exida, LLC accredited to issue ISASecure® Security Development Lifecycle Assurance certifications
Research Triangle Park, North Carolina, USA (28 September 2015) – The ISA Security Compliance Institute (ISCI) announced today that exida, LLC has achieved provisional accreditation status as a certification body to conduct ISASecure® Security Development Lifecycle (SDLA) certifications.
exida, LLC, an ISASecure ISO 17065 accredited certification body (CB), expanded the scope of ISASecure certification coverage to include Security Development Lifecycle Assurance certifications.
exida, the first ISCI CB to gain accreditation for the ISASecure SDLA certification, is now conducting ISASecure SDLA certifications for supplier development organizations of industrial control and automation systems (IACS) products.
“exida is delighted to have gained this accreditation,” says Mike Medoff, exida Senior Safety Engineer. “An SDLA certification will show that suppliers are taking cybersecurity seriously and have taken an important first step in developing secure products free of vulnerabilities.”
“The ISASecure SDLA certification marks a significant step for vendors dedicated to making their products secure,” says David Johnson, exida Senior Safety Engineer. “exida is proud to be the first certified lab to offer this certification. With this process certification vendors not only independently certify their security awareness, but will reduce costs in their overall security development process.”
The ISASecure SDLA certification includes 12 security lifecycle phases with rigorous cybersecurity requirements in each phase. Development organizations are initially audited by exida to achieve the ISASecure SDLA designation and undergo periodic audits to maintain the certification.
The ISASecure SDLA certification certifies to the non-published IEC 62443-4-1 standard and will be updated when the standard is formally approved.
Development organizations utilizing ISASecure SDLA processes provide assurance that IACS products developed use the certified cybersecurity lifecycle, and maintain their cybersecurity capabilities over time as the products are developed, updated, maintained and patched.
SDLA requirements are intended to address commercial off-the-shelf (COTS) versions of the products. The SDLA certification also confirms implementation of emergency response plans and processes that address cybersecurity events identified in systems where the COTS product is part of a site-engineered system deployed at operational sites.
“exida has been assessing supplier cybersecurity lifecycles since 2011 as part of the ISASecure EDSA product certifications,” stated Andre Ristaino, ISCI Managing Director. “Adding the organizational ISASecure SDLA certification to their scope of certifications is a natural extension of exida’s IACS cybersecurity conformance certification coverage.”
exida is a certification and research firm specializing in safety critical/high availability automation systems, control system cybersecurity, and alarm management. exida has performed more process control safety certifications than any other company worldwide. exida’s main offices are located in Sellersville, PA, USA and Munich, Germany and has worldwide operations with service centers in Brazil, Canada, Mexico, Netherlands, and New Zealand, Singapore, Japan, South Africa, and the United Kingdom.
About the ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS).
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Invensys (now Schneider Electric), Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure® designation ensures that IACS products conform to industry consensus cyber security standards such as ISA/IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. www.isasecure.org
ISASecure® is a registered trademark of the ISA Security Compliance Institute.
ISCI press contacts: