ICS Lifecycle for End Users

Lifecycle development in accordance with OT Cyber Security standards
The IEC 62443 standard states that the security of a plant passes first of all through Governance, specific policies and emergency management, in accordance with the lifecycle of OT Cyber Security.

Discover our consulting options for the security lifecycle

The implementation of the security lifecycle is the ultimate goal of a complete management process for large manufacturing companies, which includes detailed analysis and definition of corrective actions to protect OT devices from cyber attacks.

The activities recommended by the IEC 62443 standards focus on governance, disaster recovery, security policies, design and security measures for plants.

Our OT security lifecycle development consultancy includes a series of modular activities that make it easier for end-users to comply with IEC 62443 standards:

  • Governance Support. In accordance with the Cyber Security Management System recommended by IEC 62443-2-1, our support includes the control of processes documented in IEC 62443-2-1, the preparation of documentation (manual, procedures, instructions, policy), and possible integrations with other management systems, including ISO 27001.
  • Definition of the Emergency Recovery Plan. Taking into account business continuity and business needs, our specialists assist in the development of the plan, including hardware/software requirements and specifications and a specific plan to prevent the risk of cyber threat to potentially attackable infrastructures, or restore assets in the event of an attack.
  • Development of OT Cyber Security Policies. The policies describe the requirements to be implemented to ensure a sufficient level of security of the technologies at the service of the production plants. Our technical support team prepares Policies to achieve these objectives of compliance with IEC 62443 (or NIST) standards.
  • Support for High Level Design. Compliance with an OT architecture is related to the current state of the infrastructure. We analyze the current state, assisting the heads of Cyber Security of large manufacturing companies in establishing the measures (remediation) required to mitigate any security risks.
  • Preparation of the Remediation Plan. A long-term schedule can be prepared on the basis of the implementable requirements, current state and available budget, to determine the remediation measures to adopt at the facility. Our technical support team assists with setup and implementation.


The activities for the ICS Lifecycle, if aggregated, constitute comprehensive consultancy; they can be agreed separately on request.


The actions needed are divided into three main areas:

  • Introducing organizational policies and procedures that include, for instance, training personnel who interact with the OT infrastructure
  • Selecting the technical measures related to network segmentation, access control, authentication, and authorization
  • Implementing and maintaining the risk and incident recovery management plan

The IEC 62443 guidelines identify three security lifecycle phases: assessment, implementation, and, finally, maintenance of the security level. It is precisely during the implementation stage that the company must structure the entire CSMS to protect itself from future cyber attacks. Based on what was found in the Assessment phase, the goal is to adopt a management system that includes procedures and strategies to prevent cyber attacks and protect industrial systems.

The most common and perceivable consequences in the industrial sector are mainly financial damages and damaged reputation due to production standstills, safety issues for operators, financial loss, or environmental damage. In addition to interrupted production after stopping the attacked systems, threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. Furthermore, the attacked systems releasing dangerous emissions into the atmosphere can also seriously impact the business.

Recommended Posts

IEC 62443 industrial cyber security
Cyber Security Risk Assessment High Level
low level risk assessment iec 62443

Follow us on

Why Choose us

  • Experience in the OT Cyber Security field since 2014
  • In-house OT Cyber Security laboratory
  • In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Automation and OT network specialists
  • Wide network of collaborations with the main international OT solution suppliers

For more information about this service or to request a quote