IEC 62443 Cybersecurity Practitioner)
  • AMP (Alarm Management Practitioner)
  • FGP (Fire & Gas Practitioner)

What Our Students Say

  • exida training gave us a great introduction to Alarm Management and the IEC62682 Standard. The instructor Todd Stauffer is highly competent within the area of Alarm Management and has great communication skills.

    Arvid Halrynjo, ELDOR AS

  • "This course (ALM-102) was outstanding. The content was dead on and specific enough to the various control systems. I would recommend this course to anybody that is involved in Alarm Management. I want to thank you for the great information that you passed on."

    Chris Payne, SABIC

  • "Their courses are especially effective in providing a detailed understanding of the concepts of Functional Safety for both beginners and experienced personnel. Class exercises allow concepts to be absorbed and applied effectively especially where calculations/analyses are involved.”

    Zohaib Siddiqui, ME Global

  • I’d like to say many thanks to you for teaching an outstanding course. I hope to someday gain half the knowledge you have in functional safety. This was one of the best classes I’ve ever had. I’d like to let you know that I passed the CFSP exam!

    Robert C. Perry III, GB Biosciences / Syngenta Corporation

Course Offerings


Alarm Management:

ALM 101 - Introduction to Alarm Management Practices & Principles

Operator response to alarms is a critical layer of protection to prevent a plant upset from escalating to an incident. Poor alarm management has been cited as a contributor to numerous industry incidents. Application of alarm management best practices can help increase operator productivity leading to optimized production and less unplanned downtime. The course will show how the ISA-18.2-2009 standard “Management of Alarm Systems for the Process Industries”, and the alarm management lifecycle defined in it, can be used to address common alarm management issues (e.g., nuisance alarms, alarm floods) and to create an effective, sustainable alarm management program that delivers quantifiable benefits.

More Info    

ALM 102 - Fundamentals of Alarm Management for the Practitioner: How to Apply ISA-18.2 / IEC 62682

The course is structured around the the alarm management lifecycle; reviewing the key requirements / activities of each stage along with industry best practices. It focuses in-depth on the engineering, design, implementation, and operational and improvement tasks that would be led by the practitioner; rationalization, basic alarm design, HMI design, dynamic alarming, designed alarm suppression, alarm shelving, implementation of alarm response procedures, evaluation of alarm system performance, and use of alarms as process safety safeguards and layers of protection. Human factors principles are introduced to show how they impact effective operator performance. Exercises are designed to demonstrate key principles applied in real situations. “Lessons learned” are shared from numerous successful alarm management projects around the world and from being an “insider” during the development of the standards.

More Info    

Automotive Safety:

AUT 101 - ISO 26262 Road Vehicles Functional Safety – For Leaders

Avoiding the very detailed execution activities recommended in ISO 26262, this course offers senior automotive leadership team members a practical and accessible overview of the concepts and activities required to successfully deploy, achieve and maintain ISO 26262.

More Info    

AUT 121 - An Overview of Changes to ISO 26262 (2nd Edition)

The 2nd edition of ISO 26262 was approved during the end of 2018. This edition has many changes sprinkled throughout the 12 parts of the standard. This course will provide an in-depth overview of the changes along with guidance on the impact of the changes on the product development lifecycle. Each attended will receive a complete listing of all sections with changes along with a detailed description of the most significant changes. ​

More Info    

AUT 206 - Automotive Cybersecurity

This 1.5 day course is designed to give an overview of automotive cybersecurity providing an introduction to the relationship between cybersecurity & functional safety, automotive cybersecurity standards, management, process and planning aspects, TARA (Threat Analysis and Risk Assessment), as well as understanding cybersecurity goals and threats. Cybersecurity principles and the analysis of cybersecurity threats and risks in a road vehicle context will also be discussed.

