Skip to content

Certification of security requirements in accordance with IEC 62443-2-1 and -2-4

IEC 62443 test mark from TÜV NORD CERT GmbH

Security in Industry 4.0

The risk of cyberattacks is constantly increasing for companies. This makes the responsible handling of information more important than ever. After all, information is a valuable asset whose loss or manipulation can cause considerable damage.

The IEC 62443 standard (Industrial Communication Networks - Networks and System Security) has established itself as an internationally recognised standard for proof of conformity in the process and automation industry. Due to the lack of standardisation specifications, many other industrial sectors now rely on this standard. This makes IEC 62443 the central certification standard for Industry 4.0.

IEC 62443 also serves as possible proof of fulfilment of the duty of care in accordance with the Industrial Safety Ordinance and the Product Safety Act.

Contact us

Advantages of certification according to IEC 62443

  • Certification of internationally recognised safety standards for customers and business partners
  • Minimising the risk of errors and reputational damage (risk management)
  • Reducing costs and risks by identifying and eliminating digital security vulnerabilities in advance
  • Minimisation of production downtimes, increase in availability
  • Demonstration of up-to-date quality and security certifications as proof of business performance and customer focus
  • Fulfilment of the duty of care in accordance with the Industrial Safety Ordinance and Product Safety Act

 

What exactly is Part 2 of IEC 62443?

The second part "Security requirements for operators and service providers" describes the IT security management system and thus defines the organisation of security and the associated implementation aids.

Part 2-1 describes requirements for an IT security management system, such as the definition of security procedures. Part 2-2 contains information on how and in which areas these procedures are to be implemented. Updating the software of automation systems (patching) is of particular importance because outdated software can lead to security vulnerabilities. Part 2-3 is therefore completely dedicated to patch management. Parts 2-4 deal with the use of service providers for commissioning and service from a security perspective.

Examination content

The audit consists of the pre-audit, on-site readiness assessment and certification audit stages. The certification addresses the logical levels of organisation/processes, system and components as well as procedural and functional requirements. The aim is to certify the implemented CSMS (Cyber Security Management System).

The new standard content is partly based on established ISMS requirements, which means that certification can be easily combined with ISMS audits. Existing risks are identified, analysed and remedied through qualified measures. In this way, you simultaneously protect your confidential data and improve the integrity and availability of your IT systems. After passing the audit, you will receive a certificate. It is valid for three years (including annual surveillance audits).

Whitepaper IEC 62443

In addition to a digitalisation strategy, industrial plants need a stringent cyber security strategy. The IEC 62443 standard offers a well thought-out, structured and established process model for this. In addition to technology, it also takes processes into account and consistently incorporates the three important roles of Industry 4.0: Operators, integrators and component manufacturing companies. This certification standard can be used to demonstrate fulfilment of the duty of care and lay the foundation for proof of conformity at an early stage. Our white paper highlights all the important aspects:

  • The IEC 62443 standard in its entirety
  • Scenario 1: the role of the operators
  • Scenario 2: the role of industrial plant integrators
  • Scenario 3: the role of component manufacturing companies
Download

Audit process for ISO IEC 62443 certification

1

01

Enquiry & quotation

2

02

Commissioning TÜV NORD

3

03

Audit stage 1: Determination of readiness for certification

4

04

Audit stage 2: Certification audit

5

05

Certification decision TÜV NORD

6

06

Issue of certificate

Would you like to learn more about IEC 62443 certification? Please feel free to contact us.

ISMS Sales & Projectmanagement

sales.isms@tuev-nord.de
Send Email