Automation and control systems (ACS) face growing scrutiny and the evaluations used to assess them need to hold up to regulators, insurers and internal decision-makers. The ISASecure Automation and Control System Security Assurance (ACSSA) for Evaluators Specialist Certificate program provides a structured approach to evaluating ACSs against ISA/IEC 62443 standards, covering everything from defining scope and reviewing risk assessments to inspecting technical configurations and documenting findings.
This program was designed for professionals who need to go beyond general cybersecurity knowledge and develop a working understanding of how formal ACS evaluations are scoped, conducted and reported. Whether you are new to the evaluation process or looking to bring more consistency to your current approach, this certificate provides a clear, practical framework grounded in real evaluation practice.
Why This Certificate Matters
Evaluating an ACS environment is more than just a sequence of events. It requires a clear understanding of roles and responsibilities, how risk assessments should inform evaluation scope and how service-provider practices influence overall security posture.
This program gives you the foundation to conduct evaluations that are thorough and defensible. You will come away with an understanding of how to:
- Define a scope that reflects actual risk
- Gather objective evidence and apply sound sampling methods
- Document nonconformities clearly and consistently
- Produce reports that support regulatory discussions and insurer reviews
You will also understand how individual findings connect, so your evaluation results form a coherent and well-supported conclusion. This certificate is required for individuals engaged as auditors under the ISASecure ACSSA certification and inspection programs that evaluate ACSs.
What You Will Take Away
This program is focused on how evaluations are planned and carried out in real operational environments.
You will learn how to assess maturity levels and examine documented policies and procedures, as well as conduct interviews, examine artifacts and inspect technical configurations across zones and conduits. By the end of this program, you will be equipped to deliver structured, well-documented evaluations that give your organization a clearer picture of its security program maturity.
Who This Is For
This certificate is designed for professionals experienced in applying the ISA/IEC 62443 standards to evaluate or support cybersecurity programs, including:- Conformity assessment body evaluators
- Consultants supporting industrial cybersecurity programs
- Engineers responsible for system security reviews
ACSSA for Evaluators Specialist Certificate Requirements
- You must complete the ISASecure Automation Control System Security Assurance (ACSSA) for Evaluators (IC49) course and pass an exam to earn the ACSSA for Evaluators Specialist certificate.
- You must have detailed knowledge and experience in implementing the ISA/IEC 62443 standards, specifically:
- ANSI/ISA-62443-2-1-2024, Security for Industrial Automation and Control Systems – Part 2-1: Security Program Requirements for IACS Asset Owners
- ANSI/ISA-62443-3-2-2020, Security for Industrial Automation and Control Systems, Part 3-2: Security Risk Assessment for System Design
- ANSI/ISA-62443-3-3-2013, Security for Industrial Automation and Control Systems, Part 3-3: System Security Requirements and Security Levels
- IEC 62443-2-4:2023, Security for Industrial Automation and Control Systems – Part 2-4: Security Program Requirements for IACS Service Providers
Recommended Prerequisite: It is highly recommended that students possess the ISA/IEC 62443 Expert certificate.
The ACSSA for Evlautators Specialist certificate will be required to be updated annually.
Earn a Credential That Reflects Your Work
Start your journey towards earning the ACSSA for Evaluators Specialist certificate today!