IEC 62443 Pre-certification audit

Key audit components according to ACSSA certification to ISA/IEC 62443

The audit according to this certification focuses on the following parts of the ISA/IEC 62443 standards:

  • 1. ISA/IEC 62443-2-1: Security Program Requirements for IACS Asset Owners

    • This section specifies requirements for the establishment and maintenance of a security program for owners of IACS equipment. These are organizational measures and management procedures that ensure effective management of cyber security within the organization. An audit under this section includes an evaluation of cybersecurity policy, risk management, access control, employee training, and incident management

  • 2. ISA/IEC 62443-2-4: Security Program Requirements for IACS Service Providers

    • This section focuses on the requirements for service providers who work with IACS systems, such as system integrators, consultants and maintenance providers. The audit checks whether these entities follow security procedures in the provision of services and whether they comply with security standards for IACS

  • 3. ISA/IEC 62443-3-2: Security Risk Assessment and System Design

    • This standard deals with security risk assessment and systems design. An audit within this section verifies that the organization has carried out a thorough risk assessment for its IACS systems and that appropriate security measures have been implemented to minimize the identified risks. It is an assessment of network security, segmentation, access control and other protective measures

  • 4. ISA/IEC 62443-3-3: System Security Requirements and Security Levels

    • This standard defines specific technical security requirements and security levels for IACS systems. An audit under this section assesses whether the systems meet the minimum security requirements for each established security level and whether technical measures such as firewalls, intrusion detection systems, and encryption are implemented

Audit process according to ACSSA certification:

  • 1. Audit preparation

    • Includes the collection of all relevant documents, security policies, processes and procedures that are required to assess compliance with ISA/IEC 62443 standards

  • 2. Conformity assessment

    • Auditors will conduct a detailed review of all aspects of the organization's cyber security, including technical and organizational measures to protect IACS systems

  • 3. Identification of risks and vulnerabilities

    • Auditors identify all potential risks and vulnerabilities within IACS systems and assess the effectiveness of current security measures to minimize these risks

  • 4. Audit report and recommendations

    • After the audit is completed, a report is drawn up that contains audit findings, identified deficiencies, safety level assessment and recommendations for improvement

  • 5. Corrective measures

    • The organization is obliged to take corrective measures to eliminate identified deficiencies and improve the level of cyber security in accordance with ISA/IEC 62443 standards

The importance of auditing according to ACSSA certification

Auditing according to ACSSA certification to ISA/IEC 62443 is crucial to ensure that organizations and their industrial control systems are sufficiently protected against cyber threats. This audit helps ensure that security measures are effectively implemented and maintained to minimize the risks of attacks that could have serious consequences for the security, business continuity and economic losses of the organization. Adherence to these standards also helps increase customer and partner confidence in an organization's ability to secure its critical systems.

I am interested in IEC 62443 Pre-certification audit