IEC 62443 certification: Cyber Security for Industrial Automation & Control Systems (IACS)
Receive a quote tailored to your needs
What is IEC 62443 certification?
The IEC 62443 (or ANSI/ISA 62443) standard is intended to secure Industrial Automation and Control Systems (IACS). It provides a systematic and practical approach that covers every aspect of cybersecurity for industrial systems. There are four series of IEC 62443 standards, aimed at four different IACS categories: General, Policies & procedures, System and Components. Which standards apply to each category is made clear in the image below.
The IEC 62443 audit addresses all human resources, ICT and policies involved in the operation of the industrial process that can affect or influence its safe, secure, and reliable operation. The CIA triad (Confidentiality, Integrity and Availability) of cybersecurity can also be traced back in these standards. In comparison, the ISO 27001 focusses on Information Technology (IT) and the IEC 62443 focusses on Operational Technology (OT).
Four IEC 62443 security levels
An IACS includes more than the technology that comprises a control system. It also includes the people and work processes needed to ensure the safety, integrity, reliability and security of the control system. Without sufficiently trained people, risk-appropriate technologies and countermeasures and work processes throughout the security lifecycle, an IACS could be more vulnerable to a cyberattack.
One of the ways the IEC 62443 standards approach the cybersecurity of OT systems is by making use of security levels. It defines four security levels (SL): from SL 1 (Casual or Coincidental violations) to SL 4 (Nation State attack). The security levels ensure systems are classified based on their inherent risks. The compromise of one industrial system will have less or more of a disastrous impact than another. However, all of these modern industrial systems need to have their processes, technology and human interaction in proper order to be resilient against cyber threats.
Take the extra leap in protecting your business
With digitalization, internet technology and everything surrounding it, cyber security has become something organizations should not take lightly. The IEC 62443 series of standards are targeted towards ‘end users’ and ‘solution providers’. However, the term ‘solution provider’ is coined broadly and essentially refers to manufacturers, system integrators and vendors.
Many industrial organisations have ‘legacy’ equipment (i.e. mechanical systems). Legacy equipment is often outdated and custom-made. Many times it forms the basis upon which developments are made and is therefore difficult to replace due to the investment required. But also legacy equipment should be secured well, even if no direct web connection exists. After all, viruses, etc. can also be spread via an USB stick. In modern industrial systems, equipment tends to be more up-to-date.
Ultimately, any organization involved in industrial automation, irrelevant of the scale, can benefit from the IEC 62443 audit. An IEC 62443 certificate enables you to proof that your industrial system or component is safe and secure against cybersecurity threats. By doing so you are taking the extra leap in protecting your customers, system and business.
Why Kiwa?
Kiwa has been involved in various ways in industrial systems and installations for a long time. For example testing and certifying HVAC parts and systems, performing FPC audits in factories and assessing involved personnel. Addressing systems according to the IEC 62443 certificate requires in-depth knowledge and experience in both the digital domain and industrial automated systems. Moreover, an approach that addresses the complete digital landscape of IACS or SCADA systems ensuring cybersecurity is essential. At Kiwa we are adept in all the aspects required for properly assessing systems according to the IEC 62443. Our experts are also properly trained and experienced in industrial automation systems as well as cybersecurity. We are your partners for progress!
NIS2 European Cybersecurity Directive
Cybersecurity remains a hot topic, not only due to the increasing number of hacks and ransomware attacks but also from the perspective of regulators and the evolving legal framework in this area. European member states are currently preparing for the transposition of the Network and Information Security Directive 2 (NIS2) into national legislation.
ETSI EN 303 645: security of IoT consumer electronics
Refrigerators, lighting, TV’s, smoke detectors, toys, fitness trackers... An ever-increasing number of everyday electronic consumer products is connected to the internet. These ‘smart’ devices make our lives more pleasant and often easier, but they also entail security risks.
Remote Access for Remote Services (RARS) Certification Scheme
By taking the recent cybersecurity trends into account, Kiwa developed the Remote Access for Remote Services (RARS) scheme, also known as K21048. The RARS scheme is a collection of assessments set up by Kiwa that focusses on different types of systems that are remotely accessible.
ISO 27001 Information Security Management System
ISO 27001 Information Security Certification with Kiwa: secure your information, build trust in your brand.
Penetration Tests and Ethical Hacking Services
A penetration test, also known as a pentest or ethical hacking, is an authorised simulated cyberattack on an IT/ OT system, performed to ultimately evaluate the cybersecurity of that digital system. At Kiwa we perform tailormade pentests of which the results provide valuable insights to the owners of the tested system.
Bug Bounty Security Testing
Want to gain insight on the cybersecurity of your internet connected assets and applications? Kiwa and bug bounty security platform Intigriti proudly present their joint private bug bounty security testing service. This service makes it possible for you to organise (private) bug-bounty programs according to your specific preferences.