MENU

Certification of Security Requirements according to IEC 62443-2-1 and -2-4

Security in relation to Industry 4.0

The risk of cyber attacks is increasing every day, and responsible handling of information is more important than ever. Information is a valuable asset, and loss or manipulation of data can lead to very serious consequences.

Standard IEC 62443 (Industrial Communication Networks – Networks and System Security) is now established as an internationally recognised standard for evidence of conformity in the process and automation industries. Because of a lack of further standardisation, many other industrial sectors are now also making use of this standard. This means that IEC 62443 is becoming the central certification standard for Industry 4.0.  

IEC 62443 also serves as a possible evidence of fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG).  

How precise is Part 2 of IEC 62443?

Part 2 of the standard, entitled “Security for Industrial Automation and Control Systems” describes the IT security management system and therefore defines the organization of security and associated implementation tools.

Part 2-1 describes requirements for an IT security management system, such as for example definition of security procedures. In Part 2-2 there are notes on how and in which areas these procedures are to be implemented. The updating of automation system software (patching) is particularly important, as gaps in security can arise if obsolete software in in use. Therefore Part 2-3 is completely devoted to the subject of patch management. Part 2-4 is concerned with the use of IACS service providers for integration and servicing from the point of view of Security.  

Benefits of certification to IEC 62443

  • Confirmation of adherence to internationally-recognised security standards for clients and business partners 
  • Minimisation of the risk of errors and reputational damage (risk management)
  • Reduction of costs and risks through advance identification and elimination of security loopholes   
  • Minimisation of production outages, increased plant availability
  • Presentation of contemporary quality and security certifications as evidence of performance capability and customer focus
  • Fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG)

Content of the assessment

The assessment consists of a preliminary audit, a readiness assessment on site and a certification audit. The certification addresses the logical levels of organisation/processes, system and components and also process-related and functional requirements. The objective is to certify the implemented CSMS (Cyber Security Management System).

The new content of the standard is in part based on established ISMS requirements. This means that the certification can easily be combined with ISMS audits. Existing risks are identified, analysed and rectified by means of qualified actions. In this way you can both protect your confidential data and also improve the integrity and availability of your IT systems. Following a successful audit you will receive a certificate which is valid for three years (subject to annual surveillance audits). 

Certification with TÜV NORD

TÜV NORD CERT is a well-established and reliable partner for inspection and certification services. Our experts and auditors have extensive knowledge based on experience and support you with expert knowledge and objective feedback. Thanks to our global network, we can offer you our well-recognised and respected inspection and certification services across borders all over the world.

We look forward to hearing from you