IEC 62443 Consulting

Industrial Cyber Security Product Conformity
We provide consulting for the implementation of a Security Development Lifecycle (SDL) to design and manufacture industrial devices and systems in conformity with Industrial Cyber Security standards and to verify the product’s technical conformity with standard requirements in order to prepare for IEC 62443 certification.

Support in complying with the IEC 62443 standard

H-ON Consulting offers a unique consulting approach based on extensive knowledge of product standards and the necessary operations, features that demonstrate service excellence in the sector.

The goal of our IEC 62443 consulting service is to support manufacturers in designing OT systems and components in conformity with Industrial Cyber Security standards, as defined by international reference legislation. We provide support in applying the conformity requirements for new products, including control systems and hardware or software components intended to be integrated into large industrial systems.

We specialize in implementing Security Development Lifecycles (SDL) for hardware or software OT systems, including:

  • Combined HMI/PLC systems
  • SCADA systems
  • Packaged Control Systems (PCS)
  • Distributed Control Systems (DCS)
  • Safety Instrumented Systems (SIS)
  • Control System Platforms
  • Other types of devices and tools

The service is provided by our in-house pool of IEC 62443 99-certified specialists and is developed through a series of actions intended to ensure product conformity with Industrial Cyber Security standards:

  1. Defining objectives
  2. On-the-job training for the roles involved in product development
  3. High-level assessment of the processes and product features
  4. Low-level assessment of the product lifecycle
  5. Developing OT Cyber Security procedures
  6. Issuing final conformity documents

The consulting process is also in preparation for IEC 62443 certification, which attests industrial component or system conformity with legislative requirements.


In IEC 62443/ISA 99 terms, an OT system is defined as a “control system,” that is, a hardware or software component intended to be integrated into a final industrial automation and control system. PLCs, HMIs, SCADA systems, and safety instrumented systems are examples of OT systems.

The legislative references in the IEC 62443 standard directed at OT device manufacturers are found in IEC 62443-4-1 and IEC 62443-4-2 regarding the design requirements in conformity with legislation for systems, sub-systems, or hardware or software components.

As defined in IEC 62443-4-1, the manufacturer is required to implement certain cyber security practices when developing the product:

  • Specification of Security Guidelines
  • Security by design
  • Secure Implementation
  • Security V&V Testing
  • Security Guidelines

Recommended Posts

IEC 62443 industrial cyber security
cyber security industria 4.0
Cyber Security Risk Assessment High Level

Follow us on

Why Choose us

  • Experience in the OT Cyber Security field since 2014
  • In-house OT Cyber Security laboratory
  • In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Pool of automation and OT network specialists
  • Wide network of collaborations with the main international OT solution suppliers

For more information about this service or to request a quote