More Info    

AUT 211 - Automotive ISO 26262: Road Vehicles Functional Safety

ISO 26262 is a functional safety standard intended to be applied to the development of software for electrical and/or electronic (E/E) systems in automobiles. ISO 26262 is an adaptation of the broader IEC 61508 safety standard, which has been used to derive safety standards for the nuclear power, machinery, railway, and other industries. It is aimed at reducing risks associated with software for safety functions to a tolerable level by providing feasible requirements and processes. This course offers an introductory to the standard from a software and hardware level.

More Info    

AUT 212 - ISO 26262 Road Vehicles Functional Safety - Hardware Development and Analyses

This course offers students an understanding of the key hardware analyses recommended in ISO 26262.

More Info    

AUT 213 - ISO 26262 Road Vehicles Functional Safety - Product Development at the Software Level

This course offers students an understanding of the key software analyses recommended in ISO 26262.

More Info    

AUT 214 - ISO 26262 Road Vehicles Functional Safety - Guideline on application of ISO 26262 to semiconductors

This course offers students an understanding of industry recommended best practices and guidelines on the application of ISO 26262 to semiconductors.

More Info    

Engineering Tools:

ALM 241 - Alarm Rationalization with SILalarm

Attendees will learn how to conduct alarm rationalization of greenfield (new) or brownfield (existing) applications in order to optimize performance of their alarm systems. The class immerses participants in discussion and hands on exercises which have been designed to demonstrate the best practices and requirements for rationalization as taken from the ISA-18.2 alarm management standard and EEMUA 191 guideline. The class focuses on how rationalization can lead to improved operator performance by eliminating / preventing common alarm problems such as nuisance / chattering / stale alarms, incorrect priority, alarm overload, and alarm floods. It also includes a discussion on tips and tricks for creating an alarm philosophy document, such as how to effectively define the “rules” for rationalization. Exercises will use exida’s SILAlarm rationalization tool.

More Info    

CS 248 - Cybersecurity Threat Analysis with ARCHx

An essential task that is part of cybersecurity development process is the Threat Analysis. The result of this work is used to define necessary defense mechanisms in an embedded device design. This course explains how to use the ARCHx tool to perform an embedded device or system threat analysis by providing a detailed knowledge base of threats, actors, and defense mitigation techniques. This course also explains how to show compliance to IEC 62443 cybersecurity certification requirements.

More Info    

FSE 242 - Process Hazard Analysis with PHAx™

Process Hazard Analysis with PHAx™, FSE 242, details how the exSILentia PHAx™ module can be used to conduct HAZOP methodology based Process Hazard Analysis. This course is targeted towards students that are experienced in process hazard analysis who want to learn how to leverage the advanced features of PHAx™. It will cover how to configure a project, define risk criteria, and use the advanced libraries to store valuable project specific information. The students will learn how to define units, nodes, and how to benefit from the PHAx™ smart deviations. It also addresses how hazard scenarios are to be defined for use in subsequent lifecycle phases.

More Info    

FSE 243 - Layer of Protection Analysis with exSILentia®

FSE 243 explains how the exSILentia LOPAx™ module is used to conduct a Layer of Protection Analysis. This course is targeted towards students that have a general understanding of layer of protection analysis and safety requirements specifications who want to learn how to leverage the advanced features of LOPAx™. It will cover how to analyze hazard scenarios considering the frequency of initiating events and the probability of failure for each independent protection layer (IPL) as well as enabling conditions and conditional modifiers. This course will show how to calculate the required Risk Reduction Factor of an IPL and identify Safety Instrumented Functions (SIF). It will teach users how to transfer data from PHAx™ to LOPAx™.

More Info    

FSE 244 - SIL Verification with exSILentia®

SIL verification with SILver™, FSE 244, explains how the exSILentia SILver™ module is used to perform a SIL verification for Safety Instrumented Functions. Students will learn to leverage the tool to model different SIF architectures ranging from simple 1oo1 configuration to more complex examples. This course also covers review of the key parameters that determine the probability of failure of a SIF as well as minimum hardware fault tolerance and systematic capability aspects. It will show the impact of these parameters on the detailed design, implementation, and operation of the SIF. Furthermore, students will learn how to transfer data from the SILver™ module to the Design SRS module and subsequently complete the Design SRS requirements. Finally, the course covers the impact of proof testing and specification of proof test procedures using the Proof Test Generator module.

