Expert Advice Community

Guest

IEC 62443 and ISO 27001

  Quote
Guest
Guest user Created:   Apr 29, 2017 Last commented:   Oct 25, 2021

IEC 62443 and ISO 27001

I would like to get obtain more information regarding comparison between IEC62443 and ISO 27001. We were planning to obtain the ISO 27001 for our one of the software product and then some of the employees were exposed to information about the IEC62443. Can you please advise?
2 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 29, 2017

Answer: IEC 62443 refers to information for implementing electronically secure Industrial Automation and Control Systems (IACS), while ISO 27001 refers to information for implementing an Information Security Management System.

IEC 62443 is applicable to products and ISO 27001 to organizations. Both can be used together in a sense that ISO 27001 practices can help protect the information used to implement IACS and ensure the development process is effective in implementing the security practices defined by IEC 62443.

These materials will also help you regarding ISO 27001:
- What is ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-che cklist/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
6 3
Guest
MH Oct 25, 2021

 @Rhand Leal Your comment is correct on ISO 27001, but IEC 62443 is a massive standard that ranges from policies, system security and secure development to certifying single products. For instance IEC 62443-2-1 section has a direct correlation list with ISO 27001 -- as they both essentially do the same thing. 

Quick overview on relevant parts of IEC 62443:

2-1: Same as ISO 27001

2-4: System policies

3-3: Organizational security

4-1: Secure development

4-2: Single product security

I can understand the confusion since the standards are vague enough you could easily take 3-3 and match it to a single product. However, that's definitely not all that IEC 62443 is. 

Quote
0 8

Comment as guest or Sign in

HTML tags are not allowed

Apr 29, 2017

Oct 25, 2021

Suggested Topics