Used Together, These Standards Create Integrated Cybersecurity Plan

July 21, 2021
ISA releases new white paper: “Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments.”

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Pierre Kobes, release a white paper entitled, “Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments.”

Many organizations have established policies and procedures governing the IT security in their office environment predominantly based on ISO/IEC 27001/2. Some organizations have attempted to secure their operational technology (OT) infrastructure under the ISO/IEC 27001/2 management system and have leveraged IT commonalities in their OT environments. However, the ISA/IEC 62443 series is purpose-built for securing OT systems and when used in combination with ISO/IEC 27001/2, it ensures that organizations maintain conformance with ISO/IEC 27001/2 through common approaches wherever feasible, while applying different approaches for IT vs. OT where needed.

The white paper offers guidance for organizations familiar with ISO/IEC 27001 who are interested in protecting the OT infrastructure of their operating facilities by applying the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used in a complementary approach within one organization to protect both IT and OT.

“I often hear the debate about whether to use ISO/IEC 27001/2 or ISA/IEC 62443 for securing OT infrastructure,” says Andre Ristaino, managing director of ISAGCA. “The right answer is both, and this whitepaper describes how these two globally-accepted standards can be used together for establishing an integrated, company-wide cybersecurity plan.”

For more information, visit: www.isa.org

Sponsored Recommendations

Keys to Improving Safety in Chemical Processes (PDF)

Many facilities handle dangerous processes and products on a daily basis. Keeping everything under control demands well-trained people working with the best equipment.

Comprehensive Compressed Air Assessments: The 5-Step Process

A comprehensive compressed air audit will identify energy savings in an air system. This paper defines the 5 steps necessary for an effective air audit.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Managing and Reducing Methane Emission in Upstream Oil & Gas

Measurement Instrumentation for reducing emissions, improving efficiency and ensuring safety.