IEC 62443 compliance analysis service
IEC 62443: The risk management standard for industrial automation and control systems
Device security
Cloud connectivity
Apps and portals
Proekspert helps device manufacturers prepare for the EU Cyber Resilience Act (CRA). One big part of the CRA Act is introducing cybersecurity rules for manufacturers and developers of products with digital elements, covering both hardware and software.
Many companies conduct cybersecurity audits to get a better overview of their current situation. Proekspert offers self-assessment service to industrial device manufacturing companies as they prepare for IEC 62443 certification.
Why Proekspert
Proekspert has 20+ years of experience in developing industrial embedded platforms and service tools. While serving our clients, we follow IEC 62443 standards during analysis and development. Our engineers are skilled in conducting analysis of development processes and products to identify possible vulnerabilities and cybersecurity risks.
Key features and benefits of our service
We help industrial device manufacturing companies with self-assessment or third-party assessment needed in the process of preparing for IEC 62443 certification.
We help identify and map product development processes and vulnerabilities
We also help suggest security measures to mitigate security risks in your product source code or in the development process
What is IEC 62443
IEC 62443 is an international series of standards that address cybersecurity for operational technology in automation and control systems. The standard describes both technical and process-related aspects of automation and control systems cybersecurity. The purpose of the standard is to help suppliers, system integrators, and manufacturers comply with process requirements and to address security concerns along the supply chain.
Before certification, an assessment must be conducted. There are two possibilities: (1) self-assessment and (2) third-party assessment.
How it works
To assess current state of cybersecurity for operational technology in automation and control systems we follow:
IEC-62443-4-1
Requirements for development processes
IEC-62443-4-2
Requirements for product/component
IEC-62443-3-3
Requirements for systems
Tools we use for the IEC 62443 compliance analysis:
Threat model visualization to identify cyber security threats (STRIDE methodology)
Security risk structuring to classify exploits and attack vectors (Mitre ICS Matrix)
Software composition analysis to identify and manage open-source components and potential security vulnerabilities in code (Polaris Black Duck)
Static analysis of product source code to detect and fix code defects and ensure code quality and security (Polaris Coverity Scan)
Services
Proekspert provides support for industrial device manufacturing companies at self-assessment or third-party assessment needed in the process of preparing for IEC 62443 certification.
- Identifying and mapping product development processes and vulnerabilities
- Suggesting security measures to mitigate security risks in product source code or in the development process
Results of the assessment services:
- Factual input for product strategy
- Mapped processes
- Mapped vulnerabilities
Among other things, we can also help you prepare for the EU CRA:
Get in touch
Our experienced engineers can help assess cyber risks concerning your product. Leave your contacts below, and let's have a quick online call to see if we are the right partner for you.
Thank You!
Your message has been sent. Our team will get back to you as soon as possible!
Terry London
Proekspert AS
Tallinn headquarters
Sõpruse pst 157
13417 Tallinn
Estonia (EU)
Reg code 10331577
VAT no EE100185388
Phone +372 651 8700
E-mail info@proekspert.com
Press inquiries press@proekspert.com
Fax +372 651 8701
