Program Management

EXITECH approaches cybersecurity program management with a business governance mindset that supports client’s business goals while providing cost-effective pragmatic solutions that achieve best practices.  This is accomplished with effective governance, policy & procedure, strategy, training, assessment, and compliance. 

EXITECH has been doing business in multiple industrial critical infrastructures for over 25 years.  EXITECH understands how to help clients meet regulatory needs or business objectives while building a program that will protect assets.  

EXITECH is a security and control system vendor neutral organization.  This gives EXITECH the advantage of working with the client’s preferred security hardware and control system components.  EXITECH will provide the leadership to build an affective cybersecurity program.

Process and Procedure Development

EXITECH recognizes that processes and procedures cannot be developed in a vacuum.  EXITECH helps clients by identifying key stakeholders and develop a comment and review process before any process or procedure is developed.  EXITECH believes in obtaining buy in and properly integrating into established processes and procedures throughout development.

EXITECH will develop processes and procedures to help achieve security and regulatory standards such as NRC (RG 5.71 & NEI 08-09 Rev. 6), NERC CIP Standards, ISO/IEC 27000, CFAT, and NIST.

Program Audit, Gap, and Compliance Analysis

Companies already deal with a shortage of staff and whether the company is preparing to perform an audit or preparing to have an external audit, the staffing demand created by the audit work can be overwhelming.  The auditing of programs can be driven by best practice or regulatory requirements.  EXITECH helps clients perform and prepare for both internal and regulatory audits reducing the demands on an already burdened workforce.

Training Criteria and Module Development

EXITECH provides a wide range of training services to help you meet or exceed your corporate training goals.  We will assist your staff with the determination of training requirements, design and development of training programs, implementation of training materials, and evaluation of the effectiveness of training. 

Critical Digital Asset Database Development, Configuration, & Reporting

Since 1985, EXITECH’s relational databases have been supporting simulators in multiple industries.  This experience combined with our knowledge of plant systems, industrial control systems, and regulatory standards enables us to design solutions to ensure risk management and compliance is achieved thoroughly and cost-effectively.

Procurement, Component Specification, Factory Acceptance Testing, and Verification & Validation Services

Procuring new systems to meet specific specifications can be a daunting task.  Ensuring Cybersecurity requirements in new purchases are specified correctly and attending factory acceptance testing can deplete vital company resources.  EXITECH offers these services to help offload the burden of these demands. 

EXITECH has been helping companies procure simulators for decades.  Combining our specification methodology with our knowledge of cybersecurity standards we are able to offer clients a cost-effective service that ensures cybersecurity specifications are achieved. 

Verification & validation services provide vendors an independent V&V for their products.  Since EXITECH is vendor neutral, we are able to provide all vendors an independent V&V to boost client confidence in vendor products.  We work with vendors to develop testing procedures to assess their product for cybersecurity standards. 

Incident Response Simulations

Companies invest millions of dollars in simulators to simulate approximately 70% of the critical digital assets at a plant as well as simulate scenarios for emergency drills.  These simulators are perfect for driving Cybersecurity incident response scenarios. 

EXITECH’s vast experience in simulation coupled with our knowledge of cybersecurity standards puts our company in a unique market position to help write cybersecurity scenarios for plant simulators.  Regulation and standards are pushing for annual cybersecurity incident response drills.  Using a simulator that puts your cybersecurity incident response team in an actual plant scenario will provide your team the necessary environment and scenario to perform these drills while gaining valuable experience for incident response.

Critical Digital Asset Identification and Assessment

Nuclear and electric utility regulatory standards for cybersecurity are requiring the identification and assessment of critical assets.  With many plants going to digital control systems the amount of assets to assess can consume valuable specialized resources.   Our knowledge of plant systems, industrial control systems, and regulatory standards enables us to provide identi