Skip to content

Compliance & Audits

We help prepare your OT systems for IEC 62443 certification

We assess zone and conduit architecture, define target Security Levels (SL-T), verify achieved levels (SL-A) and prepare certification documentation - passively, without disrupting production.

Last updated: April 2026

Let's talk

IEC 62443 Audit is a SEQRED service covering ot system audit and iec 62443 certification preparation. zones, conduits, sl-t/sl-a.

Compliance & Audits

IEC 62443 is becoming a market requirement - end customers, integrators and regulators (including the Cyber Resilience Act) increasingly expect documented compliance. The standard covers four areas: organizational policies (Part 2-1), system architecture and risk analysis (Part 3-2), development processes (Part 4-1) and component security (Part 4-2). Navigating these requirements without experience consumes engineering team time. We help you through the process practically - from zone and conduit analysis to certification readiness.

Scope

01

Zone and conduit definition per IEC 62443-3-2

02

Risk analysis and target Security Level (SL-T) definition

03

Achieved Security Level (SL-A) assessment for systems and components

04

Passive network asset inventory - no impact on production environment

05

Organizational requirements and security policy audit (IEC 62443-2-1 CSMS)

06

Component security assessment (IEC 62443-4-2) - PLC controllers, HMI, SCADA software

07

Development process assessment for manufacturers (IEC 62443-4-1) in context of Cyber Resilience Act

08

Preparation of documentation and evidence required by the certification body

Process

01

Scoping

We establish the certification scope: system, subsystems, components. We identify the applicable parts of the standard.

02

Architecture analysis

We map zones and conduits, identify touchpoints, and data flows between networks.

03

SL-A assessment

We verify the current security level against target requirements (SL-T).

04

Gap analysis and remediation plan

We document discrepancies and deliver a prioritised plan to achieve compliance.

05

Certification support

We help prepare documentation and support the organisation during the certification audit.

IEC 62443 - industrial control system segmentation

Case study

Industrial automation systems manufacturer

We prepared a PLC controller manufacturer for IEC 62443-4-2 certification, covering component security and development process assessment.

The manufacturer achieved IEC 62443-4-2 certification for its controller product line.

CS.116

IEC 62443 Audit in Chemical Manufacturing

Chemical manufacturing company

CS.117

OT Security of Renewable Energy Farms

Wind and photovoltaic farm operator

CS.120

Polish AMI Device Security Standard and Certification

AMI device manufacturer

Sectors

Energy

OT network security, SCADA and AMI systems - from power grids to gas, heating and renewables.

Manufacturing and industry

OT audits in PLC, DCS and automation environments - chemicals, food, electronics, machinery.

Services

NIS2 Audit

NIS2 and KSC Act compliance audit. Gap analysis, remediation plan, implementation support.

OT Security

Audit, monitoring and protection of SCADA, DCS and PLC controller networks.

Related articles

OT Cybersecurity |

Sabotage and Human Error - Underestimated Threats in OT Environments

Insider threats and human error in OT - incidents, statistics, and 12 organizational controls based on IEC 62443.
OT Cybersecurity |

USB Removable Media Security in ICS Networks - Threats and Controls

USB threats in OT environments - malware, sabotage, data exfiltration. IEC 62443 controls, security kiosk, and policies.

FAQ

How does IEC 62443 differ from NIS2? +

NIS2 is a regulatory directive defining organisational obligations. IEC 62443 is a technical standard describing how to secure industrial automation systems. They are often used together - NIS2 requires risk management, and IEC 62443 provides the methodology.

Which parts of IEC 62443 apply to us? +

It depends on your role: OT system operators should implement 2-1 (policies) and 3-3 (system requirements). Component manufacturers - 4-1 (development process) and 4-2 (component requirements). We help determine the right scope.

What are zones and conduits? +

Zones are logical groupings of assets with common security requirements. Conduits are communication paths between zones. Their correct definition is the foundation of OT architecture security under IEC 62443.

How long does certification preparation take? +

A typical process takes 3 to 9 months, depending on system complexity and current security posture. An initial audit helps estimate the scope of work.

Do you need to visit the facility on-site? +

Yes - zones and conduits assessment requires on-site verification of the network and physical architecture. Some analytical and documentation work is performed remotely.

How does SEQRED price its services? +

Pricing is based on an individual estimate of our consultants' time, considering the project scope and complexity. We present the offer broken down by phases - so you see exactly what you're paying for and can make decisions at each stage.

Can I speak with an expert before making a decision? +

Yes - an initial consultation is always welcome and free of charge. We help define the actual scope of your needs, which allows us to prepare a rational offer tailored to your organization.

What determines the cost of an IEC 62443 audit? +

Pricing depends on the number of zones and conduits in the OT architecture, the number of automation systems, and the target Security Level (SL).

We'll discuss scope, methodology, and timeline.

Book a consultation

Free consultation, no strings attached.