More Info    

FSE 247-E - Practical Electronic FMEDA with FMEDAx™

The FMEDA method was invented to predict failure rates for each failure mode of a device, subsystem, or component. The ”Practical Electronic FMEDA with FMEDAx” course explains the FMEDA method, objectives, and output. In this course an example device FMEDA will be done showing the fundamental concepts including environmental profile selection, diagnostic coverage analysis, proof test coverage analysis, complex integrated circuit (IC) analysis, device packaging impact, and functional failure modes.

More Info    

FSE 247-M - Practical Mechanical FMEDA with FMEDAx™

The FMEDA method was invented to predict failure rates for each failure mode of a device, subsystem, or component. The "Practical Mechanical FMEDA with FMEDAx" course explains the FMEDA method, objectives, and output. In this course an example device FMEDA will be done showing the fundamental concepts including environmental profile selection, diagnostic coverage analysis, proof test coverage analysis, part selection, and functional failure modes.

More Info    

FSE 248 - Essential DFMEA

It is well known that a product development schedule and cost will be reduced if problems are found early in the development process. Techniques such as Failure Modes and Effects Analysis (FMEA) have been developed over several decades to achieve this goal. This course describes the essential elements of a design FMEA (DFMEA) and the benefits of this approach. The course explains the common process used, with examples and exercises. The use of “expert knowledge” is explained. This technique further reduces engineering hour cost with fewer missed issues. This course also explains how to use the ARCHx tool expert knowledge with examples.

More Info    

Functional Safety:

FSE 001 - Introduction to Functional Safety

Has a potential customer ever said “We Need SIL”? What does that mean? What are the standards that specify SIL levels? What are the basic principles of these standards? The INTRODUCTION TO FUNCTIONAL SAFETY course from exida answers these questions and many more. Intended for those who are new to the concept of functional safety: this course covers definitions, concepts, standards, industries, and performance metrics. The course is a great place to start and a great place to refresh your knowledge of functional safety.

More Info    

FSE 002 - IEC 61511: Functional Safety Overview

This one day functional safety course provides an overview of IEC 61511 functional safety. The course will cover the introduction of Safety Instrumented Systems, The Safety Lifecycle, Risk Analysis, Safety Realization, Operations, Functional Safety Management and Basic Reliability concepts.

More Info    

FSE 003 - Proof Test Development for Technicians

This 1/2 day course provides an overview of proof test development for devices used in a process facility. It defines failures in safety instrumented systems, discusses the effect of automatic diagnostics and explains how these failures are used to develop tests to detect these failures. The criteria for success are also discussed, as well what remedial actions to take should a step fail.

More Info    

FSE 100 - IEC 61511: Functional Safety Analysis, Design, and Operation

This course forms a broad review in preparation for the Certified Functional Safety Expert (CFSE) and Certified Functional Safety Professional (CFSP) process industry application engineering exams.

It provides an overview of process industry safety engineering from the point of view of the Risk Analyst, Process Safety Coordinator, and Control Systems Design Engineer.

This course delivers a complete overview of the functional safety lifecycle. The course reviews Process Hazard Analysis (PHA), Consequence Analysis, Layer of Protection Analysis (LOPA), Safety Integrity Level (SIL) Target Selection, Safety Requirements Specification (SRS) generation, failure rates, device and system reliability, SIF verification, SIF detailed design and Operations requirements.

More Info    

FSE 103 - CFSE / CFSP Exam Preparation Workshop

FSE 104 - Applying IEC 61511 to Burner Management Systems

This course provides an overview on how to implement a performance based Burner Management System (BMS) and move away from the constraints of a prescription based standard for safety function design, especially when waste fuels are introduced into boilers or process heaters. The IEC 61511 standard is the functional safety standard specific to the Process Industry sector. This standard introduces a safety lifecycle concept which is a structured engineering process to ensure functional safety is achieved in a plant. The standard also focuses on evaluation of process risk and required risk reduction, if necessary. The safety lifecycle approach to BMS will address any deficiencies in design, testing, documentation, maintenance or modification requirements.

