TÜV Süd has certified the development processes of Pilz in accordance with the international security standard IEC 62443-4-1. This addition to the existing functional safety management certification promises Pilz customers double security from now on.
The new certification offers assurance that Pilz’s development is demonstrably secure: right from a product’s design phase, security features are regarded systematically – risks are identified and, ideally, already rectified within the product.
The international standard series IEC 62443 creates the normative framework for industrial security in automation. For ‘secure’ product development, the subordinate standard IEC 62443-4-1 describes the requirements of a “Secure development lifecycle process” (SDL process). It is intended to guarantee that vulnerabilities are detected and excluded throughout the entire lifecycle of the system and individual components. For example, the process also demands that developers are suitably qualified and trained, that the security requirements are transparent right through to implementation, and that all the necessary security tests are carried out.
TÜV Süd tested Pilz’s development processes. It found that Pilz meets the requirements of the standard, considers potential risks in advance and so guarantees the security of its products as early as the development stage.
“As a safety component manufacturer, our process was already well designed and documented. As such, adding the security requirements was relatively simple,” explains Thomas Pilz, managing partner of Pilz. “Certification underlines the significance of industrial security. Strategically it is just as important as the functional safety certifications. Security protects safety and safety protects humans. This chain is closed, now that our development work is certified in accordance with IEC 62443-4-1, so offering our customers the industrial security that industry needs in the age of international data networking.”