TÜV Süd certifies the development processes of the automation company Pilz in accordance with the international security standard IEC 62443-4-1. So Pilz’s development is demonstrably secure: Right from a product’s design phase, security features are regarded systematically; risks are identified and, ideally, already rectified within the product. This addition to the existing functional safety management certification promises Pilz customers double security from now on.
The international standard series IEC 62443 creates the normative framework for industrial security in automation. For «secure» product development, the subordinate standard IEC 62443-4-1 describes the requirements of a «Secure development lifecycle process» (SDL process). It is intended to guarantee that vulnerabilities are detected and excluded throughout the entire lifecycle of the system and individual components. For example, the process also demands that developers are suitably qualified and trained, that the security requirements are transparent right through to implementation, and that all the necessary security tests are carried out.
TÜV Süd tested Pilz’s development processes. The result: Pilz meets the requirements of the standard, considers potential risks in advance and so guarantees the security of its products as early as the development stage.
Pilz safety has industrial security in its sights
Pilz has had TÜV Süd test and certify its functional safety management (FSM), i.e. «safety», for around 20 years. «As a safety component manufacturer, our process was already well designed and documented. As such, adding the security requirements was relatively simple», explains Thomas Pilz, Managing Partner of Pilz GmbH & Co. KG. «Certification underlines the significance of industrial security. Strategically it is just as important as the functional safety certifications. Security protects safety and safety protects humans. This chain is closed, now that our development work is certified in accordance with IEC 62443-4-1, so offering our customers the industrial security that industry needs in the age of international data networking.»