A process zone is a logical grouping of devices that share the same security requirements and represent a unique process within your business. Process zones can be inferred based on device behaviors. For industrial customers, process zones implement the zone-and-conduit model defined by the IEC 62443 standard, which divides an industrial network into segments (zones) connected by controlled communication paths (conduits). When you organize your devices into process zones, you can evaluate the security posture of related devices together, plan network segmentation around real production boundaries, and produce inventories aligned with how operational teams think about systems within their environment.

Process zones are distinct from Purdue Level grouping. Purdue Levels categorize devices according to the reference architecture for industrial control systems (for example, Level 0 sensors, Level 2 supervisory control). Process zones describe how you choose to segment your network for security purposes. A single process zone can contain devices from multiple Purdue Levels, but a device can belong to only one process zone at a time.

To create process zones, you can create a visualization map or use the custom attributes workflow.

After you assign devices to a process zone, you can view the devices' Process Zone attribute on their respective Device Details page. You can filter the device inventory by process zone, use process zone as a column or grouping in custom dashboards and reports, and reference it in queries the same way you reference any other device attribute. Process zone replaces the Zone Name custom attribute across Device Security, including the query builder, custom attribute panels, filters, and reports. Each device can belong to only one process zone at a time.