DE102018124266A1 - METHOD AND DEVICE FOR DETERMINING THE COLLECTIVE INTEGRITY OF A VARIETY OF PROCESS CONTROL SYSTEMS - Google Patents

Abstract

Establishing a collective integration score of a plurality of process control systems includes: automatically and periodically determining a risk for each of the process control systems, ranking the integrity of each process control system within an integrity rating scale set by an upper bound and a lower bound, the integrity rating being based on the Risk Assessment is based on each process control system, allowing a user to select a menu item within a navigation menu to specify higher and lower integration levels of the integrity ratings, and a presentation of a collective integrity score of the process control systems associated with the selected menu item.

Description

RELATED APPLICATIONS

This application is a regular patent application which is a continuation in part of the filed on October 5, 2015 U.S. Application No. 14 / 875,336 entitled "Method And Apparatus For Negative Effects Of Continuous Introduction Of Risk Factors In Determining The Health Of A Process Control System", the entire disclosure of which is hereby expressly incorporated herein by reference.

FIELD OF TECHNOLOGY

This disclosure relates generally to remote monitoring process control systems, and more particularly to a peer-based overall process integrity assessment.

BACKGROUND

Process control systems, such as distributed or scalable process control systems, such as those used for chemical, petroleum, and other processes typically include one or more process controllers or controllers that communicate with each other via analog, digital, or combined analog / digital buses, are coupled to at least one host or operator workstation and to one or more field devices. The field devices, which may be, for example, valves, valve actuators, switches, and transmitters (e.g., temperature, pressure, and flow rate sensors) perform functions within the process, such as opening or closing valves, and measuring process parameters. The process controller receives signals indicative of process measurements performed by the field devices and / or other information pertaining to those field devices, and uses this information to implement a control routine to generate control signals that are sent over the buses Field devices are sent to regulate the flow of the process. Information from the field devices and from the controller is typically made available to one or more applications that are executed by the operator workstations to enable an operator to perform any desired function related to the process, such as viewing the process current process status, process flow modification, etc.

Typically, a process control system operates within an enterprise that may include multiple process plants, component suppliers or service providers, and customers, each of which may be spread over a large geographic area or, in some cases, across the world. The process plants, suppliers and customers can communicate with each other through a variety of communication media and technologies or platforms, such as the Internet, satellite links, terrestrial wireless transmissions, telephone lines, etc. Of course, the Internet has become a preferred communications platform for many companies, as it is Communication infrastructure is already almost zero, and the technologies used to transmit information over the Internet are generally well understood, stable and secure, etc.

Each process control system within an enterprise may include one or more process control systems, as well as a number of other business-related or information-technology systems necessary to support or maintain the operation of the process control systems, or to complement them. In general, information systems within a process control system may include manufacturing execution systems such as a maintenance management system, and may also include enterprise resource planning systems such as scheduling, accounting, and purchasing systems. Although these information technology systems may physically reside in or near a facility, in some cases some or possibly all of these systems may be remote from the facility and may communicate with the facility via the Internet or any other suitable communication link. System engineers and other personnel responsible for maintaining the hardware and software associated with the process control system may need to travel to the different plant locations. In addition, even the maintenance of hardware and software in a single process control system is a tedious task.

Independent remote maintenance systems have been developed to remotely monitor the process control system, including a variety of process control systems in the same company and process control systems for a variety of businesses. An example of a remote maintenance system is in U.S. Patent No. 7,698,242 entitled "Systems and Method to Maintain Process Control Systems Using Information Retrieved from a Database Storing General-Type Information and Specific-Type Information", the contents of which are expressly incorporated herein by reference. In particular, the remote maintenance systems help by identifying various relevant for the process control system risk factors (also known as risk indicators) and by identifying them to system engineers to maintain the hardware and software of the process control system, such as Knowledge Base Articles (KBA) describing issues to be resolved that may occur in the process control system, software updates (eg, hotfixes, threat protection, etc.), action alerts , Service calls and life cycles of hardware / software products (eg, age, version, backward compatibility, upward compatibility, etc.). This informs the system engineer about potential risks to the availability, reliability, and protection of the process control system, which helps system engineers to take preventative measures to avoid problems with the process control system, as well as the burden of traveling from one location to another to mitigate.

Of course, it remains the responsibility of the system engineer or other appropriate service person to read a knowledge base article, install a software update, close an open action alert, or complete an open service call to address the risks to the process control system. However, because of the complexity of many of these process control systems, system engineers are frequently swamped daily with numerous KBAs, software updates, action alerts, service calls, product lifecycles, and other risk factors. As these risk factors accumulate, the overall risk to the process control system becomes greater and the overall integrity of the process control system degrades. At the personnel level, system engineers or other maintenance personnel sometimes need to be motivated to take preventative measures instead of reacting retrospectively.

To address this issue, remote maintenance systems have objectively classified the integrity of each process control system based on KBA, software updates, action alerts, service calls, product lifecycles, and other risk factors for each process control system. For example, unread KBAs, unavailable software updates, open action alerts, open service calls, and outdated, unsupported hardware / software lower the integrity of a process control system, while read KBA's, installed software updates, closed (or completed) action alerts, closed (or completed) service calls and current or actively supported hardware / software integrity has been ranked higher. Generally speaking, the total number of risk factors has been added and scaled to a fixed range (e.g., between 1 and 10). This integrity rating and website were updated periodically (e.g., daily) as new risk factors emerged.

The remote maintenance systems also supported a secure support Web site using a portal-like web page providing links to integrity ranking, risk factors, maintenance information, maintenance features, and maintenance services for the process control system provided by the remote monitoring system. For example, each process control system was registered with the remote maintenance system, which contained configuration information associated with the process control systems monitored by the remote monitoring system. The configuration information could include field device information, software information, firmware information, operating status information, maintenance information, lifecycle information, etc. related to hardware, software, and / or firmware used to implement the components and devices of monitored process control systems. The remote monitoring system therefore knew the (typically unique) configuration of each registered process control system, including the content of the process control system, such as software, hardware, licenses, applied software updates, software versions, etc., and compared the content of the process control system with relevant risk factors. Upon registration, a system engineer could access the web site from a workstation, tablet, smartphone, or other computing device to view information about the process control system, including integrity ranking.

The support site also allowed the system engineer to update the status of any risk factors identified by the remote monitoring system. For example, the Web site may let the system engineer know that a KBA has been read, a software update has been installed, an action alert has been closed, a service call has been completed, etc. Alternatively, the remote maintenance system could automatically detect when a KBA was read (eg record when the file was opened or downloaded), when a software update was installed (eg the update was downloaded or the installation was executed), or when an action alert or service call was completed (eg status of the internal process control system maintenance support system or of the company that a work team has dealt with the problem, parts have been ordered, a work order has been generated, etc.). Thus, the remote maintenance system knew if a risk factor had been eliminated (eg whether the risk was being addressed). A more detailed explanation of an example of a support Web site can be found in the above U.S. Patent No. 7,698,242 ,

Despite this attempt to motivate system engineers to take preventative measures to address process control risks and avoid problems, integrity assessments were largely ignored because of the control of the integrity of process control systems, leading to the systematic elimination of reliability risks Protectedness and the efficiency of a system are concerned, a never-ending process was / is. For example, Microsoft® regularly releases new product protection upgrades, which are in turn tested by Emerson Process Management for compatibility with their process control systems, such as the DeltaV ™ process control system sold by Emerson Process Management. In addition, service calls received from process control systems that included process control systems worldwide were evaluated by the remote maintenance system, resulting in new or revised KBAs and / or software updates. For extended periods of time, technical advances have led to new operating systems, new computers, new hardware and software offerings that have found their way into existing systems through expansion, migration, and modernization projects. In short, change is a constant for a process control system, creating a backlog of risk elimination activities as new risk factors are introduced daily. As a result, despite all the efforts of a system engineer, a process control system has rarely been able to achieve an acceptable integrity rating. Constantly, new risk factors were introduced even before a system engineer had ample opportunity to engage with them and eliminate them, degrading the integrity of the process control system. This, in turn, led the systems engineer to ignore the integrity rating, leading to an even greater backlog of risk factors and risk factor elimination activities. There is therefore a need for an effective, sustainable and measurable mastery of the integrity of process control systems.

Furthermore, a remote maintenance system typically monitors the process control systems of companies of varying size and geographical spread. Although primarily a system engineer may be responsible for or may be interested in monitoring a particular process control system and / or location, other company employees, including top level engineers and business people, may also be involved in monitoring process control systems interested in a higher level of control over a large number of process control systems across large geographic areas. In some cases, a company has only one process control system or only a few of them, in which case it is relatively easy to individually monitor the process control systems. In other cases, a company may have tens or hundreds of process control systems scattered around the globe, in which case it is difficult to monitor the process control systems individually. At present, it is not possible to determine the collective integrity of a large number of process control systems as a whole, let alone to consider the collective integrity of a multitude of process control systems at different levels of integration. Thus, there is a need for a technique for monitoring a variety of higher and lower level process control systems in a more precise and efficient manner to determine the integrity of process control systems at different levels of integration.

SHORT VERSION

One technique for determining the integrity of a variety of process control systems utilizes the concept of collective integrity ranking for multiple process control systems at different levels of integration, including an enterprise level, a world area, a location, and a product line. Starting at the enterprise level, a user can view a collective integrity score for all process control systems within the organization worldwide to assess the integrity of the process control systems as a whole, at a high level, without having to look at each process control system individually. When a user navigates to the level of world regions, he or she can view a collective integrity score for all of the company's process control systems within a defined geographic area (eg, North America, Europe, Latin America, etc.). If a user still goes further down to a site level, they can view a collective health score for all process control systems at a defined location of the business (eg, Austin, EX, Melbourne, etc.). In addition, a user can further navigate in to view the collective integrity ranking of process control systems according to a product line (eg, DeltaV ™, AMS Device Manager, Syncade ™, etc.) at higher and lower levels of integration. The collective health score for a variety of process control systems can be determined as the average of the total integrity scores for each process control system. In some cases, individual integrity scores may be weighted according to the criticality or importance of a process control system within the selected integration level. For example, process control systems can be scaled by size (eg, the number of device signal tags entered, the number of device tags, the number devices, etc.) so that larger process control systems are considered more critical or more important to the collective integrity ranking of a variety of process control systems than smaller size process control systems.

In one instance, a method for determining a collective health score of a plurality of process control systems includes automatically and periodically determining a risk for each of a plurality of process control systems. Each process control system has one or more risk factors associated with the process control system, and the introduction of a risk factor into a process control system increases the risk assessment for that process control system in each period and the elimination of a risk factor from a process control system in each period reduces the risk assessment for this process control system. The method also classifies the integrity of each process control system on an integrity rating scale. The integrity rating scale is set by an upper bound and a lower bound, and the integrity rating is based on the identified risk for each process control system. The method shows an integrated navigation menu with selectable menu items indicating higher and lower integration levels of the integrity ratings and an information view associated with the navigation menu. A user is then enabled to select one of the selectable menu items in the navigation menu to specify higher and lower integration levels of the integrity ratings. The method in the information view presents a collective integrity score of the process control systems associated with the selected menu item in a format for each of the different selectable menu items that specify the higher and lower integration levels of the integrity scores. The format is a common display format for representing the collective integrity scores of the process control systems associated with the individual selectable menu items indicating the higher and lower integration levels of the integrity scores.

In another instance, a device for determining a collective integrity of a plurality of process control systems includes a server, an interface that communicates with the server, a communication interface, and a processor that communicates with the interface, the server, and the communication interface. The server is designed to register a process control system and other process control systems to facilitate the maintenance of process control systems. The process control system is located at a first plant location, which is geographically separated from other plant sites of other process control systems. The interface is designed to retrieve risk factors from a database that communicates with the server based on monitoring the process control systems. The communication interface is designed to communicate risk factors to the process control systems. Each process control system has at least one risk factor associated with the process control system. The processor is adapted, based on the identified risk for each process control system, to automatically and periodically rank the integrity of the individual process control systems on an integrity rating scale, displaying an integrated navigation menu having a plurality of selectable menu items for displaying an information view associated with the navigation menu to enable a user to select one of the plurality of selectable menu items and to display a collective integrity score of the process control systems associated with the selected item in the information view. The integrity rating scale is set by an upper bound and a lower bound. The selectable menu items indicate higher and lower integration levels of the integrity ratings. The information view is presented in a format for each of the various selectable menu items indicating the higher and lower integration levels of the integrity scores, and the format is a common display format for representing the collective integrity scores of the process control systems associated with each selectable menu item.

If desired, one and the same risk factor introduced in each of the plurality of process control systems in one period does not affect the integrity rating of any of the plurality of process control systems. In addition, if desired, the elimination of a risk factor from a process control system in a period has a greater impact on the integrity rating for a process control system ranked near the middle of the integrity rating scale in the previous period than for a process control system close to that in the previous period Upper limit or lower limit of the integrity rating scale.

In one example, each process control system is located at a plant site that is geographically separate from other plant sites of the majority of other process control systems, and an integration level is a geographic area. If desired, includes the representation of a collective integrity score of the process control systems associated with the selected menu item in the information view represents the representation of a collective integrity score of the process control systems within the selected geographic area.

In another example, each process control system is part of a product family of process control systems from a manufacturer. The process control systems belong to two or more different product families, and an integration level is a product family. If desired, the representation of a collective integrity score of the process control systems associated with the selected menu item includes, in the informational view, the representation of a collective health score of the process control systems of the same selected product family.

In another example, each process control system is part of a company. The process control systems belong to two or more different companies, and an integration level is a company. If desired, the representation of a collective integrity score of the process control systems associated with the selected menu item includes, in the informational view, the representation of a collective integrity score of the process control systems of the same selected enterprise.

In yet another example, each process control system is part of the same enterprise, and an integration level includes the enterprise. Representing a collective integrity score of the process control systems associated with the selected menu item in the information view includes presenting a collective integrity score of the company's process control systems.

In yet another example, each process control system is part of a business line. The process control systems belong to two or more different business lines and an integration level comprises a business branch. If desired, the representation of a collective integrity score of the process control systems associated with the selected menu item includes, in the informational view, the representation of a collective health score of the process control systems of the same business line.

