exida accredited to issue ISASecure certifications

  • September 28, 2015
  • ISA
  • News

September 28, 2015 - The ISA Security Compliance Institute (ISCI) announced that exida has achieved provisional accreditation status as a certification body to conduct ISASecure Security Development Lifecycle (SDLA) certifications.

exida, an ISASecure ISO 17065 accredited certification body (CB), expanded the scope of ISASecure certification coverage to include Security Development Lifecycle Assurance certifications. 

exida, the first ISCI CB to gain accreditation for the ISASecure SDLA certification, is now conducting ISASecure SDLA certifications for supplier development organizations of industrial control and automation systems (IACS) products.

“exida is delighted to have gained this accreditation,” says Mike Medoff, exida Senior Safety Engineer. “An SDLA certification will show that suppliers are taking cybersecurity seriously and have taken an important first step in developing secure products free of vulnerabilities.”

“The ISASecure SDLA certification marks a significant step for vendors dedicated to making their products secure,” says David Johnson, exida Senior Safety Engineer. “exida is proud to be the first certified lab to offer this certification. With this process certification vendors not only independently certify their security awareness, but will reduce costs in their overall security development process.”

The ISASecure SDLA certification includes 12 security lifecycle phases with rigorous cybersecurity requirements in each phase. Development organizations are initially audited by exida to achieve the ISASecure SDLA designation and undergo periodic audits to maintain the certification. 

The ISASecure SDLA certification certifies to the non-published IEC 62443-4-1 standard and will be updated when the standard is formally approved.

Development organizations utilizing ISASecure SDLA processes provide assurance that IACS products developed use the certified cybersecurity lifecycle, and maintain their cybersecurity capabilities over time as the products are developed, updated, maintained and patched. 

SDLA requirements are intended to address commercial off-the-shelf (COTS) versions of the products. The SDLA certification also confirms implementation of emergency response plans and processes that address cybersecurity events identified in systems where the COTS product is part of a site-engineered system deployed at operational sites.

“exida has been assessing supplier cybersecurity lifecycles since 2011 as part of the ISASecure EDSA product certifications,” stated Andre Ristaino, ISCI Managing Director. “Adding the organizational ISASecure SDLA certification to their scope of certifications is a natural extension of exida’s IACS cybersecurity conformance certification coverage.”

About the ISA Security Compliance Institute (ISCI) Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS). The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Invensys (now Schneider Electric), Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.

Learn More

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..