IEC 62443-COMPLIANT COMPANY
IEC 62443-COMPLIANT COMPANY
Leroy Automation obtained the IEC 62443-4-1 standard certification by Bureau Veritas, a testament to our dedication to cybersecurity. This certification, ensures that our products meet the most stringent security requirements. By implementing this standard, we are able to offer our customers a higher level of security and peace of mind.
This is the first milestone of a long process, initiated more than 3 years ago, which led us to adapt and complete our internal procedures to make our product development process compliant with IEC expectations. This certification confirms our position as a trustworthy player in the automation and C2 sector and also reassures our customers of our commitment to supporting them in this transition to cybersecurity.
IEC 62443, the international cybersecurity standard
IEC 62443 is the only global cybersecurity standard designed specifically for industrial automation and control systems. It provides a comprehensive framework for protecting critical infrastructures against cyber threats:
The certification of LEROY Automation concerns the component part of the IEC 62443 standard, namely the IEC 62443-4-1. It specifies the requirements for a secured development lifecycle for products designed in industrial automation and control systems (IACS). The standard, applies not only to product developers, but also to any person responsible for the maintenance of the concern equipment.
The IEC62443-4-1 standards covers the following aspects of the development life cycle ensuring that products are cyberattack resilient:
- Definition of security requirements;
- Secure design;
- Secure implementation;
- Verification and validation;
- Defect management;
- Corrective action management;
- Product end-of-life.
Why is cybersecurity important
The average cost of a data breach in France in 2022 was circa 4 million euros. Companies often take an extended period to detect intrusions, averaging 207 days, and require an additional 75 days to neutralize them. Cyberattacks tend to target small businesses, which are often ill equipped to defend themselves, accounting for 43% of such incidents. Moreover, 70% of vulnerabilities on industrial Programmable Logic Controllers (PLCs) are classified as critical or high-risk, highlighting the urgent need for enhanced cybersecurity measures.
Compliance with latest standards is also a legal requirement, enforced by regulations such as the Military Planning Law 2019-2025, the European NIS directive 2018 & NIS2 2022, and the Railway Normative standard TS 50701 in 2023. These regulations ensure compliant organizations are equipped to mitigate risks and protect sensitive data. Non-compliance exposes to, in addition to the impossibility to trade with some countries/sectors/companies, financial penalties, reputational damage and even legal repercussions.
By investing in cybersecurity, we are not only protecting our own interests but also helping to safeguard critical infrastructure and ensure the safety and well-being of our communities.
Learn more about the IEC 62443-4-1 standard
Would you like to learn more about IEC 62443-4-1 and how it can benefit your organization? Would you be ready to involve us as a Cyber security partner to develop your embedded electronic products? Feel free contact us, we can provide you with additional information and resources.