In yet another example, the collective health score is an average of the integrity ratings of the process control systems associated with the selected menu item. If desired, the integrity score may be weighted for each process control system and the average collective integrity score includes a weighted average. If desired, weighting the integrity score for each process control system includes weighting the integrity score for each process control system according to the number of input device signal tags from controllers over the DCS, weighting the integrity score for each process control system according to the number of input device signal tags from controllers over the DCS Weighting the integrity score for each process control system according to the number of equipment tags within the process control system includes weighting the integrity score for each process control system according to the number of devices in the process control system and / or weighting the integrity score for each process control system according to a value provided by a user of the process control system is assigned.

list of figures

• 1 FIG. 10 is a block diagram illustrating an example distributed process control network residing in a process plant including: operator workstations that implement daily routines and other applications related to various functions within the process plant, as well as a workstation providing system-level graphical support that can be used to create and resize composite shapes and graphical displays for each of the various functional areas of the plant;
• 2 FIG. 10 is a block diagram illustrating an example of a remote maintenance system that is communicatively coupled to a plurality of process control systems; FIG.
• 3 FIG. 10 is an example system that may be used to implement the example systems and methods described herein; FIG.
• 4 FIG. 10 is a detailed block diagram of an example of a risk factor system matching device of the example system of FIG 3 ;
• 5 FIG. 12 is a flowchart of an example method that may be used to match process control systems with risk factors; FIG.
• 6 FIG. 10 is a flow chart illustrating an example method that may be used to periodically determine a risk assessment for each process control system;
• 7 FIG. 10 is a flowchart illustrating an example method that may be used to rank the integrity of each process control system on an integrity rating scale based on the average Risk assessments of the plurality of process control systems centered on a non-linear scale;
• 8th is a graphical user interface of an example screen that shows integrity related tasks and that can be used to display integrity related tasks associated with a process control system 2 correspond;
• 9 is a graphical user interface of an example of a tracking screen that can be used to determine the status of risk factors for a process control system 2 to show;
• 10 FIG. 10 is a graphical user interface of an example of a system integrity rating screen that may be used to display the integrity score for a variety of process control systems within an enterprise; FIG.
• 11 FIG. 10 is a graphical user interface of an example of a system integrity rating screen that may be used to assess the integrity of a process control system 2 display;
• 12 FIG. 12 is a graphical user interface of an example system registry upload screen that may be used to determine the integrity rating for a process control system 2 to improve;
• 13 FIG. 10 is a graphical user interface of an example of a knowledge database article factor elimination screen that may be used to assess the integrity of a process control system of FIG 2 to improve;
• 14 FIG. 10 is a graphical user interface of an example software update risk factor elimination screen that may be used to assess the integrity of a process control system 2 to improve;
• 15 is a graphical user interface of an example messaging screen that can be used to provide automated notifications of risk factors for a process control system 2 to recieve;
• 16 FIG. 12 is a flowchart of an example method that may be used to determine the integrity of multiple process control systems; FIG.
• 17 FIG. 12 is a flow chart of an example method that may be used to switch between higher and lower levels of integration within an enterprise to determine the collective integrity of process control systems at each level; FIG.
• 18 is a graphical user interface of an example navigation menu with menu items that specify different levels of integration of integrity ratings in an enterprise;
• 19 Fig. 10 is a graphical user interface of an example of an information view showing an average collective integrity score for process control systems at an enterprise level;
• 20 FIG. 10 is a graphical user interface of an example of an information view showing a weighted average collective health score for a corporate process control system; FIG.
• 21 Fig. 10 is a graphical user interface of an example of an information view showing a collective integrity score for process control systems at a geographic area level;
• 22 Fig. 10 is a graphical user interface of an example of an information view showing a collective health score for product line level process control systems;
• 23 FIG. 10 is a graphical user interface of an example performance screen that may be used to identify process control systems or subsystems within a process control system that are not performing sufficiently.

DETAILED DESCRIPTION

An in 1 illustrated example of a process control system 10 has a process controller 11 on top of that with a Data Historian 12 and one or more host workstation terminals or computers 13 (which may be any type of computer, personal computer workstation, etc.), each having a display screen 14 exhibit. The controller 11 is also via input / output (I / O) cards 26 and 28 with field devices 15 - 22 connected. The Data Historian 12 may be any desired type of data acquisition unit with any desired type of memory and any desired or known software, hardware or firmware for storing data. The controller 11 in 1 is communication technology with the field devices using a wired communication network and communication scheme 15 - 22 connected.

In general, the field devices 15 - 22 Devices of any kind, such as sensors, valves, transmitters, position sensors, etc., while the I / O cards 26 and 28 I / O devices of any kind that can adapt to any desired communication or controller protocol. Of the controller 11 includes a processor 23 containing one or more process control routines (or any modules, blocks or subroutines thereof) stored in memory 24 stored, implemented or distracted. Generally speaking, the controller communicates 11 with the field devices 15 - 22 , the workstation terminals 13 and the Data Historian 12 to regulate a process in any desired way. In addition, the controller implements 11 a control strategy or scheme using what is commonly referred to as function blocks, where each function block is an object or other part (eg, a subroutine) of an overall control routine that (via communications referred to as links) works in conjunction with other function blocks to process control loops within the process control system 10 to implement. Function blocks typically have an input function, such as those associated with a transmitter, sensor, or other process parameter measuring device, a control function such as that associated with a control routine that includes a PID, an MPC - Performs a fuzzy logic or similar control technique, or an output function that controls the operation of any device, such as a valve to certain physical functions within the process control system 10 to execute. Of course, hybrid and other types of functional blocks exist and may be used herein. The function blocks can be in the controller 11 or other devices, as described below.

As from the explosion block 30 from 1 can be shown, the controller 11 a number of individual loop control routines called control routines 32 and 34 and may, if desired, include one or more advanced control loops acting as a control loop 36 are shown implement. Each of these control loops is typically referred to as a control module. The illustrated single loop control routines 32 and 34 perform a single-loop control using a single-input single-output fuzzy logic control block or a gain-PID control block provided with a suitable analog input (AI) and a suitable analog output (AO). Function block connected to process control devices such as valves, measuring devices such as temperature and pressure transmitters or any other device within the process control system 10 can belong. The illustrated advanced control loop 36 has an advanced regulatory block 38 with inputs communicatively connected to at least one AI function block and outputs communicatively coupled to at least one AO function block, although the inputs and outputs of the advanced control block 38 can be connected to any other desired function block or control element to receive other types of inputs and to provide other types of control outputs. The advanced regulatory block 38 may implement any type of multi-input, multiple-output control scheme and / or may implement a process model-based control routine, and thus may include a Model Predictive Control (MPC) block, a neural network modeling or control block, form a multivariable fuzzy logic control block, a real time optimizer block and so on. Note that the in 1 displayed functional blocks, including the advanced control block 38 , from the stand-alone controller 11 or alternatively in or on any other processing device or control element of the process control system 10 such as one of the workstations 13 or one of the field devices 19 - 22 , lie or can be executed. For example, the field devices 21 and 22 , which may be a transmitter, perform control elements to implement a closed loop control routine, and thus include processing and other components for executing parts of the control routine, such as one or more functional blocks. More precisely, the field device 21 a memory 39A for storing logic and data associated with an analog input block while the field device 22 an actuator with a memory 39B for storing logic and data associated with a PID, MPC, or other control block that communicates with an analog output (AO) block, as in 1 is shown.

In 2 shows an example of a remote maintenance system 102 a main server 104 , a webpage server 106 and a service management system ("SMS") server 108 on. In alternative example implementations, the example of a remote maintenance system 102 less or more servers than in 1 to illustrate the example features, services, and capabilities of the remote maintenance system example described herein 102 to implement.

In the example shown, the main server 104 designed to receive registration and / or configuration information associated with process control systems provided by the exemplary remote maintenance system 102 be monitored (eg the example process control system 130 ), being related. The registration and / or configuration information may Include field device information, software information, firmware information, operating status information, maintenance information, lifecycle information, etc. associated with hardware, software and / or firmware used to implement the components and devices of monitored process control systems. The main server 104 may receive the registration and / or configuration information during a process control process logon process (eg, when a process control system is brought online for the first time to receive it from the exemplary remote maintenance system 102 is monitored). In addition, the main server 104 periodically and / or aperiodically receive new and / or updated registration and / or configuration information after a login process to ensure that the exemplary remote maintenance system 102 has the most up-to-date and up-to-date information corresponding to supervised process control systems.

The main server 104 is also designed to monitor process control systems. For example, the main server 104 be equipped with software that, when executed, causes the main server 104 Field devices and / or other components and devices monitored process control systems monitored, for example, based on the received from the process control systems registration and / or configuration information.

In the example shown, the webpage server is 106 Designed to create web pages and provide system engineers, operators, and other process line personnel with supervised process control systems. In the example shown, the webpage server provides 106 Web pages including those in connection with 8-15 described graphical DDL user interfaces (GUIs). The web pages may be used by process line personnel to provide information to and from the exemplary remote maintenance system 102 to provide and retrieve. For example, the web pages served by the webpage server 106 can be used to provide a process control system on the exemplary remote maintenance system 102 to register and to register and / or configuration information on the main server 104 provide.

In the example shown, the main server 104 and the webpage server 106 implemented separately to allow the webpage server 106 can be brought offline, without the monitoring processes and registration / configuration information receiving processes, from the main server 104 be affected. For example, the webpage server 106 taken offline to perform maintenance (eg, to add or upgrade web page interfaces, update software to protect against threats, etc.) while the main server 104 continues to monitor process control systems.

In the example shown, the SMS server 108 designed to process the registration / configuration information corresponding to each process control system used by the exemplary remote maintenance system 102 be monitored. For example, the SMS server 108 one or more data structures (eg databases), in which the registration / configuration information is stored, and / or have communication technology connected to it. The SMS server 108 may also be configured to store KBA articles (eg, maintenance database entries or other database entries containing maintenance information or other information about process systems and / or parts thereof) that describe problems to be resolved (eg, software bugs, equipment failures, anomalies in operation, etc.) associated with different components or devices of process control systems. Typically, the KBAs also include proposed emergency solutions, fixes, or other maintenance procedures related to overcoming or remedying the problems identified.

In the example shown, the SMS server 108 designed to perform a risk factor matching process, which is described below with reference to 3 is described. A more detailed example of a KBA matching process is in US 7,698,242 described. In general, the risk factor matching process compares information stored in or related to a risk factor (eg, identification information, device type information, process control system type information, or other criteria) with the registration / configuration information to determine which risk factors apply to which monitored process control systems or are relevant are.

The exemplary remote maintenance system 102 is via the Internet (or another national network (WAN)) 128 communication technology with plant locations 110 - 126 connected. For example, a WAN may be implemented using a telephone line, a digital subscriber line (DSL), an integrated voice and data network (ISDN), a broadband cable system, a broadband alternating current (AC) system, a satellite communication system, optical fibers, and so on.

Some or all of the sites 110 - 126 may be part of one and the same company (eg operated by the same business entity, corporation, corporation, etc.) and may include manufacturing sites, distribution sites, refinery sites, paper mills, or any other type of industry or business location having an operation associated with process control systems in Context stands. Even if the first location 110 is presented relatively more detailed than the other sites 112 - 126 , one or all of the locations 112 - 126 be implemented using configurations corresponding to the illustrated first site configuration 110 are substantially similar or the same. In any case, the sites point 110 - 126 one or more process control systems using the exemplary remote maintenance system 102 be monitored and maintained.

In the example shown, the first location 110 a process control system 130 such as a distributed process control system, but note that individual sites may have multiple process control systems. For example, one of the process control systems may be used to handle process fluids while the others may be used to run a product manufacturing process. The process control system 130 can be used to perform substantially the same or different operations. Of course, the process control system 130 used to perform operations performed with any other type of process. Even if the publication is the remote maintenance system 102 with reference to the process control system 130 describes, it should be made clear that similar interactions between the remote maintenance system 102 and process control systems of other locations 112 - 126 occur.

As shown in detail in the example, the process control systems of the individual locations 110 - 126 Part of one or more product lines, such as the DeltaV ™ control system sold by Emerson Process Management, the Ovation ™ control system sold by Emerson Process Management, the Ovation ™ Machinery Health Monitor (MHM), the one from Emerson Process Management, the PROVOX ™ control system sold by Emerson Process Management, the RS3 ™ control system sold by Emerson Process Management, the Syncade ™ production management platform sold by Emerson Process Management, the AMS Device Manager sold by Emerson Process Management. While discussed further herein, each process control system may have a different and unique configuration, but generally speaking, it is desirable to use peer process control systems (eg, only DeltaV ™ systems, Ovation ™ systems, etc.) to other process control systems which are part of the same family of process control systems from one manufacturer, such as process control systems of the same or a related product line.

The exemplary remote maintenance system 102 can access the warning and event information stored in the process control system 130 stored on a server of the process control system that is connected to the network 128 and use the warning and event information to determine whether maintenance may be needed or any maintenance information (eg, product documentation, bug reports, knowledge base articles, product updates, etc.) for any resource in the process control system 130 is available.

A user can use a workstation terminal on the process control system 130 such as the workstation terminals 13 from 1 , to access information received from controllers in the process control system, such as the controller 11 from 1 , and / or the exemplary remote maintenance system 102 to be obtained. In an example implementation, the workstation terminals may execute dedicated software applications that perform network connections with the exemplary remote maintenance system 102 set up maintenance information with the remote maintenance system 102 exchange. Alternatively, or additionally, the workstation terminal may run web browsers to access web pages or web-based applications to access the exemplary remote maintenance system 102 to perform and perform substantially the same or similar operations as with a dedicated software application on the client side. In either case, a user may use the client-side dedicated application or the web-based application to maintain the maintenance information provided by the controllers and the exemplary remote maintenance system 102 be obtained, viewed, modified and managed.

A user can perform maintenance-related work via the workstation terminals. For example, the user may use the workstation terminals and / or the exemplary remote maintenance system 102 command to update or upgrade certain equipment (eg, field devices, controllers, etc.) with received software or firmware updates. Likewise, the user may view summaries and detailed information regarding open service calls associated with the process control systems. Other information provided by the user can be considered, modified and / or managed in more detail below in connection with 8-15 described. In some example implementations, the workstation terminals may also be configured to share information with process control systems at other locations 112 - 126 be associated, viewed, modified and / or managed.

The exemplary remote maintenance system 102 can receive maintenance information such as software / firmware updates, spare device availability, manuals, technical documentation, bug reports, etc. from software vendors and device manufacturers. In the example shown are a device manufacturer system 132 and a software dealer system 134 communication technology with the network 128 for information about hardware and software / firmware updates to the example remote maintenance system 102 provide. In this way, the example serving as a remote maintenance system 102 Update information, the process control systems at each of the sites 110 - 126 affect and select the selected information to the appropriate locations 110 - 126 hand off.

3 is an example system 200 which may be used to implement the example systems and methods described herein; In some of the illustrated examples described below, it is described that components or parts of the example system 200 based on one or more parts of the exemplary remote maintenance system 102 implemented in conjunction with the above 2 has been described. However, the example system can 200 in combination with or separately from the exemplary remote maintenance system 102 be implemented. The example system 200 can be implemented using any desired combination of hardware, firmware and / or software. In some example implementations, the example system 200 be implemented as a single device (eg, as a single device, as a device, etc.) or as two or more devices, some of which may be communicatively coupled. For example, the at least one device may be implemented using one or more integrated circuits, discrete semiconductor components, or passive electronic components. Additionally or alternatively, some or all of the blocks of the example system may 200 or portions thereof may be implemented by means of instructions, codes, and / or other software and / or firmware, etc., stored on a machine-accessible medium and which, when executed, for example, by a processor system, perform the operations depicted in the flowchart described below.

As in 3 is shown, the example system 200 a registration interface 202 communicating with a sample process control system 204 coupled (eg with the process control systems 130 of the first location 110 from 2 and / or the process control systems (not shown) of the locations 112 -126 from 2 ). The example process control system 204 is the process control systems 130 from 2 essentially similar or the same. In the example shown, the registration interface 202 based on the main server 104 from 2 be implemented and designed for the process control system 204 to register the exemplary remote maintenance system 102 from 2 to use. For example, the registration interface 202 Information (eg registration information) provided with the process control system 204 are related. Registration information may relate to hardware configurations, software, firmware, operating conditions, life cycle status, maintenance information, or any other information discussed above in connection with the graphical user interface displays of 8-15 have been described. The registration information may include, for example, serial numbers, version numbers, model numbers, part numbers, network identifiers, and / or other information described above in connection with the graphical user interface displays of 8-15 have been described. Even if the registration interface 202 in the example system 200 can be located, the registration interface 202 alternatively in the process control system 204 (eg in the process control system 130 or as a site element 110 - 126 ) because concerns about remote access protection cause users to have a strong preference for having the registration interface located at the customer's site.

