Kenexis ISO 27001 Compliance Initiative

Kenexis is undergoing the process of getting a third party certification of cyber-security program for our Kenexis Integrated Safety Suite (KISS) software technical safety software platform.  But more on that later…

Going through the Wall Street Journal this morning caused me to reflect, and honestly be a little self satisfied, about Kenexis’ cloud based technical safety software package, KISS, and the efforts that we have taken to obtain third party certification of not only quality (ISO 9001 certified since 2015), but also cybersecurity.  This really highlights Kenexis’ efforts as a premier enterprise grade technical safety services and software supplier with a global reach.  Our competitors, on the other hand, mostly have not implemented any formal quality or cyber-security programs (well, at least they have not obtained and thus advertised third party certification of such programs…), which leads me to question how they can be trusted with such critical data.  Well, I guess if you buy technical safety software from an overgrown control systems panel shop, what should you expect? Technical safety data, like PHA studies, are critical to an organizations work flow, but in the wrong hands, they can be instruction manuals for how to destroy your plant, and as such, must be secured.

I would highly recommend these two articles from today’s Journal.  This first is a great article detailed the recent hack of numerous government and large industrial computer systems through a trojan horse planted in commonly used cyber-security software (ahh, the irony).

Hack Suggests New Scope, Sophistication for Cyberattacks – WSJ

The second article talks about how the European Union is proposing new rules to treat cloud providers as critical infrastructure (which it is! and Kenexis has always treater it that way!) requiring them to strengthen mandatory cybersecurity measures.

Cyber Daily: EU Seeks to Extend Stricter Cybersecurity Rules to Cloud, Health-Care Manufacturing (wsj.com)

The timing of the article is interesting because Kenexis has been very involved in this recently.  We are in the process of completing a corporate-wide enterprise software deal with a global chemical manufacturer that is based in the EU, but has operations in over 60 countries all over the globe.  As you can imagine, they are very concerned with cyber security and gave Kenexis a comprehensive and thorough examination, which we passed with flying colors.  Not surprising considering our focus on security and our “built in the cloud” framework.  The only outstanding item is third party certification of our cybersecurity program to ISO 27001.  To that end, our audit is scheduled to occur in the next couple of months, making Kenexis the first technical safety engineering software platform (FYI, “safety lifecycle software” is only a subset of technical safety engineering related to safety instrumented systems, safety lifecycle software is only a portion of what we do…).  I don’t know if or when our competitors will respond, especially since most of their software is not enterprise software, it is simple desktop software that sometimes has clunky remote desktop access to a central location, but as usual, Kenexis is leading the way.

If you have any questions about our cybersecurity or what the ISO 27001 standard requires, you can contact us or check out the ISO web site for more information.

ISO – ISO/IEC 27001 — Information security management