- July 20, 2021
- Research Triangle Park, North Carolina
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Pierre Kobes, have released a white paper entitled, “Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments.”
Many organizations have established policies and procedures governing the IT security in their office environment predominantly based on ISO/IEC 27001/2. Some organizations have attempted to secure their operational technology (OT) infrastructure under the ISO/IEC 27001/2 management system and have leveraged IT commonalities in their OT environments. However, the ISA/IEC 62443 series are purpose-built for securing OT systems and when used in combination with ISO/IEC 27001/2, it ensures that organizations maintain conformance with ISO/IEC 27001/2 through common approaches wherever feasible, while applying different approaches for IT vs. OT where needed.
The white paper offers guidance for organizations familiar with ISO/IEC 27001 who are interested in protecting the OT infrastructure of their operating facilities by applying the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used in a complementary approach within one organization to protect both IT and OT.
“I often hear the debate about whether to use ISO/IEC 27001/2 or ISA/IEC 62443 for securing OT infrastructure,” commented Andre Ristaino, Managing Director of ISAGCA. “The right answer is both, and this whitepaper describes how these two globally-accepted standards can be used together for establishing an integrated, company-wide cybersecurity plan.”
The white paper is available to download here.
The ISA Global Cybersecurity Alliance is made up of 50 member companies, representing more than $300 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Baserock IT Solutions, Bayshore, Carrier Global, Claroty, ConsoleWorks, Coontec, CyberOwl, CyPhy Defense, Deloitte, Digital Immunity, Dragos, Eaton, exida, Ford Motor Company, Fortinet, Honeywell, Idaho National Laboratory, Idaho State University, ISASecure, Johns Manville, Johnson Controls, KPMG, LOGIIC, Mission Secure, MT4 senhasegura, Munio Security, Nova Systems, Nozomi Networks, PAS, PETRONAS, Pfizer, Radiflow, Rockwell Automation, Schneider Electric, Surge Engineering, TDI Technologies, Tenable, TI Safe, Tripwire, UL, Wallix, WINICSSEC, WisePlant, Xage Security, and Xylem. For more information about ISAGCA, visit www.isa.org/isagca.