01
Festlegung des Scope
Due to the complexity of the topic, we recommend joint analysis and selection of a pilot series in order to be able to make adjustments quickly and efficiently step by step. A complete implementation across the entire company in one step is usually very complex and risky. The pilot creates clarity, optimization options and gives you security of action!
02
GAP analysis according to IEC 62443
We compare the status quo of the pilot and the requirements based on the IEC62443 standard and thus give you a valuable overview of where you stand as a company, of course taking your existing measures in the ISMS into account.
The analysis shows you specifically which areas of your OT network are already compliant with the standards and where areas are not covered and where specific action is required. We also give you recommendations on the measures, an estimate of the expected effort and the duration of implementation.
03
Implementation of measures based on the GAP analysis
We support you in the implementation of the IEC62443 measures in the pilot environment and contribute our industry, TISAX® and ISMS experience. The individual sections of the standard do not manifest a predetermined order, but rather the standard sees itself as a framework for the establishment and continuous expansion of the CSMS across all application levels - from operations to the IoT component.
04
Rollout of the pilot solution to the entire organization
After you have implemented cybersecurity in accordance with IEC62443 in the first parts of your OT infrastructure, we will support you in incorporating the internal experience from the pilot and help with the rollout of the standard in the other relevant areas as needed.
Consulting für IoT nach IEC 62443
Our process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security in accordance with TISAX® and can now win new automotive customers.
Gaps in our preparation and testing were closed promptly and high-quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
When reviewing customer requirements in the area of TISAX®, the company urgently needed advice. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our customers say
Frequently asked questions about IEC 62443
We already have a TISAX® or ISO27001 certification, what added value do I have?
ISO/IEC27001/2 and ISA/IEC62443 complement each other in the implementation of a comprehensive, risk-based strategy for protecting operating facilities: The combined requirements and measures of 27001/2 and 62443 are the basis for ensuring the design and implementation of technical and procedural measures.
For implementation, the corresponding ISO/IEC27001/2 measures must be assigned to the requirements specified in 62443.
Does the standard only make sense for industrial automation networks?
The IEC62443 framework is suitable as a basis for all technically oriented networks. If no industry-specific requirements are defined for a specific technical situation, the standard can be used as a basis. IEC62443 serves as the basis for IT security requirements for electric railway signaling systems (DIN VDE V 0831-104) and SmartHome solutions (VDE-AR-E 2849-1:2017-08).
Does the standard specify concrete measures?
Analogous to ISO27001, IEC62443 specifies a framework consisting of requirements and general measures and controls, but no concrete technical implementations. Basically, the standard requires a risk-oriented approach with appropriate protection requirement determination and continuous improvement (PDCA model). The standard follows the defense-in-depth approach, so appropriate measures should already be taken into account when purchasing components.
How does IEC62443 relate to ISO27001 and IEC61508?
You already secure your company network from the inter-prise infrastructure to the production control level (MES) with IT security guidelines and rules according to ISO27001, and at the shop floor level you implement process security, for example, by implementing IEC61508. The ISA/ISE62443 formulates additional requirements and measures that extend from IT to the shop floor.
A useful addition to ISO 27001, which examines information security in IT networks, is IEC62443 as a cybersecurity framework for industrial systems. Similar to ISO 27001, the standard provides a selection of criteria and measures for the security of OT systems, but here also taking technical challenges into account. IEC62443 follows the "defense-in-depth" approach and involves everyone involved: operators, integrators and component manufacturers. Companies that want to raise their organization-wide information security to a high level should supplement their ISO27001 ISMS with the measures and methods of IEC 62443 for their OT landscape and also their suppliers.
Our consultants accompany and support you to ensure that your company also meets more complex requirements, such as more comprehensive IoT risk management, threat intelligence collection and advanced security testing. Specifically, we help with the necessary measures for:
Implementierung eines Frameworks für das IOT-Risikomanagement
Optimierung eines Incident Management und effizienter Reporting Prozesse
Jährlichen Tests von kritischen Systemen und Anwendungen
Angemessenem IoT-Drittanbieter-Management