IC47 EN – ISASecure for Product Suppliers and Assessors.

As the ISA/IEC 62443 series of standards for the security of Industrial Automation and Control Systems (IACS) grow in popularity and usage several certification and assessment programs have been established, for example ISASecure. There is a need for training programs because there is a lack of understanding of 62443 standards in the product supplier community and a shortage of assessors with the requisite knowledge to perform certifications and assessments. This course is intended to train product suppliers in how to design, develop and support IACS products, and assessors in how to certify and assess IACS products and security development lifecycles using the ISA/IEC 62443 series of standards.
· April 5, 2023

Version of this course‎: 1.1

This course (for internal exclusive use of WisePlant only) is intended for product suppliers who want to build products conforming to 62443 standards and meet ISASecure certification requirements. It is also intended for conformance/certification assessors of software development process, and system/component products who need to understand the ISASecure certification programs and the ISA/IEC 62443 standards on which it is based. This training will fulfill some aspects of accreditation requirements for certification bodies around personnel qualifications.

IACS conformance/certification assessors can be either independent or employed by a certification and assessment body, and include:

  • IT cybersecurity auditors transitioning to IACS cybersecurity certifications and assessments
  • IACS engineers transitioning to IACS cybersecurity certifications and assessments

IACS product supplier roles can include:

  • Product managers
  • Process development engineers and internal auditors
  • System and component product architects
  • Product development engineers (hardware, software)

The course will focus on the knowledge necessary to assess the security development lifecycle of a Product Supplier and the IACS products that are developed and maintained using this development process.

You will cover:

The course consists of the following main topics and subtopics:

  • IACS fundamentals
  • Overview of the ISA/IEC 62443 Series
  • Key concepts in the ISA/IEC 62443 Series
  • Part 2-3 Patch management in the IACS environment
  • Part 3-2 Security risk assessment for system design
  • Part 3-3 IACS system security requirements and security levels
  • Part 4-1 IACS product security development lifecycle requirements
  • Part 4-2 Technical security requirements for IACS components
  • ISASecure product certification

Lab and Classroom Exercises

  • Security Development Lifecycle assessment exercise
  • Control System product assessment exercise
  • Pre- and post-student surveys

Course Prerequisites

Knowledge

  • Knowledge of computers, software development, and networking technologies
  • Basic knowledge of software development and delivery process
  • Knowledge of cybersecurity in organizational or technical product domain

Experience

  • IT Auditor experience or certification (e.g., CISA), or
  • IACS design and implementation experience, or
  • IACS product supplier experience

The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.

While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.

+1 enrolled
Not Enrolled
This course is currently closed

Course Includes

  • 3 Lessons
  • 7 Topics

    Upcoming Events