The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Pierre Kobes, have released a white paper titled, “Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments.”
Many organizations have established policies and procedures governing the IT security in their office environment predominantly based on ISO/IEC 27001/2. Some organizations have attempted to secure their operational technology (OT) infrastructure under the ISO/IEC 27001/2 management system and have leveraged IT commonalities in their OT environments. However, the ISA/IEC 62443 series are purpose-built for securing OT systems and when used in combination with ISO/IEC 27001/2, it ensures that organizations maintain conformance with ISO/IEC 27001/2 through common approaches wherever feasible, while applying different approaches for IT versus OT where needed.
The white paper offers guidance for organizations familiar with ISO/IEC 27001 who are interested in protecting the OT infrastructure of their operating facilities by applying the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used in a complementary approach within one organization to protect both IT and OT.
“I often hear the debate about whether to use ISO/IEC 27001/2 or ISA/IEC 62443 for securing OT infrastructure,” comments Andre Ristaino, managing director of ISAGCA. “The right answer is both, and this white paper describes how these two globally-accepted standards can be used together for establishing an integrated, company-wide cybersecurity plan.”