Cyber security – IEC 62443
This involves an internationally recognized series of standards focused on cybersecurity for operational technologies. These standards provide a flexible framework for identifying and addressing current and future security risks in industrial automation and control systems (IACS). However, the scope of these standards extends further, as they set general cybersecurity requirements for both hardware and software components. Specifically, the requirements contained in IEC 62443-4-1 and IEC 62443-4-2 are applicable to a wide range of hardware and software for which cybersecurity assurance is crucial.
These standards are also linked to upcoming legislation within the European Union—Cyber Resilience Act (CRA), NIS2, Medical Devices Regulation (MDR), and Radio Equipment Directive (RED).
Certification according to these standards is based on the certification scheme of the international organization IECEE, of which we are a member. A characteristic feature of this scheme is the option to choose the requirements to which a product or service will be assessed and certified, allowing for individual customization of the entire certification process. For Czech manufacturers, implementing and certifying according to these standards not only gains prestige but also offers a significant competitive advantage in international markets, as our certificates are recognized worldwide.
IEC 62443 standards designed for certification:
- IEC 62443-2-1:
- Requirements for IACS security management system
- IEC 62443-2-4:
- Requirements for IACS service provider security program
- IEC 62443-3-3:
- System security requirements and security levels
- IEC 62443-4-1:
- Requirements for secure product development lifecycle
- IEC 62443-4-2:
- Technical security requirements for IACS components
We have recently added IEC 62443-2-1 to our portfolio, playing a key role in enhancing the security of industrial control systems. This part of the standard focuses on the cybersecurity of industrial control systems and provides a comprehensive framework for protecting critical infrastructure against cyber threats. Crucially, implementing this standard acts as a catalyst for launching security initiatives not only at a specific supplier but also at its subcontractors. This ensures active strengthening of security standards, thus increasing the resilience of the entire supply chain against cyber threats.
In addition to certification according to the IEC 62443 standards, we offer our clients the option of a pre-assessment. This is a shortened form of assessment based on pre-specified client requirements. Through pre-assessment, a client can determine their strengths and weaknesses, identify any discrepancies, and find opportunities for improvement. This helps them better prepare for actual certification.
Sales
Ing. Lenka Mariánková
Product Manager
Technical specialist
Ing. Michal Hager
Head of Cyber Security Department
Why choose EZÚ?
EZÚ is one of the few certification bodies in the world that participates in the legislative process
We have a team of top experts and our own cybernetic laboratory.
EZÚ collaborates with CESNET.
We are a state body with a long history and the status of a qualified, trustworthy certification authority
We place considerable emphasis on the independence and impartiality of our auditors and the quality of the resulting outputs
Reasons to get certification
- Mapping of the current state of cybersecurity and identification of suggestions for improvement.
- Ensuring of cybersecurity and it continuous improvement.
- Protection from major financial losses and damage to or destruction of assets.
- Process improvement and acceleration (especially for IT services).
- Effective use of finances to ensure cybersecurity.
- Security of individual components of IT infrastructure (down to the level of firmware and microprocessors).
- Security of the supply chain.