Safety & Security
CruxOCM guarantees software security through a multi-layered approach combining certifications, robust protocols, and proactive practices tailored for midstream operations.
Security at every layer
Certified
Compliance
SOC 2 Type II certified — controls meet the highest industry standards for security and privacy.
Encrypted
Data Flows
All external and internal communications are encrypted, and stored data is protected.
Zero Trust Architecture
Proactive
Defence
Incident
Readiness
Supply Chain
Security
Frequently Asked Questions
Is pipeline automation safe for critical infrastructure?
Yes. CruxOCM is designed specifically for safety-critical industrial environments. The system is deployed on a separate VM from SCADA or DCS, meaning it cannot override existing safety logic, HIHI/LOLO limits, or MAOP settings on field equipment — it can only do what an operator can do. On top of that, CruxOCM incorporates its own dynamic safety constraints and operator oversight as additional layers of protection, ensuring the system operates within safe boundaries even in scenarios where field equipment limits alone may not be sufficient.
What is human-centric industrial autonomy and how does CruxOCM apply it?
Human-centric industrial autonomy is CruxOCM’s core operating philosophy: automation systems execute operations while humans maintain full oversight and control. Unlike “black box” automation, CruxOCM ensures operators retain complete visibility, can override or adjust automation at any time, and benefit from reduced manual workload without losing decision-making authority.
This approach enhances rather than replaces operator expertise, preserving safety and governance while delivering the consistency and speed of automated control.
Does automation reduce operator control authority ?
No — CruxOCM enhances operator effectiveness rather than replacing their authority. Operators retain full visibility into all system actions, can override or adjust automation at any point, and maintain complete decision-making authority over their operations. All commands CruxOCM sends to the SCADA/DCS are written to the client’s historian in real time, providing a complete audit trail.
By automating routine and repetitive control actions, operators can focus on higher-value decisions, exception handling, and strategic oversight.
What is pipeline process variability and how does CruxOCM reduce it?
Pipeline process variability — the fluctuations in flow, pressure, and system performance that reduce efficiency and increase operational risk — is one of the largest sources of lost margin in midstream operations. CruxOCM reduces pipeline process variability by up to 35% through closed-loop automation that continuously adjusts system conditions in real time.
One North American operator used pipeBOT™ to reduce pressure variations by 26%, extending asset life by 3–5 years and achieving more than $2.4 million in annual OPEX savings.
How does CruxOCM improve alarm management?
CruxOCM reduces alarms through avoidance, not suppression. The system reacts preemptively to upcoming changes that would otherwise trigger alarms — adjusting control actions before conditions reach alarm thresholds rather than responding after the fact. Operators have seen alarm and alert reductions of more than 50%. Additionally, because automated operations produce a steadier pressure and flow profile than manual control, some clients have been able to tighten their leak detection buffers during automated operations, achieving higher-fidelity leak detection without increasing false positives.
How does CruxOCM handle batch information and nomination data?
CruxOCM ingests current and upcoming batch information — including batch lineups, product characteristics, and gravity data — from scheduling systems and RTTMs via OPC or other standard integrations. For gathering systems, gatherBOT™ can ingest nomination data to optimize scheduling and delivery. The system is designed to work within your existing Purdue model and IT/OT segmentation requirements.
How does CruxOCM improve pipeline reliability?
Can CruxOCM software override existing logic or safety constraints, such as
HIHI or LOLO limits, on the field equipment PLCs or within the SCADA/DCS?
HIHI or LOLO limits, on the field equipment PLCs or within the SCADA/DCS?
No. All commands sent by CruxOCM must pass through the SCADA or DCS before reaching field equipment — meaning CruxOCM can only do what an operator can do, and all existing safety logic and limits on PLCs remain fully enforced. The software has no direct write access to PLC logic or safety system parameters.
What happens if CruxOCM software is enabled and I want to make a change
on my existing SCADA or DCS HMIs?
on my existing SCADA or DCS HMIs?
What happens if an operational upset condition occurs while CruxOCM solutions are enabled?
CruxOCM can handle various common upset conditions and be deployed with autonomous responses to situations including pressure and equipment nominal operating range exceedances, transient conditions, and leak detection scenarios. The platform reads real-time data and executes predefined responses, ensuring safe and consistent handling without requiring manual intervention.
Do control room operators actually adopt and trust the software?
Yes — and adoption rates confirm it. When the software is available, operators engage it over 85% of the time, which is a strong signal that the tool is both effective and trusted. CruxOCM supports operator buy-in through a structured onboarding process: controllers see the system in simulation before it goes live, engineers explain the decision logic behind the scenes, and operators maintain full override authority at all times. The system executes actions on behalf of the operator (logged as “pipeBOT on behalf of [operator name]”), preserving accountability and regulatory compliance. After initial skepticism, operators consistently report that the software reduces cognitive load and allows them to focus on higher-value work.
How does CruxOCM handle pump sequencing and unit swaps on constrained pipelines?
On fully subscribed or pressure-constrained systems, CruxOCM manages pump starts/stops and unit swaps by first evaluating whether the hydraulic conditions are safe for a transition. When adjustments are needed, the system preemptively modifies pressures at upstream discharge or downstream suction locations to ensure adequate conditions to prevent cavitation or overpressure. pipeBOT™ also incorporates pump rules to help determine timing of unit swaps based on current conditions. This combination of continuous and discrete control enables safe, closed-loop control actions every 5 to 15 seconds — far faster and more precise than manual control cycles.
Does CruxOCM work on both prorated and non-subscribed pipelines?
How do I know what action CruxOCM solutions performed when engaged?
Do CruxOCM solutions adhere to contemporary security compliance standards?
Yes. All CruxOCM solutions are ISO 27001 and SOC 2 Type II compliant. CruxOCM personnel adhere to stringent IT policies, training, and audits to ensure internal compliance is maintained to the standards required by these certifications.
What happens during a pressure restriction or maintenance activity while CruxOCM is enabled?
How does CruxOCM balance competing optimization objectives like
throughput, energy, and asset reliability?
throughput, energy, and asset reliability?
Safety is always the top priority. Throughput is typically the primary objective, though some systems may prioritize other goals such as pressure stability depending on operational requirements. The cost-function approach then optimizes around the remaining variables: energy consumption, pressure variability, pump cycling, and asset reliability are assigned configurable weightings. Operators can assign penalties to pump starts based on pump size and cycling preference, so the system balances energy efficiency against long-term equipment health. This means CruxOCM avoids the common pitfall of being “optimized in the moment” while creating costly pressure cycling or excessive pump starts downstream.
What recommended access prerequisites are needed to install and deploy CruxOCM solutions?
CruxOCM conforms to each client’s specific IT security requirements for installing, deploying, and maintaining software. Standard recommendations (adjustable to your organization’s requirements) include on-site or remote access to the CruxOCM server in the target environment (remote preferred), service and support accounts in target environments,
and a data pathway to relay operational data (such as batch schedules or nomination information) to the CruxOCM server.
How is client confidential data safeguarded?
Physical data are stored (per any specific terms within a client’s agreement provisions) within the CruxOCM infrastructure using strong passwords, MFA, least-privilege access, and other security provisions as outlined in our IT policies. CruxOCM is ISO 27001 and SOC 2 Type II certified, ensuring these controls are independently audited and meet the highest industry standards for data security and privacy. A mutual NDA is put in place early in discussions with any client to enable two-way sharing of information that will be maintained confidentially.