Standards applicable to DSA

A non exhaustive tabulation of industrial standards was generated for the DSA Roadmap.


Name of standard

Brief description and comments

ISA5.1 Instrumentation Symbols and Identification The standard is suitable for use whenever any reference to an instrument is required in the chemical, petroleum, power generation, air conditioning, metal refining, and numerous other industries. The standard is intended to provide sufficient information to enable anyone reading a flow diagram and having a reasonable amount of plant knowledge to understand the means of measurement and control of the process without having to go into the details of the instrumentation that require the knowledge of an instrument specialist. – See more at:
ISA18 (family of 5 standards) Instrument Signals and Alarms The purpose of this standard is to establish terminology and practices for alarm systems, including the definition, design, installation, operation, maintenance and modification and work processes recommended to effectively maintain an alarm system over time. – See more at:
ISA20 Specification Forms for Process Measurement and Control Instruments, Primary Elements and Control Valves These forms are intended to help specification writers present basic information. In this sense, they are “short-form” specifications or “check sheets” and may not include all necessary engineering data or definitions of application requirements. While the types of instruments described by these forms are more common to the process industries, the forms should also prove useful in other areas if special requirements are defined elsewhere.
ISA84 Safety Instrumented Systems Safety instrumented systems have been used for many years to perform in the process industries. If it is to be used effectively for safety instrumented functions, it is essential that this instrumentation achieves certain minimum standards and performance levels.

This international standard addresses the application of safety instrumented systems for the process industries. It also deals with the interface between safety instrumented systems and other safety systems by requiring a process hazard and risk assessment. The safety instrumented system includes sensors, logic solvers and final elements.

This international standard has two concepts, which are fundamental to its application: safety lifecycle and safety integrity levels. The safety lifecycle forms the central framework, which links together most of the concepts in this international standard.

IEC 61508 Functional Safety of Electrical,Electronic and Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES). IEC 61508 is an international standard of rules applied in industry.  It is intended to be a basic functional safety standard applicable to all types of industries. It defines functional safety as “part of the overall safety relating to the EUC (Equipment Under Control) and the EUC control system, which depends on the correct functioning of the E/E/PE safety-related systems, other technology safety-related systems and external risk reduction facilities.”


The standard covers the complete safety life cycle and may need interpretation to develop sector specific standards. It has its origins in the process control industry.

IEC 61511 Functional safety – Safety instrumented systems for the process industry sector IEC 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as Safety Instrumented Systems.
IEC 62061 Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems IEC/EN 62061,” Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems,” is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system level design of all types of machinery safety-related electrical control systems and also for the design of non-complex subsystems or devices.
ISO 13849 Safety of machinery — Safety-related parts of control systems ISO 13849 is a safety standard which deals with safety-related design principles of employed control systems.1It replaced EN 954-1 in December 2011.2 Part 1 defines the general principles for design and part 2 describes the validation.
ANSI/ISA-88 Batch Control ANSI/ISA-88 (S88) ) provides a consistent set of standards and terminology for batch control and defines the physical model, procedures and recipes (repeated defined processes). The standard addresses the  lack of a universal model for batch control, difficulty in communicating user requirement, integration among batch automation suppliers and difficulty in batch control configuration.

The standard defines a process model which consists of a process which consists of an ordered set of process stages, which consist of an ordered set of process operations that  which consist of an ordered set of process actions.

The physical model begins with the enterprise, which must contain a site that may contain areas. These areasmay contain process cells that must contain a unit. The unit may contain equipment modules and may contain control modules. Some of these levels may be excluded, but the unit may not be excluded.

The procedural control model consists of recipe procedures, which consist of an ordered set of unit procedures. These procedures consist of an ordered set of operations that consist of an ordered set of phases. Some of these levels may be excluded.

Recipes may have  general, site, master or  control types. The contents of the recipe include header, formula, equipment requirements, procedure and other information necessary to make the recipe.


ANSI/ISA95 Enterprise-Control System Integration (contains the “Purdue Reference Model”) ANSI/ISA-95, commonly referred to as ISA-95,  is an international standard for developing an automated interface between enterprise and control systems. This standard has been developed for global manufacturers to be applied in all industries, and in all types of processes, such as batch processes, continuous and repetitive processes.

The objectives of ISA-95 are to provide consistent terminology that is a foundation for supplier and manufacturer communications, and to provide consistent information and opertaion models that are foundations for clarifying application functionality and how information is to be used.