The registration interface 202 can provide registration information from the process control system 204 during a first logon of the process control system 204 and / or after the first login each time the process control system 204 has any new or revised information (eg every time the process control system 204 updated, upgraded, maintained, changed its mode of operation, etc.), collect it to the sample system 200 to convey. In an example implementation, the registration interface 202 automatically, periodically (eg daily, weekly etc.) or aperiodically the process control system 204 to retrieve any updated or new registration information. For example can be the registration interface 202 automatically with a messenger server (eg the messenger server 136 from 1 ), with the process control system 204 is related to communicate new or updated registration and / or configuration information to the process control system 204 correspond to receive.

Additionally or alternatively, the registration interface may 202 manually controlled by an operator (eg, a system engineer, a user, etc.) to the process control system 204 to interrogate. In any case, the process control system 204 (eg the messenger server 136 from 1 ) by submitting any new or updated registration information to the registration interface 202 automatically answer. In addition, an operator working with the process control system 204 for example, a workstation terminal (eg the workstation terminal 13 from 1 ) to manually cause that in response to a retrieval of information from the registration interface 202 and / or every time the process control system 204 has new or updated registration information, new or updated registration information from the process control system 204 to the registration interface 202 be transmitted.

To communications between the process control system 204 and the example system 200 to enable, can on the process control system 204 Client software (not shown) may be installed (eg, client software installed on a process control server or workstation terminal, such as workstation terminals 13 from 1 ), which is the process control system 204 enables retrieval of information from the registration interface 202 to receive and registration information to the registration interface 202 to convey.

Even though it is shown that the example system 200 with only one process control system (eg the process control system 204 ), the example system 200 be technically coupled with any number of process control systems. For example, the example system 200 based on one or more servers (eg the main server 104 , the website server 106 , the SMS server 108 from 2 ) via the Internet communication technology with a variety of process control systems (eg the process control systems of the first location 110 from 2 and / or the process control systems (not shown) of the locations 112 - 116 from 2 ). In such an example implementation, the registration interface communicates 202 with the process control systems and receives registration information from all process control systems.

The registration interface 202 generates a master registration file 206 that the process control system 204 based on the registration information provided by the process control system 204 receives. The master registry file 206 may store the registration information using an extensible markup language ("XML") format, a plain text format, or any other suitable format. The registration interface 202 creates and maintains a separate master registry file (for example, the master registry file 206 ) for each process control system, that of the example system 200 is monitored. In an example implementation, the registration interface 202 be designed for the master registry file 206 Encrypt to significantly reduce or eliminate data corruption by unauthorized persons or unauthorized network entities.

In an example implementation, the registry interface parses 202 also periodically the master registry file 206 on data corruption or - falsification. If the registration interface 202 determines that registry information in the master registry file 206 damaged or compromised (eg corrupted), the registry interface 202 a descriptor associated with the corrupted or compromised data in the master registry file 206 Save to indicate a data error and the type of data error. The descriptor may include a transmitter identity (eg, a user name of an operator associated with the process control system 204 has to do), a source identity (eg a process control system identifier of the process control system 204 ) and a date associated with receiving the corrupted or compromised data.

To get the registry information contained in the master registry file 206 stored, disassembled (eg filtered, split, categorized, classified, etc.) is the example system 200 with a process control system registrar 208 fitted. In the example shown, the process control system can be registered 208 based on the main server 104 from 2 and is designed to store the registration information in the master registry file 206 to read, breaks down the registration information and divides the information into separate categories. If the registration interface 202 receiving new or updated registration information and / or corrupted or compromised data in the master registry file 206 detects, then generates the registration interface 202 a change log event to indicate that new or updated registry information for the master registry file 206 and transmits the change log event to the process control system registrar 208 ,

In the example shown, the process control system registrar reads 208 the registration information from the master registry file 206 and classifies the registration information into hardware categories, software categories, firmware categories, operating condition categories, life cycle categories, maintenance categories, or any other categories associated with the above in conjunction with the graphical user interface displays of 8-15 related information. For each category, the process control system registrar 208 and subdivide the registration information into subcategories. Examples of subcategories for a hardware category may include device type, model number, manufacturer part number, and so on.

To save the decomposed registration information, the example system is 200 with a service management system ("SMS") database 210 which communicatively communicates with the process control system registrar 208 is coupled. The SMS database 210 For example, in the SMS server 108 ( 2 ) and / or coupled thereto, and is adapted to store SMS data records (not shown) which include the categorized information registered by the process control system 208 to be grouped. The SMS database 210 stores data records that correspond to the individual process control systems, that of the example system 200 be monitored. After the process control system registrar 208 the registration information coming from the master registry file 206 the process control system registrar 208 in the illustrated example, the categorized registration information to the SMS database 210 to send the SMS data records using the process control system 204 to be updated.

The in the SMS database 210 stored registration information can be used to identify components (eg, devices, hardware, software, etc.) of the process control system 204 with risk factors 212 (eg KBAs, software updates, action alerts, service calls, lifecycle statuses). An example risk factor reconciliation process may be the one in the SMS database 210 stored SMS data records to those from the risk factors 212 which are relevant to supervised process control systems and / or sections thereof.

In the example shown, the risk factors 212 from a workstation 214 provided and in the SMS database 210 saved. The workstation 214 can belong to a business unit, which is the example system 200 and operators using the sample system 200 have to do (eg an SMS user 216 ), can provide information regarding at least some of the risk factors 212 at the workstation 214 provide. Additionally or alternatively, the workstation may 214 and or other workstations communicating with the example system 200 are coupled and some of the risk factors 212 to device manufacturers (eg the device manufacturer 138 from 1 ) and / or software developers (eg the software developer 140 from 1 ), the components in the process control system 204 design and / or manufacture. Of course, risk factors can also be from any other source to the workstation 214 be transmitted.

So that the example system 200 Components of the process control system 204 with such risk factors 212 can match that are relevant generates the example system 200 a process control system configuration file 218 based on the registry information stored in the SMS database 210 are stored. For example, the SMS server 108 from 2 Information from the SMS database 210 query and the process control system configuration file 218 generate using the retrieved information. Even if only one process control system configuration file (eg the process control system configuration file 218 ), the example system can 200 provide a plurality of process control system configuration files, each to a different process control system (eg, the process control system 204 , the process control system 130 of the first location 110 from 2 , the process control systems (not shown) of the sites 112 -126 from 2 etc.), that of the example system 200 be monitored, are assigned.

To components of the process control system 204 with those of the risk factors 212 to match those that are relevant is the example system 200 with an example risk factor matching and ranking facility 220 fitted. The example risk factor reconciliation and classification facility 220 receives the risk factors 212 and the process control system configuration file 218 , The risk factor reconciliation and classification facility 220 compares information (eg, serial numbers, version numbers, model numbers, part numbers, network IDs, and / or other information above in conjunction with the graphical user interface displays of 8-15 described in the process control system configuration file 218 are stored with information in the risk factors 212 to determine which of the risk factors 212 for components in the process control system 204 applicable or relevant. In the illustrated example, the risk factor matching and ranking device 220 is described in connection with FIG 5 implemented flowchart described risk factor adjustment process implemented.

The example risk factor reconciliation and classification facility 220 provides match information and an integrity score 222 including such risk factors 212 for the process control system 204 and at least some of the configuration information from the process control system configuration file 218 to which the relevant risk factors 212 hold true. The Risk Factor Balancing and Classification Facility 220 can do the match information and the integrity rating 222 in an XML file, a plain text file, a spreadsheet file (such as an .XLS file), or any other suitable file. In the illustrated example, the configuration information contained in the match information and the integrity score 222 include, for example, device types, model descriptions, serial numbers, software revision numbers, hardware revision numbers, and / or any other information necessary for an operator to interfere with the process control system 204 to be of interest.

To the match information and the integrity score 222 to save is the example system 200 with a post-match / post-score SMS database 224 fitted. The post-match / post-score SMS database 224 For example, in the SMS server 108 from 2 be implemented and / or communicatively connected with this.

To an operator involved with the process control system 204 has to do (eg a customer as a user 226 ), the matching information, and the integrity rating 222 will retrieve the post-match / post-score SMS database 224 in a main database 228 replicates so that the match information and the integrity score 222 in the post-match / post-score SMS database 224 and in the main database 228 get saved. In the example shown, the main database 228 in the main server 104 from 2 be implemented and / or communicatively connected with this.

As in 3 shown, the customer as a user 226 via a user workstation 230 using multiple interfaces on the match information and integrity score 222 access and / or retrieve them. In the example shown, the example system is 200 with a web interface 232 equipped the customer as a user 226 can use the match information and the integrity score 222 retrieve. For example, the web interface 232 Generate and offer web pages that are used in conjunction with some of the sample screens described below 8-15 described are substantially similar or the same. In addition, or alternatively, the web interface 232 the customer as a user 226 enable a file (such as an XLS file, an XML file, etc.) containing the match information and an integrity score 222 contains to download. The web interface 232 can be based on the website server 106 from 2 be implemented.

To the match information and the integrity score 222 the customer as a user 226 Delivering via e-mail is a short message service, a multimedia messaging service, etc. of the example system 200 with an automailer 234 fitted. For example, the automailer 234 an XML file by e-mail attachment to an e-mail account customer as a user 226 Send. Alternatively, the automailer 234 an embedded screen interface, which will be described below 8-15 described screens is substantially similar or the same, by e-mail. The customer as a user 226 can then over the workstation 230 or any other email access device for the match information and integrity rating 222 access. In some example implementations, the automailer 234 the match information and integrity score 222 encrypt it before sending it by e-mail, and / or encrypt the e-mail that is used to match the match information and integrity 222 to send. The automailer 234 can be implemented by using an automailer application that comes from the main server 104 and / or from the SMS server 108 from 2 is performed.

To the match information and the integrity score 222 the customer as a user 226 To deliver via a Really Simple Syndication Feed ("RSS feed") is the example system 200 with an RSS feed interface 236 fitted. In the example shown, the RSS feed interface formats 236 the match information and integrity score 222 in an RSS format and sends the RSS formatted matching information to a customer's RSS receiver as a user 226 , An RSS receiver can provide RSS feed information on any or any of the graphical user interface screens above in conjunction with 8-15 have been described. For example, can an RSS viewing area is implemented in a navigation field and / or title field of the GUI surface screens. In some example implementations, the RSS feed interface could 236 just send a message that new matching information is available for retrieval via an RSS feed. The customer as a user 226 can then access the matching information and the integrity rating 222 via the web interface 232 react.

4 FIG. 10 is a detailed block diagram of an example of a risk factor matching and ranking facility. FIG 220 of the example system 200 from 3 , In the 4 shown example structures can be implemented on the basis of any desired combination of hardware and / or software. For example, one or more integrated circuits, discrete semiconductor components, or passive electronic components may be used. Additionally or alternatively, some or all or parts of the example structures of FIG 4 may be implemented by means of instructions, codes or other software and / or firmware etc. stored on a computer readable medium which, when executed, for example, by a processor system, performs the operations described herein. Further, the following describes in connection with 5 Example Procedures Described Example Operations or processes that may be used to implement some or all of the functions or operations that are associated with the functions described in US Pat 4 structures shown are related.

The example risk factor reconciliation and classification facility 220 is with a risk factor interface 302 equipped to the risk factors 212 from the SMS database 210 ( 3 ) and get information from the risk factors 212 retrieve. For example, the risk factor interface 302 Retrieve risk factor criteria or risk factor attributes, including resource serial numbers, part numbers, software version numbers, software license information, device descriptions, hardware version numbers, device redundancy information (for example, if a primary device belongs to a redundant device that can take on primary device tasks if the primary device failures), device driver information, software service pack information, device shipping date information, etc. The risk factor criteria may be any criteria, attributes or information that may be used to match a risk factor with a process control system and / or components within a process control system. Examples of risk factor criteria are process control system types for which one of the risk factors 212 applies, process control system identifiers, component model descriptions, component serial numbers, and the software and hardware revision numbers associated with the components. Of course, other criteria may be used that correspond to risk factors and process control systems and / or components of process control systems.

For retrieving the process control system configuration file 218 from 3 and access to it is the risk factor match and ranking facility 220 with a configuration file interface 304 fitted. In the example shown, the configuration file interface is 304 designed with the SMS database 210 ( 3 ) to process process control system configuration files (eg, the process control system configuration file 218 from 3 ) of process control systems. For example, the configuration file interface 304 Process control ID information to the SMS database 210 submit, and the SMS database 210 can by sending a process control system configuration file to the configuration file interface 304 react to the detected process control system. In the example shown, the configuration file interface is 304 also designed to provide information (eg, field device criteria or parameters) from process control system configuration files (eg, the process control system configuration file 218 ).

To risk factor criteria arising from the risk factors 212 with process control system criteria or attributes from the process control system configuration file 218 The risk factor matching and ranking device 220 is provided with a comparator 306 fitted. Besides, the comparator is 306 designed to compare risk factor criteria and / or process control system criteria with other values, such as zero values or any other values.

To generate information that indicates whether the comparator 306 has found a match, the risk factor match and ranking device 220 is a match indicator 308 fitted. If the comparator 306 In the illustrated example, a match between a risk factor criteria value and a process control system criterion value or between any other values (eg, a risk factor criterion value and a zero value) is communicated by the comparator 306 a signal or information to the compliance indicator 308 to indicate that the match was found. The match indicator 308 then generates information indicating the match. For example, can the compliance indicator 308 the match information in the match information and integrity score 222 ( 3 ) to save. In an example implementation, the match information may include a risk factor recognition value and a recognition value of a matching field device, a matching workstation, etc., or a process control system. Additionally or alternatively, the match information may include a risk factor criteria value and a criterion value of a matching process control system. In another example implementation, the match information and the integrity score 222 include a list of field devices, workstations, etc. of a process control system, and the compliance indicator 308 may store a flag or bit value corresponding to certain field devices, workstations, etc. of the process control system that match at least one risk factor criteria.

To create an integrity score for a process control system that ignores the effects of the continual introduction of risk factors and classifies the integrity of a process control system with respect to the integrity of other DCS, is the risk factor matching and ranking facility 220 with a risk assessment and classification evaluator 310 fitted. If the comparator 306 in the example shown, has adjusted all the risk factors for a process control system within a certain period (eg daily) and has ideally adjusted all risk factors for all process control systems or at least for all peer process control systems in a certain period and the compliance indicator 308 Generating information indicating matches of all known risk factors for the process control system (the process control systems) then uses the risk assessment and ranking evaluator 310 the risk factors for a process control system and updates the prior risk assessment of the process control system based on the elimination or introduction of risk factors into the process control system. More precisely, the risk assessment and classification evaluator 310 use weighting values belonging to the individual risk factors to calculate the risk assessment for the process control system. Thereafter, the risk assessment and classification evaluator 310 use the risk assessments of all process control systems, or at least peer process control systems, to calibrate an integrity rating scale to the average risk assessment for the (peer) DCS and the risk assessment for a particular process control system using a non-linear scale and more specifically a non-linear scale factor on the integrity rating scale scale to move more strongly from one period to the next (eg, from one day to the next) between integrity rankings towards the middle of the integrity score scale than towards the end of the scale. To the match information and the integrity score 222 to the Post-Match / Post-Score SMS database 224 ( 3 ) is the risk factor matching and ranking device 220 with a match information and integrity rating interface 312 fitted.

