What is the relationship and difference between IC32 and EN50?

Questions & AnswersCategory: WBS ProgramWhat is the relationship and difference between IC32 and EN50?
Anonymous Vendetta asked 1 month ago

It might appear to be that both courses have a similar scope or that there is an overlapping or to be considered as a replacement.

1 Answers
Best Answer
Maximillian G. Kon Staff answered 1 month ago

IC32 has been created by ISA to help the industry in a way that the participants understand the fundamentals of the ISA/IEC-62443 series of standards. How the series is structured and organized explains the different models and concepts, deepening into the requirements. It also provides a mechanism to certify that the participants have gained valuable knowledge. It does not certify experience.

If people do not understand the requirements, they won’t be able to implement them correctly. IC32 is agnostic. It does not endorse any particular methodology for complying with the requirements, nor does it endorse any vendor. ISA/IEC-62443 series of standards tells you what to do. It does not tell you how to do it.

The EN50 provides a methodology for complying with all ISA/IEC-62443 requirements and complementary with the requirements of any popular regulation. It is an all-in-one methodology. We have packed hundreds and thousands of requirements into a simplified, an optimal sequence of activities. During EN50 we don’t deepen in the multiple ISA/IEC-62443 requirements as the IC32 does. We don’t deepen into the regulations, either. We have facilitated this interpretation by making it easier for everyone in their own language.

The EN50 complements the IC32, and it is oriented to energy, oil and gas industries. It is not a replacement. It will truly help to understand ISA/IEC-62443 fully to all its extent. EN50 is for everyone, even for people with no cybersecurity background. Organizations and professionals tend to deviate from the requirements and especially when there are a lot of other initiatives claiming the same goal, driven by IT security inertia.