Security compliance based on IEC 62443
IEC 62443 is an internationally recognized family of standards providing a complete framework for assessing various actors involved in the field of Industrial Automation and Control (IACS). Originally designed to be used for Industrial Control Systems (ICS) within the process industry, IEC 62443 is now considered a relevant standard across many industry verticals, such as oil/gas, chemical, transportation, medical devices or smart buildings. The various standards of IEC 62443 are dedicated both to ICS manufacturers as well as to integrators and end users. For example, IEC 62443-3-3 and IEC 62443-4-2 are standards highlighting security functionalities which have to be fulfilled at system and components level, thus being relevant for manufacturers wishing to design secure off-the-shelf products. On the other hand, IEC 62443-2-1 provides requirements for setting up and maintaining a cybersecurity management system within an organization making use of ICS systems. The whole family of IEC 62443 standards is grouped in four classes, including specific terminology and use cases, organization level policies and procedures, secure product development procedures as well as system and component security.
Due to the fact that IEC 62443 standards can be successfully used to cover many different actors involved in industrial automation and control, Secura devised its services in order to support your business, no matter which place in the supply chain you take.
For systems and components manufacturers, we can offer assessments focused on your products (following IEC 62443-4-2) and additionally on your product development and manufacturing procedures (following IEC 62443-4-1). Considering the fact that the range of applicable products can be very wide, from Distributed Control Systems (DSC), to Programmable Logic Controllers (PLC), SCADA systems, or dedicated monitoring systems for smart building utilities, we support you by selecting the most relevant requirements in order to define the scope of the assessment. The process continues with the technical validation of the selected requirements, combining penetration testing, technical documentation review or audit principles. As the result of the assessment, we deliver you a recognized Assurance Report, devices in line with international assurance standards, enabling you to demonstrate the security of your products to your clients and other stakeholders.
For integrators and end users of control systems, we can offer an assessment of your procedures and policies, following the IEC 62443-2-1 (cybersecurity management procedures) or IEC 62443-2-4 (integration procedures). After a tailored selection of applicable requirements, we perform the required technical validation, concluding with an Assurance Report providing you international recognition of your security principles. In addition, organizations making use of ICS systems and components can benefit from an assessment based on IEC 62443-3-3, verifying the secure way in which these products are deployed within the network.