UTSI’s ICS Security Audit and Testing Process (ISAP) is a systematic process designed to identify areas of possible compromise by thoroughly reviewing and testing virtually every aspect of an ICS infrastructure, and to recommend corrective actions, as well as assist with the implementation of such corrections. ISAP is a multi-phased process that includes offline reviews of the customer’s ICS infrastructure architecture, system operations, access controls and equipment configurations/inventories, along with vulnerability assessments in both offline (isolated laboratory) and online (live system) environments, as appropriate for any given customer’s systems, operations and objectives. UTSI can also perform penetration testing on any aspect of the ICS infrastructure, including, but not limited to, web-based frameworks, third party/outside access methods, and possible intrusions via entry points at remote locations via cyber or direct physical access, or a combination of both. We can also provide forensic experts to assist in the investigation of suspected ICS data breaches. UTSI employs a team of highly experienced ICS experts, many of whom possess specific cybersecurity certifications, including Certified Ethical Hacker (CEH) and GIAC Global Industrial Control Security Professional (GICSP).