ORIGNIX Cyber Operational Resilience Management (cyberORM™) system is a market differentiator and our crown jewel methodology. The framework maps the ISA/IEC 62443 cybersecurity life cycle with ISA/IEC 61511 functional safety life cycle and the IT Infrastructure Library (ITIL) best practices in managing security and changes to network-capable devices within Industrial Automation and Control Systems.

The industry-first cyberORM™ system operates as the day-to-day beating heart of the ISA/IEC 62443 aligned IACS cybersecurity life cycle. It addresses the daily challenges in a structured and systematic way under well-defined Capability Maturity Model Integration (CMMI) key capabilities.


The CyberPRA™ project is delivered through a six-phase approach:

Phase 1: Prepare. Assessment of the project objectives, review of current architecture design, configuration information, HAZOP, PHA, and risk matrix.

Phase 2: Assess. On-site vulnerability assessment (cyberVAS™).

Phase 3: Analyze. Off-site cyberGEP™ assessment, threat and vulnerabilities analysis.

Phase 4: CollaborateCollaborative on-site sessions:

  • cyberHAZOP™ – Evaluation of threats, consequences, countermeasures, and discussion of recommendations.
  • cyberLOPA™ – Evaluation of high consequence incident scenarios. Order of magnitude estimation of cause frequency, loss event, and safeguards.

Phase 5: Report. Development of executive summary and detailed report. Presentation of the prioritized list of risks and actions.

Phase 6: Mitigate. Development of requirements specifications. Risk reduction planning and execution.


The cyberORM™ system integration engagement consists of seven phases that are repeated for each of the Cyber ORM components.

Phase 1: Prepare. Assessment of project objectives. Review of existing cybersecurity, ICS/OT documentation.

Phase 2: Assess. In-depth assessment of existing processes.

Phase 3: Analyze. Off-site analysis to identify integration points between existing and new processes.

Phase 4: Collaborate. Collaborative on-site integration session to review existing processes, proposed process solutions, and determine use-cases.

Phase 5: Customize. Off-site analysis of the feedback received from all stakeholders to re-evaluate integration and customization updates to cyber operations and maintenance system and the integration with other cyber processes.

Phase 6: Review. On-site walk through of use-cases by select client team members and agreement on Key Performance Indicators (KPIs).

Phase 7:  Commission. Present executive summary to client leadership, process orientation and training. Handover detailed process documentation.

Cyber Resilience Engineering Service Delivery

Service delivery is achieved through eight phases.

Phase 1: Plan. Perform detailed stakeholder analysis and develop a project plan.

Phase 2: Define. Define solution objectives tailored to business requirements. Develop Technical Cybersecurity Requirements Specifications (CSRS) that include operating and sustainment requirements.

Phase 3: Architect. Development of cybersecurity solution architecture and validation against defined requirements.

Phase 4: Design. Development of detailed cybersecurity designs to include computing and networked devices. Establish design specifications and validate the design against defined requirements.

Phase 5: Build. Build a cybersecurity solution with associated controls. Perform Cyber Factory Acceptance Testing (CyberFAT) to validate the solution against the defined requirements.

Phase 6: Commission. Perform IT Change Management and Engineering/Plant Management of Change. Implementation of cyber countermeasures followed by Cyber Site Integration Testing (CyberSIT) and Cyber Site Acceptance Testing (CyberSAT).

Phase 7: Operate. Provide as-built detailed documentation and initiate Operations/Sustainment.