Sign in
Contact Us
Omnicon Automation

Legal

EnvisionSCADA and the Cyber Resilience Act (CRA)

Our approach to cybersecurity-by-design, traceability, vulnerability management, and resilient industrial software development.

Cybersecurity by Design

As industrial systems become increasingly connected, cybersecurity is no longer optional. The European Union's Cyber Resilience Act (CRA) establishes cybersecurity requirements for products with digital elements, ensuring that software and hardware are designed, developed, and maintained with security in mind throughout their lifecycle.

Omnicon Automation, in cooperation with SunForest BV, is committed to ensuring that EnvisionSCADA aligns with the objectives of the Cyber Resilience Act. While regulatory guidance and implementation requirements continue to evolve, many of the security principles embedded within EnvisionSCADA closely reflect the goals established by the CRA.

Secure by Design Architecture

EnvisionSCADA has been developed around a secure-by-design philosophy. Rather than treating cybersecurity as an add-on feature, security considerations are integrated into the platform architecture itself.

Key design principles include:

  • Web-based architecture with centralized server management
  • Role-based access control (RBAC)
  • Authentication and authorization mechanisms
  • Encrypted communications through HTTPS/TLS
  • Audit trails and event logging
  • Separation of engineering and operational functions
  • High-availability and redundancy options for critical applications
  • Secure-by-default deployment recommendations

These principles help reduce attack surfaces while providing administrators with the tools required to manage cybersecurity risks.

Traceability and Auditability

The CRA emphasizes accountability and traceability throughout the product lifecycle.

EnvisionSCADA provides extensive auditing capabilities, including:

  • User activity logging
  • Alarm and event history
  • Configuration change tracking
  • Electronic records support
  • Version control integration through Git
  • Historian data integrity controls

These capabilities allow organizations to investigate incidents, review changes, and maintain operational transparency.

Vulnerability Management

The Cyber Resilience Act requires manufacturers to address vulnerabilities throughout the support lifecycle of a product.

Omnicon Automation and SunForest BV maintain an ongoing vulnerability management process that includes:

  • Security issue tracking
  • Root cause analysis
  • Corrective action implementation
  • Security updates and patches
  • Customer communication regarding relevant security issues
  • Continuous improvement of secure development practices

Security findings are prioritized based on risk and addressed through controlled release processes.

Secure Development Practices

EnvisionSCADA follows modern software engineering practices designed to improve product security and reliability, including:

  • Source code version control
  • Peer review processes
  • Controlled release management
  • Automated build pipelines
  • Regression testing
  • Dependency management
  • Security-focused architecture reviews

The platform is continuously enhanced to align with industry best practices and evolving cybersecurity requirements.

Support for Security Updates

The CRA places significant emphasis on maintaining cybersecurity throughout a product's lifecycle.

EnvisionSCADA supports:

  • Software updates and maintenance releases
  • Security patch distribution
  • Long-term product support
  • Customer notification of critical issues when applicable
  • Controlled upgrade procedures designed to minimize operational disruption

This lifecycle approach helps ensure that deployed systems remain protected against emerging threats.

Supply Chain Transparency

Modern industrial software depends on various software components and libraries.

Omnicon Automation and SunForest BV maintain visibility over the software components used within EnvisionSCADA and continue to enhance software supply chain management practices, including:

  • Dependency tracking
  • Version management
  • Third-party component monitoring
  • Evaluation of known vulnerabilities

These measures contribute to improved transparency and risk management.

Industrial Cybersecurity Focus

Unlike generic business software, EnvisionSCADA operates within operational technology (OT) environments where reliability and availability are critical.

The platform supports cybersecurity strategies commonly deployed in industrial environments, including:

  • Network segmentation
  • OPC UA security features
  • Secure remote access architectures
  • Redundant server configurations
  • Least-privilege access principles
  • Integration with enterprise cybersecurity policies

This allows organizations to implement defense-in-depth strategies appropriate for critical industrial systems.

Our Commitment

Cybersecurity is a continuous process rather than a one-time certification exercise.

Omnicon Automation, together with SunForest BV, is committed to:

  • Ongoing product security improvements
  • Continuous monitoring of cybersecurity requirements
  • Responsible vulnerability handling
  • Secure software development practices
  • Supporting customers in operating secure industrial systems
  • Aligning product development and support processes with applicable European cybersecurity requirements

As the Cyber Resilience Act becomes fully applicable across the European Union, we will continue to enhance our processes, documentation, and product development practices to support compliance and help customers deploy secure and resilient industrial automation systems.

For more information about EnvisionSCADA cybersecurity features or our product security roadmap, please contact Omnicon Automation.