ISO 27001 System Cybersecurity and IEC 62443 Industrial.
In an era where digitalization is transforming every aspect of our lives, cybersecurity has become an
essential priority and in many cases a mandatory requirement for organizations in various industrial sectors to have adequate protection of data and IT critical infrastructures.
BT Ingenium supports customers by offering consultancy services aimed at implementing Cybersecurity in the following regulatory contexts:
- ISO 27001 Information Security Management;
- IEC 62443 Cybersecurity for systems and products in the field of automation and control systems.
In particular, with regard to the design of systems and products for the industrial market, including the Railway market, the focus of our expertise, we support customers in managing IT security requirements for the creation of their products in compliance with the following specific standards:
- IEC 62443-3-2: Security for industrial automation and control systems
Part 3-2: Security risk assessment and system design; - IEC 62443-3-3 Industrial communication network and system security
Part 3-3: System security requirements and security levels; - IEC 62443-4-1: Security for industrial automation and control systems
Part 4-1: Secure Product Development Lifecycle Requirements; - IEC 62443-4-2: Security for industrial automation and control systems
Part 4-2: Technical security requirements for IACS components.
Below are some references of recent projects and consultancy:
[2024] Railway Industrial Sector Company (Power Supply Systems)
Support during the tender phase for the definition of the product requirements of a railway Battery Charging system according to IEC 62443-4-1, IEC 62443-4-2, IEC 62443-3-3 and risk analysis IEC 27005 according to the requirements and methodologies of the integrator and manufacturer of the railway vehicle. Support for product development (requirements vs SC target) and implementation of the management system in the company meeting the minimum requirements requested by the final client.
[2024] Company – IT Sector (Cloud CRM Software)
Support for the certification of the ISM ISO 27001 with integration with the ISO 9001 system by an accredited body appointed by the customer. Activity in progress with the aim of obtaining the certification in the first quarter of 2025. The customer company is cloud based and must comply with the specific requirements of the ISO 27017 and ISO 27018 standards.
[2023] Company – Industrial Sector (Video Surveillance Systems and AI Cameras).
Support for the certification obtained from an accredited body appointed by the customer for its ISO27001 management system with integration with the ISO9001 system. Furthermore, the security of the vision systems was managed and certified according to the IEC62443 standard (DevSecOps methodology, infrastructure, organization and responsibility, Network infrastructure, attack surfaces, supplier management for security assessment and penetration test).
[2023] Railway Sector Company (Passenger Information Systems PAPIS).
Introduction to the requirements of the IEC 62443 standard for Industrial systems and TS 50701 guidelines for Railway systems. Support for the definition of product design requirements for integration on railway vehicles in compliance with the contractual requirements on Cybersecurity of the final customer.
