The certification issued by an ISASecure® Accredited Certification Body is the highest global recognition for cyber security-related products and demonstrates that the applicable ISA/IEC 62443 requirements have been met throughout the whole lifecycle.
Why obtain the ISASecure® Certification
The benefits of ISASecure® certification are many. In particular, it:
- Establishes a higher level of trust
- Improves product security
- Establishes company policy for the use of ISA/IEC 62443
- Updates product development processes to comply with IEC 62443
- Proves a proactive approach to achieve competence in cyber security
- Improves product sales via the use of the globally recognized ISASecure® Certification
The primary benefit of third-party conformity certification is that it establishes trust between asset owners, product suppliers, and service providers. Indeed, the independence and capability of an accredited third-party assessor provide a higher level of trust.
In addition, the certification improves the safety, integrity, availability, and confidentiality of the Industrial Automation Control System (IACS) using a risk-based, methodical and complete process throughout the entire lifecycle, including the secure design, implementation, and validation of the system.
The combination of technology with sufficiently trained people and work processes ensures the safety, integrity, availability, and confidentiality of a control system. Therefore, all this makes the system less vulnerable to cyber attacks.
The certification assessment also helps decrease the time, cost, and risk of developing control systems by establishing a collaborative program between asset owners, product suppliers, and service providers.
In this way, the development of industry standards, in general, can accelerate by certifying control systems that meet a common set of requirements as proof of major product security according to the IEC 62443 international standards.
Lastly, the certification supports a proactive approach to achieve competence in cyber security, which is a very important point in favor of product suppliers.
For all these reasons, ISASecure® Certification improves product security and consequently improves product sales thanks to the use of the certification in product marketing.
What products can be certified
Product suppliers can certify various types of IACS systems and components identified by the reference standard IEC 62443:
- IACS components, such as embedded device, host device, network device, software application
- IACS system/control system consists of a set of IACS components
- Automation solution combining IACS systems and components
- Industrial Automation and Control System (IACS) including the automation solution and the policies for its maintenance
Types of ISASecure® certificate
The ISASecure® Certification scheme covers 3 types of certificates. For all of these, it must be conducted conformity assessment with the aim of evaluating the procedures that describe the product, identifying the applicable requirements, and providing the methodology to assess that IEC 62443 standards have been met.
The types of certificates are:
- ISASecure Security Development Lifecycle Assurance (SDLA) according to IEC 62443-4-1
- ISASecure System Security Assurance (SSA) according to IEC 62443-3-3
- ISASecure Component Security Assurance (CSA) according to IEC 62443-4-2
It is mandatory to obtain the SDLA certificate before applying for either SSA or CSA certificates.
A certificate lasts 3 years and can be extended once the product supplier passes a recertification audit.