By: Blake Biernacki, Managing Director

When an operator considers cybersecurity, they tend to focus on Legal, HR, and Finance data. This makes sense; intellectual property and personal information security are essential for competitive advantage, and Dodd-Frank, SOC, and FTC regulatory compliance also come into play. But, what about facilities and engineering data? As the hosting of major Capex projects shifts from contractor environments to owner-managed environments, the access required to collaborate with third parties is already accessible through engineering applications. So, what can be gained from securing it? The better question is, what can be lost by not?
 
A while back, in a meeting with a client, we were discussing the vulnerabilities of remote access to engineering solutions. The client was sure that their engineering applications were 100% secure. To prove it, he provided a guest log-in to their engineering applications hosted environment during the meeting. Within minutes, our team had access to one of their most widely used application's backend data and environment details. A few moments longer, and we had made it on their internal business network. They were stunned. This could have been a significant safety risk had these applications been hosted in part on their PSN.  
 
So why is no one looking at this type of access as a security breach? For one, the objectives are mostly honest; the perpetrator's goal is not typically to sabotage or steal, but rather for efficiency to their projects. After all, the data is project information and made available in the engineering application anyway. However, it is not the access to the data that is a concern; it is how the data is accessed. Problems occur when the user by-passes the engineering applications to gain entry into the backend databases. This access to the database can allow contractors to streamline their workflows or practices. This is good, maybe? But don't let these benign intentions distract from the inherent risks.
 
There are several potential problems with failing to address security in these engineering application hosted environments:

1. Direct and unauthorized access to the database undermines the safeguards built-in to application workflows, by-passes approval processes, and activity tracking
2. There is no way to guarantee that everyone is operating with the best intentions.
3. There is no way for a user with knowledge of only one project to fully understand how data is being used throughout the facility on other projects.  
4. Changes to the underlying data can be disastrous and expensive even when the intentions are virtuous.

 
With today's remote work environments and large data projects, it is common for operators to work with several contractors across multiple projects at any given time: all of them accessing the same information. The impact of changing a single data point could have devastating and costly repercussions to others, like a catastrophic failure or tens of thousands of man-hours to fix an issue. Breaches don’t have to be terroristic or competitively motivated to be threatening. They generally come from engineers merely trying to simplify their work by venturing into a restricted area without a sign or lock on the door.
 
By preemptively implementing an engineering application-based security solution in hosted environments, companies can prevent unwanted access, maintain better data integrity, and minimize the risk of costly mistakes and the potential consequences that are far more costly than a security solution.
 
ProLytX is an Engineering IT firm based in Houston, TX, and is a leader in this field, coaching clients to success with a unique combination of engineering and IT skills.  If you want to learn more about ProLytX and how we can help you bridge the gap between IT and Engineering, find us at www.prolytx.com. 

by: Mike Antosh, Director of Engineering Applications

If you think the complaints about maintenance data are an issue with your asset management system, you might be right.  
  
Enterprises count on their asset management system (SAP, IBM Maximo®, Meridium APM, etc.) to be the “master” from which all other applications pull data. For most business functions, this works well by providing consistency and control to the enterprise. The fundamental way data is collected, stored, and managed has led to challenges, particularly for maintenance operations. The reason for this is simple – maintenance requires accurate and reliable engineering data, and engineering data is continuously evolving.
 
Typically, when an asset management system is set up, a moment-in-time snapshot is pulled from the engineering platforms’ document control program, and a record is established in the asset management system. This “as-built” approach fails to account for the fact that as facilities go through maintenance cycles, the engineering data changes. Yet, the asset management system data is rarely, if ever, updated. As maintenance applications pull from the asset management system, the information is often obsolete, which causes delays and errors and poses unnecessary safety risks. The more experienced engineers would often by-pass the asset management system’s data in the maintenance application and pull data directly from the engineering systems, especially when the data in the maintenance system just did not make sense. This leads to an increased number of discrepancies between the asset management system and the engineering data.  Clearly, this is not sustainable or a best practice.
 