More Info    

FSE 107 - Functional Safety For Managers – Overview Course

The objective of this course is to provide an overview of functional safety to help managers/supervisors with responsibility for oversight of Safety Instrumented Systems and/or Safety. gain an understanding of functional and/or process safety requirements. Process safety is driven by corporate culture, where a poor corporate safety culture is often not aligned with functional safety requirements. A good corporate safety culture better aligns with functional safety requirements, such as encouraging openness, fostering a learning culture and implementing functional safety management, all of which have a direct bearing on process safety.

More Info    

FSE 109 - Functional Safety Management Planning for IEC 61511

Safety planning is a specific requirement of IEC 61511 yet many organizations lack specific documentation on how functional safety is managed. This course reviews the requirements of the IEC 61511 Lifecycle and offers guidance for development of a written Functional Safety Management (FSM) Plan. It provides insights on how to integrate an FSM program into an organizations management system structure

More Info    

FSE 144 - IEC 61511: Operations & Maintenance

In this course, the student develops an understanding of the requirements for operations and maintenance in IEC 61511. You will also understand the importance in the functional safety lifecycle and how good and bad maintenance impacts the performance of the SIS and its SIFs.

More Info    

FSE 210 - IEC 61508 - Functional Safety Overview for Design & Development Leaders

The IEC 61508 family is a performance-based set of standards for functional safety that are commonly applied to the design and development of automatic protection systems in a variety of applications (process industry, industrial / machinery equipment, medical devices, railway, mining, etc.). These standards do not present prescriptive solutions at the safety function level, but instead specifies the use of common performance metrics for characterizing reliability and design integrity. This course provides an overview of IEC 61508, the functional safety lifecycle, and how to design/develop products and systems that meet 61508 requirements. It describes an example of a 61508-compliant development design process which has proven to bring better products to market, at reduced cost, and with shorter time-to-market. It also describes the benefits of functional safety certification, such as accelerating market and end-user adoption.

More Info    

FSE 211 - IEC 61508 - Functional Safety for Design & Development (Electrical, Mechanical, Software)

The IEC 61508 family is a performance-based set of standards for functional safety that are commonly applied to the design and development of automatic protection systems in a variety of applications (process industry, industrial / machinery equipment, medical devices, railway, mining, etc.). These standards do not present prescriptive solutions at the safety function level, but instead specifies the use of common performance metrics for characterizing reliability and design integrity. This course provides an overview of IEC 61508, the functional safety lifecycle, and how to design/develop products and systems that meet 61508 requirements. It guides the product design/development team through a 61508-compliant development process which has proven to bring better products to market, at reduced cost, and with shorter time-to-market.

More Info    

FSE 212 - IEC 61508 - Functional Safety for Software Design & Development

The IEC 61508 family is a performance-based set of standards for functional safety that are commonly applied to the design and development of automatic protection systems in a variety of applications (process industry, industrial / machinery equipment, medical devices, railway, mining, etc.). These standards do not present prescriptive solutions at the safety function level, but instead specifies the use of common performance metrics for characterizing reliability and design integrity. This course provides an overview of IEC 61508, the functional safety lifecycle, and how to design/develop products and systems that meet 61508 requirements. It guides the product design/development team through a 61508-compliant development process which has proven to bring better products to market, at reduced cost, and with shorter time-to-market.

More Info    

FSE 213 - IEC 61508 - Functional Safety for Mechanical Design & Development

The IEC 61508 family is a performance-based set of standards for functional safety that are commonly applied to the design and development of automatic protection systems in a variety of applications (process industry, industrial / machinery equipment, medical devices, railway, mining, etc.). These standards do not present prescriptive solutions at the safety function level, but instead specifies the use of common performance metrics for characterizing reliability and design integrity. This course provides an overview of IEC 61508, the functional safety lifecycle, and how to design/develop products and systems that meet 61508 requirements. It guides the product design/development team through a 61508-compliant development process which has proven to bring better products to market, at reduced cost, and with shorter time-to-market.

