IECEE appoints Kiwa for the IEC 62443: Cyber security for Industrial Automation and Control Systems
The IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components (IECEE) recently appointed Kiwa to carry out assessments and certifications in the context of the series of standards IEC 62443. This is the international series of standards for the cyber security of Industrial Automation and Control Systems ( IACS). Kiwa was already partially accredited, but this accreditation has now been expanded to include even more parts of the standard. To qualify for this allocation, Kiwa successfully completed the IECEE Certification Body Testing Laboratory (CBTL) and National Certification Body (NCB) audits.
The IEC assignment means that Kiwa may carry out assessments, audits and certifications in accordance with parts of the standard that fall under IEC 62443. The standard offers all stakeholders involved in the cyber security of IACS installations handles and a common basis for technical and organizational measures for increasing digital resilience.
Kiwa has been assigned the following standard parts to its CYBR scope:
- IEC 62443-2-4:2015 & IEC 62443-2-4:2015/AMD1:2017: This part of the standard helps end users to set the right security requirements for their system integrator. It helps system integrators understand their customers' cybersecurity requirements.
- IEC 62443-3-3:2013: Helps end users and system integrators to select and implement the right technical measures according to the desired security levels. It also helps end users to determine the security level of an existing infrastructure.
- IEC 62443-4-1:2018: Describes the cybersecurity requirements for the product development lifecycle for IACS products. The standard part provides guidance on how to meet the requirements.
- IEC 62443-4-2:2019: Helps users and system integrators to set security requirements for components from suppliers. It helps suppliers to indicate the security capabilities of their components.
Cyber security is becoming increasingly important within the domain of Operational Technology (OT). Digitization and technological developments offer great opportunities for the industry, but also increase the risk of hacks and other forms of cybercrime. This can disrupt digital and physical business processes and jeopardize operational continuity. If a cyberattack takes place at an organization that is part of a vital infrastructure, for example energy supply or payment traffic, this can cause social upheaval.
It is important that organizations properly arrange the cyber security of their OT. This can be done by arranging security in accordance with the IEC 62443 series of standards. With an IEC 62443 certificate, organizations can demonstrate that their systems, products and/or components are digitally resilient to cyber threats. This not only ensures trust within the own organization, but also protects customers, suppliers and other stakeholders.