Services
We help manufacturers and operators align OT/IACS products, systems, and development processes with IEC 62443.
Product & component conformity
Independent gap assessments against IEC 62443-4-2 with actionable remediation measures.
- SR/RE mapping & evidence traceability
- Threat-model review in IACS context
- Gap analysis report with prioritised remediation plan
- Support for supplier assurance & due diligence
System security & architecture
Risk-based system assessment per IEC 62443-3-2 and requirement coverage against IEC 62443-3-3.
- Zone & conduit model and target SL derivation
- System risk analysis (threat scenarios, impact)
- Requirements coverage matrix (3-3 SRs)
- Test & validation strategy at system level
Secure development lifecycle (SDLC)
Assessment and guidance for secure development processes per IEC 62443-4-1.
- SDLC maturity assessment (process gaps)
- Policy & procedure reviews
- SBOM & third-party component management
- Vulnerability handling & coordinated disclosure
Training & workshops
Tailored training on IEC 62443 and IACS security concepts, for development, product management, and security teams.
- IEC 62443 fundamentals & requirements (4-1, 4-2, 3-2, 3-3)
- Secure-by-design principles for OT/IACS
- Hands-on workshops with your own use cases
- Executive briefings, hands-on labs, train-the-trainer
How we work
Scoping
Clarify scope, target SL, existing evidence, and timelines. We identify quick wins and critical gaps.
Assessment planning
We propose sampling depth, testing strategy, and timeline with clearly defined deliverables.
Execution
Evidence collection, interviews, technical reviews, and testing, remote or on-site. Regular interim results throughout.
Reporting & handover
Assessment report with findings, risk assessment, and prioritised remediation plan. Handover to certification body or follow-up as needed.
Ready for an initial conversation?
Get in touch. We'll clarify your requirements and propose a tailored approach.
Get in touch