More Info    

FSE 222 - Process Hazards Analysis (PHA) Using HAZOP

This two day course provides sound and detailed instruction into how to carry out an effective HAZOP study and where PHA methods fit into the overall process safety management work process and the IEC 61511 safety lifecycle. As part of performing a HAZOP, the importance of process safety information, risk criteria, and documentation will be covered. The course will acknowledge many hazard identification techniques, but will focus on HAZOP, providing students the opportunity to work through hands on exercises in detail to gain the skills needed to facilitate a HAZOP study. These exercises will demonstrate how any hazard identification technique provides a foundation for other more advanced activities designed to estimate risk. Coverage of PHA documentation allows the student to see how the technical foundation they help develop is used throughout the life of the facility.

More Info    

FSE 224 - Layer of Protection Analysis for the Practitioner

This course is designed for practitioners and those who are either participants in facilitated layer of protection analysis (LOPA) or simply want a better understanding. It covers all facets of performing LOPA. It lays the foundation with basic probability math and event tree analysis, as well as topics on human error and common mode failure. The transition to LOPA from a basic HAZOP is covered, considering the impact of corporate risk criteria. Initiating causes, enabling events, independent layers of protection, and conditional modifiers are all covered. To drive the methodology home, hands on workshops are conducted.

More Info    

FSE 227 - Control Hazard and Operability Analysis (CHAZOP)

This course covers various CHAZOP methodologies as a function of the intended CHAZOP goals and indicates where a CHAZOP fits into the overall process safety management work process and the IEC 61511 safety lifecycle. Students are provided the opportunity to work through hands on exercises in detail for the key CHAZOP methodologies to gain the skills needed to facilitate a study. These exercises demonstrate the potential benefits of performing the various CHAZOP methodologies. Coverage of documentation allows the student to see how the technical foundation may be used.

More Info    

FSE 230 - Fire and Gas Detection Design and Technology

exida's Certified Fire and Gas Practitioner Training program provides delegates with a comprehensive understanding of all aspects of Fire and Gas Detection Technology; from performance based design (fire and gas mapping) through to practical maintenance requirements.

More Info    

Industrial Cybersecurity:

CS 001 - IEC 62443 for Product Marketing, Sales and Senior Leadership Training

This short course provides an overview of the IEC 62443 series of standards including the information that product marketing, sales, and senior leadership needs to know about these standards. In addition, the course talks about marketing strategies for getting out the word to your customers that your products or processes have been certified to this standard.

More Info    

CS 002 - Introduction to Automation Cybersecurity for Asset Owners

This short course (2 hours) provides an overview of industrial control system (ICS) cybersecurity for asset owners/operators and system integrators including an overview of the current cybersecurity environment, cybersecurity hygiene, and the ISA/IEC 62443 series of standards including the cybersecurity lifecycle.

More Info    

CS 100 - IEC 62443: Automation Cybersecurity Analysis, Design, and Operation

This course provides an overview of the automation cybersecurity lifecycle. The course reviews cybersecurity risk assessment, developing zones and conduits, cybersecurity requirement specification (CSRS), designing secure systems, Security Level Determination and Verification, detailed design considerations, and operations requirements. Detailed workshop problems are used to provide students with practical cybersecurity experience.

More Info    

CS 104 - Cybersecurity Fundamentals for Integrators and Solution Providers

This course introduces fundamental cybersecurity concepts that are important for system integrators and maintenance providers. This course is targeted for those who have little or no cybersecurity experience.

More Info    

CS 121 - Introduction to Industrial Networking

Ethernet has become the predominant technology as the fieldbus for modern process and control networks. While this technology brings many advantages, it also brings with it many disadvantages. Among them is that Ethernet is mostly a unfamiliar technology for many Process and Control technicians and engineers. This 1-day course covers the basics of Ethernet Industrial Control Networks found in most process and control environments. We will cover foundation knowledge of Ethernet networks, communications, discuss different network devices and their functions and use, discuss and review a sampling of Industrial protocols. Labs are included to reinforce the knowledge.

