Safety & Security

CruxOCM guarantees software security through a multi-layered approach combining certifications, robust protocols, and proactive practices tailored for midstream operations.

Security at every layer

Certified
Compliance

SOC 2 Type II certified — controls meet the highest industry standards for security and privacy.

Encrypted
Data Flows

All external and internal communications are encrypted, and stored data is protected.

Zero Trust Architecture

Strict identity verification and least-privilege access for every user and device.

Proactive
Defence

Regular third-party penetration testing and vulnerability scans neutralize risks early.

Incident
Readiness

A robust Incident Response Plan aligned with NIST guidelines for rapid detection and recovery.

Supply Chain
Security

All vendors vetted through a comprehensive Third-Party Risk Management program.

Frequently Asked Questions

Is pipeline automation safe for critical infrastructure?

Yes. CruxOCM is designed specifically for safety-critical industrial environments. The system is deployed on a separate VM from SCADA or DCS, meaning it cannot override existing safety logic, HIHI/LOLO limits, or MAOP settings on field equipment — it can only do what an operator can do. On top of that, CruxOCM incorporates its own dynamic safety constraints and operator oversight as additional layers of protection, ensuring the system operates within safe boundaries even in scenarios where field equipment limits alone may not be sufficient.

Human-centric industrial autonomy is CruxOCM’s core operating philosophy: automation systems execute operations while humans maintain full oversight and control. Unlike “black box” automation, CruxOCM ensures operators retain complete visibility, can override or adjust automation at any time, and benefit from reduced manual workload without losing decision-making authority.

This approach enhances rather than replaces operator expertise, preserving safety and governance while delivering the consistency and speed of automated control.

No — CruxOCM enhances operator effectiveness rather than replacing their authority. Operators retain full visibility into all system actions, can override or adjust automation at any point, and maintain complete decision-making authority over their operations. All commands CruxOCM sends to the SCADA/DCS are written to the client’s historian in real time, providing a complete audit trail.

By automating routine and repetitive control actions, operators can focus on higher-value decisions, exception handling, and strategic oversight.

Pipeline process variability — the fluctuations in flow, pressure, and system performance that reduce efficiency and increase operational risk — is one of the largest sources of lost margin in midstream operations. CruxOCM reduces pipeline process variability by up to 35% through closed-loop automation that continuously adjusts system conditions in real time.

One North American operator used pipeBOT™ to reduce pressure variations by 26%, extending asset life by 3–5 years and achieving more than $2.4 million in annual OPEX savings.

CruxOCM reduces alarms through avoidance, not suppression. The system reacts preemptively to upcoming changes that would otherwise trigger alarms — adjusting control actions before conditions reach alarm thresholds rather than responding after the fact. Operators have seen alarm and alert reductions of more than 50%. Additionally, because automated operations produce a steadier pressure and flow profile than manual control, some clients have been able to tighten their leak detection buffers during automated operations, achieving higher-fidelity leak detection without increasing false positives.

CruxOCM ingests current and upcoming batch information — including batch lineups, product characteristics, and gravity data — from scheduling systems and RTTMs via OPC or other standard integrations. For gathering systems, gatherBOT™ can ingest nomination data to optimize scheduling and delivery. The system is designed to work within your existing Purdue model and IT/OT segmentation requirements.

CruxOCM improves reliability by eliminating the inconsistency inherent in manual operations. Closed-loop automation maintains stable pipeline conditions around the clock, across all operator shifts, reducing variability that causes alarms, upsets, and unplanned shutdowns. This leads to fewer operational disruptions, more stable pipeline conditions, and reduced need for manual intervention. One major midstream operator reduced alerts and alarms by more than 50% after implementing CruxOCM.

No. All commands sent by CruxOCM must pass through the SCADA or DCS before reaching field equipment — meaning CruxOCM can only do what an operator can do, and all existing safety logic and limits on PLCs remain fully enforced. The software has no direct write access to PLC logic or safety system parameters.

Any operator-initiated changes to the pipeline — specifically, changes to SCADA tags within pipeBOT™’s scope — are read into the CruxOCM platform in real time, which typically triggers the automatic disengagement of CruxOCM software for that operation. An informational message is sent to the messages page. Operators always have immediate, unimpeded control.