ISA99 / ANSI/ISA-62443 Industrial Automation and Control Systems Security These documents were originally referred to as ANSI/ISA-99 or ISA99 standards and were renumbered in 2010 to be the ANSI/ISA-62443 series.


All ISA-62443 standards and technical reports are organized into four general categories labeled General, Policies and Procedures, System and Component.

Th General  category includes common or foundational information, such as concepts, models and terminology. Also included in this category are work products that describe security metrics and security life cycles for IACS.

The Policies and Procedures category of work products targets the asset owner. These address various aspects of creating and maintaining an effective IACS security program.

The Sysgtems category includes work products that describe system design guidance and requirements for the secure integration of control systems. Core in this is the zone and conduit design model.

The Component category includes work products that describe the specific product development and technical requirements of control system products. This is primarily intended for control product vendors but can be used by integrator and asset owners for to assist in the procurement of secure products.

ISA100 Wireless Systems for Automation The ISA100 Committee addresses wireless manufacturing and control systems in the areas of the:

Environment in which the wireless technology is deployed

Technology and life cycle for wireless equipment and systems

Application of Wireless technology


The wireless environment includes; the definition of wireless, radio frequencies (starting point), vibration, temperature, humidity, EMC, interoperability, coexistence with existing systems, and physical equipment location. – See more at:

ISA101 Human-Machine Interfaces The standards, recommended practices and technical reports developed by ISA101 will be directed to those responsible for designing, implementing, using, or managing human-machine interfaces in manufacturing applications. Unless noted otherwise in a specific ISA101 document, the documents will apply to all manufacturing industries.


The areas covered within ISA101 includes menu hierarchies, screen navigation conventions, graphics and color conventions, dynamic elements, alarming conventions, security methods and electronic signature attributes, interfaces with background programming and historical databases, popup conventions, help screens and methods used to work with alarms, program object interfaces, and configuration interfaces to databases, servers, and networks. – See more at:

ISA106 Procedure Automation for Continuous Process Operations The sScope of Technical report provides a common basis of benefits understanding, best practices application and language, including terms and definitions, that allows application of procedural automation across the continuous process industries.


In agreement with the scope of the ISA106 Committee, this technical report focuses on automated procedures that primarily reside on systems within the supervisory control,

monitoring and automated process control section of the production process. It is not the intent of the committee to have this technical report focus on procedure execution at

the operations management functional level.


ISA-SP99 (ISA/IEC 62443) Series of Standards on Industrial Automation and Control Systems (IACS) Security The ISA99 Committee will establish standards, recommended practices, technical reports and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed towards those responsible for designing, implementing or managing manufacturing and control systems and shall also apply to users, system integrators, security practitioners and control systems manufacturers and vendors.  See more at:
NIST 800 (series) Special Publications of the Computer Security Division’s (CSD) Computer Security Resource Center (CSRC) Special Publications in the 1990 800 series are of general interest to the computer security community. This series reports on ITL’s research, guidelines and outreach efforts in computer security, and its collaborative activities with industry, government and academic organizations. – See more at:
IEC 61158 Digital data communications

for measurement and control –

Fieldbus for use in industrial

control systems

Fieldbus is the name of a family of industrial computer network protocols used for real-time distributed control, which has been standardized as IEC 61158.


A complex automated industrial system, such as a manufacturing assembly line, typically requires a distributed control system,  an organized hierarchy of controller systems, to function. In this hierarchy, there is usually a Human Machine Interface  at the top, where an operator can monitor or operate the system. This is typically linked to a middle layer of programmable logic controllers (PLC) via a non-time-critical communications system, such as an ethernet. At the bottom of the control chain a fieldbus links the PLCs to the components, such as sensors, actuators, electric motors, console lights, switches, valves and contactors, that actually perform the work.

– See more at:

AGA-12 Cryptographic protection of SCADA Communications The American Gas Association (AGA) charged the AGA 12 Cryptography Working Group with developing a suite of open standards, designated AGA 12, to protect the data transmitted by SCADA systems, to authenticate the originators of messages on SCADA systems and to ensure data integrity.

The fundamental goal of the AGA 12 group is to allow SCADA operators to specify good communication security without first delving into complicated topics, such as cryptography and digital certificates. By specifying AGA 12 compliance for SCADA equipment and following recommendations in the documents, pipelines and utilities are able to confidently protect their systems from cyber-attack.  To ensure  low-cost products through competition , AGA 12 requires SCADA cyber security equipment to interoperate independent of manufacturer or age.- See more at:…-a0155163814

API 1164 Pipeline SCADA Security API 1164 addresses access control, communication security, information distribution classification, physical issues, including disaster recovery and business continuity plans, operating systems, network design, data interchange between enterprise and third-party support and customers, management systems, and field devices configuration and local access.
IEEE P1686 Substation Intelligent Electronic Devices (IED) Cyber Security Capabilities The IEEE P1686 standard defines the functions and features that must be provided in intelligent electronic devices (IEDs) to accommodate critical infrastructure protection programs. The standard addresses security regarding the access, operation, configuration, firmware revision and data retrieval from an IED. Encryption of communications to and from the IED is also addressed.



