Skip to content

discovered, explained

IEC 62443

Focus on industrial security with IEC 62443

As an operator, integrator or manufacturer of industrial automation systems, IEC 62443 provides you with the best possible protection against cyber attacks and improves the general security of your processes, products or systems. The standard provides you with effective guidelines in the form of criteria and security requirements.

What is IEC 62443?

IEC 62443 is an internationally recognised series of standards that takes a holistic approach to industrial security in the process and automation industry. It is aimed at operators, integrators and manufacturers of industrial automation systems and contains procedures for implementing secure "Industrial Automation and Control Systems" (IACS). As these are crucial for the security of the entire production plant, the aim of IEC 62443 is to provide operators, integrators and manufacturers with criteria that they can use to improve the integrity and availability of components and systems and to implement secure IACS.

Special features of IEC 62443

  • Internationally recognised standard in the process and automation industry
  • Aimed at operators, integrators and manufacturers of industrial automation systems
  • Contains the current IT security standards for industrial automation
  • Aims to improve the integrity and availability of components and systems as well as the secure implementation of IACS
  • Also takes organisational processes into account

Essential building blocks on the path to a secure Industry 4.0 solution

Effective implementation of current IT security standards

With an upstream IEC 62443 implementation, you can introduce future-proof processes for secure product development or secure operation of a system and also minimise IT risks, uncover weak points and improve the security level of your system.

Looking to the future with IEC 62443

Various national laws and EU directives, such as the Cyber Security Act, the Cyber Resilience Act, the EU's Radio Equipment Directive (RED) and national laws derived from these, require proof of security compliance at process and/or product level.

The benefits of IEC 62443 at a glance

IT security effectively implemented

By implementing IEC 62443, you can effectively implement the latest IT security standards for industrial automation.

Sustainable increase in IT security

With the help of IEC 62443, you can establish monitoring and control mechanisms and thus increase the IT security of your system.

Better risk management

By detecting security gaps at an early stage, you reduce IT risks & avoid reputational damage.

Successful cost reduction

By identifying weak points & optimising inefficient processes, you reduce costs, e.g. through downtime.

Promotion of safety awareness

By implementing IEC 62443, you sensitise your employees to the topics of IT security and data protection.

Trust with customers & business partners

You benefit from competitive advantages through objective proof of trust towards customers and partners.

Facilitated market access

The international recognition of IEC 62443 makes it easier for you to access new markets.

Continuous improvement

IEC implementation improves the safety level of your production plant.

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin
To the consulting services Contact us
Goal achieved?

We check that

TÜV Informationstechnik I Essen
To the test offers Contact us

Frequently Asked Questions (FAQ)

What you need to know about IEC 62443

The standard focuses on the cybersecurity of industrial automation and control systems (IACS), which are crucial for the safety of the entire production plant. The term IACS therefore covers all elements, such as systems, components and processes, that are necessary for the safe and reliable operation of an automation solution.

In addition, IEC 62443 also takes into account the organisational processes behind the design and operation of these.

The international standard aims to improve the integrity and availability of components and systems as well as the safe implementation of IACS. To achieve this goal, IEC 62443 provides corresponding safety criteria.

The international standard is aimed at operators, integrators and manufacturers of industrial automation systems. Within the standard, these three entities are assigned specific roles and tasks. The aim is to achieve the most comprehensive protection possible across several levels by involving all stakeholders.

The international standard consists of the following four interrelated parts:

  • IEC 62443-1: General principles (basic concepts and models of the standard series, terms and abbreviations used, key figures)
  • IEC 62443-2: Security requirements for operators & service providers (specific guidelines for effective implementation of an IACS cyber security management system)
  • IEC 62443-3: Security requirements for automation systems (application of various security technologies)
  • IEC 62443-4: Safety requirements for automation components (requirements for safe products, components and systems)

You can find more detailed information on the individual parts in our free white paper on IEC 62443.

The defence-in-depth approach pursued by IEC 62443 is a multi-layered security mechanism that increases the security of the entire system. If one layer within this onion-like system is attacked or bypassed, the other layers continue to offer sufficient protection against potential cyber attacks. This is where the effective interaction between the operator, integrator and manufacturer comes into play, as each of these roles is responsible for the security of different layers.

You can find more detailed information on this in our free white paper on IEC 62443.

ISO 27001 relates to the establishment and operation of an information security management system (ISMS) and contains generic requirements for the organisation of IT security. It therefore addresses information security in general, but does not contain any specific requirements in relation to OT (Operational Technology).

IEC 62443, on the other hand, focusses on the protection of industrial automation systems and, in this context, also takes into account the special features of OT. The international standard therefore contains concrete technical requirements for automation systems and their components and is therefore much more specific than ISO 27001.

Haven't found what you're looking for yet?

Electricity pylons
IEC 62351
A woman shows a sheet of paper from TÜVIT with marked text passages.
Information security management
IT baseline protection
Information security for KRITIS