Certified secure development life cycle process - Case Valmet

Valmet is the leading global developer and supplier of technologies, automation and services for the pulp, paper and energy industries. Valmet’s automation solutions are designed to maximize the profitability of Valmet’s customers’ businesses by improving production performance and cost, energy and material efficiency. The worldwide network of experts supports Valmet’s extensive range of automation solutions and services. Valmet has also established a position in other process industries and marine industry.

New technology sets ever-increasing demands for industrial automation systems

Valmet has been developing the cyber security capabilities of Valmet DNA automation systems systematically for decades. Since modern automation systems use software and modern technologies extensively, Valmet wanted to make sure that also their product development process is secure and meets the most important industry standards. 

New certified secure product development methodoloy

Cyber security experts from Valmet and Intopalo Digital, which is an Insta company that focuses on intelligent industry solutions, developed together a new product development methodology. Insta’s cyber security experts are also applying these procedures to Valmet products.

Product development methods include learning packages, process descriptions, various ready-made templates and new tools. The modern process is based on DevOps thinking, a broad set of assisting tools and online learning. For example instead of traditional documents, the solution uses a web based application, where the R&D engineers can create the required cybersecurity documentation from the right templates with a click of a button. Thanks to the web based tool, R&D management can see metrics of how well the secure development method has been adopted and whether it is running as intended.

Product development methods were developed and certified based on the IEC 62443-4-1 standard, which is a fundamental cyber security standard in automation and industrial solutions. This standard was chosen to ensure that Valmet can prove the high level of security in their development method in an internationally credible manner. 

World's leading automation certification company Exida and the international automation cyber security certification organization ISA Security Compliance Institute (ISCI) have granted Valmet an ISASecure® certificate, which covers ANSI/ISA-62443-4-1-2018 and IEC 62443-4-1:2018 standards. 

The certificate proves that Valmet’s product development methods fulfill all 47 demands of the standard in 8 different areas of product development, multi-level security testing, software releasing and cyber security maintenance. 

"The ISASecure® certified product development process that we developed together with Insta has been a huge success. The work was finished well ahead of schedule. With this solution, the awareness and know-how of cyber security have risen to a higher level throughout the organization. It is my pleasure to recommend Insta’s secure software engineering services to other organizations."

Juuso Kanner, Director, Automation Platform R&D

Please find Valmet’s certificate by clicking:

SEE THE CERTIFICATE

The benefits of secure development methodology are:

  • The methods ensure cyber security on every phase of the product development life cycle
  • Taking security into account since the beginning of product development saves money and time
  • Thanks to the certificate, the secure development method is credible and easy to present to customers

Interested in creating something similar?

2030_048_Intopalo-1

Henry Haverinen

LinkedIn