IC37 has been created by ISA to help the industry and its participants to understand the requirements for maintaining the security of zones and conduits to meet specific cybersecurity requirements.

If people do not understand the requirements, they won’t be able to take the best decisions. As with all the other courses, IC37 is agnostic. It does not endorse any method for complying with the requirements, nor does it endorse any vendor. Standard tells you the security requirements by security level, and it provides the participants with some laboratory exercises to help understand and retain the new concepts.

While it also provides a mechanism to certify that the participants have gained valuable knowledge, it does not certify experience.
On the other hand, the EN62 provides a methodology for complying with all ISA/IEC-62443 requirements and complementary with the requirements of any popular regulation. It is an all-in-one methodology. We have packed hundreds and thousands of requirements into a simplified, an optimal sequence of activities.

During EN62 we don’t deepen in the multiple ISA/IEC-62443 requirements as the IC37 does. We don’t deepen into the regulations, either. We have facilitated this interpretation by making it easier for everyone in their own language.

The EN62 complements the IC37, and it is oriented to energy, oil and gas industries. It is not a replacement. It will truly help to understand ISA/IEC-62443 fully to all its extent. EN62 is for everyone, even for people with no cybersecurity background.

Organizations and professionals tend to deviate from the requirements and especially when there are a lot of other initiatives claiming the same goal, driven by IT security inertia.