IEC 62443 Certification

The risk of cyber attacks is increasing every day, and responsible handling of information is more important than ever. Information is a valuable asset, and loss or manipulation of data can lead to very serious consequences.

Standard IEC 62443 (Industrial Communication Networks – Networks and System Security) is now established as an internationally recognised standard for evidence of conformity in the process and automation industries. Because of a lack of further standardisation, many other industrial sectors are now also making use of this standard. This means that IEC 62443 is becoming the central certification standard for Industry 4.0.  

IEC 62443 also serves as a possible evidence of fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG).  

Part 2 of the standard, entitled “Security for Industrial Automation and Control Systems” describes the IT security management system and therefore defines the organization of security and associated implementation tools.

Part 2-1 describes requirements for an IT security management system, such as for example definition of security procedures. In Part 2-2 there are notes on how and in which areas these procedures are to be implemented. The updating of automation system software (patching) is particularly important, as gaps in security can arise if obsolete software in in use. Therefore Part 2-3 is completely devoted to the subject of patch management. Part 2-4 is concerned with the use of IACS service providers for integration and servicing from the point of view of Security.