More Info    

CS 201 - IEC 62443 Cybersecurity Software Development

The IEC 62443 Security Software Development training course and workshop was created specifically for developers of industrial control system products with a particular focus on network-enabled embedded control system products such as PLCs, DCSs, SISs, RTUs, VFDs, etc. The objective of this course is to train R&D teams, through a combination of lecture and workshop, on how to properly and effectively integrate software security assurance practices and techniques into their existing software development lifecycle. The training covers all phases of IEC 62443-4-1 (Product Development Lifecycle Requirements) as well as IEC 62443-4-2 (Technical Security Requirements for IACS components.)

More Info    

CS 202 - IIoT Device Certification

CS 202 was created specifically for developers of Industrial Internet of Things (IIoT) products with a particular focus on IIoT Gateways and general IIoT devices. The objective of this course is to train R&D teams through a combination of lecture and workshop, on how to properly and effectively integrate software security assurance practices ,and techniques into their existing software development lifecycle. The training covers all phases of IEC 62443-4-1 (Product Development Lifecycle Requirements) as well as IEC 62443-4-2 (Technical Security Requirements for IACS components.) It Includes additional requirements for IIoT components from the ISA Security Institute’s ICSA (IIoT Component Security Assurance Certification) and discussions on how NISTIR 8259A and 8259B relate to the ICSA certification.

More Info    

CS 203 - IEC 62443 Cybersecurity for Industrial Automation Control Systems (IACS) for Employees & Contractors

This course addresses the quality and understanding employees and contractors need to have on the topic of cybersecurity for the IEC 62443 IACS space. The access granted to IACS networks is often the same for employees and contractors. The seriousness of access must be established with a joint work process similar to a Job Safety Assessment. The Job Cyber Assessment is a work process to protect both client and contractor from inadvertent impact on the given IACS cyber protective system The ability to access the client’s network without an impact on the IACS cyber protective systems whilst leveraging the tools on site requires a clear understanding of the following.

More Info    

CS 204 - IEC62443 Cybersecurity for Integrators and Solution Providers

This course addresses solution providers acting in roles of integrators and on-going support of industrial automated control systems, and how they interact with owner / operators as part of the overall supply chain throughout the owner / operator's lifecycle. The maturity model is introduced as a means of measuring the quality of an integrators cybersecurity management system versus the requirements of IEC 62443-2-4, which is largely the basis for this course. Some coverage of IEC 62443-2-1 is also provided as a means to show the interface between owner / operators and the integrator.

More Info    

CS 241 - Cybersecurity Risk Assessment using exSILentia CyberTM

This course provides the methodology to systematically review zones of to the degree required by their associated cybersecurity risk. This course also covers the review of key parameters for determining cybersecurity risk and evaluating the effectiveness of countermeasures and other means of improving security. It will show the impact of these parameters on the overall likelihood of a successful attack for a zone under review.

More Info    

Robot and Machine Safety:

FSE 110 - Machine Functional Safety Engineering

IEC61508 is the foundation for many industries, including Machine Safety. Today, ISO13849 and IEC62061 are 2 main distinctive standards used as the building blocks. Machine safety is particularly relevant to professionals who are responsible for validating the safety of machines that use either simple lower risk/complexity systems or complex systems such as PLC’s for safety duties. New standards like the ones mentioned above are continually being developed, placing unfamiliar requirements on the task of assuring machine safety, especially when more complex equipment such as PLC’s are used. With technology changing, effective competency training of individuals who are responsible for specifying, designing, or otherwise applying technology to safety applications is increasing in demand. This course will walk the candidate through the machine safety lifecycle and will learn about Risk, how to reduce the Risk, how to determine SIL, and much more. The main goal of this course is to make not only the plant safer but also to ensure the safety of your staff and financial health of your organization.

More Info