IEC 62443
A series of international standards defining security requirements for industrial automation and control systems (IACS) at every level of the organisation.
What is IEC 62443?
IEC 62443 is a series of standards developed by the ISA99 committee and adopted by the IEC (International Electrotechnical Commission) as an international security standard for industrial automation and control systems (IACS). The standard addresses security at four levels: general, asset owner (operator), system integrator and component manufacturer.
One of the fundamental concepts of IEC 62443 is the zones and conduits model. A zone is a logical or physical grouping of assets with the same security requirements. A conduit is a communication path between zones that is subject to control. This model enables a structured approach to OT network segmentation.
The standard defines four Security Levels (SL 1-4), ranging from protection against accidental breaches (SL 1) to protection against state-sponsored attacks (SL 4). The required security level for a given zone is derived from a risk assessment, not imposed top-down.
Why does it matter?
IEC 62443 is recognised as the primary OT security standard worldwide. Regulations such as NIS2 reference it as a benchmark for security measures in industrial environments. Certification to IEC 62443 is becoming a requirement in many sectors - from energy to automotive.
For organisations operating OT systems, IEC 62443 offers a practical framework for building a security programme - from risk assessment, through network segmentation, to requirements for component suppliers and system integrators.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.