5 Figure 11 shows a flow chart of an example method that may be used to identify risk factors (eg, KBA's, software updates, action alerts, service calls, lifecycle status, etc.) with process control systems (eg, process control systems of the sites 110 - 126 or process control systems of 110 - 114 ) or certain process control systems (eg the process control system of the site 110 ). The example method is designed to ensure, with a relatively high degree of certainty, that each risk factor is substantially aligned with all the monitored process control systems, or in particular those thereof, to which the particular risk factor is applicable. In the illustrated example, the example procedure for risk factor matching is used to compare risk factors with monitored process control systems on a global level (eg, all process control systems, all peer process control systems, etc.) and on a process control level. In this way, common risk factors are aligned with all or substantially all the monitored process control systems (or all or substantially all of the peer process control systems) to inform operators, system engineers, etc. about the applicable risk factors. The example procedure for matching risk factors is used to compare risk factors with specific process control systems to ensure that each risk factor is compared to certain monitored process control systems that belong to the same process line type as the risk factor. The example procedure for adjusting risk factors also ensures that monitored process control systems are compared with relevant risk factors even if the process line types and the risk factors do not belong to the same process line type. More specifically, in the example procedure for matching risk factors, process control system criteria and risk factor criteria are compared. For example, if a firmware update is applicable to process control systems that do not belong to the same process control system type as described in a process control system type field of the firmware update, the example method for risk factor matching may be used to compare the firmware update of firmware update criteria and process control system criteria to match the process control systems to which it is applicable. In this way, process control systems that do not belong to the same process line type as a firmware update, but that have software, firmware, hardware, etc. affected by the firmware update, can be synchronized with the firmware update.

Initially, the risk factor interface calls 302 ( 4 ) one of the risk factors 212 from 3 (Block 402 ) For example, from the SMS database 210 off ( 3 ). The risk factor interface 302 then determines the process control system type of the retrieved risk factor (Block 404 ). In the illustrated example, risk factors may be general risk factors that generally pertain to process control systems (or peer process control systems), or risk factors may be specific risk factors pertaining to a specific process control system or specific components (eg, field devices, workstations, controllers, etc.) of a particular process control system. In addition, the risk factors may include a category of actions such as required actions and a recommendation category, where a risk factor with a category of required actions indicates that action must be taken on the process control system, while a risk factor with a recommendation category is not necessarily an act on the process control system but still provides information related to improving the performance of the process control system. A risk factor with a category of required actions generally affects an integrity ranking of a process control system from one period to another and may be weighted more heavily than risk factors with a recommendation category. Risk factors with a recommendation category could have no effect on a process control system integrity score (eg no weighting factor for risk factors with a recommendation category), may have a positive but little or no negative impact (eg a weighting factor for a risk factor with a recommendation category) that someone has dealt with, but a risk factor with a referral category that no one has dealt with, is not weighted or lightly weighted) or may have a positive as well as a negative impact (eg, risk factors are weighted with a referral category).

The risk factor interface 302 then determines whether the retrieved risk factor is a general risk factor (Block 406 ). If the risk factor interface 302 determines that the retrieved risk factor is a general risk factor (Block 406 ) stores the match indicator 308 ( 4 ) Information in match information and integrity score 222 ( 3 ) to indicate that the retrieved risk factor applies to all monitored process control systems (Block 408 ), the information in the SMS database 210 have (eg all process control systems or all peer process control systems, that of the example system 200 be monitored). If the risk factor interface 302 however, determines that the retrieved risk factor is not a general risk factor (Block 406 ), then use the risk factor reconciliation and ranking facility 220 a process control system type of the retrieved risk factor and process control system types of monitored process control systems (eg of process control systems having configuration information stored in the SMS database 210 are stored) to determine if the risk factor applies to certain supervised process control systems (Block 410 ).

In particular, the risk factor reconciliation and ranking facility chooses 220 a supervised process control system (eg one of a plurality of supervised process control systems with configuration information stored in the SMS database 210 from 3 stored). In the illustrated example, the risk factor matching and ranking facility chooses 220 the process control system 204 ( 3 ) out. The configuration file interface 304 then retrieves the process control system configuration file associated with the process control system 204 corresponds (eg the process control system configuration file 218 from 3 ). For example, the configuration file interface calls 304 the process control system configuration file 218 from the SMS database 210 by sending a request to the SMS database 210 that contains identification information that the process control system 204 identify. The configuration file interface 304 then retrieves a process pipe type. The configuration file interface 304 can access the process control system configuration file 218 access to retrieve the process line type of each process control system. In the example shown, the configuration file interface calls 304 Only one process control system type from the process control system configuration file in the block 218 from. The comparator 306 then compares the retrieved process control system type of the process control system 204 with the one in the block 404 from 5 retrieved risk factor process control system type to determine whether the retrieved process control system type of the process control system 204 coincides with the risk factor process control system type. If the comparator 306 determines that the process control system type of the process control system 204 matches the risk factor process control system type, stores the match indicator 308 ( 4 ) Information in match information and integrity score 222 ( 3 ) to the match between the Process control system of the process control system 204 and the risk factor. After the match indicator 308 specified the match or if the comparator 306 determines that the process control system type of the process control system 304 does not match the risk factor process control system type, determines the risk factor matching and ranking facility 220 whether the process control system 204 another process control system to be compared with the risk factor process control system type. If the risk factor reconciliation and classification facility 220 determines that the process control system 204 another process control system to be compared calls the configuration file interface 304 the process control system type of the next process control system of the process control system 204 starting with the Risk Factor Process Control System type, which in block 404 from 5 was to be compared. If the risk factor reconciliation and classification facility 220 on the other hand determines that the process control system 204 has no further process control system to be compared, determines the risk factor matching and grading device 220 whether there is another supervised process control system to be analyzed. For example, the configuration file interface 304 the SMS database 210 consult to determine if the SMS database 210 Has configuration information for any other process control systems provided by the Risk Factor Balancing and Classification Facility 220 have not yet been compared with the risk factors on the basis of process control system types. If the Risk Factor Balancing and Classification Facility 220 determines that there is another supervised process control system to be analyzed, the control returns to the block and the risk factor matching and ranking facility 220 selects another supervised process control system.

After comparing node types (block 410 ) or after the match indicator 308 Information indicating that the retrieved risk factor applies to all monitored process control systems or peer process control systems (Block 408 ), uses the Risk Factor Balancing and Classification Facility 220 other process control system criteria of the retrieved risk factor and the monitored process control system to determine if the risk factor would not be applicable to any specific nodes of the monitored process control systems (Block 412 ). For example, if the operation (s) of block 410 determine that a risk factor applies to a particular process control system, it is stated that the risk factor status for that process control system is a match as long as the operation (s) of Block 412 do not specify that other process control system criteria associated with this process control system exist to preclude the applicability of the risk factor to the process control system.

The risk factor reconciliation and classification facility 220 then determines if there is another risk factor to analyze (Block 414 ). If another risk factor to be analyzed, for example in the SMS database 210 is present, the control returns to the block 402 back, and the risk factor interface 302 gets the next risk factor from the SMS database 210 from. Otherwise, submit the match information and integrity rating interface 312 the match information and integrity score 222 to a data structure (block 416 ), such as the Post-Match / Post-Score SMS database 224 ( 3 ), and the process ends.

6 shows a flowchart of an example method that can be used to provide a risk assessment for each process control system (eg process control systems of the sites 110 - 126 or peer process control systems of the locations 110 - 114 ). The example method is designed to be performed periodically, such as daily, every two days, weekly, etc. Generally speaking, the disclosed method of ignoring the effects of continuously introducing risk factors and classifying the integrity of process control systems based on their peers works with a higher degree of accuracy when the example method for determining a risk assessment for the individual process control systems is relatively frequent (eg daily ) instead of being performed less frequently (eg, monthly), simply because the set of risk factors that may accumulate for any or all of the process control systems over a longer period of time tends to degrade an integrity ranking of process control systems.

Further, the example method is designed to weight risk factors according to the type of risk factor (e.g., based on the risk factor criteria information). For example, KBAs and software updates may be weighted differently (i.e., have different weighting factors) than action alerts, while service calls may be weighted differently than software updates. Likewise, lifecycle statuses may be weighted differently than other risk factors, including those listed above.

In addition, in the example method, only certain risk factor types (eg, based on the risk factor criteria information) could be counted when categorizing counted risk factors as being an act require (risk factors to be eliminated) and non-counted risk factors are categorized as such that do not require action. For example, KBA's and software updates marked as "To Be Verified" (as provided, for example, by the Risk Factor Criteria Information) may each be added once to a process control system risk assessment, while KBA's and Software Updates listed as "On Demand" or "With" For information "are marked, do not need to be counted. Likewise, KBAs marked as "Not Completed" or "Not Applicable" do not need to be added to the risk assessment because it is assumed that a customer is the user 226 knows and mitigates the risk (or deals with it or determines its relevance elsewhere). KBAs can be counted once per process control system component affected by the KBA problem to be solved (eg once per device involved) or independently of the number of affected system components (eg once per process control system). Software updates may also count once per workstation or controller requiring a software or firmware update, or regardless of the number of workstations and controllers that need the update (eg once per process control system). It could include only open action alerts, and open service calls for risk assessment, with each open action alert and every open service call counting once per process control system. Action alerts may be generated when a monitored integrity parameter indicates a functional condition that could result in a process interruption or loss of asset availability where the remote monitoring system 102 Continuously monitoring integrity information of process control system components such as controllers, servers, workstations, Safety Instrumented Systems (SISs) controllers, switches, firewalls, infrastructure, etc. Any outdated and unsupported hardware or software can be considered a risk factor (eg, the hardware manufacturer or software developer no longer manufactures or sells the product and no longer supports the product with updates, hotfixes, troubleshooting, etc.).

In addition, different risk factors can be weighted by category. For example, a KBA may be weighted according to the categorization of the KBA, where a KBA categorized as a potential security problem to be resolved for a process control system (ie, a security KBA) is weighted differently than a KBA categorized as a process control system process interrupt (ie, a process KBA), both of which are weighted differently than a KBA that has been categorized as a problem to be solved in the context of protection of the process control system (ie, a protection KBA). Likewise, a software update may be weighted according to the categorization of the software update, whereby a software update categorized as a potential security problem to be solved for a process control system (ie, security software update) is weighted differently than a software update. categorized as a process control system process interrupt (ie, a process software update), both of which are weighted differently than a software update categorized as a problem to be solved in the context of process control system protection (ie, protection software). update). A service call may also be categorized and weighted according to the impact on operation, categorizing one type of service call as non-functional operation of the process control system, such as the process having come to a standstill, solving a problem with a security system (SIS) or that the process is unavailable or at significant risk. Another service call is categorized as a functional, albeit handicapped or vulnerable operation of the process control system, such as the process is running but the yield, rate, quality or regularity is hampered or compromised. A lifecycle status can be categorized as current or active (eg, the hardware or software is still manufactured and supported) (eg, with updates, troubleshooting, etc.)) or can be categorized as obsolete (eg, the hardware or software is from the hardware manufacturer or no longer offered by the software developer and is no longer supported). Outdated lifecycles can be weighted higher than current / active lifecycles, and in some cases current / active lifecycles can not be weighted at all (i.e., only outdated lifecycles count).

It should also be noted that any type of process control system (eg DeltaV ™, Ovation ™, AMS ™, etc.) may each have different risk factors, and each risk factor has different weighting values. During each process control system of the sites 110 - 126 is linked to a risk assessment based on its risk factors, as shown by the example method of 6 For the purposes of classifying the integrity of each process control system the locations could be calculated 110 - 126 as in the example method of 7 , only peer process control systems (eg only DeltaV ™ process control systems) are considered.

As in 6 1, the example method may initially retrieve the risk factors associated with the process control system of the example method of FIG 5 were reconciled. In particular, the risk assessment calls and Einstufungsauswerter 310 ( 4 ) the risk factors 212 that have been synchronized with the process control system (block 502 ), for example from the Post-Match / Post-Score SMS database 224 and, in particular, the compliance information contained therein ( 3 ). The Risk Assessment and Assessment Evaluator 310 then determines the previous risk assessment for the monitored process control system from the match and integrity rating interface 312 (Block 504 ). If this is the first time that the process control system's risk assessment and integrity assessment are evaluated, the determination of the previous risk assessment can be skipped or otherwise circumvented. Alternatively, by default, the previous risk assessment can be set to an initial value (eg zero or the previous average of all risk assessments for all process control systems). Furthermore, the retrieval of the previous risk determination, regardless of whether a risk assessment for the process control system has already been determined, may be omitted for all iterations (ie, for each periodic determination), in which case each process control system is provided with a baseline risk assessment (eg, zero or the previous one) Average of all risk assessments for all process control systems).

The Risk Assessment and Rating Evaluator 310 then determines if the retrieved risk factor has been eliminated (Block 506 ). For example, if a customer as a user 226 (For example, a system engineer) Risk factors are communicated, which were compared with the process control system, the customer can be a user 226 deal with the risk factor or ignore the risk factor. If the customer is a user 226 When dealing with the risk factor, the risk factor is considered eliminated. Risk factors can be considered eliminated in several ways. For example, a customer may be a user 226 a process control system using the web interface 232 indicate that a KBA to be processed has been read (eg "In progress", "Not applicable" or "Completed"), a software update to be processed has been installed (eg "In progress", "Not applicable" or "Completed") someone has dealt with an open action alert (eg "Closed" or "Downgraded"), someone has dealt with an unperformed service call (eg "Closed" or "Demoted") and / or an outdated lifecycle has been upgraded (eg "Current / Active), such as when obsolete hardware or software is being replaced. The web interface 232 This information can be sent to the Post-Match / Post-Score SMS database 224 for use by the Risk Assessment and Rating Evaluator 310 to transfer. If the risk factor is considered eliminated, its weighting value is subtracted from the process control system's risk assessment, or, in the case of a modification of a previous risk assessment, it is subtracted from the previous risk assessment (Block 508 ). If there is another risk factor that must be taken into account for the process control system (block 514 ), the example procedure returns the control back to block 506 to consider the next risk factor. Otherwise, the example method determines whether there is another supervised process control system for which a risk assessment has to be performed (block 516 ). If so, the scheme goes back to block 502 to retrieve the risk factors for the next monitored process control system. Otherwise, the example procedure ends for this period and is performed by the Risk Assessment and Rating Evaluator 310 automatically re-executed in the next period (eg daily).

