The following recommendations can be derived from the previous chapters:
- If the company already has an ISMS according to ISO 27000, the organizational processes in the production area should follow these concepts in order to achieve a uniform process landscape.
- If no ISMS is in place and only the production area is to be considered, the ISMS can be implemented according to [IEC_62443-2-1].
- Small and medium-sized companies, for which an ISMS according to ISO 27000 may be too complex, should consider the use of a simplified ISMS, e.g. according to BSI Baseline Protection [BSI_200-1] or [VDS_10000] and [VDS_10020].
- The specific technical aspects of IT security in the production area should preferably be developed according to [DlN_IEC_62443-3-3].
- For the operational aspects of IT security in the production area, [IEC_62443-2-3] and [DIN_EN_IEC_62443-2-4] can also be used.
- Systems belonging to critical infrastructure as stated in the IT Security Act [ITSichG2015] must be considered separately, as recurring certification is necessary here, which usually requires an ISMS in accordance with ISO 27000.
Views: 1
