Structure of IEC 62443

Reading time: 3 minutes - Difficulty: advanced
IEC 62443 is the international reference standard for Industrial Cyber Security of components and systems developed in conformity with ISA/IEC requirements.

IEC 62443 family of standards

The most relevant parts of IEC 62443, for the development of secure products throughout the entire lifecycle, and in order to obtain the ISASecure® Certification as well, are:

  • Part 1-1: Terminology, concepts, and models introduce the concepts and models used throughout the series. The intended audience includes anyone wishing to become familiar with the fundamental concepts that form the basis for the series.
  • Part 2-1: Establishing an IACS security program describes what is required to define and implement an effective IACS cyber security management system. The intended audience includes asset owners who have responsibility for the design and implementation of such a program.
  • Part 3-2: Security risk assessment for system design addresses cybersecurity risk assessment and system design for IACS. The output of this process is Risk Assessments and target security levels. These are documented in the Cybersecurity Requirements Specification. This standard is primarily directed at asset owners and system integrators.
  • Part 3-3: System security requirements and security levels describe the requirements for an IACS based on the security level. The principal audience includes product suppliers of IACS products, integration service providers, and asset owners.
  • Part 4-1: Product security development lifecycle requirements describe the requirements for a product supplier’s security development lifecycle. It is addressed to product suppliers of IACS systems and IACS components.
  • Part 4-2: Technical security requirement for IACS components describes the requirements for IACS components based on the security level. IACS Components include embedded devices, host devices, network devices, and software applications. The principal audience includes product suppliers of IACS component products.


norma iec 62443

Download Infographics

Do you want to contribute to our page? Follow us on Linkedin


IEC 62443 principal roles

As mentioned above, the IEC 62443 standard identifies 3 different stakeholders occurring in product security:

  • Asset Owner is the organization that is accountable and responsible for the IACS. The asset owner is also the operator of the IACS and the EUC (Equipment Under Control).
  • Integration Service Provider is the organization that provides integration activities for an automation solution including design, installation, configuration, testing, commissioning and handover to the asset owner. The integration service provider may also facilitate the risk assessment.
  • Product Supplier is the organization that manufactures and supports a hardware and/or software product. Products may include IACS systems and IACS components such as embedded devices, host devices, network devices, and/or software applications.


Recommended in-depth study:


The picture below shows the relationship between the 3 roles and how they interact with each other.

There is a fourth remaining role, the Maintenance Service Provider, who is the individual or organization that provides support activities for an automation solution, even though he doesn’t actively participate in the ISASecure® Certification process.


iec 62443 roles

Do you want to learn more about Industrial Cyber Security?

What does HARA mean for ISO 26262?

The HARA method The HARA method aims at identifying and categorizing hazardous events of items, and also at specifying safety goals according to ISO 26262 and ASILs (Automotive Safety Integrity Levels) related to the prevention or mitigation of the associated hazards in order to avoid unreasonable risk. This means that the combination of a hazard […]

Read more

A brief introduction to ISO 26262

ISO 26262 Standard Application It covers the implementation of functional safety through electrical and/or electronic (E/E) systems, and presents a specific lifecycle for items used in the automotive sector. Thus, it provides a reference for the automotive safety life cycle and supports the adaptation of activities to be performed during the lifecycle phases, i.e. development, […]

Read more
Byhon Logo bianco

Subscribe to our newsletter to stay up to date on Functional Safety and Industrial Cyber Security news and events

Send this to a friend