Skip to content
NEW: ISASecure Site Assessment Program for OT Cybersecurity Learn More
About Press Documents & Forms Contact Join

2024 Year In Review

As the ISA Security Compliance Institute (ISCI) closes out a landmark 2024, we reflect on a year defined by strong growth, expanded certification programs, and strategic global partnerships. 

Certification Milestones

0
New Certifications Issued

Notable Achievements in 2024

The ISA Security Compliance Institute (ISCI) wrapped up a productive 2024 fiscal year, marked by strong membership growth and significant progress across its ISASecure® cybersecurity certification programs.

 

Free ISASecure Benefit

In 2024, more asset owners began formally specifying ISASecure conformance in their procurement language—an important step in ensuring that new automation and control system investments meet globally recognized, standards-based cybersecurity requirements. Notably, any organization can require ISASecure certification based on the ISA/IEC 62443 series in their procurement process. ISCI membership or participation in ISA programs is not a requirement of using the procurement language. To support this growing adoption, we invite stakeholders to explore our Learning Center for a downloadable copy of the procurement language.

Download Now

Development of ACSSA

ISASecure is a globally recognized conformity assessment scheme that provides independent assurance of compliance with the ISA/IEC 62443 series of cybersecurity standards. Since 2010, ISCI has certified control system products and supplier development practices, helping drive industry-wide adoption of secure-by-design principles. In 2024, ISCI advanced its mission further by developing a new assessment framework: Automation and Control System Security Assurance (ACSSA). This upcoming scheme is designed to assess and potentially certify operational control systems at asset owner sites. The ISASecure Technical Committee has been working on ACSSA and will launch the new conformity assessment in late 2025.

Learn More

Certification Program Growth

ISASecure meets the IAF MD 25 requirements for suitability of conformance schemes with equivalence to EA-1/22 European Union requirements of suitability for conformance schemes, assuring global recognition for the certification. ISASecure certifications are viewed by asset owners as the most trusted global scheme for assessing and certifying automation and control systems.

ISASecure certifications are conducted by established international certification bodies (CB). ISASecure CB's are independently accredited by globally recognized ISO 17011 Accreditation Bodies (AB) to the ISO 17065 standard for product certifiers and the ISO 17025 standard for lab operations.

ISASecure certification activity continued to grow steadily throughout 2024, reflecting increasing industry adoption and demand for cybersecurity assurance.

 

 
arrow going up on chart-3

Certification Types and Standards

Thought leader suppliers have been subscribing to the value of the ISA/IEC 62443 standards for securing their products and have been voluntarily seeking the ISASecure certification to demonstrate conformance.  Historical ISASecure certification growth reflects the voluntary commitment of forward-thinking suppliers for securing their products. Current ISASecure certification offerings include:

SDLA

Security Development Lifecycle Assurance which certifies automation supplier development practices to the international ISA/IEC 62443-4-1 Security Technologies for Industrial Automation and Control Systems – Part 4-1: Secure Product Development Lifecycle Requirements development practices standard.

CSA

Component Security Assurance which certifies security capabilities in automation components (embedded devices, network devices, application software, host devices) to the international ISA/IEC 62443-4-2 Security Technologies for Industrial Automation and Control Systems – Part 4-2: Technical Security Requirements for IACS Components component security capabilities standard (4 security levels are defined by the standard) and ISA/IEC 62443-4-1 standard.

ICSA

IIoT Component Security Assurance which certifies security capabilities in IIoT automation components and gateways to the international ISA/IEC 62443-4-2 component security capabilities standard and ISA/IEC 62443-4-1 standard. 

SSA

System Security Assurance which certifies systems (DCS, SCADA, other categories) to the ISA/IEC 62443-3-3 Security Technologies for Industrial Automation and Control Systems – Part 3-3: System Security

ISCI Partnered With Key Industry & Government Organizations:

Throughout 2024, ISCI deepened its collaboration with key industry and government organizations to advance global cybersecurity assurance and expand the reach of ISASecure certifications. Key partnership highlights include:

  • NREL (National Renewable Energy Laboratory) – Participated on the S2G Industry Advisory Board and provided watermarked ISA/IEC 62443 standards to support NREL initiatives.
  • OPAF (Open Process Automation Forum) – Integrated ISASecure certification into OPAF’s certification framework to help meet open automation standards.
  • Cloud Security Alliance (CSA) – Collaborated on a joint Industrial IoT (IIOT) system study, with plans underway for a combined IIOT system certification.
  • NATF (North American Transmission Forum) – Engaged in electric sector supplier collaboration on OT cybersecurity and delivered webinars on ISA/IEC 62443 and ISASecure standards to the NATF community.
  • INL (Idaho National Laboratory) – Contributed to ISA/IEC 62443 alignment efforts through the Cyber-Informed Engineering (CIE) program.
  • U.S. Department of Energy (DOE) / INL – Supported the development of DOE’s Supply Chain Principles and helped map those principles to ISA/IEC 62443 standards.
  • SMCC (Semiconductor Equipment and Materials International – Smart Manufacturing Council Committee) – Initiated efforts to develop an ISASecure certification based on the SMCC E-87 cybersecurity specification for fabrication equipment.
  • TSMC (Taiwan Semiconductor Manufacturing Company) – Initiated discussions to develop a Taiwan-based ISASecure certification for semiconductor fabrication equipment, based on the joint SMCC/TSMC E-87 cybersecurity specification.

These collaborations continue to position ISASecure as a leading global cybersecurity certification framework, aligned with evolving industry needs and international standards.

ISCI Drives Cybersecurity Talks in 2024

Throughout 2024, members of the ISA Security Compliance Institute (ISCI) actively shared insights and updates on industrial cybersecurity at major global events. Their contributions included presentations and panel discussions at the following programs:

  • ISA FPID Division – Presented an update on ISA cybersecurity programs.
  • ISA Calgary Section – Delivered a briefing on cybersecurity initiatives from both ISA and ISAGCA.
  • IoT World Congress, Barcelona – Presented on implementing and certifying cloud-based IIoT systems using the ISA/IEC 62443 standards.
  • ISA OT Cybersecurity Summit, London (June) – Provided an update on ISASecure’s ACSSA certification and broader ISA cybersecurity efforts.
  • NREL S2G Advisory Board (October) – Participated in a panel discussion on securing Solar-to-Grid (S2G) infrastructure.
  • ARC Industry Forum – Joined a panel discussion focused on OT cybersecurity trends and challenges.
  • ISA Automation and Leadership Conference (ALC) – Presented on ACSSA site certification developments.
  • ISA Taiwan Section (November) – Shared an overview of ISA cybersecurity initiatives, including the ACSSA certification program.

Interested in Learning More?

Our Certifications