So, you are right. Your asset management system is broken in regard to serving maintenance applications. So how can we fix it?
 
There are many approaches to this issue; messy middleware, inaccurate AI solutions, and expensive asset management bolt-ons are all available, but no software will solve it singlehandedly. Software alone does not address the evergreen nature of the engineering data and the workflows involved in ensuring that the data is accurate and reliable.
 
The answer is not a simple fix; it requires a fundamental change in how you approach the data. It requires digital transformation and the building of an ecosystem between asset management and engineering data systems (Hexagon SmartPlant®, AVEVA, AspenTech, etc.). The ecosystem needs to allow data to be updated where it was authored and routinely push fresh updates to the asset management system and maintenance applications. Updates made in the maintenance applications need to be reflected in the engineering programs and vice versa in close to real-time. See the diagram below for an illustration of this concept.  The key is breaking the barrier between the engineering data workspace and the asset management system.

Approaching this problem can seem impossible. It is a difficult ask of IT departments and is out of scope for engineers. You need Engineering IT expertise. A process-driven Engineering IT solution with connections, workflows, and stewardship that brings engineering systems, asset management, and maintenance together into an ecosystem will solve your asset management system problems and set your maintenance group up for success by reducing costly delays and errors, as well as mitigating safety risks.
 
ProLytX is an Engineering IT firm based in Houston, TX, and is a leader in this field, coaching clients to success with a unique combination of engineering and IT skills.  If you want to learn more about ProLytX and how we can help you bridge the gap between IT and Engineering, find us at www.prolytx.com. 
 

Everyone in an oil and gas facility understands that safety is the highest priority, yet even with regulatory mandates and safety standards there is still room for improvement.

There have been 130 incidents at chemical facilities reported over the past 20 years1. Between, September 1995 and January 2015 there were approximately 128 fatalities and another 218 injuries at oil and gas refineries across the U.S. Of those who died, approximately 60 were a result of an explosion or fire, 35 either accidentally fell or were crushed by heavy equipment, 15 died of asphyxia, 2 were electrocuted, and 7 passed of natural causes typically, cardiac arrest.2 
Operating companies go to great expense to avoid such accidents, in fact, safety is one of the largest expenditures for an operating facility between extended downtime and labor costs for testing. Functional safety testing is usually built into annual, semiannual, or triennial maintenance test schedules. When the facility is off-line for maintenance and testing, it can cost the operator in excess of one million dollars per day in lost revenue and overhead expenses. This significant investment is a testament to the importance put on safety by corporations.
 
It goes without saying that operators are looking for a way to reduce functional safety test costs without increasing risk. The challenge is that the usual testing process is rigorous and manual, riddled with redundancy and ripe for human error. Often because of the complexity and costs, some routines are reduced to minimalistic tests of cause and effect. This simplifies the testing process but may not perform adequate testing and documentation. Some of these might meet regulatory standards, but they are not the most thorough process and often fail to account for all of the potential consequences, and in the unfortunate event of an incident, documentation can be the difference in favorable and costly investigation outcomes.
 
Maintaining the safest facility possible and regulation compliance relies on accurate and thorough documentation. However, documentation can be a point of weakness. The more thorough the test, the more complex the documentation. There can be thousands of pages of procedure to test a single system, so it is a challenge to be consistent and to keep documents up to date. On the other hand, when documentation is poor or incomplete much reliance is put on individual interpretation and the experience of the tester resulting in tests being repeated differently and affecting the quality of the tests. All of these are potential points of failure that increase risk and liability.
 
Operating companies are looking for solutions to improve overall operations and many are investing in digital transformation and automation. But, while there have been solutions introduced that aid in training the testers with the use of digital twins and simulation, there are few solutions that leverage the power of technologies to automate and comprehensively improve functional safety (validation) testing and eliminate systematic error. Of those, only one is fit-for-purpose, Test Drive by ProLytX.
 
