Certified safety of products and production

In order to protect production in process industry plants, various corporate processes and procedures must also be put to the test at suppliers: The certificates recently awarded to Endress+Hauser would show that the lifecycle for secure product development meets the high requirements of the international industry standard IEC 62443-4-1 for cyber security. The replacement of the demanding Star Audit certification by the internationally recognized ISO 27001 certification at the beginning of the year and the conformity of the Netilion cloud application with ISO 27017 also speak a clear language: potential threats are thus identified in good time and devices and software are secured.

Certification according to IEC 62443-4-1  

When companies align their processes with the IEC 62443-4-1, it is ensured, among other things, that products are developed in compliance with all security requirements from the outset and that even supplied components do not pose a risk. In addition, there are code analyses and reviews as well as penetration tests and the provision of security updates. In total, eight different areas define what a secure development process for products should look like:

• Security Management
• Specification of security requirements
• Secure Design Guidelines
• Secure implementation
• Verification and validation of the safety properties
• Vulnerability Management
• Create and publish security updates
• Security Product Documentation

"With the IEC 62443-4-1 certification, which has proven itself in the industrial environment of automation, we ensure that all colleagues involved work at the same security level. In this way, we are laying the foundation for being able to offer high-quality measurement technology, automation and IIoT products for networked production in the future," says Mirko Brcic, Product Security Officer at Endress+Hauser. The company's product development processes and product lifecycles meet the high requirements of the international industry standard IEC 62443-4-1 for cyber security. This has been confirmed by TÜV Rheinland through its certification of the supplier of measurement and automation technology. By complying with the certified guidelines, the company contributes to the reliable and safe operation of its products in the plants of its customers.

ISO 27001 certification

The international standard ISO 27001 provides a structured approach to protecting the confidentiality, integrity and availability of the information produced and processed in organisations and companies. On its basis, Endress+Hauser had established an information security management system (ISMS) and implemented processes that would ensure and continuously optimize the protection of information, data and systems of all kinds.

Already three years ago, the company was the first industrial enterprise to be certified according to Star Audit received. This confirms that the operation of web-based services complies with specially defined standards. The internationally recognized ISO certification also requires a holistic approach and ensures that not only individual applications are considered, but all relevant activities of Endress+Hauser Digital Solutions, the provider writes.

In the course of this, the company also reached a new milestone with the cloud solution Netilion in connection with the ISO 27017 achieved. This confirms that the IIoT ecosystem continues to meet all necessary security measures for cloud services.

Source: Endress+Hauser

More articles on the topic:

• Secure into the future with ISO 27001 and ISO 20000 
• Industry 4.0: Risks and side effects