web analytics

Differentiation of the IT security standard series ISO 27000 and IEC 62443

Rate this post

The following recommendations can be derived from the previous chapters:

  1. If the company already has an ISMS according to ISO 27000, the organizational processes in the production area should follow these concepts in order to achieve a uniform process landscape.
  2. If no ISMS is in place and only the production area is to be considered, the ISMS can be implemented according to [IEC_62443-2-1].
  3. Small and medium-sized companies, for which an ISMS according to ISO 27000 may be too complex, should consider the use of a simplified ISMS, e.g. according to BSI Baseline Protection [BSI_200-1] or [VDS_10000] and [VDS_10020].
  4. The specific technical aspects of IT security in the production area should preferably be developed according to [DlN_IEC_62443-3-3].
  5. For the operational aspects of IT security in the production area, [IEC_62443-2-3] and [DIN_EN_IEC_62443-2-4] can also be used.
  6. Systems belonging to critical infrastructure as stated in the IT Security Act [ITSichG2015] must be considered separately, as recurring certification is necessary here, which usually requires an ISMS in accordance with ISO 27000.

Views: 2


advisor pick´S post

More Latest Published Posts