ISASecure cybersecurity certification program expanded

The ISA Security Compliance Institute (ISCI) has expanded the coverage of the ISASecure cybersecurity certification program with the introduction of a system-level cybersecurity certification for industrial automation and control systems (IACS) products, and the launch of an organisational certification that ensures suppliers are following cybersecurity development and support life cycle processes for IACS products.

The new product certification is the System Security Assurance (ISASecure SSA), which assesses the cybersecurity of off-the-shelf industrial control systems and certifies conformance to IEC 62443-3-3. According to the ISCI, the objective of this certification is to ensure cybersecurity robustness for off-the-shelf control systems and to certify that the systems are free from known vulnerabilities.

The new organisational certification is the Security Development Lifecycle Assurance (SDLA) certification, which ensures that a supplier’s product development organisation has institutionalised cybersecurity into its product development and support life cycle processes and follows them consistently. The objective of this certification is to ensure that cybersecurity is designed into IACS products from the beginning and is followed throughout all product development and support life cycle phases.

ISASecure certifications are based on international cybersecurity standards, including the IEC 62443 series, ISO 27001 and other relevant industry consensus standards.

More information about the certifications is available from the ISCI website.