The Risk Assessment and Rating Evaluator 310 then determines whether the retrieved risk factor has been introduced, such as whether a new risk factor has been introduced into the process control system since the example process for the process control system was last executed (Block 510 ). Risk factors can be introduced in different ways. For example, a KBA to be processed that has not yet been read, a software update to be processed that is available but not yet installed, an open action alert that no one has addressed yet, an open service call that no one else is looking at has and / or outdated hardware / software. In many cases, the newly introduced risk factors remain to be worked off because the customer as the user 226 For example, the system engineer did not have the opportunity to gain knowledge of the risk factor at all. Thus, mastering the integrity of a system (that is, systematically eliminating risks to the reliability, integrity, and performance of the system) is a perpetual process. For example, new protection updates from Microsoft® are released each month and tested for compatibility with various process control product lines. Likewise every month service calls are made by the process control systems of the locations 110 - 126 be received, evaluated, resulting in new or revised KBA's and / or software updates. For extended periods of time, technological advances are leading to new operating systems, computers, and process control hardware and software offerings (eg, from manufacturers and / or software developers) that find their way into existing process control systems through extensions, migrations, and modernization projects. Furthermore, a newly recognized functional state may activate an open action alert. A newly recognized non-functioning process (or one that is in serious danger of falling into a non-functional state) or a newly identified disabled or vulnerable one Operation can activate an open service call. Furthermore, although hardware and / or software components of the process control system are generally more durable, they "age" with time, with newer versions, etc., eventually becoming obsolete, out of production, and / or unsupported could become. Generally speaking, new risk factors can be constantly introduced (eg daily), be they general risk factors or specific risk factors.

Regardless of whether they are general risk factors or specific risk factors, risk factors to be eliminated, which are introduced into the process control system, are added to the risk assessment (Block 512 ). If there is another risk factor that must be taken into account for the process control system (block 514 ), the example procedure returns the control back to block 506 to consider the next risk factor. Otherwise, the example method determines whether there is another supervised process control system for which a risk assessment has to be performed (block 516 ). If so, the scheme goes back to block 502 to retrieve the risk factors for the next monitored process control system. Otherwise, the example procedure ends for this period and is performed by the Risk Assessment and Rating Evaluator 310 automatically re-executed in the next period (eg daily). The resulting risk assessment for the supervised DCS can be considered as a preliminary risk assessment that does not necessarily indicate the integrity (or risk burden) of the process control system, partly because of the continued adoption of risk factors that no one has been able to address and for all process control systems, or at least apply to all peer process control systems in general. Also, the preliminary risk assessment can be found in the Post-Match / Post-Score SMS database 224 get saved.

To address the problem of the continued introduction of risk factors shows 7 a flow chart of an example method that can be used to classify the integrity of the individual process control systems. As already mentioned, the continued introduction of risk factors inflates the risk assessment of a process control system. In many cases, the same risk factors (ie common risk factors) apply to a variety of all supervised DCS or at least to all monitored peer DCS (eg, all DeltaV ™ systems, all Ovation ™ systems, all AMS ™ systems, etc.) because of different Types / product families of process control systems may have different risk factors. In other cases, risk factors (ie specific risk factors) apply to a particular process control system, but are not necessarily unique to the process control system. Nevertheless, the continued introduction of general and specific risk factors can be overwhelming and result in low integrity ratings if only based on the number of risk factors for a particular process control system. On the other hand, there is little or no change (or negative change) in the integrity ranking of the process control system, which means that one does not address the risk factors. Risk factors that nobody deals with reduce the reliability, the protection and the performance of the process control system. The following example method of 7 is related to a variety of monitored process control systems, such as the process control systems of sites 110 - 126 However, one of ordinary skill in the art will appreciate that the example method is equally applicable to supervised peer process control systems such as the process control systems 110 - 114 or on process control systems to which the risk factors apply.

As in 7 The example method can show the average of the preliminary risk assessment from the example method of 6 and the risk assessment of all monitored process control systems or at least all monitored peer process control systems. More specifically, the Risk Assessment and Rating Evaluator calls 310 ( 4 ) the risk assessments for the process control systems, for example, from the post-match / post-score SMS database 224 off ( 3 ). The Risk Assessment and Rating Evaluator 310 then forms the average of the risk assessment. Alternatively, the Risk Assessment and Rating Evaluator 310 form the mean of the risk assessments of all monitored process control systems.

The Risk Assessment and Rating Evaluator 310 then calibrates an integrity rating scale to the average (or average) risk assessment of the monitored process control systems (Block 604 ). The integrity rating scale can be fixed and bounded to have upper and lower bounds. In one example, the integrity rating scale can be defined from 0 to 10, where "0.0" is the lower bound, which indicates a very poor integrity score, and "10.0" is the upper bound, which indicates a very good integrity score. To achieve a set scale, a logarithmic distribution or scaling can be applied to the average risk assessments as there is no maximum for the potential number of risks no one has addressed yet. As a result, a very good integrity score (eg, approaching the upper limit) can be achieved without completely eliminating all risk factors. Likewise, a very bad rating (eg, approaching the lower limit) will not be significantly improved if someone else with only one risk factor, but no one has dealt with a variety of other risk factors. In this example, the integrity rating scale is linear, but logarithmic scales can also be used for a large rating area which can not be easily represented by a limited linear integrity rating scale.

The integrity rating scale is calibrated so that a middle scale rating (eg, "5.0") matches the average (or mean) risk assessment of the monitored DCS. More specifically, a calibration factor may be determined by logarithmic scaling (eg, a natural logarithm) of the average risk assessment of the monitored process control systems. For example, the calibration factor may be represented as follows: N = ln (0.5) / Risk _Avg , where N is the calibration factor, 0.5 is the center of a linear scale, and Risk _{Avg is} the average preliminary risk assessment for all monitored DCS. The calibration factor calibrates the integrity rating scale to the average risk assessment of the monitored process control systems. Thus, the average scale of the Integrity Rating scale is achieved when the risks to a process control system that no one has addressed are at the heart of the integrity ratings of all the monitored process control systems. The classification is particularly useful when using a variety of system process control systems (eg, process control systems within a single site or a single business unit), as in 14 be shown where a prioritization aid is desired on a broad basis.

Furthermore, risk factors introduced into all supervised process control systems simultaneously or within a short period of time (eg, common risk factors) have no effect on any individual process control system compared to other process control systems where the risk factors have been eliminated, at least not until someone joins the risk factor. For example, a Microsoft® protection update for all Windows ™ operating systems, which theoretically affects all process control systems simultaneously, does not degrade the rating for any particular process control system, because it applies to all process control systems simultaneously or at least within the same time period Integrity scale is recalculated and integrity ratings are calculated (eg daily). In contrast, risk factors that apply only to a particular supervised process control system or to less than all of the supervised process control systems (e.g., specific risk factors) may have an impact on the integrity rating of that process control system.

The Risk Assessment and Rating Evaluator 310 then determines the integrity rating for each process control system (block 606 ). The integrity rating of the process control system measures how well risks for the safety instruction, the protection and the process of the process control system are mastered. The smaller the number of risks to the process control system that are still open or that nobody has dealt with, the better the classification. More specifically, a nonlinear scaling factor and the calibration factor are applied to the preliminary risk assessment for the process control system. Again, the calibration factor ignores the effects of risk factors being introduced into all or substantially all monitored DCS, leaving only those risk factors that are introduced to certain monitored DCS as having an impact on the integrity rating of that DCS.

The non-linear scaling factor allows for greater motion for DCSs that have been ranked at the middle of the integrity rating scale than for DCS that have been rated at the upper or lower bounds of the integrity rating scale. For example, using an exponential scale between zero and one, the rating is 10 * e ^ (N * Risk), where "10" is a scaling factor according to the upper bound of the integrity rating scale, N is the calibration factor, and Risk is the preliminary risk assessment of the monitored process control system is. This creates a bell curve distribution such that a supervised process control system experiences a greater change in its integrity rating scale from one period to the next toward the middle range of the integrity rating scale (e.g., all risk assessment and integrity scores are reevaluated daily). In contrast, a supervised process control system that has an integrity score to the top or bottom of the integrity rating scale does not undergo such a large change from one period to the next.

The integrity rating for the supervised DCS can be found in the Post-Match / Post-Score SMS database 224 stored and via the web interface 232 the automailer 234 and / or the RSS feed interface 236 transmitted to the monitored process control system (block 608 ). If the example method determines that there is another supervised process control system to be categorized by the example procedure (block 610 ), the scheme goes back to block 606 to the risk assessment for the next monitored process control system to scale. Otherwise, the process may end.

Even if on the maintenance information and the services provided by the example remote maintenance system 102 may be accessed by any type of software program described above, the example methods and systems are described for convenience in connection with web pages using web browser applications accessed from any of the workstation terminals 13 or any other computing device with access to the remote maintenance system 102 can be represented, that is with an authorization, on information about a particular process control system or certain of the process control systems that are on the remote maintenance system 102 are registered to access. In the example implementations described herein, the web pages used to provide the screens described below to an exemplary graphical user interface are provided by the web page server 106 from 2 for example, using, for example, an Active Server Page ("ASP") technology. In addition, the maintenance information, services, and facilities provided through the screens of the exemplary graphical user interface may be retrieved from data structures residing in the main server 104 and / or the webpage server 106 and / or in the SMS server 108 from 2 are stored.

A main screen 700 is in 8th shown in detail. In the illustrated example of 8th is the main screen 700 is implemented using a portal-like web page that provides links to various risk factors and risk factor control options provided by the example remote maintenance system 102 to be provided. The main screen provides the primary interface for managing system integrity control tasks supported by optional automatic e-mail notifications (for example, the automailer 234 and Periodic System Analysis Reports (SAR)). The most common tasks are to respond to KBAs and apply software updates, each from selectable tabs 702 . 704 being represented. Each selectable tab 702 . 704 can a message 705 indicating whether any risk factors of this type exist and indicating the number of risk factors. KBAs and software updates that match the contents of the process control system can be classified into four categories. 1 ) Product safety notice - problems with the potential to affect safety; 2 ) Protection - problems that affect the protection; 3 Process - problems known to have disrupted process control; 4 ) As needed - Other issues that may affect the system, such as configuration or migration. Each category can have a selectable tab 708 - 714 be associated and a message 716 indicating whether any risk factors are associated with the category and the number of risk factors. A customer as a user 226 can by selecting appropriate tabs 702 . 704 access risk factor information, risk services or maintenance facilities that belong to the respective process control systems. As shown, selecting the KBA tab causes 702 , the product safety messages 704 concerns that the main screen 700 a plurality of selectable tabs 706 indicating which categories are involved.

To manage the disposition of knowledge base articles and software updates, an efficient three-state tracking scheme is provided to check things that need to be reviewed, things in progress, and things that the customer, as a user, does 226 or differentiate it from the relevant hardware or software configuration / application of the system. A customer as a user 226 can be accessed via selectable tabs that show which risk factors no one has addressed ("Check" 718 ), someone is currently busy ("In progress" 720 ) and someone has already dealt with it ("Action completed / Not applicable") 722 ), access information about each risk factor category. Once again, risk factors that have not been addressed by anyone are considered to be introduced risk factors that no one has addressed yet, while risk factors that someone is studying or dealing with are considered as eliminated risk factors.

In 9 a scheduling management screen is shown as a result of selecting one of the tabs 718 - 722 can be shown. As in 9 can show risk factor information according to an identifier 724 ("KBA number"), according to symptoms 726 ("System behavior"), according to applicability 728 ("Applicability / Probability"), a method to address the risk 730, 732 ("Recovery / Workaround" and "Avoidance / Solution"), a number of affected components within the process control system 734 ("Affected Nodes") and as appropriate 736 ("User's Notes"). How out 9 As can be seen, each category for each risk factor includes detailed information for the customer as a user 226 how to determine the risk factor what effects it has and how to deal with the risk factor.

So that a customer as a user 226 can consider the integrity rating for (at least) one process control system that is on the remote maintenance system 102 is registered and under observation and responsibility of the customer as a user 226 can have a main integrity rating screen 800 be provided as in 10 shown. As in 8th is shown, several process control systems can be selected if the customer is the user 226 is authorized to access the integrity ratings of a variety of process control systems. Generally speaking, the process control systems are located within the same site and / or within the same enterprise. The main integrity rating screen enables a customer as a user 226 to view the integrity ranking of the process control system using graphics that communicate the information intelligibly, in a simple, efficient and coherent manner, to the authorized user 226 See the reliability, the protection and the performance of the process control system at a glance. Each process control system can be presented as a selectable graphical representation of its integrity rating, as well as related information, including the product family of the process control system.

To view more specific information about a process control system and the risk factors that led to the integrity rating, a graphical representation of a particular process control system may be selected to provide a process control system function rating screen 900 to produce, as in 11 shown. As in 11 is shown presents the process control system function rating screen 900 the overall integrity rating for the process control system 902 , as in 10 , and each of the different risk factor types (eg KBAs 904 , Software updates 906 , Action alerts 908 , Service calls 910 ). Each risk factor type includes subcategories according to the type of KBA 912 , the type of software update 914 , the type of a warning 916 and the type of service call 918 as described above and the number of risk factors associated with each subcategory.

In order to eliminate risk factors in a timely manner or otherwise take steps to eliminate risk factors and achieve better system security, security and performance and thereby improve the integrity rating for a process control system, the Website may provide various screens, as in 12-15 shown. In 12 is, for example, a registration upload screen 1000 provided by a customer as a user 226 a new process control system registry file in the remote maintenance system 102 after installing software updates or making other changes to a system content. The remote maintenance system 102 Uses this information to identify necessary (uninstalled) updates. Installing a software update can also eliminate a related knowledge database article. The registration process (eg updating the remote maintenance system 102 with new or updated process control system components, configurations, etc.) may be similar or the same as described above.

Some knowledge base articles require a local on-site action on the process control system to determine if a problem to be solved is relevant or to confirm that an action has been taken. For example, a KBA may require a physical hardware check or verification of the process control system configuration to determine if the problems that caused the conditions still exist. After this has been done, the status of the item can be viewed by a customer as a user 226 through a selectable tab ("Actions") for KBAs, as in 8th shown, updated. As in 13 is shown, the selection of the action tab may generate an action menu with various options for updating the status of the KBA (or other risk factor). As discussed above, in-work, completion, or non-apply status items are no longer considered to be a risk in the integrity ranking for the process control system.

Some protection updates for a computer's operating system or applications are only relevant if they are set up in a specific way by the process control's registry utility (and therefore by the remote maintenance system 102 ) can not be recognized. Thus, it may be that the remote maintenance system 102 indicates that an update is allowed for installation, although it can not be installed at all. Or there may be computers or updates for which a customer acts as a user 226 has taken other actions to limit a risk, or has determined that there is no risk. The status of the software update can be viewed by a customer as a user 226 be updated by a selectable tab ("Actions") for software updates. As in 14 is shown, the selection of the action tab may generate an action menu with various options for updating the status of the software update. As discussed above, points with an in-work, completed or no-go status will no longer be considered a risk in considers the functional capability evaluation for the process control system.

Additional considerations for improving the integrity rating for a process control system include addressing service calls, automatic message alerts, and reviewing system analysis reports, each requiring no further disclosure through presentation. As discussed above, open service calls can be categorized and weighted separately. For example, service calls with "Open Category A" or "Open Category B" represent a first risk. To close these calls or warnings, the service technician assigned to the call must take care of it. Once closed or downgraded to an operational impact category lower than "B", the risk is eliminated and the integrity rating is improved. A customer as a user 226 can also sign up for automatic message emails from the remote maintenance system 102 register to ensure that they are aware of new risks to the integrity of the system once identified. System analysis reports reflect the maintenance process of a process control system, highlighting key maintenance issues and facilitating the identification of longer - term system durability risks that are not included in the integrity assessment of the process control system, but which nevertheless have a proactive effect on maintaining the integrity of the process control system Have process control system.