IEEE P1689 Trial Use Standard for Cyber Security of Serial SCADA links and IED Remote Access The Substation Committee of the IEEE Power Engineering Society is writing P1689 Trial Use Standard for Retrofit Cyber Security of Serial SCADA Links and IED Remote Access. The standard defines the requirements for a retrofit, or bump-in-the-line, device to protect serial communication “ which they specified occurs in such a manner as to minimize the changes needed to existing equipment and software.


P1689 lists general requirements and IEEE P1711 defines a specific serial security protocol for two types of cryptographic modules. SCADA Cryptographic Modules protect the serial SCADA channel. Maintenance Cryptographic Modules protect the maintenance channel, which is typically a dial-up connection.


The P1689 retrofit devices operate in pairs with one unit at a substation or other field site and the other unit typically at a control center.

EEMUA PUBLICATION No 191 Alarm Systems (A Guide to Design, Management and Procurement) Alarm systems form an essential part of the operator interfaces to large modern industrial facilities. They provide vital support to the operators by warning of situations that need attention and have an important role in preventing, controlling and mitigating the effects of abnormal situations. Since it was first published in 1999, EEMUA 191 has become the globally accepted and leading guide to good practice for all aspects of alarm systems. The guide, developed by users of alarm systems with input from the British Health and Safety Executive, gives comprehensive guidance on designing, managing and procuring an effective alarm system. The new Third Edition has been comprehensively updated and includes guidance on implementing the alarm management philosophy in practice, applications in geographically distributed processes and performance metrics and KPIs.
IEEE C37.1 Standard for SCADA and Automation Systems The requirements for SCADA and automation systems in substations are defined in standard IEEE C37.1. This standard defines the process of substation integration as the design process that is the foundation for substation automation. Functional and environmental requirements are provided for all IEDs located in the system. Tutorial material is included in the annexes to address common issues with systems without introducing requirements. Information is also presented in the annexes regarding SCADA masters. – See more at:


API RP 1113 Developing a Pipeline Supervisory Control Center Developing a Pipeline Supervisory Control Center supersedes the 3rd Edition of Publ 1113 and focuses on those design aspects that may be considered appropriate for developing or revamping a control center. Centralized monitoring and controlling of a pipeline system occurs in a pipeline supervisory control center. This document is not all-inclusive. It is intended to cover best practices and provide guidelines for developing a control center only. It does not dictate operational control philosophy or

overall supervisory control and data acquisition system functionality. This document is intended to apply to control centers for liquids pipelines. However, many of the considerations may also apply to gas control center design.

API Q1 and Q2 Industry Quality Standard within the Oil & Gas Industry API Q1 & API Monogram gives an externally checked confidence that a business is using a documented system and that products fulfil customer requirements and that the vendor is committed to improvement. It also provides assurance to customers that they can depend on consistent product quality.

API Q2 provides equivalent confidence for services and product services. API Q1 and Q2 documentation available from API.

ANSI/RIA R15.06 Industrial Robots and Robot Systems- Safety Requirements This standard provides guidelines for the manufacture and integration of Industrial Robots and Robot Systems with emphasis on their safe use, the importance of risk assessment and establishment of personnel safety. This standard is a national adoption of the International Standards ISO 10218-1 and ISO 10218-2 for Industrial Robots and Robot Systems, and offers a global safety standard for the manufacture and integration of such systems.- See more at:
IEEE 1490-2011 IEEE Guide–Adoption of the Project Management Institute (PMI(R)) Standard This standard is a guide to the Project Management Body of Knowledge (PMBOK(R) Guide). It definesverification and validation, which can be applied to sensors and systems as follows in its 4th edition.   The guide defines verification as the evaluation of whether a product, service or system complies with a regulation, requirement, specification or imposed condition. It is often an internal process. Contrast with validation. It defines validation as  the assurance that a product, service or system meets the needs of the customer and other identified stakeholders. It often involves acceptance and suitability with external customers.  S EBoK Guide to the Systems Engineering Body of Knowledge, System Verification Section,