IEC 62443 and ISO 27001
Assign topic to the user
Answer: IEC 62443 refers to information for implementing electronically secure Industrial Automation and Control Systems (IACS), while ISO 27001 refers to information for implementing an Information Security Management System.
IEC 62443 is applicable to products and ISO 27001 to organizations. Both can be used together in a sense that ISO 27001 practices can help protect the information used to implement IACS and ensure the development process is effective in implementing the security practices defined by IEC 62443.
These materials will also help you regarding ISO 27001:
- What is ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-che cklist/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
@Rhand Leal Your comment is correct on ISO 27001, but IEC 62443 is a massive standard that ranges from policies, system security and secure development to certifying single products. For instance IEC 62443-2-1 section has a direct correlation list with ISO 27001 -- as they both essentially do the same thing.
Quick overview on relevant parts of IEC 62443:
2-1: Same as ISO 27001
2-4: System policies
3-3: Organizational security
4-1: Secure development
4-2: Single product security
I can understand the confusion since the standards are vague enough you could easily take 3-3 and match it to a single product. However, that's definitely not all that IEC 62443 is.
Comment as guest or Sign in
Oct 25, 2021