As indicated above, shows 10 a graphical user interface of an example of a system health score screen that may be used to indicate the health score for a variety of process control systems within an enterprise; In this particular case, the customer is the user 226 able to provide the integrity rating for all process control systems within its field of observation and responsibility, such as the remote maintenance system 102 registered, to look at. That is, the example company has a relatively limited number of process control systems (ie, eight). In other cases, however, a company may have tens or hundreds of process control systems that can be distributed around the world, making it available to a customer as a user 226 can be almost impossible to monitor all or a significant part of the process control systems within the company easily. For example, a customer may be a user 226 who must supervise DCSs within a particular region of the world (eg, all the process control systems of a North American company), have an oversight and oversight of dozens of DCSs based solely on the number of individual integrity ratings that the customer as the user 226 because of the limitations of the display, all can not all be meaningfully displayed on a single screen (ie, a presentation of overall integrity ratings for process control systems can not be meaningfully displayed on a single screen due to the size and resolution of the screen).

To determine the integrity of a variety of process control systems 16 a routine for determining the overall integrity of a variety of process control systems at different levels of integration, from which a customer as a user 226 then "drill" to different levels of integration of process control systems within a company, either externally or internally. In one example, integration levels of process control systems within an enterprise can be defined according to: 1 ) Companies; 2 ) geographical area; 3 ) Place; and 4 ) Product line. The company level includes all the process control systems of a company worldwide. The geographic area level includes all process control systems within a particular geographic area of the earth, which can be defined according to common geographic boundaries (eg North America, South America, Middle East, etc.) or geographic boundaries defined by the company (eg, the eastern one) United States, defined by an area east of the Mississippi River). The local level includes all process control systems at a specific location, such as a location of a plant (eg, a process plant in Austin, TX). In many cases, the local level may include only one process control system, but some plant locations may utilize a variety of process control systems. The product line level includes all process control systems that belong to a specific product family of the process control system manufacturer. For example all DeltaV ™ systems, all Ovation ™ systems, all AMS ™ systems, etc.

As in 16 the determination of collective integrity begins with a risk assessment 1002 to determine a risk assessment for each of the process control systems within the enterprise. In particular, the risk assessment can 1002 using the risk assessment of 6 be executed. As with the risk assessment of 6 can the risk assessment 1002 Retrieve risk factors associated with the individual process control systems from the example method of 5 were reconciled. In summary, the Risk Assessment and Rating Evaluator calls 310 the risk factors 212 that have been synchronized with the process control system (block 502 ), and then determines the previous one Risk assessment for the monitored process control system from the reconciliation and integrity rating interface 312 (Block 504 ). The Risk Assessment and Rating Evaluator 310 then determines if the retrieved risk factor has been eliminated (Block 506 ). If the risk factor has been eliminated, its weighting value is subtracted from the process control system risk assessment or subtracted from the previous risk assessment (Block 508 ). The Risk Assessment and Rating Evaluator 310 then determines if the retrieved risk factor has been introduced (Block 510 ), and risk factors to be processed that have been introduced into the process control system are counted as risk assessment (Block 512 ). Then the next risk factor for the process control system is considered (block 514 ) or the next supervised process control system is subjected to a risk assessment (block 516 ).

After the risk assessment 1002 An integrity score is determined for each process control system in the enterprise 1004 , In one example, the integrity of each process control system on a non-linear scale integrity score scale is centered on the average risk assessments of the plurality of process control systems as described with reference to FIG 7 was disclosed. In summary, the average of the risk assessments of block 1002 and the risk assessment and grading evaluator 310 then calibrates an integrity rating scale to the average (or average) risk assessment of the monitored process control systems (Block 604 ). As above, the integrity score scale may be fixed and bounded to have upper and lower bounds, and to achieve a fixed scale, logarithmic distribution or scaling may be applied to the average risk scores so that a very good integrity score (the approaching the upper limit, for example) can be achieved without the complicated elimination of all risk factors, and a very poor classification (approaching the lower limit, for example) by dealing with only one risk factor will not be significantly improved if nobody deals with a multitude of others Risk factors. The Risk Assessment and Rating Evaluator 310 then determines the integrity rating for each process control system (block 606 Integrity score is a measure of how well risks for the process control system are controlled. The integrity rating for the supervised DCS can be found in the Post-Match / Post-Score SMS database 224 stored and via the web interface 232 the automailer 234 and / or the RSS feed interface 236 transmitted to the monitored process control system (block 608 ). Then the next supervised process control system is classified (block 610 ).

Once the risk assessments and ratings for each of the process control systems in the enterprise have been determined, an integrated navigation menu can be displayed 1006 , which specifies higher and lower integration levels of integrity ratings, and the customer as the user 226 to be able to select an integration level (eg, company, geographic area, location, product line, etc.) to view the collective integrity ranking for that level of integration (eg, the collective integrity of process control systems within a company, the collective integrity of process control systems within one) geographical area, etc.). Generally speaking, the integrated navigation menu organizes the integrity ratings so that the customer acts as the user 226 has the ability to view or access the collective integrity scores in a consistent and integrated organized manner so that they can be used to provide a common viewing platform in terms of integrity scores created or used in a single navigation menu. More precisely, the technique of 16 automatically a navigation menu, for example, by each customer as a user 226 who is authorized to view and access the integrity ratings of one or more of the integration levels at the web interface 232 can be used. In fact, the navigation tree menu links to the Post-Match / Post-Score SMS database 224 provides a higher-level integration platform that receives and organizes health assessments for a variety of process control systems at different levels of integration or hierarchy within the enterprise.

In addition to the navigation menu, a customer can act as a user 226 an informational view or information area is presented 1008 to provide an integrated view of collective integrity ratings from the post-match / post-score SMS database 224 provide. In one example, the navigation menu area having a navigation menu with headings (eg, "Company", "World Territory", "Location" and "Product Line") is presented with the information view providing information about the collective integrity of the selected integration level within the navigation menu ,

A customer as a user 226 can then make a selection 1010 from the navigation menu to view the collective integrity of a variety of process control systems at a desired integration level. As in 17 In the above example of a navigation menu titled "Company,""WorldTerritory,""Location," and "Product Line," a customer may be a user 226 Companies 1100 , World region 1102 (above as well geographical area), place 1104 or product line 1106 choose. Of course, the selection options may depend on the various levels of integration presented in the navigation menu and / or on the customer's authorized access area as a user in the remote management system. For example, some users within an enterprise may only be authorized to view a particular level of integration (eg, only business, only world region, etc.). In other cases, users may be authorized to view a particular level of integration and all levels of integration below (eg, a given world area and all locations within the given world area), but not an integration level above (eg, business).

Based on the selection 1100 - 1106 by the customer as a user 226 The integrity ratings are selected for all process control systems within the selected integration level 1008 - 1114 , For example, for the enterprise integration level, the individual health scores for all process control systems worldwide are selected 1008 for this business unit. Similarly, for the global level integration level, the individual health scores for all process control systems within (at least) a selected geographic area are selected for that business unit 1010 , In one example, the selection of a world region 1102 specify a specific area of the world (eg, North America), with integrity ratings selected only for North American process control systems 1110 , In another example, the selection of the world area 1102 Selection of all integrity ratings for different geographic areas for which the customer is authorized as a user, but grouped by geographic area (eg North America, South America, Middle East, etc.).

Similarly, for the location integration level, the selection of a location 1104 specify a specific location, with integrity ratings selected only for process control systems at the selected location (eg, only process control systems at an Austin, TX facility) 1112 , Alternatively, the selection of a location may result in the selection of all integrity ratings for different locations for which the customer is authorized as a user, but grouped by location (eg, group ratings for process control systems on facilities in Austin, TX and group ratings for process control systems on facilities in Melbourne, Australia) or within a specific geographic area (eg group ratings for all process control systems in North American plants).

The selection of a line of process control system products 1106 can specify a particular product family, which is integrity ratings for only the selected product family 1114 (eg only for DeltaV ™). Alternatively, selecting a product line may result in selecting all integrity ratings for a particular location, geographic area, or company, but grouped by product line (eg, all DeltaV ™ systems in the enterprise, all AMS ™ systems in the enterprise) Company, etc.).

Once the integrity ratings for process control systems within an integration level have been selected 1108 - 1114 , the integrity ratings can be weighted for each process control system. In one example, the integrity scores may be weighted equally (or not weighted). However, it is often the case that some DCSs are considered more important or critical to a customer than a user or a business entity than other DCSs. In one case, the customer, as a user, may consider one or more process control systems more critical to his responsibilities and / or operations than other process control systems (eg, consider DeltaV ™ systems as more critical than AMS ™ systems, or process control systems of a facility in Melbourne, Australia). are considered more critical than process control systems of an Austin, TX facility). In another case, a business unit may consider certain process control systems more critical than other process control systems (eg, based on industries, finances, win rate, operations, etc.). Thus, different process control systems may be more critical to customers as users at different levels (eg, operations, business, etc.) based on their respective responsibilities. Thus, the integrity ratings of the process control systems can be weighted according to criticalities defined by the customer (eg, based on values set by the customer as a user) 226 be assigned to).

In another example, the integrity scores may be weighted according to the size of the individual process control systems. In particular, it can be assumed that larger process control systems are considered more critical for a customer than a user or a business entity than smaller process control systems. The size of a process control system can be determined in various ways, including the number of device signal identifiers (DSTs), device identifiers and / or devices within a process control system. Device signal tags are typically based on the number of device signals within a process plant that can be measured by the number of inputs from the system I / O, which is the number of inputs from the controllers, the number of inputs to a function block and / or expenses a function block can act. Device identifiers represent the physical addressing of devices within a process control system, and devices within a process system can affect the number of devices within the process control system. The process by which a process control system is measured may depend on the product line of the process control system. For example, the size of DeltaV ™ systems can be measured by DSTs, but not by device identifiers or devices. In contrast, the size of AMS Device Manager systems can be measured by device labels, but not by DSTs or devices, and the size of Ovation ™ machinery health systems can be measured by the number of Ovation ™ machinery health systems. Devices (eg analyzers) are measured in the process control system. As noted above, because of technical and conceptual differences between different process control system products, it is desirable to use peer process control systems (eg, only DeltaV ™ systems, Ovation ™ systems, etc.) to classify other process control systems that are part of the same family of process control systems Manufacturer, such as process control systems of the same or a related product line. Likewise, the weighting and collective categorization of process control systems may be based on peer product control systems within an enterprise. Once the individual integrity ratings have been weighted 1116 For example, the example method may form the average of the integrity ratings 1118 to the collective integrity rating 1120 derive. Like back in 16 is shown, then the collective integrity rating is the user as the user 226 in the information view 1012 presented in one or more of the advertisements disclosed below.

18-22 Examples of screens that can be implemented using a portal-like web page providing links to various risk factors and risk factor control options are those of the exemplary remote maintenance system 102 to be provided. The main screen provides the primary interface for managing system health-related tasks, and in particular for monitoring collective health ratings at various levels of integration within an enterprise. Note that different screens provide different integrity ratings, but these views still display the data in a common or consistent format, making it easier for the customer as a user to understand the collective integrity ratings and to navigate through the collective integrity ratings.

As in 18-22 can be shown, each of the screens with a navigation menu 1200 and an information view 1202 be constructed. Exactly shows 18 a screen to provide an integrated view of collective integrity ratings from the process of 16 provide. More specifically, the screen display includes a navigation menu area 1200 which has a navigation menu with seven headings (By System, By Business, By Business And Location, By World Area, By Product Line, By Product Line And Category, By Customer Group), and an information area 1202 , the information about the collected integrity scores of the selected integration level within the navigation menu portion 1200 provides. As in the sample screen of 18 the level of integration (that is, By System) selected to be associated with a single process control system is only one health rating for a particular process control system (ie, "PE Test System For Patch Management") in the information domain 1202 Similar to the presentation of an integrity rating for individual process control systems in 10 ,

As in 19 is shown, the screen display also has a navigation menu area 1200 with a selection navigation menu that, when unfolded, displays different levels of integration than in 18 , The screen also has an information area 1202 on. In this specific case, "By Company" is from the navigation menu area 1200 selected so that in the information area 1202 collective classifications for the whole company (eg "A1 Chemicals"). As noted above, due to technical and conceptual differences, only process control systems of the same or related product lines are categorized as a risk factor could apply to one type of process control system but not to others. Thus presents the information view 1202 the collective integrity ratings at the enterprise level but separated by product line (ie "AMS Device Manager" and "DeltaV"). How out 19 is apparent, is the collective integrity rating 1204 for all AMS device manager systems within the enterprise, 2.3 (on a scale of 0.0 to 10.0), which may indicate poor integrity within these systems, and the collective health rating for all DeltaV systems within the enterprise Company is 4.5, which can show proper integrity within these systems. Likewise be on a selection menu 1206 that specifies options for weighting the individual integrity ratings of the process control systems. In this particular example, each of the process control systems within the individual product lines and within the enterprise receives the same weighting.

In contrast, in 20 the same level of integration shown broken down by product lines as in 19 except that the option "system size" from the selection menu 1206 has been selected. In the above examples, the system size for AMS Device Manager systems is measured according to the number of device tags, while the system size for DeltaV systems is measured according to the device signal tag. After weighting, the collective rating for AMS device manager systems at enterprise level is 0.0, indicating not only poor collective integrity within these systems, but also that larger (eg, more critical) systems (ie, more heavily weighted systems ) have a poor integrity score, which means that the rating is compared to the simple average of 19 is pulled down. By comparison, the weighted collective rating for DeltaV ™ systems at enterprise level is 5.8, indicating not only a fair to good collective integrity within these systems, but a simple average in 19 Also, larger (eg, more critical) systems have good integrity, although some smaller (eg, less critical) systems have poorer integrity.

In either case, the customer, as a user, can select (eg, click) the integrity ratings to view the integrity ratings of the geographic area, location, or system that contribute to the collective health score for the business. For example, the screen of 21 in response to the selection of the integration level "Weltgegend" in the navigation menu area 1200 or in response to the selection of an integrity rating 1204 are displayed. Again, the collective integrity ratings at the geographic area level are in the information view 1202 presented and broken down into product lines so that AMS device manager systems and DeltaV systems have separate collective integrity ratings for the Asia-Pacific geographical area. In this specific case, each geographical area (ie "Asia-Pacific", "Europe" and "North America") is presented separately 1208, but it should be made clear that specific geographical areas can be called (ie that only the collective integrity for "Asia -Pacific "is shown). Again, the ratings can be set according to the option in the selection menu 1206 be weighted.

The screen of 22 can in response to the selection of the integration level "product" line in the navigation menu area 1200 or in response to the selection of a product line in the previous screen (eg, inward navigation or drill-down on process control systems at a product line integration level). Likewise, a customer as a user 226 navigate outward from this screen or perform a "drill-up", for example, using a selection from the navigation menu area 1200 , In this particular case, the collective integrity ratings are shown in relation to product lines at an enterprise level, as from a comparison between 19 and 22 is visible, even if "By Product Line" is selected. Thus, it should be clear that the levels of integration are not necessarily static in relation to each other, and that different options in the navigation menu area 1200 can be presented. For example, a customer may be a user 226 consider collective integrity rankings by product line at a company level, geographic area, place level, etc. As another example, as a user in a case where integration levels are also defined by industry, a customer may consider collective integrity rankings by product line for a particular industry at the enterprise level, geographic level, and so forth.

