System and information integrity commonly refers to the protection of IT and OT systems and the data they process from unauthorized or unintended modification, corruption, or loss, and to the timely detection and handling of such issues. In regulated manufacturing environments, it covers how plants ensure that production systems, quality records, and business data remain accurate, trustworthy, and traceable over time.
What it includes
In practice, system and information integrity includes:
- Protecting systems from corruption, such as malware, unsafe configuration changes, or unauthorized software running on control systems, MES, historians, or ERP interfaces.
- Maintaining data accuracy so that production records, batch histories, equipment parameters, and quality results are complete, consistent, and unaltered without proper control.
- Monitoring for anomalous behavior, including unusual network traffic between OT and IT, unexpected changes to recipes or PLC logic, and suspicious access to quality or compliance data.
- Detecting and responding to integrity events, for example by generating alerts on failed file integrity checks, quarantining suspicious software, or rolling back to known-good configurations.
- Controlling changes to software, configurations, and data through defined change control, versioning, and approval workflows.
Operational meaning in manufacturing
In industrial operations, system and information integrity shows up in everyday activities such as:
- Validating and monitoring MES, SCADA, and PLC configurations to ensure they match approved designs.
- Using checksums or file integrity tools on critical OT and IT components, such as batch scripts, recipes, and interface mappings.
- Reviewing logs and alarms for unauthorized access, parameter changes, or failed authentication attempts on shop-floor systems.
- Implementing controls around electronic records and signatures so that audit trails reliably show who changed what, when, and why.
- Coordinating with suppliers and integrators to ensure delivered software and firmware has not been tampered with and is tracked through its lifecycle.
Relationship to security and compliance frameworks
Security and control catalogs, such as NIST SP 800-53, use System and Information Integrity as a formal control family. In that context it covers controls for detecting, reporting, and correcting information and system flaws, protecting against malicious code, and monitoring for security-relevant events.
Manufacturers often map these controls to concrete measures, for example:
- Patch and vulnerability management for production servers and workstations.
- Malware protection adapted to OT environments.
- File integrity and configuration monitoring on critical process systems.
- Procedures for investigating and documenting suspected data or system tampering.
Common confusion
- Not the same as availability: System and information integrity focuses on correctness and trustworthiness of systems and data, while availability focuses on keeping systems and data accessible when needed. Both are important but distinct.
- Not limited to cybersecurity tools: While technical controls (such as malware scanning or integrity monitoring) are important, integrity also depends on disciplined processes like change control, access management, and documented procedures.
- Different from data quality programs: Data quality often addresses completeness and usefulness for analytics or decision-making. System and information integrity focuses first on whether systems and records can be trusted as untampered, accurately captured, and properly controlled.
Tie to software supply chain risk
System and information integrity is closely related to software supply chain security in manufacturing. Integrity-focused controls help organizations verify that software, firmware, and configuration content received from vendors or integrators has not been altered unexpectedly, is deployed in a controlled way, and is monitored for later changes or compromise across IT, OT, and MES environments.