ISO/ IEC 62443

ISO/ IEC 62443

ISA/IEC 62443 International Standard for the Security of Industrial Automation Control Systems

About ISA/IEC 62443

ISA/IEC 62443 is the most well-known international standard in IT security for the industry sector due to limited number of IT security standards widely recognized for the sector. Back to 2002, the International Society of Automation (ISA) founded the ISA99 committee to establish standards to secure equipment and operations for the U.S. critical infrastructure against cyberattacks. Thereafter, ISA99 has issued a comprehensive family of standards, technical reports and technical specifications to address industrial automation and control systems security throughout the system development lifecycle.

The objective is to provide an implementation of information security related controls to safeguard Industrial Automation and Control Systems (IACS) of the industry. These controls consist of components that can be affected by cybersecurity attacks, i.e., operation processes, interested parties (internal and external) and equipment in the industry.

Key Standards in the Series

  • Cluster 1: General

            a) 62443-1-1 Terminology, Concepts, and Models

            b) 62443-1-2 Master glossary of terms and abbreviations

  • Cluster 2: Poli62443-2-1 Establishing an industrial automation and control system security program.

            a) 62443-2-2 IACS protection levels

            b) 62443-2-3 Patch management in the IACS environment

            c) 62443-2-4 cies and procedures

            d) Security program requirements for IACS service providers

  • Cluster 3: System

            a) 62443-3-1 Security technologies for industrial automation and control system

            b) 62443-3-2 Security risk assessment for system design

            c) 62443-3-3 System security requirements and security levels

  • Cluster 4: Component

            a) 62443-4-1 Secure product development lifecycle requirements

            b) 62443-4-2 Technical security requirements for IACS components

Advantages of ISA/IEC 62443 Series Certification

1. Conform to the internationally recognized standard of IACS security.

2. Assess and manage cybersecurity loopholes in the industrial business processes.

3. Reduce liability risks and protect customers and employees.

4. Guarantee the quality and safety of the final products.

5. Reduce liability risks and protect customers and employees of the certified organization.

6. Reduce costs as cybersecurity breaches can be identified in advance.

7. Build the customer's trust and confidence in your industrial business.

8. Bring about a smoother transition to a more secured industrial cybersecurity environment.

Certification Audit Process

1.  Request for A Proposal

     Company interested in certifying against ISA/IEC 62443 requests for a proposal based on your preferred cybersecurity scheme from the accredited certifying body,

     e.g., TUV NORD Thailand

2. Certification Audit

      A. Stage 1: Documentation Review

      B. Stage 2: On-site Verification

3. Issue of ISA/IEC 62443 Certificate

4. Surveillance Audit 1 & 2 (within the next 2 years after the Certificate is issued)

5. Re-certification (Re-assessment of your industrial cybersecurity within the next 3 years after the Certificate is issued)