Industrial Cybersecurity Evaluation

  • IECEE CB testing laboratory authorized for industrial cybersecurity
  • Leading experts in industrial cyber security certification
  • Experts in the IEC 62443-4-1 and IEC 62443-4-2 standards
  • Editors in the ERNCIP thematic group for "Industrial Automation & Control Systems (IACS)".

Click here to find our talks related to IEC 62443 and other standards offered in the most relevant cybersecurity events
By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.

IEC 62443 standard

IEC 62443 is the primary international reference framework for cyber security in industrial systems, specifying a series of anti-cyber-attack measures. It also provides a lingua franca for the industrial ecosystem (manufacturers, integrators and testing laboratories).

The IEC 62443 standard was originally created to safeguard industrial automation and control systems (IACS), which are essential for critical infrastructures.

International standards are based on industry best practices and are reached by consensus. Implementing IEC 62443 can mitigate the effects and often prevent successful cyber-attacks, strengthening security across the lifecycle and lowering costs.

The main objective of this standard is to simplify trade between participating countries and increase the compatibility of international standards. Any CB certified product can benefit from international certification in any participating country by applying it.

This standard mainly benefits three parties:

  • Governments: It reduces trade barriers caused by different certification criteria in different countries.
  • Industry: Reduces delays and costs of testing the products they want to use.
  • End-users: Assurance that the products purchased will perform as expected.

IEC 62443-4-1 Documentation

ISA/IEC 62443-4-1 standard, Product Security Development Life-Cycle Requirements specifies the process requirements for the secure development of products used in an IACS and defines a secure development life-cycle for developing and maintaining secure products. The lifecycle includes the definition of security requirements, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and end-of-life of the product.

These requirements may apply to new or existing hardware, software or firmware development, maintenance and retirement processes. The requirements apply to the developer and maintainer of a product, but not to the integrator or user of the product.

It has 8 practices covering a total of 47 requirements, as shown in this table: IEC 62443-4-1 Practices & Requirementes.pdf

IEC 62443-4-2 Documentation

ISA/IEC 62443-4-2, Security for Industrial Automation and Control Systems (Security technical requirements for IACS components). It specifies the technical cybersecurity requirements to be evaluated for the components that comprise an IACS device, in particular embedded devices, network components, host components and software applications. The standard establishes the security capabilities that enable a component to mitigate threats for a given level of security without the aid of compensatory countermeasures.

IECEE CB evaluation scheme

IECEE CB scheme is managed by the IEC system of conformity assessment schemes for electrotechnical equipment and components (IECEE), an international recognition scheme for safety-related testing and certification of electrical and electronic components, devices and products.

Electrical and/or electronic products must undergo testing in accordance with IEC standards. Any CB certified product can benefit from international certification in any participating country, the scheme is currently recognized by more than 50 countries.

Based on the use of internationally accepted product safety standards, the CB system relies on a global network of CB testing laboratories (CBTLs), which are responsible for testing products according to the applicable technical standards. Product test results are sent to the national certification bodies (NCBs) of the CB scheme member countries.

Products covered by the CB scheme include, among others:

  • Switches for appliances and automatic controls for electrical household appliances
  • Cybersecurity
  • Electrical equipment for medical use
  • IT office equipment
  • Measurement, Control and Laboratory equipment
  • Household and similar equipment
  • Electronics, entertainment
  • Safety transformers and similar equipment
  • Installation accessories and connecting devices
  • Installation protection equipment
  • Industrial automation

Flowchart of the evaluation process of the IECEE CB Scheme

The evaluation process for the IECEE CB scheme consists of a series of steps that follow each other in a logical order.

Three actors are part of the process:

  1. Appying company (client)
  2. NCB or CB (the certification body)
  3. CBTL (the laboratory where the tests will be carried out, jtsec)

The certification process is not simple and can take several months of effort to complete these ten steps. For this reason, we recommend using a reputable laboratory such as jtsec. We strive to smooth the process and make it as simple as possible, minimizing the workload for our clients.

One stop shop for CB scheme testing and certification

The certification process is not simple and can take several months of effort to complete these ten steps. As part of Applus+ Laboratories, we can provide a full-service including CBTL testing and CB certification services, with Jtsec as your expert laboratory for all the assessment and testing activities.

We strive to smooth the process and make it as simple as possible, minimizing the workload for our clients.

Having such a powerful alliance allows companies wishing to obtain certification in the industrial field to benefit from the joint work of two leading companies in their field both nationally and internationally.

10 REASONS FOR CHOOSING JTSEC

  1. We assure you a fixed price from the beginning, avoid surprises!
  2. Time to market, a support engineer is always available for projects, ensuring we meet deadlines and expectations.
  3. Editors in the ERNCIP thematic group for "Industrial Automation & Control Systems (IACS)".
  4. IECEE CB authorized laboratory
  5. Customized approach adapted to your needs
  6. More than 15 years of experience in cybersecurity evaluation and consultancy.
  7. Continuous in-house training to be always up to date with regulations.
  8. ECSO members in the Working Group "Standardization, Certification and Supply Chain Management".
  9. ISO members in different standardization projects.
  10. Contributors in CCI (Centro de Ciberseguridad Industrial), the most important Spanish association in the industrial sector.

What do we offer?

  1. IECEE CB AUTHORIZED LABORATORY, INDUSTRIAL EVALUATION

    As an authorized laboratory, we perform IEC 62443 4-1 and IEC 62443 4-2 security evaluation of your product. In addition, we perform the necessary tests and trials to ensure that your product is resistant to the applicable attacks. This enables the product to successfully obtain IEC certification.

They already trusted us. Let's talk!