CruxOCM can handle various common upset conditions and be deployed with autonomous responses to situations including pressure and equipment nominal operating range exceedances, transient conditions, and leak detection scenarios. The platform reads real-time data and executes predefined responses, ensuring safe and consistent handling without requiring manual intervention.

Yes — and adoption rates confirm it. When the software is available, operators engage it over 85% of the time, which is a strong signal that the tool is both effective and trusted. CruxOCM supports operator buy-in through a structured onboarding process: controllers see the system in simulation before it goes live, engineers explain the decision logic behind the scenes, and operators maintain full override authority at all times. The system executes actions on behalf of the operator (logged as “pipeBOT on behalf of [operator name]”), preserving accountability and regulatory compliance. After initial skepticism, operators consistently report that the software reduces cognitive load and allows them to focus on higher-value work.

On fully subscribed or pressure-constrained systems, CruxOCM manages pump starts/stops and unit swaps by first evaluating whether the hydraulic conditions are safe for a transition. When adjustments are needed, the system preemptively modifies pressures at upstream discharge or downstream suction locations to ensure adequate conditions to prevent cavitation or overpressure. pipeBOT™ also incorporates pump rules to help determine timing of unit swaps based on current conditions. This combination of continuous and discrete control enables safe, closed-loop control actions every 5 to 15 seconds — far faster and more precise than manual control cycles.

Yes. CruxOCM deploys on both fully subscribed (prorated) and non-subscribed pipelines. On prorated lines, the primary value driver is pipeline throughput optimization — pushing closer to hydraulic limits to unlock additional barrels and revenue. On non-subscribed lines, the focus shifts to energy savings, pressure management, and operational consistency. Many systems benefit from both: one operator achieved up to 10% throughput expansion potential alongside 9–10% reductions in transmission energy costs on the same system.
All commands that CruxOCM software sends to the SCADA/DCS are written out to the client’s historian in real time. This provides a complete, auditable record of every action taken — supporting compliance, incident investigation, and continuous improvement.

Yes. All CruxOCM solutions are ISO 27001 and SOC 2 Type II compliant. CruxOCM personnel adhere to stringent IT policies, training, and audits to ensure internal compliance is maintained to the standards required by these certifications.

CruxOCM reads pressure limits from SCADA in real time, so in scenarios like a pressure derate, the system can continue to operate within the updated constraints without disengaging. For changes that significantly alter the pipeline’s dynamics — such as extended maintenance that changes flow configurations — CruxOCM engineers may need to retune the system models and redeploy updated logic. The software is also designed to handle routine operational variability (permissive lockouts, equipment within normal bounds) without disengaging, so only significant changes to pipeline dynamics require model updates.

Safety is always the top priority. Throughput is typically the primary objective, though some systems may prioritize other goals such as pressure stability depending on operational requirements. The cost-function approach then optimizes around the remaining variables: energy consumption, pressure variability, pump cycling, and asset reliability are assigned configurable weightings. Operators can assign penalties to pump starts based on pump size and cycling preference, so the system balances energy efficiency against long-term equipment health. This means CruxOCM avoids the common pitfall of being “optimized in the moment” while creating costly pressure cycling or excessive pump starts downstream.

CruxOCM conforms to each client’s specific IT security requirements for installing, deploying, and maintaining software. Standard recommendations (adjustable to your organization’s requirements) include on-site or remote access to the CruxOCM server in the target environment (remote preferred), service and support accounts in target environments,
and a data pathway to relay operational data (such as batch schedules or nomination information) to the CruxOCM server.

Physical data are stored (per any specific terms within a client’s agreement provisions) within the CruxOCM infrastructure using strong passwords, MFA, least-privilege access, and other security provisions as outlined in our IT policies. CruxOCM is ISO 27001 and SOC 2 Type II certified, ensuring these controls are independently audited and meet the highest industry standards for data security and privacy. A mutual NDA is put in place early in discussions with any client to enable two-way sharing of information that will be maintained confidentially.

Ready to scale 
industrial autonomy?