ISASecure certification is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards aimed at cybersecurity certification of industrial automation and control systems (IACS), such as distributed control systems (DCS) and supervisory control and data acquisition (SCADA). A third-party conformity assessment scheme is also known as a certification scheme.
The goal of the ISA/IEC62443 Series is to improve IACS using a risk-based, methodical and complete process throughout the entire lifecycle, through the implementation of:
Without people who are sufficiently trained and without risk-appropriate technologies and adequate security measures, an IACS exponentially increases its vulnerability to a cyberattack.
The owner and developer of the certification scheme is the ISA Security Compliance Institute (ISCI), a nonprofit corporation that sets rules and procedures to identify the types of products and processes being assessed, identify the specified requirements and provide the methodology to perform a certification.
ISCI offers three certifications with three security assurance levels (SAL) in alignment with ISA/IEC 62443.
- ISASecure Component Security Assurance (CSA)
- ISASecure System Security Assurance (SSA)
- ISASecure Security Development Lifecycle Assurance (SDLA)
Who does the ISASecure certification?
While ISCI develops and maintains the certification scheme, it does not perform the certification itself.
This is done by an ISASecure Certification Body, which is an organization that specializes in third-party conformity assessments. Certification bodies are accredited by an accreditation body based on the ISO/IEC 17065 standard, which addresses topics such as confidentiality and impartiality in the certification process.
An ISASecure certificate issued by a certification body is globally recognized and demonstrates that the applicable ISA/IEC 62443 requirements have been met. In the world, there are only five ISASecure accredited certification bodies.