Endress+Hauser achieves top-level security certifications

Security is a top priority in all sectors of the process industry. That means protecting one’s own products and manufacturing processes in times of digitalisation and increasing connectivity is also a priority for a provider of measurement and automation technology like Endress+Hauser.

To protect the production of plants in the process industry, various enterprise processes and flows also have to be scrutinised at the suppliers.

Measurement instruments and components from Endress+Hauser make certain that numerous process engineering systems around the world operate securely and reliably. For industrial plants and Industrial Internet of Things (IIoT) environments, cybersecurity is becoming a growing focus. With networking and connectivity becoming increasingly prevalent, it’s imperative that companies protect their production systems and automation technology from unauthorised access.

To that end, Endress+Hauser has recently received two important certifications demonstrating that the company’s life cycle for secure product development meets stringent cybersecurity requirements.

The company has been certified to the IEC 622443-4-1 international standard for cybersecurity, and has replaced the demanding StarAudit certification with the internationally recognised ISO 27001 certification at the beginning of the year. The company’s Netilion cloud application has also achieved conformance to ISO 27017, meaning that potential threats are detected in time and equipment and software are safeguarded.

IEC 62443-4-1 certification

Endress+Hauser says it lays the foundation for secure operation as early as the planning and development phases of its products and services. In March, TÜV Rheinland issued a certification in line with the IEC 62443-4-1 norm confirming that this product development process, as well as the product life cycle, meets the highest international standards.

“This is a testament to the quality of our work, which we are extremely pleased about,” said Mirko Brcic, Product Security Officer at Endress+Hauser. “In light of ongoing technical advances — you only have to think about the advanced physical layer or IIoT products — for us it’s very important that we not only accelerate digitalisation but continue to safeguard the security of our instruments and software at the same pace.”

By aligning its processes with IEC 62443-4-1, Endress+Hauser says it ensures that products are developed from the beginning with all security requirements in mind and that the components it delivers pose no risks. Added to that are other measures such as code analyses and reviews, penetration tests and the installation of security updates.

High standards for business data management

After achieving the demanding StarAudit certification, Endress+Hauser Digital Solutions has also received ISO 27001 certification for its information security management system.

“As the centre of competence for digital solutions at Endress+Hauser, we’re proud to have received ISO 27001 certification,” said Dr Rolf Birkhofer, Managing Director at Endress+Hauser Digital Solutions.

This international norm offers a structured approach for protecting the confidentiality, integrity and availability of the information that is produced and processed in organisations and companies. Using the standard as a foundation, Endress+Hauser created an information security management system (ISMS) and implemented processes that safeguard and continuously optimise the protection of all types of information, data and systems.

Achieving ISO 27001 certification requires setting aside resources and making investments. “This was an effort that we were glad to undertake, because ultimately we lower our risks and optimise our business processes,” said Dr Birkhofer. “But the even more important aspect is that we build trust among our customers. With these measures we’re in a position to reliably detect threats and actively protect our customers’ data as a result.”

In addition, confirmation has been received that the company’s Netilion IIoT ecosystem fulfils the requirements of ISO 27017, a standard designed specifically for cloud application information security.