Although the above disclosure relates to the integrity of process control systems, either individually or collectively, at various levels of integration, the performance of a process control system, as well as in US Pat 23 shown also by the remote monitoring system 102 be monitored. For example, a process control system may not necessarily have poor integrity but still not perform well. In general, the customer as a user 226 can not readily determine whether a process control system is or will not deliver the expected performance in its area of responsibility (ie whether it could perform better). For example, it may be that a customer as a user 226 does not realize that half of a loop does not perform well or is off because of variability in the loop, poor hardware, inadequate hardware (eg, an oversized valve does not provide the correct resolution compared to a valve of appropriate size in the loop ready for a regulation), because of lack of time, lack of knowledge, etc. It may also be that a customer as a user 226 does not recognize that a process control system is underutilized. 23 is thus an example of a screen that is a warning 1210 to the customer as a user 226 indicates that performance or workload issues are to be solved in the process control system. The user may have the option to ignore the warning or the warning 1210 to navigate down to the root cause of poor performance, underutilization, and so on.

1. 1. Ein Verfahren zum Feststellen einer kollektiven Integrität einer Mehrzahl von Prozessleitsystemen, das umfasst: automatisches und periodisches Feststellen eines Risikos für jedes von einer Mehrzahl von Prozessleitsystemen, wobei jedes Prozessleitsystem mindestens einen Risikofaktor aufweist, der dem Prozessleitsystem zugeordnet ist, wobei die Einführung eines Risikofaktors in ein Prozessleitsystem in jeder Periode die Risikofeststellung für dieses Prozessleitsystem steigert, und wobei die Eliminierung eines Risikofaktors aus einem Prozessleitsystem in jeder Periode die Risikofeststellung für dieses Prozessleitsystem verringert; Einstufen der Integrität jedes Prozessleitsystems innerhalb einer Integritätseinstufungsskala, die durch eine Ober- und eine Untergrenze festgelegt ist, wobei die Integritätseinstufung auf der Risikofeststellung für jedes Prozessleitsystem basiert; Anzeigen eines integrierten Navigationsmenüs mit einer Vielzahl von auswählbaren Menüpunkten, die höhere und niedrigere Integrationsebenen der Integritätseinstufungen vorgeben; Anzeigen einer Informationsansicht, die dem Navigationsmenü zugeordnet ist; Ermöglichen der Auswahl eines oder mehrerer auswählbarer Menüpunkte innerhalb des Navigationsmenüs durch einen Benutzer, um höhere und niedrigere Integrationsebenen der Integritätseinstufungen vorzugeben; und Präsentieren einer kollektiven Integritätseinstufung der Prozessleitsysteme, die dem auswählbaren Menüpunkt zugeordnet sind, in der Informationsansicht in einem Format für jeden von den verschiedenen auswählbaren Menüpunkten, welche die höheren oder niedrigeren Integrationsebenen der Integritätseinstufungen vorgeben, wobei das Format ein übliches Anzeigeformat zur Darstellung der kollektiven Integritätseinstufungen der Prozessleitsysteme ist, die den einzelnen auswählbaren Menüpunkt zugeordnet sind, welche die höheren und niedrigeren Integrationsebenen der Integritätseinstufungen vorgeben.
2. 2. Das Verfahren gemäß dem Aspekt 1, wobei sich ein und derselbe Risikofaktor, der in jedes von der Mehrzahl von Prozessleitsystemen in einer Periode eingeführt wird, nicht auf die Integritätseinstufung von irgendeinem von der Mehrzahl von Prozessleitsystemen auswirkt, und wobei sich eine Eliminierung eines Risikofaktors aus einem Prozessleitsystem in einer Periode auf die Integritätseinstufung eines Prozessleitsystems, das in einer vorherigen Periode nahe der Mitte der Integritätseinstufungsskala hin eingestuft wurde, stärker auswirkt als auf die eines Prozessleitsystems, das in der vorherigen Periode nahe der Ober- oder Untergrenze der Integritätseinstufungsskala eingestuft wurde.
3. 3. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei sich jedes Prozessleitsystem an einem Anlagenstandort befindet, der geografisch von anderen Anlagenstandorten von der Mehrzahl anderer Prozessleitsysteme getrennt ist, und wobei eine Integrationsebene ein geografisches Gebiet umfasst.
4. 4. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, in der Informationsansicht die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme innerhalb des ausgewählten geografischen Gebiets umfasst.
5. 5. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei jedes Prozessleitsystem ein Mitglied einer Produktfamilie von Prozessleitsystemen eines Herstellers ist, die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Produktfamilien gehören und wobei eine Integrationsebene eine Produktfamilie umfasst.
6. 6. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, in der Informationsansicht die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme derselben ausgewählten Produktfamilie umfasst.
7. 7. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei jedes Prozessleitsystem Teil eines Unternehmens ist, wobei die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Unternehmen gehören und wobei eine Integrationsebene ein Unternehmen umfasst.
8. 8. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, in der Informationsansicht die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme desselben Unternehmens umfasst.
9. 9. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei jedes Prozessleitsystem Teil desselben Unternehmens ist, wobei eine Integrationsebene das Unternehmen umfasst, und wobei die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, in der Informationsansicht die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme des Unternehmens umfasst.
10. 10. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei jedes Prozessleitsystem Teil eines Geschäftszweigs ist, wobei die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Geschäftszweigen gehören und wobei eine Integrationsebene einen Geschäftszweig umfasst.
11. 11. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, in der Informationsansicht die Darstellung einer kollektiven Integritätseinstufung der Prozessleitsysteme desselben Geschäftszweigs umfasst.
12. 12. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei die kollektive Integritätseinstufung einen Durchschnitt der Integritätseinstufungen der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, umfasst.
13. 13. Das Verfahren gemäß einem der vorangehenden Aspekte, ferner das Gewichten der Integritätseinstufung für jedes Prozessleitsystem umfassend, wobei die durchschnittliche kollektive Integritätseinstufung einen gewichteten Durchschnitt umfasst.
14. 14. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei das Gewichten der Integritätseinstufung für jedes Prozessleitsystem das Gewichten der Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl eingegebener Gerätesignalkennzeichen von Controllern im gesamten Prozessleitsystem umfasst.
15. 15. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei das Gewichten der Integritätseinstufung für jedes Prozessleitsystem das Gewichten der Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl von Gerätekennzeichen im Prozessleitsystem umfasst.
16. 16. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei das Gewichten der Integritätseinstufung für jedes Prozessleitsystem das Gewichten der Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl von Geräten im gesamten Prozessleitsystem umfasst.
17. 17. Das Verfahren gemäß einem der vorangehenden Aspekte, wobei das Gewichten der Integritätseinstufung für jedes Prozessleitsystem das Gewichten der Integritätseinstufung für jedes Prozessleitsystem gemäß einem Wert umfasst, der von einem Benutzer des Prozessleitsystems zugewiesen wird.
18. 18. Die Vorrichtung zum Feststellen einer kollektiven Integrität einer Mehrzahl von Prozessleitsystemen, die umfasst: einen Server, der dafür ausgelegt ist, ein Prozessleitsystem und eine Mehrzahl anderer Prozessleitsysteme zu registrieren, um eine Wartung der Prozessleitsysteme zu erleichtern, wobei sich das Prozessleitsystem an einem ersten Anlagenstandort befindet, der geografisch von anderen Anlagenstandorten anderer Prozessleitsysteme getrennt ist; eine Schnittstelle, die mit dem Server kommuniziert und die dafür ausgelegt ist, auf Basis einer Überwachung der Prozessleitsysteme Risikofaktoren aus einer Datenbank abzurufen, die mit dem Server kommuniziert; eine Kommunikationsschnittstelle, die dafür ausgelegt ist, Risikofaktoren für die Prozessleitsysteme zu übermitteln, wobei jedes Prozessleitsystem mindestens einen Risikofaktor aufweist, der dem Prozessleitsystem zugeordnet ist; und einen Prozessor, der mit der Schnittstelle, dem Server und der Kommunikationsschnittstelle kommuniziert, wobei der Prozessor dafür ausgelegt ist, automatisch und periodisch: die Integrität jedes Prozessleitsystems innerhalb einer Integritätseinstufungsskala, die durch eine Ober- und eine Untergrenze festgelegt ist, auf Basis der Risikofeststellung für jedes Prozessleitsystem einzustufen; ein integriertes Navigationsmenü mit einer Vielzahl von auswählbaren Menüpunkten, die höhere und niedrigere Integrationsebenen der Integritätseinstufungen vorgeben, anzuzeigen; eine Informationsansicht anzuzeigen, die dem Navigationsmenü zugeordnet ist; einem Benutzer die Auswahl eines oder mehrerer auswählbarer Menüpunkte innerhalb des Navigationsmenüs zu ermöglichen, um höhere und niedrigere Integrationsebenen der Integritätseinstufungen vorzugeben; und eine kollektive Integritätseinstufung der Prozessleitsysteme, die dem auswählbaren Menüpunkt zugeordnet sind, in der Informationsansicht in einem Format für jeden von den verschiedenen auswählbaren Menüpunkten anzuzeigen, welche die höheren oder niedrigeren Integrationsebenen der Integritätseinstufungen vorgeben, wobei das Format ein übliches Anzeigeformat zur Darstellung der kollektiven Integritätseinstufungen der Prozessleitsysteme ist, die den einzelnen auswählbaren Menüpunkt zugeordnet sind, welche die höheren und niedrigeren Integrationsebenen der Integritätseinstufungen vorgeben.
19. 19. Das System gemäß dem Aspekt 18, wobei sich ein und derselbe Risikofaktor, der in jedes von der Mehrzahl von Prozessleitsystemen in einer Periode eingeführt wird, nicht auf die Integritätseinstufung von irgendeinem von der Mehrzahl von Prozessleitsystemen auswirkt, und wobei sich eine Eliminierung eines Risikofaktors aus einem Prozessleitsystem in einer Periode auf die Integritätseinstufung eines Prozessleitsystems, das in einer vorherigen Periode nahe der Mitte der Integritätseinstufungsskala eingestuft wurde, stärker auswirkt als auf die eines Prozessleitsystems, das in der vorherigen Periode nahe der Ober- oder Untergrenze der Integritätseinstufungsskala hin eingestuft wurde.
20. 20. Das System gemäß Aspekt 18 oder Aspekt 19, wobei sich jedes Prozessleitsystem an einem Anlagenstandort befindet, der geografisch von anderen Anlagenstandorten von der Mehrzahl anderer Prozessleitsysteme getrennt ist, und wobei eine Integrationsebene ein geografisches Gebiet umfasst.
21. 21. Das System gemäß einem der Aspekte 18-20, wobei der Prozessor dafür ausgelegt ist, eine kollektive Integritätseinstufung der Prozessleitsysteme innerhalb des ausgewählten geografischen Gebiets darzustellen.
22. 22. Das System gemäß einem der Aspekte 18-21, wobei jedes Prozessleitsystem ein Mitglied einer Produktfamilie von Prozessleitsystemen eines Herstellers ist, die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Produktfamilien gehören und wobei eine Integrationsebene eine Produktfamilie umfasst.
23. 23. Das System gemäß einem der Aspekte 18-22, wobei der Prozessor dafür ausgelegt ist, eine kollektive Integritätseinstufung der Prozessleitsysteme innerhalb derselben ausgewählten Produktfamilie darzustellen.
24. 24. Das System gemäß einem der Aspekte 18-23, wobei jedes Prozessleitsystem Teil eines Unternehmens ist, wobei die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Unternehmen gehören und wobei eine Integrationsebene ein Unternehmen umfasst.
25. 25. Das System gemäß einem der Aspekte 18-24, wobei der Prozessor dafür ausgelegt ist, eine kollektive Integritätseinstufung der Prozessleitsysteme innerhalb desselben ausgewählten Unternehmens darzustellen.
26. 26. Das System gemäß einem der Aspekte 18-25, wobei jedes Prozessleitsystem Teil desselben Unternehmens ist, wobei eine Integrationsebene das Unternehmen umfasst, und wobei der Prozessor dafür ausgelegt ist, eine kollektive Integritätseinstufung der Prozessleitsysteme des Unternehmens darzustellen.
27. 27. Das System gemäß einem der Aspekte 18-26, wobei jedes Prozessleitsystem Teil eines Geschäftszweigs ist, wobei die Mehrzahl von Prozessleitsystemen zu zwei oder mehr verschiedenen Geschäftszweigen gehören und wobei eine Integrationsebene einen Geschäftszweig umfasst.
28. 28. Das System gemäß einem der Aspekte 18-27, wobei der Prozessor dafür ausgelegt ist, eine kollektive Integritätseinstufung der Prozessleitsysteme innerhalb desselben Geschäftszweigs darzustellen.
29. 29. Das System gemäß einem der Aspekte 18-28, wobei die kollektive Integritätseinstufung einen Durchschnitt der Integritätseinstufungen der Prozessleitsysteme, die mit dem ausgewählten Menüpunkt in Zusammenhang stehen, umfasst.
30. 30. Das System gemäß einem der Aspekte 18-29, wobei der Prozessor ferner dafür ausgelegt ist, die Integritätseinstufung für jedes Prozessleitsystem zu gewichten, wobei die durchschnittliche kollektive Integritätseinstufung einen gewichteten Durchschnitt umfasst.
31. 31. Das System gemäß einem der Aspekte 18-30, wobei der Prozessor dafür ausgelegt ist, die Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl eingegebener Gerätesignalkennzeichen von Controllern im gesamten Prozessleitsystem zu gewichten.
32. 32. Das System gemäß einem der Aspekte 18-31, wobei der Prozessor dafür ausgelegt ist, die Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl von Gerätekennzeichen im Prozessleitsystem zu gewichten.
33. 33. Das System gemäß einem der Aspekte 18-32, wobei der Prozessor dafür ausgelegt ist, die Integritätseinstufung für jedes Prozessleitsystem gemäß der Anzahl von Geräten im Prozessleitsystem zu gewichten.
34. 34. Das System gemäß einem der Aspekte 18-33, wobei der Prozessor dafür ausgelegt ist, die Integritätseinstufung für jedes Prozessleitsystem gemäß einem Wert zu gewichten, der von einem Benutzer des Prozessleitsystems zugewiesen wird.

Embodiments of the technique described in the present disclosure may include any number of the following aspects, either alone or in combination.

