The ISA Security Compliance Institute has developed the ISASecure SDLA certification for organizations that develop industrial automation and control systems.
According to the ISCI, this new organizational certification ensures that suppliers include cybersecurity requirements in all phases of their development and maintenance lifecycle processes for industrial automation and control systems (IACS) products.
The (SDLA) certification ensures that a supplier’s product development organization has institutionalized cybersecurity into their product development and support lifecycle processes and follows them consistently on an ongoing basis, says ISCI.
The objective of this certification is to ensure that cybersecurity is designed into IACS products from the beginning and is followed throughout all product development and support lifecycle phases. SDLA is aligned to certify to ISA/IEC 62443-3-1. The SDLA program description and certification specifications are available for download from the ISCI website at www.isasecure.org.
Supplier organizations interested in this certification can contact an ISASecure-accredited lab for details on how to certify their organizations’ product development and support lifecycle processes. Supplier organizations earning this designation will be able to use the phrase, “An ISASecure SDLA certified development organization,” when describing their certified organizations.
ISCI has been certifying embedded devices under the Embedded Device Security Assurance certification (ISASecure EDSA) scheme since 2010. EDSA, the first ISASecure certification, assures cybersecurity for off-the-shelf embedded devices and lists certified devices from prominent suppliers such as Honeywell and Yokogawa.
The ISASecure program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide cybersecurity improvement for IACS. ISASecure certifications are based upon international cybersecurity standards including the ISA/IEC 62443 series, ISO 27001and other relevant industry-consensus standards.
The ISASecure IACS cybersecurity certification program is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized IACS cybersecurity certification program. ISCI says independent third-party accreditation of ISCI labs by IEC accreditation bodies (AB) such ANSI/ACLASS and JAB ensures the credibility and value of the ISASecure certification by objectively attesting to the competence and qualification of ISCI certification bodies (CB) and laboratories.