IEC 62351 - Cyber security for energy networks

The IEC 62351 - series of standards

Electrical power supply will be as important to people, industry and commerce in the future as it is today. However, the power grid is facing major challenges. Due to the energy turnaround and the associated necessary expansion of decentralized energy generation units, storage systems, heat pumps and electric vehicles, a smartification of the energy networks is inevitable and also offers great advantages. Smartification refers to the networking of individual products and technical systems, e.g. within the energy network, in order to automate process flows. For the implementation of smartification, for example, communication protocols are used that are standardized by the International Electrotechnical Commission Technical Committee (IEC TC) 57. Standardized communication protocols include, for example, IEC 60870-x or IEC 61850. The implementation of smartification offers not only benefits, but also risks for the power supply. In order to be able to use the advantages of smartification securely in the future, it is fundamental to establish adequate protection against threats that is at least state of the art. The IEC 62351 series of standards is suitable for this purpose.


To prove the state of the art, it is necessary to ensure a uniform, consistent, high and comparable level of quality. There is a growing demand for conformity assessments for products and technical systems. At present, there is no legally binding conformity assessment by third parties, with the exception of specific areas. Voluntary conformity assessment of products and technical systems by independent third parties is a service that is in demand. The result of this conformity assessment is to be expressed in the form of certificates.

Who is IEC 62351 certification aimed at?

TÜV NORD unterstützt Sie bei der Cyber Security für Energienetze. TÜV NORD unterstützt Sie bei der Cyber Security für Energienetze. TÜV NORD unterstützt Sie bei der Cyber Security für Energienetze. TÜV NORD unterstützt Sie bei der Cyber Security für Energienetze.

Companies in the energy industry, both manufacturers and service providers, have a growing need for conformity assessments for products and technical systems. Potential customers, applicants, or certificate holders can be manufacturers of products in which the requirements for IEC 62351 have been implemented. On the other hand, system integrators who implement the requirements of IEC 62351 within entire technical systems can also belong to the clientele.

We at TÜV NORD have extensive expertise and experience in the field of cybersecurity for energy networks and will be happy to support you in the process of IEC 62351 certification. Do you have questions about the structure and requirements of the standard? Then don't hesitate to contact us.

Do you have any questions?


Would you like a quote?


Certification procedure according to IEC 62351

The certification procedure for components and systems consists of the offer and contract phase, project preparation including application assessment, evaluation, assessment of required documentation, certification decision, certificate issuance and surveillance/re-certification.

Based on our international recognition as IATF contract partner as well as our international network of experts, we are able to offer our services worldwide.

The experts and, if necessary, parties to be involved/external resources for the evaluation as well as specialist certifiers/reviewers are selected for the evaluation by the TÜV NORD certification body in accordance with the approval and competence.

The monitoring of IEC 62351 certificates

The certification body is obliged to monitor the certificates it issues throughout their period of validity. It fulfills this obligation through various measures.

In the case of changes to the hardware and or software of the system/component, these must be reported immediately to the certification body in the case of functional changes (release change) by the certificate holder.

IEC 62351 certification: TÜV NORD is accredited

TÜV NORD has accreditations from both the German Accreditation Body (DAkkS) and the internationally recognized standardization organization IECEE to perform all relevant tests and certifications according to IEC 62351. The DAkkS accreditation was carried out according to the latest scheme 71 SD 019 (Accreditation requirements for conformity assessment bodies in the field of information security/cyber security for industrial automation systems according to IEC 62351).

This certification standard allows the fulfillment of due diligence to be demonstrated as well as laying the foundation for proof of conformity at an early stage.

FAQ - We have the answers

What is the IEC 62351 series of standards?

The IEC 62351 series of standards is the latest standard for the security of energy management systems and associated data exchange, and describes actions to meet the four basic requirements for secure data transmission and processing. These four basic requirements include: Confidentiality, Data Integrity, Authentication and Non-repudiation.

What is the goal of the IEC 62351 series of standards?

In 2015, the IT security law for the protection of critical infrastructures was passed, thus the operators of basic supply networks (electricity, gas, water) have the goal of protecting the existing communication infrastructure against cyber attacks. The IEC 62351 series of standards provides the best possible protection against these cyber attacks. Furthermore, ongoing monitoring of evolving products and technical systems is essential.

Can certifications of other certification bodies be accepted?

Certificates for (sub)systems of the certification object issued by other certification bodies can be accepted if these certificates are valid at the time of the conformity assessment of the parent system, the certification body is accredited and the scope of the subsystem is consistent with the assessment object.

What are the requirements for the objects of conformity assessment?

The requirements for the objects of conformity assessment are derived from the IEC 62351 series of standards. The requirements must always be defined and documented by the certification body on a project-specific basis at the start of the conformity assessment. Furthermore, for a certification procedure according to IEC 62351, the existence of a process certificate according to IEC62443 Maturity Level 3 (ML3) is mandatory. ML3 proves that either the process according to IEC62443-2-4 or IEC62443-4-1 has been implemented in the company.

Is there a possibility to extend the certificate?

The certificate can be extended to include additional locations or products. TÜV NORD must be informed in writing for this purpose. The necessary tests for the extension are offered to the customer in a separate offer. The extension of the certificate is only effective after the test has been completed and TÜV NORD has informed the customer in writing.

How often is the manufacturing site inspection?

There is an annual production monitoring. In the year of issuance, the first inspection of the production site is carried out. Note: P12-VA-01-A4 applies to the monitoring of issued certificates. The result of the initial inspection and the annual surveillance is a detailed inspection report. Subsequently, the continued validity of the certificate is confirmed or a reassessment of the changes made is requested by the certification body. If the delta inspection is successful, the further validity is then confirmed with new version statuses; the certificate term remains unchanged.

Certification with TÜV NORD

TÜV NORD is your reliable internationally recognized partner for testing and certification services. Our experts and auditors have in-depth knowledge and support you with both technical expertise and objective feedback. Thanks to our global network, we can offer you our recognized testing and certification services across countries.

This might also interest you