ISA/IEC 62443 Conformance Services
IEC 62443 comprises nearly 14 standards with each covering a specific purpose. To move towards IEC 62443 compliance, enterprises need to take measured steps in areas such as vulnerability management, network and operational visibility, network segmentation, network monitoring and threat detection. IEC 62443 presents a way for enterprises to ramp up their security maturity in key areas. In fact, the IEC 62443 journey can be extrapolated to go well past compliance into the proactive security management realm.
Key Requirements:
IEC 62443-2-1: Developing a Cyber Security Management System (CSMS).
IEC 62443-2-3: Security for System Maintenance, and Patch Management.
IEC 62443-3-2: Security Risk Assessment.
IEC 62443-3-2: Network segmentation, and security levels for zones and conduits.
IEC 62443-3-3: System security requirements and Security Levels.
Key Requirements:
IEC 62443-2-1: Developing a Cyber Security Management System (CSMS).
IEC 62443-2-3: Security for System Maintenance, and Patch Management.
IEC 62443-3-2: Security Risk Assessment.
IEC 62443-3-2: Network segmentation, and security levels for zones and conduits.
IEC 62443-3-3: System security requirements and Security Levels.
Challenges
- Resources skilled in IEC 62443
- Adequate visibility, control and preparedness
- Planning a roadmap and aligning resources and attention
- Deriving the right interpretation of IEC 62443 for a business
- Working at a device and protocol level to achieve IEC 62443 objectives
How can Sectrio help?
Sectrio’s IEC62443 offering has been put together by industry experts with clear consulting, tactical, and pragmatic elements. It can take your enterprise to IEC 62443 compliance in 6 clear steps with milestones and KPIs to measure progress.
Our Offerings
- Offers a clear and comprehensive path to IEC 62443 without any resource or operational strain
- Helps meet all objectives including visibility, control, patch management and mitigation of cyberattacks
- Gives your enterprise an IACS security program that is unique to your security and operational objectives
- Can also help in areas such as policies and procedures, implementation and other lifecycle requirements
- Gives custom consulting guidance for security processes, workflows, security lifecycles, controls, protocols, security acceptance and factory testing and output management
- In addition, Sectrio’s IEC 62443 consulting team can also work with you to establish a cybersecurity management system.
Frequently Asked Questions
Case study
Sectrio IEC 62443 consulting team set about the project and defined the 6 stages in association with the customer’s security and plant operations teams. These steps were: pre-assessment, risk survey (at device, network, user, plant and enterprise levels) and SL identification, IACS security program design, implementation, testing and feedback analysis and program maintenance and continuous improvement planning and finally institutionalizing of IEC 62443 measures.