1. A method for determining a collective integrity of a plurality of process control systems, comprising: automatically and periodically determining a risk for each of a plurality of process control systems, each process control system having at least one risk factor associated with the process control system, the introduction of a risk factor in a process control system in each period increases the risk assessment for this process control system, and wherein the elimination of a risk factor from a process control system in each period reduces the risk assessment for that process control system; Ranking the integrity of each process control system within an integrity rating scale defined by upper and lower bounds, wherein the integrity rating is based on the risk assessment for each process control system; Displaying an integrated navigation menu with a plurality of selectable menu items that provide higher and lower integration levels of the integrity ratings; Displaying an informational view associated with the navigation menu; Allowing a user to select one or more selectable menu items within the navigation menu to specify higher and lower integration levels of the integrity ratings; and presenting a collective integrity score of the process control systems associated with the selectable menu item in the informational view in a format for each of the various selectable menu items that specify the higher or lower integration levels of the integrity ratings, the format being a common display format for representing the collective integrity scores of the process control systems associated with the single selectable menu item which specify the higher and lower integration levels of the integrity scores.
2. 2. The method according to the aspect 1 wherein one and the same risk factor introduced into each of the plurality of process control systems in a period does not affect the integrity rating of any one of the plurality of process control systems, and wherein elimination of a risk factor from a process control system in one period is limited to Integrity rating of a DCS that was ranked near the middle of the Integrity Rating Scale in a previous period has a greater impact than that of a DCS that was ranked near the upper or lower bounds of the Integrity Rating Scale in the previous period.
3. 3. The method of one of the preceding aspects, wherein each process control system is located at a plant site that is geographically separate from other plant sites of the plurality of other process control systems, and wherein an integration level comprises a geographic area.
4. 4. The method of one of the preceding aspects, wherein presenting a collective integrity score of the process control systems associated with the selected menu item comprises, in the informational view, representing a collective integrity score of the process control systems within the selected geographic area.
5. 5. The method of one of the preceding aspects, wherein each process control system is a member of a family of process control systems of a manufacturer, the plurality of process control systems belong to two or more different product families, and wherein an integration level comprises a product family.
6. 6. The method of one of the preceding aspects, wherein the representation of a collective integrity score of the process control systems associated with the selected menu item includes, in the informational view, the representation of a collective health score of the process control systems of the same selected product family.
7. 7. The method of one of the preceding aspects, wherein each process control system is part of an enterprise, wherein the plurality of process control systems belong to two or more different companies and wherein one level of integration comprises a business.
8. 8. The method of one of the preceding aspects, wherein the representation of a collective integrity score of the process control systems associated with the selected menu item comprises, in the informational view, the representation of a collective integrity score of the process control systems of the same enterprise.
9. 9. The method of one of the preceding aspects, wherein each process control system is part of the same enterprise, wherein an integration level comprises the enterprise, and wherein the representation of a collective integrity score of the process control systems associated with the selected menu item in the information view is the representation of a collective integrity rating includes the company's process control systems.
10. 10. The method of one of the preceding aspects, wherein each process control system is part of a business, wherein the plurality of process control systems belong to two or more different business branches and wherein an integration level comprises a business line.
11. 11. The method of one of the preceding aspects, wherein the representation of a collective integrity score of the process control systems associated with the selected menu item comprises, in the informational view, the representation of a collective health score of the process control systems of the same business line.
12. 12. The method of one of the preceding aspects, wherein the collective integrity score comprises an average of the integrity ratings of the process control systems associated with the selected menu item.
13. 13. The method of any of the preceding aspects, further comprising weighting the integrity score for each process control system, the average collective integrity score comprising a weighted average.
14. 14. The method of one of the preceding aspects, wherein weighting the integrity score for each process control system comprises weighting the integrity score for each process control system according to the number of input device signal characteristics of controllers throughout the process control system.
15. 15. The method of one of the preceding aspects, wherein weighting the integrity score for each process control system comprises weighting the integrity score for each process control system according to the number of equipment tags in the process control system.
16. 16. The method of one of the preceding aspects, wherein weighting the integrity score for each process control system comprises weighting the integrity score for each process control system according to the number of devices in the overall process control system.
17. 17. The method of one of the preceding aspects, wherein weighting the integrity score for each process control system comprises weighting the integrity score for each process control system according to a value assigned by a user of the process control system.
18. 18. The apparatus for determining a collective integrity of a plurality of process control systems, comprising: a server configured to register a process control system and a plurality of other process control systems to facilitate maintenance of the process control systems, the process control system being based on a first process control system Plant location that is geographically separated from other plant sites of other process control systems; an interface that communicates with the server and that is configured to retrieve risk factors from a database that communicates with the server based on monitoring the process control systems; a communication interface adapted to communicate risk factors to the process control systems, each process control system having at least one risk factor associated with the process control system; and a processor that communicates with the interface, the server, and the communication interface, the processor configured to automatically and periodically: the integrity of each process control system within an integrity rating scale defined by upper and lower bounds based on the risk assessment to be classified for each process control system; display an integrated navigation menu with a plurality of selectable menu items that specify higher and lower integration levels of integrity scores; to display an information view associated with the navigation menu; allow a user to select one or more selectable menu items within the navigation menu to specify higher and lower integration levels of the integrity ratings; and display a collective integrity score of the process control systems associated with the selectable menu item in the information view in a format for each of the various selectable menu items that specify the higher or lower integration levels of the integrity scores, the format being a common display format for representing the collective integrity scores of the process control systems associated with the single selectable menu item which specify the higher and lower integration levels of the integrity scores.
19. 19. The system according to the aspect 18 wherein the same risk factor introduced into each of the plurality of process control systems in a period does not affect the integrity rating of any one of Plurality of process control systems, and wherein eliminating a risk factor from a process control system in one period has a greater impact on the integrity rating of a process control system ranked in a previous period near the middle of the integrity rating scale than that of a process control system in the previous period classified near the upper or lower bound of the integrity rating scale.
20. 20. The system according to aspect 18 or aspect 19 wherein each process control system is located at a plant site that is geographically separate from other plant sites of the plurality of other process control systems, and wherein an integration level includes a geographic area.
21. 21. The system according to one of the aspects 18 - 20 wherein the processor is configured to represent a collective integrity score of the process control systems within the selected geographic area.
22. 22. The system according to one of the aspects 18 - 21 wherein each process control system is a member of a family of process control systems of a manufacturer, the plurality of process control systems belong to two or more different product families, and wherein an integration level comprises a product family.
23. 23. The system according to one of the aspects 18 - 22 wherein the processor is configured to represent a collective integrity score of the process control systems within the same selected product family.
24. 24. The system according to one of the aspects 18 - 23 where each process control system is part of an enterprise, where the majority of process control systems belong to two or more different companies and where one level of integration includes a business.
25. 25. The system according to one of the aspects 18 - 24 wherein the processor is configured to represent a collective integrity score of the process control systems within the same selected enterprise.
26. 26. The system according to one of the aspects 18 - 25 wherein each process control system is part of the same enterprise, wherein an integration level comprises the enterprise, and wherein the processor is configured to represent a collective health score of the enterprise's process control systems.
27. 27. The system according to one of the aspects 18 - 26 wherein each process control system is part of a business branch, wherein the plurality of process control systems belong to two or more different business branches and wherein an integration layer comprises a business branch.
28. 28. The system according to one of the aspects 18 - 27 wherein the processor is configured to present a collective integrity score of the process control systems within the same business line.
29. 29. The system according to one of the aspects 18 - 28 wherein the collective integrity score comprises an average of the integrity ratings of the process control systems associated with the selected menu item.
30. 30. The system according to one of the aspects 18 - 29 wherein the processor is further configured to weight the integrity score for each process control system, the average collective health score comprising a weighted average.
31. 31. The system according to one of the aspects 18 - 30 wherein the processor is adapted to weight the integrity score for each process control system according to the number of input device signal characteristics of controllers throughout the process control system.
32. 32. The system according to one of the aspects 18 - 31 wherein the processor is configured to weight the integrity score for each process control system according to the number of device tags in the process control system.
33. 33. The system according to one of the aspects 18 - 32 wherein the processor is configured to weight the integrity score for each process control system according to the number of devices in the process control system.
34. 34. The system according to one of the aspects 18 - 33 wherein the processor is configured to weight the integrity score for each process control system according to a value assigned by a user of the process control system.

Although the above text has provided a detailed description of numerous different embodiments of the invention, it is to be understood that the scope of the invention may be defined by the literal language of the claims which appear at the end of this specification and their equivalents. The detailed description is to be considered as an example only and does not describe every possible embodiment of the invention, as the description of each possible embodiment would not make sense, if not impossible. Numerous alternative embodiments could be implemented, for which either up-to-date technology or technology could be used, only after the filing of this patent which would nevertheless be within the scope of the claims by which this invention is defined. As such, any modifications and variations can be made to the techniques and structures described and illustrated herein without departing from the spirit and scope of the present invention. Thus, it should be understood that the methods and apparatus described herein are illustrative only and not limiting of the scope of the invention.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• US 14875336 [0001]
• US 7698242 [0006, 0010, 0032]

Claims (17)

A method for determining a collective integrity of a plurality of process control systems, comprising: automatically and periodically determining a risk for each of a plurality of process control systems, each process control system having one or more risk factors associated with the process control system, wherein the introduction of a risk factor into a process control system in each period increases the risk assessment for that process control system, and the elimination of a risk factor from a process control system in each period reduces the risk assessment for this process control system; Prioritizing the integrity of each process control system within an integrity rating scale defined by an upper bound and a lower bound, the integrity being based on the risk assessment for the individual process control systems; Displaying an integrated navigation menu having a plurality of selectable menu items that provide higher and lower integration levels of the integrity ratings; Displaying an informational view associated with the navigation menu; Allow a user to select one of the selectable menu items in the navigation menu to specify higher and lower integration levels of the integrity ratings; and Presenting a collective integrity score of the process control systems associated with the selected menu items in a format for each of the various selectable menu items that specify the higher and lower integration levels of the integrity ratings, the format being a common display format for representing the collective integrity scores of the process control systems which are related to the individual selectable menu items that specify the higher and lower integration levels of the integrity ratings. Method according to Claim 1 wherein the same risk factor introduced into each of the plurality of process control systems in a period does not affect the integrity rating of any of the plurality of process control systems, and wherein the elimination of a risk factor from a process control system in one period is more pronounced impacting the integrity rating for a DCS that was ranked near the middle of the integrity rating scale in the previous period, as for a DCS that was ranked near the upper or lower bounds of the integrity rating scale in the previous period. Method according to Claim 1 or 2 , especially after Claim 1 wherein each process control system is located at a plant site that is geographically separate from other plant sites of the plurality of other process control systems, and wherein an integration level includes a geographic area, and / or wherein the representation of a collective integrity score of the process control systems associated with the selected menu item in In the information view, the representation of a collective integrity rating of the process control systems within the selected geographic area. Method according to one of Claims 1 to 3 , especially after Claim 1 wherein each process control system is a member of a family of process control systems of a manufacturer, the plurality of process control systems belong to two or more different product families and wherein an integration level comprises a product family, and / or wherein the representation of a collective integrity rating of the process control systems associated with the selected menu item in the information view, the representation of a collective integrity rating of the process control systems of the same selected product family includes. Method according to one of Claims 1 to 4 , especially after Claim 1 wherein each process control system is part of an enterprise, wherein the plurality of process control systems belong to two or more different companies, and wherein an integration level comprises an enterprise, and / or wherein the representation of a collective integrity rating of the process control systems associated with the selected menu item, in the information view, the representation of a collective integrity rating of the process control systems of the same selected enterprise. Method according to one of Claims 1 to 5 , especially after Claim 1 , wherein each process control system is part of the same company, where an integration level includes the company, and wherein the representation of a collective integrity ranking of the process control systems associated with the selected menu item, in the information view, representing the representation of a collective integrity score of the company's process control systems. Method according to one of Claims 1 to 6 , especially after Claim 1 wherein each process control system is part of a business branch, wherein the plurality of process control systems belong to two or more different business lines, and wherein an integration level comprises a business line, and / or wherein the representation of a collective integrity score of the process control systems associated with the selected menu item, in the information view, the representation of a collective integrity ranking of the process control systems of the same business branch comprises. Method according to one of Claims 1 to 7 , especially after Claim 1 wherein the collective integrity score comprises an average of the integrity scores of the process control systems associated with the selected menu item, and / or further comprising weighting the integrity score for each process control system, the average collective integrity score comprising a weighted average, and / or weighting the health score for each process control system comprising weighting the health score for each process control system according to the number of input device designation characteristics of controllers throughout the process control system, and / or weighting the health score for each process control system weighting the health score for each process control system according to the number of device characteristics in the process control system The process control system includes, and / or wherein weighting the integrity score for each process control system is weighting the integrity and for each process control system, weighting the integrity rating for each process control system according to a value assigned by a user of the process control system. A system for determining a collective integrity of a plurality of process control systems, comprising: a server configured to register a process control system and a plurality of other process control systems to facilitate maintenance of the process control systems, wherein the process control system resides at a first plant location that is geographically separate from other plant sites of other process control systems; an interface that communicates with the server and that is designed to retrieve risk factors from a database communicating with the server based on monitoring the process control systems; a communication interface adapted to communicate risk factors to the process control systems, each process control system having at least one risk factor associated with the process control system; and a processor communicating with the interface, the server and the communication interface, the processor being adapted to automatically and periodically: to classify the integrity of each process control system within an integrity rating scale set by upper and lower bounds based on the risk assessment for each process control system; display an integrated navigation menu having a plurality of selectable menu items that specify higher and lower integration levels of the integrity scores; to display an informational view associated with the navigation menu; allow a user to select one of the selectable menu items in the navigation menu to specify higher and lower integration levels of the integrity ratings; and representing a collective integrity score of the process control systems associated with the selected menu item in a format for each of the various selectable menu items that specify the higher and lower integration levels of the integrity scores, the format being a common display format for representing the collective integrity scores of the Is process control systems associated with the individual selectable menu items that specify the higher and lower integration levels of the integrity scores. System after Claim 9 wherein the same risk factor introduced into each of the plurality of process control systems in a period does not affect the integrity rating of any of the plurality of process control systems, and wherein the elimination of a risk factor from a process control system in one period is more pronounced impacting the integrity rating for a DCS that was ranked near the middle of the integrity rating scale in the previous period, as for a DCS that was ranked near the upper or lower bounds of the integrity rating scale in the previous period. System after Claim 9 or 10 , especially after Claim 9 wherein each process control system is located at a plant site that is geographically separate from other plant sites of the plurality of other process control systems, and wherein an integration level includes a geographic area, and / or wherein the processor is configured to collectively assess the integrity of the process control systems within the selected one geographical area. System according to one of Claims 9 to 11 , especially after Claim 9 wherein each process control system is a member of a family of process control systems of a manufacturer, the plurality of process control systems belong to two or more different product families, and wherein an integration level comprises a product family, and / or wherein the processor is configured to collectively rank the process control systems within the same selected product family. System according to one of Claims 9 to 12 , especially after Claim 9 wherein each process control system is part of an enterprise, wherein the plurality of process control systems belong to two or more different companies, and wherein an integration level comprises an enterprise, and / or wherein the processor is configured to represent a collective health score of the process control systems of the same selected enterprise. System according to one of Claims 9 to 13 , especially after Claim 9 wherein each process control system is part of the same enterprise, wherein an integration level comprises the enterprise, and wherein the processor is configured to represent a collective health score of the enterprise's process control systems. System according to one of Claims 9 to 14 , especially after Claim 9 wherein each process control system is part of a business branch, wherein the plurality of process control systems belong to two or more different business lines and wherein an integration layer comprises a business line and / or wherein the processor is configured to provide a collective health score of the process control systems of the same business branch. System according to one of Claims 9 to 15 , especially after Claim 9 wherein the collective integrity score comprises an average of the integrity scores of the process control systems associated with the selected menu item, and / or wherein the processor is further configured to weight the integrity score for each process control system, the average collective integrity score being a weighted average and / or wherein the processor is configured to weight the integrity score for each process control system according to the number of input device signal characteristics of controllers throughout the process control system, and / or wherein the processor is configured to provide the integrity score for each process control system according to the number of device tags in the process control system, and / or wherein the processor is adapted to weight the integrity score for each process control system according to the number of devices in the process control system, and / or wherein the processor is configured to weight the integrity score for each process control system according to a value assigned by a user of the process control system. A computer-readable storage medium containing instructions that cause at least one processor to perform a method according to any one of Claims 1 to 8th to implement when the instructions are executed by at least one processor.

Images