ACSSA, IEC 62443 Certification for End Users

Reading time: 4 minutes - Difficulty: Advanced
The most recent of the certifications in the ISA family is ACSSA: Automation and Control Systems Security Assurance Certification. The upcoming opportunity is aimed at End Users to certify the cybersecurity of automation systems in use at their sites based on ISA/IEC 62443 standards.

Why ISASecure® certification for production sites

The need arises from the fact that End Users – Asset Owners in the terminology of IEC 62443 – have widely adopted OT cybersecurity standards in operations, but often have to rely on a patchwork of third-party solutions that could leave operational sites vulnerable.


With ISASecure®‘s ACSSA certification, the dynamics evolve:

  • End Users will have visibility into the security level of sites, a consistent goal and benchmark with which to determine their own position regarding the degree of cybersecurity that can be pursued, and substantiated by the leading reference in cybersecurity, ISASecure®
  • Insurance underwriters will benefit from an assessment based on ISA/IEC 62443, and be able to include its metrics in risk assessment models
  • Product and service providers will gain clarity and transparency about their role in the supply chain, including service integration, maintenance and operational support services


When to apply ACSSA certification

The assessment scheme applies to individual automation and control systems that are in the operation and maintenance phase of their security lifecycles at end-user sites.

The scope extends to all types of automation and control systems, beginning with traditional process systems to critical infrastructures, such as oil and gas, chemicals and wastewater.


The requirements to be met are relevant to the following parts of IEC 62443:

  • IEC 62443-2-1 – Security program requirements
  • IEC 62443-2-4 – Service providers
  • IEC 62443-3-2 – Risk assessment and system design
  • IEC 62443-3-3 – System requirements and security levels


The expected result is to encourage more and more industries to adopt cybersecurity standards, and IEC 62443 best practices, to ensure that security in the automation world helps improve everyday life.

How to obtain ISASecure® certification

The conformity assessment should be conducted by an accredited body with the aim of reviewing the procedures describing the product, identifying the applicable requirements, and providing the methodology for verifying compliance with IEC 62443.

Among the ISASecure® accredited Certification Bodies in the world, we was one of the first obtaining the official accreditation.

The types of certificate you can request from us today cover the entire ISASecure® series available:

  • ISASecure® Security Development Lifecycle Assurance (SDLA), business process certification preparatory to obtaining product certificates
  • ISASecure® System Security Assurance (SSA), system certification according to IEC 62443-3-3
  • ISASecure® Component Security Assurance (CSA), component certification according to IEC 62443-4-2
  • ISASecure® IIoT Component Security Assurance (ICSA), IIoT component certification according to IEC 62443-4-2


The certification process is a complex activity requiring motivation and organization. Visit this link to see the companies that have chosen to certify with us.