Shop

Artificial Intelligence Notice: ISA prohibits the entry of any ISA intellectual property (“ISA IP”), including standards, publications, training or other materials into any form of Artificial Intelligence (AI) tools, such as ChatGPT. Additionally, creating derivatives of ISA IP using AI is also prohibited without express written permission from ISA’s CEO. In the case of such use, ISA will suspend a licensee’s access to ISA IP, and further legal action will be considered. Please review ISA's policies for Use of AI Tools, Intellectual Property and Terms and Conditions for further information.

Voting is open for the 2026 ISA Election. Professional members as of 1 April are eligible to vote for the executive board. Make your voice heard — vote now.

Cancel

ISASecure ISA/IEC 62443 for Product Suppliers and Assessors (IC47)

two-engineers-working-on-pc-discussing-product-design
ISASecure ISA/IEC 62443 for Product Suppliers and Assessors (IC47) trains product suppliers to design, develop and support industrial automation and control system (IACS) products that conform to the ISA/IEC 62443 series and meet ISASecure certification expectations. This course emphasizes the standards and technical requirements that guide secure product development, including patch management, risk assessment, product security development lifecycle (SDLC) requirements and component technical security controls.

IC47 also prepares assessors to certify and evaluate both products and security development lifecycles against the ISASecure programs, Security Development Lifecycle Assurance (SDLA), System Security Assurance (SSA) and Component Security Assurance (CSA). Participants learn threat modeling, assessment artifacts, requirements mapping to security levels and the reporting elements used in ISASecure assessments, enabling them to perform rigorous, consistent evaluations.

This course is intended for product suppliers and assessors, including product managers, system and component product architects, development engineers, internal auditors, IACS engineers and IT auditors transitioning to IACS cybersecurity roles. IC47 addresses the industry need for greater familiarity with ISA/IEC 62443 and expands the pool of qualified assessors capable of supporting ISASecure certification and conformance activities.

NOTE: IC47 will fulfill some accreditation requirements for certification bodies related to personnel qualifications.

Who Should Attend IC47?

  • IACS product suppliers
  • Process development engineers and internal auditors
  • System and component product architects
  • Product development engineers (hardware, software)
  • IACS Conformance/Certification Assessors
  • Independent or employed by a certification and assessment body
  • IT cybersecurity auditors transitioning to IACS cybersecurity certifications and assessments
  • IACS engineers transitioning to IACS cybersecurity certifications and assessments

View Offerings by Format

Classroom (IC47)

Length: 3 days 
CEU Credits: 2.1

View IC47 Offerings

Virtual Classroom (IC47V)

Length: 3 days 
CEU Credits: 2.1

View IC47V Offerings

Visit our course formats page for a detailed description of each format. 

Learning Objectives

Day One

  • Recognize the basic principles of control systems
  • Identify different types of control systems
  • Identify the architectural requirements of control systems
  • Recognize why ISA/IEC 62443 standards are important
  • Determine which ISA/IEC 62443 standards are relevant to product development
  • Identify the principal roles and audience for the ISA/IEC 62443 standards
  • Identify the key ideas in the ISA/IEC 62443 series of standards
  • Define the basics of risk assessment, security zone partitioning, and security level selection
  • Apply the basics of risk assessment, security zone partitioning, and security level selection
  • Define the requirements for an ISASecure CSA, SSA, or SDLA certification

Day Two

  • Identify the requirements for a product security development lifecycle and the patch management process
  • Define the threat modeling process that product suppliers use for product risk assessment
  • Apply the requirements for the threat modeling process
  • Identify the criteria for being an ISASecure assessor
  • Define the criteria for SDLA certification Identify the assessment details for an SDLA assessment
  • Identify the artifacts generated by following the 62443-4-1 development processes
  • Describe the contents of an SDLA assessment report and certificate Identify the steps to assessing a product security development lifecycle

Day Three

  • Identify requirement constraints that are common across all IACS systems and components
  • Identify the identification and authentication control (IAC) and use control (UC) security requirements for IACS systems and components
  • Identify the system integrity (SI) and resource availability (RA) security requirements for IACS systems and components
  • Identify the data confidentiality (DC), restricted data flow (RDF) and timely response to events (TRE) security requirements for IACS systems and components
  • Identify the association between security requirements and security levels
  • Identify the ISASecure SSA and CSA certification requirements
  • Identify the detailed assessment activities for an ISASecure SSA or CSA assessments
  • Describe the contents of an ISASecure SSA and CSA assessment reports
  • Apply the steps to assessing a product

Topics Covered

  • IACS fundamentals
  • Overview of ISA/IEC 62443 Series
  • ISA/62443 Series Key Concepts
  • Relevant ISA/IEC 62443 Standards and Technical Reports
    • Part 2-3 Patch management in the IACS environment
    • Part 3-2 Security risk assessment for system design
    • Part 3-3 IACS system security requirements and security levels
    • Part 4-1 IACS product security development lifecycle requirements
    • Part 4-2 Technical security requirements for IACS components
  • ISASecure Certification Programs
    • Security Lifecycle Development Assurance (SDLA)
    • System Security Assurance (SSA)
    • Component Security Assurance (CSA)

Exercises

  • Security development lifecycle assessment exercise
  • Control system product assessment exercise

Recommended Prerequisites

Knowledge

Knowledge of computers, networking technologies and basic knowledge of software development and delivery process, as well as knowledge of cybersecurity in organizational or technical product domains.


Experience

IT auditor experience or certification (e.g., CISA), IACS design and implementation experience or IACS product supplier experience.
 

Not sure this course is

right for you?

 

Complete a knowledge check designed to evaluate your level of understanding of the course material and show you the types of questions you’ll be able to answer after completing the course.

Take the IC47 Knowledge Check

Custom Training Solutions

If your company is interested in bringing training on site to your team, please contact trainingsales@isa.org or call +1 919-549-8411.

ISA Member Discount

To get the member price on today’s purchase, log in as a member or complete the join process before you complete your purchase. To join and/or register by phone, call Customer Experience at +1 919-549-8411.