Schneider Electric, the leader of digital transformation in energy management and automation, today announced that its global Secure Development Lifecycle (SDL) process has been certified to comply with the internationally recognized ISA/IEC 62443-4-1 cybersecurity standard. The certification, provided by TÜV Rheinland, a world leader in testing, inspection and certification services, warrants that cybersecurity is considered in every phase of the company’s product development process.
Schneider Electric was the first to have its site-specific SDL certified to the ISA/IEC 62443-4-1 standard, which specifies the process requirements for secure product development. Additionally, Schneider Electric’s product security engineers participated in the working group that developed the ISA/IEC 62443-4-1 standard.
“Because we helped create the ISA/IEC 62443-4-1 standard, we were able to apply our unique experience to improve how we develop and deliver more secure products,” said Klaus Jaeckle, Chief Product Security Officer, Schneider Electric. “This certification from TÜV Rheinland affirms our commitment to improving the safety and security of our customers’ operations. We go beyond merely adhering to the ISA/IEC 62443-4-1 standard; we ensure cybersecurity becomes everyone’s job. Through this approach, we enable our customers to reduce risks to their people, their assets and their operations.”
The company’s global policies support SDL practices on every development project, from legacy to next generation, using improvement-oriented deep dives and process quality checklists. From product conception through commercialization, this unique, user-centric approach emphasizes specialized role-based training on the SDL practices, which ensures everyone involved in the development process is personally responsible for the security of the company’s offers. The training includes videos for every project role that stress responsibility and accountability and examine how SDL artifacts are integrated into all software, firmware, hardware and system development lifecycles.
“The TÜV Rheinland certification shows Schneider Electric’s serious commitment to developing, delivering and maintaining secure products, systems and solutions, from smart homes and cities to the most critical operations,” said Thomas Steffens, regional business segment manager, TÜV Rheinland. “Certifying its SDL process to the ISA/IEC 62443-4-1 standard means Schneider Electric has further strengthened its development process to help its customers avoid and counter cyber risks.”
Founding Member of ISA Global Cybersecurity Alliance
Schneider Electric recognizes the importance of cybersecurity and the increasing impact it has on customers in every industrial segment. In July 2019, Schneider Electric joined the International Society of Automation Global Cybersecurity Alliance as a Founding Member. With an understanding that the entire ecosystem needs to recognize and consistently respond to emerging cyber threats, the ISA created the Global Cybersecurity Alliance to advance cybersecurity readiness in worldwide manufacturing and critical infrastructure facilities and processes. Bringing together end-user companies, technology and systems vendors, IT infrastructure vendors, services providers, system integrators and other organizations, the Alliance proactively addresses growing and emerging cyber threats, with a focus on driving awareness, advocacy and adoption of the ISA/IEC 62443 set of standards.