•

An individual’s security level can be linked to the user name so that it can
be automatically added at each time of entry.

• An agreement number for contract services can autofill the fields

associated with the work activity.

• The approval admin field can be pre-assigned to an activity that is being

requested along with the device ID, reason, and other details waiting for
the entry person.

Although most IT organizations are responsible for operating and securing

the communication pipeline from the outside into the plant networks, the
OT organization should control who gains access and what functions they
are allowed to perform.

A good analogy would be like the telephone company supporting the

infrastructure and a switchboard operator at a business. The telephone
company provides the company with a single general number (thus a
common connection for anyone outside to make a contact), the operator
would identify the incoming external user to the internal contact and, if
approved, allow access. In this case, the operator is the OT organization that
can validate the outside caller and direct them to the appropriate location.
Outgoing calls would proceed without the verification of the switchboard
operator. Modern systems automate human function by having selections to
get to the proper department. Advanced systems recognize the caller and
have pertinent details linked to the caller to speed access. The development
of a more automated system or selection of an existing solution will provide
speed of response and security.

The critical element is the initial vetting of the external contact and
assigning or limiting certain activities.

2021 I Practical Guide for Remote Access to Plant Equipment 62