How to apply ISA-95 for smart manufacturing with IIoT devices

ISA-95 has served as a useful standard for manufacturers for many years. However, when technical experts try to fit industrial IoT into already standard-compliant manufacturing systems, strict adherence to ISA-95 is neither necessary nor sufficient.

Most technical experts working with industrial IoT (IIoT) are already familiar with ISA-95, the International Society of Automation's specification for developing an automated interface between enterprise and control systems. The standard provides a framework for thinking about IIoT technology and creates consistency across suppliers and manufacturers. Adherence to standards in IT environments generally results in more extensive implementations, smoother operations and an expanded market of compatible solutions both now and in the future. Standards also expand the pool of potential staff members who are familiar with how the organization functions. Consistency can be especially important in a relatively new space like IIoT. However, embracing standards should not require replacing existing infrastructure simply to adhere to the standard.

Architects will need to adjust the ISA-95 to address all issues involved in IIoT. For example, ISA-95 does not give guidance on lower-level infrastructure, such as networking, compute and storage. Organizations can use ISA-95 for smart manufacturing as part of a strategic IIoT roadmap with the goal of ensuring that current and future implementations and application development align as closely as possible with the standard. The development team does not need to rip and replace the existing software investment. Instead, they should invest additional time, energy and resources into addressing the gaps in cybersecurity and infrastructure that ISA-95 does not cover.

Technologists looking to adapt ISA-95 for smart manufacturing should follow five steps to ensure their IIoT devices align with ISA-95 and compensate for its limitations.

1. Assess current IIoT initiatives, tools and roadmaps. Plunging headfirst into ISA-95 without an up-to-date assessment of the current state of the IIoT initiatives, tools and roadmaps is a disaster waiting to happen. Pay special attention to IoT vendors that consider their lines of business to be "key" or "strategic." Supporting their products may require a planned deviation from ISA-95. The output of this exercise should be thorough documentation of the current IIoT initiatives, including data management, data flows, infrastructure and cybersecurity.

2. Conduct a gap analysis against the ISA-95 specification. Once analysis is complete, technologists can compare the documentation of the current IIoT initiatives with the ISA-95 specification and note deviations. There are two main types of deviations: gaps and alternate implementations. Gaps are areas in which ISA-95 specifies an approach, but there is currently no solution -- whether technology or process. Alternate implementations are solutions that deviate from the ISA-95 specified approach.

While conducting this gap analysis, it's important for technologists to address the question of why a gap exists or has been implemented differently than specified by ISA-95. This means engaging the business and technology stakeholders to understand the reasons. Check if the need for a standard was not well understood, or if the organization implemented the approach prior to the existence of the current version of ISA-95 or to conform to a specific vendor.

Standards aren't carved on stone tablets. In some cases, business requirements may demand solutions more sophisticated than those spelled out by standards bodies.

More importantly, find out if ISA-95 was insufficient to meet specific business requirements. Standards aren't carved on stone tablets. In some cases, business requirements may demand an approach more sophisticated than those spelled out by standards bodies.

3. Develop a strategy and set of high-level principles for addressing the gap analysis. This doesn't have to be complex, but it's important to have a general framework that dictates which specific alternative standards or vendor solutions will be taken, under what circumstances and why. In general, the strategy should be something like:

• Follow ISA-95 where possible.
• Where not possible -- either due to business constraints or based on the overhead required for rip and replace -- move to an approach based on an alternate standard, such as NAMUR's IEC 60947-5-6 standard and the Reference Architecture Model for Industry 4.0.
• If ISA-95 is not an option, and no existing standards cover the situation, adopt a vendor-proprietary product, if one exists.
• If no vendor-proprietary product exists, develop your own.

4. Develop a specific plan for addressing the gap analysis, looking at both gaps and alternate implementations. For each gap, there should be a recommended step, aligning to the items above:

• Implement or move to ISA-95
• Implement or move to an alternate standard
• Implement or move to a proprietary vendor product
• Develop in-house

Note that so long as there's an existing strategy, it shouldn't be necessary to justify the recommendations. The plan should also include dependencies and a rough timeline.

5. Implement the plan. This sounds straightforward, but as you might imagine, the devil is in the details. One complicating factor is that both alternative standards and proprietary vendor products are moving targets. Standards are constantly evolving, as are vendor products. Make sure to revisit the gap analysis on a regular basis -- ideally, at least quarterly -- to modify recommendations in light of these changes.