SERVICES

IEC 62443 Certification

Third Party Industrial Cyber Security Certification in compliance with IEC 62443

Industrial Cyber Security Certification Purpose

BYHON is a certification body that implements its certification processes in accordance with the IEC 17065 standard, and provides a conformity assessment inspired by the Industrial Cyber ​​Security Certification according to IEC 62443 scheme as well. BYHON has implemented the verification of conformity defined by ISASecure (www.isasecure.org) in its conformity assessment model. This refers to both the Security Development Lifecycle Assurance Certification (SDLA) and to the verification of the technical compliance of the product against OT security requirements to be applied to components or systems, according to the Component Security Assurance Certification (CSA) and to the System Security Assurance Certification (SSA).
The aim of this service is to perform a fully independent and third-party certification in order to give evidence of the compliance of a system or component with the IEC 62443 standard requirements and provide Security Levels Capabilities (SL-C).

For more information or to request a quote

What is a system?

In terms of IEC 62443 and ISA context, a system is specifically a control system intended as hardware and software components of an Industrial Automation Control System (IACS), i.e. an object to be integrated inside the final IACS of a whole plant and that can be certified in accordance with ICS Cyber Security standard requirements.

  • HMI/PLC Combination System
  • SCADA System Platform
  • Control System Platform
  • Packaged Control Systems (PCS)
  • Distributed Control System (DCS)
  • Safety Instrumented System (SIS)

IEC 62443 Certification process for components and systems

Application and Assessment scope definition

Definition of the assessment scope, scheduling and collection of all relevant documentation, including the architecture diagrams, the essential function information, such as the list of accessible network interfaces and points of entry.

Security Development Lifecycle Process Assessment

Verification of the manufacturer Cyber Security Management System, in order to check whether it was developed and maintained in compliance with IEC 62443-4-1 security practices.

Functional Security Assessment

The system/component security functionality is audited against the defined requirements for each zone capability (SL) to assess whether the system/component implemented the functional security features.

Vulnerability identification testing

Identification of vulnerabilities in the actual implementation on the control system. This is done through a vulnerability identification testing scan.

Assessment Review and Certification issuing

Once all the previous phases are passed, the result is collected in a Cyber Security Assessment Report to be reviewed by the third-party committee. In case of positive outcome, the final compliance statement is issued together with a ICS Certification declaring the compliance of the system/component with the IEC 62443 standards against a claimed SL.

For more information or to request a quote