OTORIO Awarded IEC 62443 Certification for Industrial Cybersecurity

By Kfir Tzurkrel, CISO, Architect Tech Lead, and Michael Benis, Security Architect, CISO at OTORIO

After a rigorous year-long preparation process, OTORIO was recently awarded IEC 62443 certification.

What is IEC certification?

The International Electrotechnical Commission, or IEC, is an international standards NGO that prepares and publishes global standards for all electrical, electronic, and related technologies (electrotechnology).

The IEC oversees global conformity assessment systems that certify whether equipment, systems, or components conform to its international standards. IEC standards are used to determine objective best practices for security. They provide a way to assess the level of security performance, bridging the gap between operational technology (OT) and information technology (IT), and between process safety and cybersecurity.

IEC 62443 certification is an international series of standards that addresses cybersecurity for operational technology (OT) in industrial automation and control systems (IACS). Specifically, IEC 62443-4-1 refers to the security of industrial automation and control systems for secure product development lifecycle requirements.

Attaining IEC 62443 certification ensures that all security considerations are addressed in a structured manner, with a systematic approach that governs cybersecurity throughout the stages of specification, integration, operation, maintenance, and decommissioning.

This achievement highlights the fact that security for cyber-physical systems (CPS) is a top priority for OTORIO and that the company successfully carries out best-practice security standards. IEC 62443 certification enhances the resilience of cybersecurity throughout the product and system lifeline. It sends a clear message to asset owners and operators that the component or system they have purchased conforms to a methodized, coherent approach to cybersecurity and OT risk management.

The IEC 62443 certification journey

As OTORIO’s CEO and co-founder Daniel Bren explained, to attain IEC 62443 certification, OTORIO undertook an intensive year-long process that required company-wide cross-team collaboration between OTORIO’s Management, R&D, Security Architects, CISO, Customer Success, Product, and other teams.

OTORIO was evaluated for a variety of security process requirement categories:

• Security management
• Security requirements
• Secure by design
• Secure implementation
• Secure verification and validation testing
• Management of security-related issues
• Security update qualification
• Security guidelines

TÜV NORD carried out the external audit, after which the findings were confirmed by an external certification body. The IEC standard applies to the security processes related to the development and maintenance of relevant components and control systems.

What IEC 62443 certification means for our clients and partners

Earning IEC 62443 certification is a major milestone for OTORIO. IEC certification confirms OTORIO’s steadfast commitment to cybersecurity and sends OTORIO’s clients and partners the message that OTORIO effectively implements best practices regarding security standards. The IEC 62443 international standard provides the security requirements that increase the integrity, availability, and confidentiality of our components and systems.

IEC certification provides a high level of confidence and assurance that OTORIO develops and maintains all products under highly strict security requirements, secure by design, secure implementation and coding guidelines, verification and validation, defect management, patch management, and product end-of-life.

Contact us to learn more about OTORIO’s products and solutions for industrial cyber security and digital risk management.