Unlike other testing solutions, Test Drive is vendor agnostic and is compatible with most Program Logic Controllers (PLCs). It can be deployed as SaaS or on-prem. The solution removes human error by taking a templated approach, yet still allows for human expertise and oversight with a people-approved process. The engineer-designed user interface is far superior to the multi-system, multi-document traditional methods bringing everything into a single view.
 
Beginning the Test Drive implementation process starts with a documentation audit and IEC61511 third-party review so that any issues with design interpretation and internal bias is removed. Then by establishing a repeatable automated testing procedure with consistent and accurate documentation outputs, the rigorous and repetitive process of regular maintenance and Management of Change (MoC) testing can be completed, and regulatory reporting obligations met without worry to the operator.
 
The real benefit of Test Drive to the operator is not only knowing that their facility has optimized safety for its workers and the environment, but that the solution has improved overall testing rigor while shifting functional safety testing off the critical path due to the efficiency of automation. This can reduce the testing process from weeks to days, potentially saving the company millions.
 
If you would like to learn more about how Test Drive can improve your facility’s functional safety and reduce costs, call ProLytX today.
 
 
 
1 According to The U.S. Chemical Safety Board (CSB), an independent, non-regulatory federal agency that investigates major chemical incidents.
 
2 Article by Jim Malewitz, published by the Texas Tribune in partnership with the Houston Chronicle on March 22, 2015 and includes information from OSHA records, government investigation reports, newspaper archives, and legal filings.

by: Mike Antosh, Director of Engineering Applications

It is common for companies in the engineering industry to have a corporate structure with multiple disparate business units; traditional Information Technology (IT) and Engineering are two such units. IT fills the important role of providing software and network resources across the enterprise, but their success is measured on delivery, not adoption. Their approach is a break-fix model with no real responsibility for the end-user’s success or failure in most cases. This raises particular concern for engineers providing business-critical services that rely on IT to provide many of their mission-critical tools.  However, the highly specialized nature of the engineering process presents nuances that make it nearly impossible for IT to deliver an out-of-the-box solution that the engineer or designer would actually use without significant customization and governance applied. This disconnect results in engineers having difficulty finding value in the tools that IT provides. Yet, without proper context, IT struggles to provide tools that are useful to the engineer. This gap often results in failed implementations and costly inefficiencies within the engineering workspace.
 
In recent years, as businesses have been challenged to deliver larger projects with global work-sharing, a number of engineers have taken an interest in improving the technology offered by proactively working in the gap between IT and Engineering to ensure that data and processes are aligned to the business and that fellow engineers are adopting the technology. These folks are the go-to people when problems occur and the ones who resolve complex issues behind the scenes, with a combination of analytics, programming, and specialized application knowledge. These individuals and the companies they work for started to recognize the value of their talent, and a new discipline was born - Engineering IT.
 
Engineering IT is complementary to traditional IT. It ensures not only the right tool selection, but also provides coaching and structure to make them work for the engineer. This specialization brings context and applies workflows, as well as strategy and governance. It bridges the gap between Engineering and IT.
 
For those companies who do not have functional Engineering IT roles or cannot pull engineers from their primary functions to take on technology improvement projects, there are service providers available, but not all are qualified. Many software providers and purely IT players claim to implement engineering solutions, but few have Engineering IT in their wheelhouse. They lack a basic understanding of engineering principles, budgets, schedules, and construction deliverables. Engineering IT requires expertise in these subjects and a good functional knowledge of IT processes to provide the skills, insights, and context to be truly successful. The right implementation partner will maximize your investment and allow tools to be used to the fullest extent, ensuring user adoption and satisfaction, while maximizing investment. 
 
ProLytX is an Engineering IT firm based in Houston, TX and is a leader in this field, coaching clients to success with a unique combination of skills.  If you want to learn more about ProLytX and how we can help you bridge the gap between IT and Engineering, call us at (832)540-8465.