Get started with TÜV SÜD
Start your IEC 62443 certification journey with us today.
A customised & comprehensive safety & cybersecurity plan aligned with your company's needs
What is IEC 62443 certification?
IEC 62443 aims to mitigate risk for industrial communication networks by providing a structured approach to cybersecurity. Originally developed for the Industrial Automation and Control Systems supply chain, it is now the leading cybersecurity standard across all industries. It applies to component suppliers, system integrators and asset owners.
IEC 62443 lays the foundations for cybersecurity robustness throughout the product and system lifetime. The standard uses a set of defined process requirements to ensure that relevant security aspects are addressed in a structured manner. This includes a systematic cybersecurity approach throughout the stages of specification, integration, operation, maintenance and decommissioning.
IEC 62443 certification by a third-party such as TÜV SÜD can boost competitiveness, as it demonstrates that the component or system is based on an industry best practice cybersecurity approach.
IEC 62443 lays the foundations for cybersecurity robustness throughout the product and system lifetime. The standard uses a set of defined process requirements to ensure that relevant security aspects are addressed in a structured manner. This includes a systematic cybersecurity approach throughout the stages of specification, integration, operation, maintenance and decommissioning.
IEC 62443 certification by a third-party such as TÜV SÜD can boost competitiveness, as it demonstrates that the component or system is based on an industry best practice cybersecurity approach.
Why IEC 62443 certification is important
The increasing prevalence of cyber-physical systems has impacted industries worldwide by enabling greater efficiencies, unmatched flexibility and innovative business models. But this new connectivity has also seen a rise in cyberattacks. An industrial security breach involving a connected application puts an entire facility at risk and the consequences can be devastating.
Industrial cybersecurity is therefore a critical aspect of any cyber-physical operation. Suppliers and system integrators must optimise the cyber resilience of their components and systems by improving development, integration and support processes.
As vulnerabilities can appear throughout the component or system lifecycle, it’s necessary to plan ahead and implement industrial security from the onset. Industrial cybersecurity involves studying potential attacks and threats to information systems. This includes identifying gaps, devising and implementing industrial cybersecurity solutions, and mitigating risks.
Component suppliers must consider how a connected device’s cyber resilience can be optimised for its entire lifespan, including specification, design, production and support. Further down the line, the system integrator must take possible threats to the automated solution into account. Transparency is also required to help a potential buyer place trust in the security capabilities of product suppliers and integrators. However, amid ever-evolving cyber-attacks and the dynamic cybersecurity horizon, the solutions must be sustainable and robust enough to enhance proactive preventive measures.
Industrial cybersecurity is therefore a critical aspect of any cyber-physical operation. Suppliers and system integrators must optimise the cyber resilience of their components and systems by improving development, integration and support processes.
As vulnerabilities can appear throughout the component or system lifecycle, it’s necessary to plan ahead and implement industrial security from the onset. Industrial cybersecurity involves studying potential attacks and threats to information systems. This includes identifying gaps, devising and implementing industrial cybersecurity solutions, and mitigating risks.
Component suppliers must consider how a connected device’s cyber resilience can be optimised for its entire lifespan, including specification, design, production and support. Further down the line, the system integrator must take possible threats to the automated solution into account. Transparency is also required to help a potential buyer place trust in the security capabilities of product suppliers and integrators. However, amid ever-evolving cyber-attacks and the dynamic cybersecurity horizon, the solutions must be sustainable and robust enough to enhance proactive preventive measures.
Expert industrial cybersecurity solutions can help you with:
Working with experts who know the collaborative functioning of IT and OT
Cybersecurity recommendations that minimise the impact on routine operations
Comprehensive handholding in all processes for IEC 62443 certification compliance
A smoother transition to a more secure industrial cybersecurity environment and industrial cybersecurity certification
How TÜV SÜD can help you with IEC 62443 certification
Our extensive experience of industrial systems and cybersecurity makes us uniquely positioned to assess your processes and products. Our methodology for risk analysis, applying both security and safety aspects, is proven in the field.
