Header Img

News & Information

OSI Achieves Elite ISO-27001 Cyber Security Certification

Open Systems International, Inc. (OSI) is pleased to announce that it has received certification to the globally recognized International Standards Organization (ISO) security standard ISO-27001. OSI has a long history of following best-in-class security standards for the industry, such as NERC-CIP, NIST, and various other security benchmarks. In order to meet increasing government, industry, and customer demands for cyber and supply chain security at all levels, OSI has augmented our internal policies and procedures to comply with the rigorous ISO-27001 security standard.

Confirmation of certification to the 27001 standard can be viewed on the BSI Group website:

An official copy can also be downloaded from our Secure Members site here:

Although initially driven by NERC CIP-013 Supply Chain Security requirements, OSI has implemented this program for the benefit of all our customers globally. ISO-27001 is a set of controls that comprises key elements of established industry security standards (e.g. NIST) into a framework for which organizations can be certified by independent auditors from ISO-accredited organizations. OSI contracted with British Standards Institute (BSI Group) who completed their final certification audit of our 27001 program in March 2020.

Independent annual auditing and continued certification to ISO-27001 assures our customers that OSI follows industry best practices for all vital areas related to the development, design, delivery, and support of critical infrastructure control systems.

Key requirements and controls of the 27001 framework include the following:

  • Secure software development life-cycle policies and processes, including

    • Source code access control and protection

    • Annual developer training of secure coding practices

    • Software security testing

    • Vulnerability management and response procedure

  • Background screening of all employees

  • Detailed policies, procedures, and tools for the protection of OSI enterprise IT systems

  • Protection of sensitive customer and OSI information/data

  • Security incident notification policy

  • Remote access and notification procedures for OSI employee changes

  • Third-party supplier security assessments and agreements

  • Risk assessment and mitigation process for all aspects of our business

"OSI's commitment to adopt and follow industry best practices for cyber security and supply chain security extends to all levels of the organization under the leadership of our executive management team," said Rob Koziy, OSI's director of compliance and cyber security. "We adhere to the principle that strong security requires ongoing and continuous improvement efforts throughout the entire organization. Security has been and will continue to be part of OSI's DNA."

Open Systems International (www.osii.com)—an American technology company headquartered in Minneapolis, Minnesota—provides open, state-of-the-art and high-performance enterprise automation solutions to utilities worldwide. These solutions include Supervisory Control and Data Acquisition (SCADA) systems, Energy Management Systems (EMS), Distribution Management Systems (DMS), Outage Management Systems (OMS), Generation Management Systems (GMS), Substation Automation (SA) Systems, Data Warehousing (Historian) Analytics, Distributed Energy Resource Management Systems (DERMS), Situational Awareness Systems, Pipeline Application Systems (PAS), individual software and hardware products, and Smart Grid solutions for utility operations. OSI's solutions empower its users to meet their operational challenges, day in and day out, with unsurpassed reliability and a minimal cost of technology ownership and maintenance.

For additional information regarding this news release, please contact news@osii.com.