I would like to get obtain more information regarding comparison between IEC62443 and ISO 27001. We were planning to obtain the ISO 27001 for our one of the software product and then some of the employees were exposed to information about the IEC62443. Can you please advise?
Answer: IEC 62443 refers to information for implementing electronically secure Industrial Automation and Control Systems (IACS), while ISO 27001 refers to information for implementing an Information Security Management System.
IEC 62443 is applicable to products and ISO 27001 to organizations. Both can be used together in a sense that ISO 27001 practices can help protect the information used to implement IACS and ensure the development process is effective in implementing the security practices defined by IEC 62443.
@Rhand Leal Your comment is correct on ISO 27001, but IEC 62443 is a massive standard that ranges from policies, system security and secure development to certifying single products. For instance IEC 62443-2-1 section has a direct correlation list with ISO 27001 -- as they both essentially do the same thing.
Quick overview on relevant parts of IEC 62443:
2-1: Same as ISO 27001
2-4: System policies
3-3: Organizational security
4-1: Secure development
4-2: Single product security
I can understand the confusion since the standards are vague enough you could easily take 3-3 and match it to a single product. However, that's definitely not all that IEC 62443 is.