01
Definition of the scope
Due to the complexity of the topic, we recommend the joint analysis and selection of a pilot series in order to be able to make the adjustments step by step quickly and efficiently. Because a complete implementation in the whole company in one step is usually very expensive and risky. The pilot creates clarity, optimization options and gives you confidence in your actions!
02
GAP analysis according to IEC 62443
We compare the status quo of the pilot and the requirements based on the IEC62443 standard and thus give you a valuable overview of where you stand as a company, while of course taking into account your existing measures in the ISMS.
The analysis specifically shows you which areas of your OT network are already standard-compliant and where areas are not covered and where there is a specific need for action. In addition, we give you recommendations for the measures, an estimate for the expected effort and the duration of the implementation.
03
Implementation of the measures based on the GAP analysis
We accompany you in the implementation of the IEC62443 measures in the pilot environment and bring in our industry, TISAX® and ISMS experience. The individual sections of the standard do not manifest a predetermined order, but rather the standard sees itself as a framework for the establishment and continuous expansion of the CSMS across all application levels - from operation to the IoT component.
04
Rolling out the pilot solution to the entire organization
After you have implemented cyber security in accordance with IEC62443 in the first parts of your OT infrastructure, we will support you in incorporating the internal experiences from the pilot and help with the rollout of the standard in the other relevant areas as required.
Consulting for IoT according to IEC 62443
Our process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thanks and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right away, we were able to prove our information security according to TISAX® and can now win new automotive customers.
Gaps in our preparation and exam were closed in a timely manner and high quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador_cc781905-5cde-3194-bb3b-136bad5cf58d.
dr Samir Kadunic, MAASU GmbH
When examining customer requirements in the area of TISAX®, there was an urgent need for advice in the company. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner because of its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our clients have to say
Frequently asked questions about IEC 62443
We already have a TISAX® or ISO27001 certification, what added value do I have?
The ISO/IEC27001/2 and the ISA/IEC62443 complement each other when implementing a comprehensive, risk-based strategy for the protection of the operating facilities: The combined requirements and measures of the 27001/2 and the 62443 are the basis for the design and implementation of technical and procedural to ensure measures.
The assignment of the corresponding ISO/IEC27001/2 measures to the requirements specified in 62443 is required for implementation.
Does the standard only make sense for industrial automation networks?
The IEC62443 framework is suitable as a basis for all technically oriented networks. If no industry-specific requirements are defined for a specific technical situation, the standard can be used as a basis. IEC62443 serves as the basis for IT security requirements for electrical railway signaling systems (DIN VDE V 0831-104) and SmartHome solutions (VDE-AR-E 2849-1:2017-08).
Does the standard specify specific measures?
Similar to ISO27001, IEC62443 specifies a framework consisting of requirements and general measures and controls, but no specific technical implementation. Basically, the standard requires a risk-oriented approach with a corresponding determination of protection requirements and continuous improvement (PDCA model). The standard follows the defense-in-depth approach, so appropriate measures should already be taken into account when procuring components.
How does IEC62443 relate to ISO27001 and IEC61508?
You already secure your company network from the Interprise infrastructure to the production control level (MES) with IT security guidelines and rules according to ISO27001, on the shop floor level you implement process security, for example with an implementation of IEC61508. The ISA/ISE62443 formulates additional requirements and measures that range from IT to the shop floor.
A useful addition to ISO 27001, which sheds light on information security in IT networks, is IEC62443 as a cybersecurity framework for industrial systems. Similar to ISO 27001, the standard includes a selection of criteria and measures for the security of OT systems, but here also taking into account technical challenges. IEC62443 follows the "Defense-in-Depth" approach and involves everyone involved: operator, integrator and component manufacturer. Companies that want to raise their organization-wide information security to a high level should supplement their ISO27001 ISMS with the measures and methods of IEC 62443 for their OT landscape and also their suppliers.
Our consultants guide and support you to ensure your business meets more complex requirements such as more comprehensive IoT risk management, threat intelligence collection and advanced security testing. Specifically, we help with the necessary measures:
Implementation of a framework for IOT risk management
Optimization of incident management and efficient reporting processes
Annual testing of critical systems and applications
Appropriate IoT third party management