The term “industrial tablet” has become a generic term for a wide variety of rugged tablets with many shared and disparate attributes to meet needs for healthcare, military, industrial, manufacturing and transportation among others. One thing they all share in common is their need to meet industry-specific regulatory compliance measures.
The use of Android tablets for industrial applications is growing, in large part because of the open nature of the Android OS and ability to quickly develop application software. Underlying ARM processors provide a power efficient electronic platform.
To choose the right industrial tablet, the tablet itself must meet specific use case criteria along with regulatory compliance. Compliance needs are determined by industry-specific regulatory certification and security requirements. Since this varies across sectors, let’s look at the basics of each.
Industrial Tablet Regulatory Compliance Needs Across Sectors
Different sectors have different needs, such as rugged tablets used in healthcare which must meet stringent medical device safety and compliance rules per IEC 60601 and FDA medical device regulations which protect patients and providers. Additionally, health data security is addressed via HIPAA encryption requirements for securing personal health information (PHI) and personally identifiable information (PII) accessed via network or cloud-based electronics health record (EHR) platforms.
Industrial Android tablets have become vital to the manufacturing supply chain in numerous ways for the following sectors:
- Oil and Gas
- Mining and Energy
- Transportation and Logistics,
Each of these sectors has specific design and certification requirements. For example, oil, gas, and mining industries often require safe device operation in explosive environments. Electronic devices operating in these industries must therefore be designed to control energy that can lead to atmospheric ignition – intrinsically safe device design. Regulatory certifications required may include UL in North America or ATEX in Europe. The transportation industry has its own certification requirements, depending on transportation mode.
Industrial Tablet Network Access Best Practices for Compliance
Beyond industry-specific regulatory certifications, device and data security are also critical, especially when these tablets and rugged devices remotely communicate sensitive data and commands. Therefore, communications must be protected across cellular, Wi-Fi, and other networks, including cloud backhauls, which may include the following types of functions:
- Machine to Machine (M2M) communications
- IIoT sensor data – typically used in manufacturing, energy, and transportation sectors
- Asset and inventory GPS and RFID tracking sensor logs
- Operational commands for remotely controlling machines – often used in supervisory control and data acquisition (SCADA) and energy management systems (EMS)
Interception of critical data and commands can introduce the threat of modification that can lead to incorrect interpretation of data and associated decision making, and potentially cause unsafe or catastrophic operation of critical infrastructure. Industrial Android tablets, being integral to this infrastructure, must be secured accordingly. Methods include:
- Mobile Device Management (MDM)
- Multi-factor Authentication (MFA)
- Encryption and more to guard data at-rest and in-transit
- Physical tamper detection methods built into the tablet enclosure design
- Authenticated access control of tablet users
- Customized operating system environment that restricts software usage and tablet configuration
A single industrial tablet may be used by multiple people with different needs and access privileges. This has prompted the use of Common Access Card Readers (CAC) for specific access authentication. Used widely as the preferred military authentication approach, CAC is best integrated in a custom industrial Android tablet but can also be added as a plug-in peripheral device.
Many applications pose regulatory compliance challenges when it comes to who has access to them such as healthcare EHRs that must be accessed via the network or the cloud. Virtual private networks (VPNs) have been the traditional way to secure rugged tablet endpoints from session data breaches of sensitive PII data. Today, many companies are seeking endpoint alternatives like individual public key infrastructure (PKI) devices and application whitelisting methodologies.
PKI devices and application whitelisting allow administrators to determine who has access to what applications and services on the network via a rugged tablet. This greatly reduces the security risks associated with blanket access to anyone with a VPN access code. Additionally, a custom Android tablet can implement a modified operating system that boots into a specific application or application menu while removing common features like access to settings menus. Such a tailored environment further enhances security and control of industrial tablets deployed for sensitive applications.
The needs for regulatory compliance when using industrial Android tablets across various sectors are constantly changing along with the threat vectors in the digital age. Companies must take a holistic approach to applying best practices for regulatory compliance with rugged mobile devices. The best approach is to start with rugged tablet designs that are highly customizable to meet current and future security needs to meet regulatory compliance.
SECO USA specializes in the design of custom tablets and custom handheld devices utilized for medical, industrial, and military applications. Designed from the ground up with respect to the electronic circuitry, operating system software (typically Android or Linux), and packaging, SECO USA delivers tablets and devices customized to specific applications and regulatory environments with the lowest cost and risk, and fastest schedule. Contact SECO USA for an evaluation of your requirements.