TÜV SÜD experts also actively participate in international standardisation committees, gaining valuable insights of the latest regulatory developments. Thanks to our experts’ relentless commitment to secure and safe operations across industries, TÜV SÜD’s IEC 62443 certification has become a globally renowned symbol for safety, security and trust.
Suppliers, development teams and system integrators across the world partner with us. We provide testing and evaluation to the IEC 62443 standards and certify processes, products and systems under the following certification schemes:
- TÜV SÜD Product Service certification mark for Industrial Cybersecurity
- IECEE-CB Scheme for Cyber Security (CYBR)
- ISASecure IEC 62443 Conformance Certification
Frequently Asked Questions (FAQs)
What is TÜV SÜD’s certification mark for industrial cybersecurity?
The IEC 62443 certification standards address supply chain security processes. Our mark for Industrial Cybersecurity is based on a set of security profiles from IEC 62443. Surveillance activities check if compliance is maintained for the duration of certification.
For product suppliers, we provides industrial cybersecurity certification services based on IEC 62443-4-1. The standard applies to overall security programs, and to component or control system security process development.
IEC 62443-2-4 certifications are available to system integrators. Our experts verify compliance of generic processes and security processes for a reference architecture or blueprint. The conformity cybersecurity assessment is based on document reviews, interviews, and on-site testing. We issue a report and our certification following standards compliance. Certification validity of certification requires an annual surveillance audit.
The IEC 62443 certification standards also specify technical security requirements for components and systems. These technical requirements are described in IEC 62443-4-2 and IEC 62443-3-3. The development teams need a mature secure product development lifecycle process.
For product suppliers, we provides industrial cybersecurity certification services based on IEC 62443-4-1. The standard applies to overall security programs, and to component or control system security process development.
IEC 62443-2-4 certifications are available to system integrators. Our experts verify compliance of generic processes and security processes for a reference architecture or blueprint. The conformity cybersecurity assessment is based on document reviews, interviews, and on-site testing. We issue a report and our certification following standards compliance. Certification validity of certification requires an annual surveillance audit.
The IEC 62443 certification standards also specify technical security requirements for components and systems. These technical requirements are described in IEC 62443-4-2 and IEC 62443-3-3. The development teams need a mature secure product development lifecycle process.
What is the IECEE-CB scheme for industrial cybersecurity?
IECEE Certificates of Conformity are issued for processes/products/systems, based on a one-off evaluation in accordance with the rules of the IECEE-CB Scheme. No TÜV SÜD marks or logo are allowed on a certified product.
- Product Capability Assessment (IEC 62443-2-4/ IEC 62443-3-3/ IEC 62443-4-2)
- Process Capability Assessment (IEC 62443-2-4/ IEC 62443-4-1)
- Product Application of Capabilities Assessment (IEC 62443-4-1)
- Solution Application of Capabilities Assessment (IEC 62443-2-4/ IEC 62443-3-3)
What is ISASECURE® IEC 62443 conformance certification?
The ISASecure® Certification programme certifies products and supplier development practices to the ISA/IEC 62443 series of Industrial Automation and Control standards. The product evaluation process includes a security vulnerability scan using a commercially available scanning tool that evaluates the product against the US-CERT NVDB.
TÜV SÜD is an ISASecure® Chartered Laboratory (License No. ISCI-CL0006) authorised by the ISA Security Compliance Institute (ISCI), a not-for-profit consortium that manages the ISASecure® conformance certification programme.
We offer four types of certifications:
- ISASecure® Component Security Assurance (CSA) Certification.
- ISASecure® IIoT Component Security Assurance (ICSA) Certification.
- ISASecure® System Security Assurance (SSA) Certification.
- ISASecure® Security Development Lifecycle Assurance (SDLA) Certification.
A product supplier’s development process, component, or system that passes evaluation according to the latest version of ISASecure® specifications will be granted with ISASecure® certification by TÜV SÜD. The ISASecure® mark may not be affixed on certified products and systems.
