ISA/IEC 62443 服務：工業控制系統的綜合網路安全

As regulations evolve, it is important to understand all their applicable requirements and how you can achieve and sustain compliance. UL Solutions has expertise in cybersecurity standards development, conformity assessment and understanding regulations for industrial applications. We can support market enablement and cybersecurity scoping for your organization globally to help you take the first step on your cybersecurity journey.

During an interactive training or tailored workshop, we will empower you to make educated choices based on the ISA/IEC 62443 family of standards, tailoring the training content and approach according to your organizational role and addressing issues related to control and automation systems. The course will dive into industry best practices and how expected requirements can be applied to your products, making it possible to define a certification road map and next steps for your organization if necessary or requested.

We can help your organization assess the threat likelihood and evaluate the worst-case scenario if a cyber asset is compromised, supporting your company in determining the current maturity level of your OT systems. We can identify the risks to your designed industrial automation and control systems. Our OT cybersecurity experts can provide a holistic perspective, including a detailed risk assessment report based on ISA/IEC 62443-3-2. OT risk assessment services include:

• Methodology overview for OT environments.
• Vulnerability and risk analysis overview for OT systems.
• Gap analysis and mitigation planning.
• Evaluating and enhancing existing countermeasures.
• Security road map development and improvement.

We offer a constructive review that will detail the differences between your current and desired state for meeting ISA/IEC 62443 sub-standards requirements, considering your organization’s security-level goals. We can also customize your gap analysis report to include testing.

We can provide ISA/IEC 62443-oriented documentation reviews to support you in achieving your desired security level. We use a four-level metric to indicate the level of readiness of the defined processes and technical documentation. We can propose security-relevant changes to make the document support the essential requirements and enhancements. Our team can advise you on the following activities before and after you submit your project documentation to the auditors:

• Writing conformity statements.
• Conformity evidence.
• Reviewing the final documentation.
• Supporting the team in closing any gaps.
• Preparing the team for interviews with auditors.

Our penetration tests provide clear insights into the security level of your product, system and infrastructure. After the penetration test, you will receive a report with the test results, including demonstrated vulnerabilities within your product, system and infrastructure.

We can support your organization in building your IACS cybersecurity management system to align with your CSMS related to ISA/IEC 62443-2-1. This service includes various elements from four main categories:

• Risk analysis.
• Addressing risk with the CSMS.
• Monitoring and improving the CSMS.
• Mapping between ISO/IEC 27001 and ISA/IEC 62443-2-1.

We can assess and certify system integrators and maintenance service providers to give confidence to plant owners and operators. We offer assessment and certification options to respond efficiently and sustainably to your needs.

Our surveillance and inspection services help verify if you took sufficient security measures to maintain your certification status. At the end of the inspection, you will receive a report with the results you can use to determine the right actions to help demonstrate the maturity and security level meets the set goals.