Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments

New Whitepaper describes how two globally accepted standards can be used together for establishing an integrated, company-wide cybersecurity plan.

  • by ISA
  • July 21, 2021
  • 2719 views
  • source: ISA
    source: ISA

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Pierre Kobes, have released a white paper entitled, “Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments.”

Complementary approach of 2 standards 

Many organizations have established policies and procedures governing the IT security in their office environment predominantly based on ISO/IEC 27001/2. Some organizations have attempted to secure their operational technology (OT) infrastructure under the ISO/IEC 27001/2 management system and have leveraged IT commonalities in their OT environments. However, the ISA/IEC 62443 series are purpose-built for securing OT systems and when used in combination with ISO/IEC 27001/2, it ensures that organizations maintain conformance with ISO/IEC 27001/2 through common approaches wherever feasible, while applying different approaches for IT vs. OT where needed.

The white paper offers guidance for organizations familiar with ISO/IEC 27001 who are interested in protecting the OT infrastructure of their operating facilities by applying the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used in a complementary approach within one organization to protect both IT and OT.