WisePlant – A WiseGroup Company

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations 1

Committed to our mission, vision and corporate values, we developed the most complete and comprehensive program to mitigate industrial cybersecurity risk in an easy, fast and simple way. Implement and comply with 100% of the ISA/IEC-62443 series requirements and complementarity, with popular regulations, such as C2M2, NERC, NIST, INGAA, and others with an efficient and effective methodology.

Main Values

We provide and teach a simplified practical methodology that allows to comply with all the requirements of the ISA/IEC-62443 series of standards. Complementary include the applicable regulations, in case they are mandatory. Mitigate all the intolerable risks with the least effort, investing wisely, while achieving the objectives as quickly as possible.

  • Effective: mitigate risks by implementing actions that reduce and eliminate risks in a clear and proven manner. Make correct decisions, avoid making wrong decisions.
  • Efficient: use resources optimally, avoid spending much on actions that do not contribute to effective risk mitigation, accelerate implementation and mitigation times, invest only in those actions that really mitigate the identified and particular risks for each zone and conduit.
  • Sufficient: implement all those mitigation actions that are necessary and effective to achieve adequate risk mitigation. Avoid spending on the implementation of actions that do not work.
  • Practical: Govern, discover, evaluate, make decisions, design, implement, mitigate, test, verify, monitor, alert, respond, manage, change, and maintain tolerable plant risk practically that everyone can follow and understand without getting lost along the way.

Meet 100% of ISA/IEC-62443 series requirements with ease

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations 2We have collaborated with ISA Training during the design and development of the ISA99 professional training and certification program (IC32, IC33, IC34 and IC37). The agnostic courses developed by ISA, have as their main purpose, that professionals understand all the requirements, but they do not aim to explain the best way to comply with all of them.

It is the responsibility of the user to comply with all requirements. We often see how many “Experts” after obtaining the 4 official certificates of the ISA, fail to implement and comply. When the moment of truth arrives, they do not have the methodology or the right tools to meet the large number of requirements. They get lost, distracted by regulations, forget what they have learned, stray from the path, and lack practical experience.

Our training and certification program focuses on meeting all requirements in a practical and easy-to-follow way without getting lost among the large number of requirements. We do not get into the details of the requirements. Let’s go to the most practical part of its application, based on decades of experience.

Reference Link: https://www.isa.org/training-and-certification/isa-training/about-isa-training/training-partners

Other standards and regulations (C2M2, NIST, NERC, etc.)

Currently, there are numerous regulations, laws, recommendations, best practices, guidelines, and controls intended to contribute to the mitigation of industrial cyber risks. Unfortunately, all of them are insufficient, and do not achieve the announced objective. In fact, they are far from achieving it and push companies to spend massive sums of money on actions that are neither effective nor efficient for real risk mitigation.

Many of these recommendations and requirements distract attention and resources, more importantly, delay effective and efficient risk mitigation. We teach you to select those actions that really contribute to risk mitigation, avoiding spending on actions that do not contribute and that only serve to waste resources and money.

Effective, Efficient, Sufficient and Fundamentally Practical

The WisePlant’s Professional Training and Certification Program in Industrial Cybersecurity, consists of a series of courses organized according to the phase of the cybersecurity life cycle of one or more industrial control systems (SUC, systems under consideration).

The main objective is that participants can comply practically and easily, with all the requirements of the standards, but fundamentally and most important of all is the effective and efficient mitigation of all cyber risks. The correct and proper implementation and compliance with the requirements of the ISA/IEC-62443 series of standards is crucial for optimal implementation.

The classes are developed entirely in English, facilitating understanding and discussion in class with the official certified instructor.


Awareness and Introduction to Industrial Cybersecurity

The following training and certification courses have been created for large numbers of people in an organization who will not have direct participation in industrial cybersecurity projects, but will be very important in day-to-day activities, fundamental to establish good security governance at the organizational level. Industrial cybersecurity requires a cultural change in the organization, the development and incorporation of policies, procedures and specific work instructions, and different from information security.


ISA Official Training and Certificate Relationship

The courses 2150, 2160, 2161, and 2162 do not compete with or replace ISA’s official IC32, IC33, IC34, and IC37 courses. These two training and certificate programs have different goals.

The official ISA courses are agnostic and have as their main objective that professionals understand the requirements of the standards. ISA courses teach “what to do,” but not “how to do it.” The objective is to explain and understand the fundamentals and the requirements of the ISA/IEC-62443 series of standards, how it works, the vocabulary, the concepts, definitions, terminology, among others; how it is structured and organized. If you are looking to understand each of the requirements of the ISA/IEC-62443 series of standards, ISA’s official courses are, undoubtedly, the best option.

On the other hand, courses 2150, 2160, 2161, and 2162 focus on how to comply with all the requirements of the ISA/IEC-62443 standards, and the regulations, practically, without going into the detail of each of the requirements of the standards (and regulations).

Become an ISA active member

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations 7It is of great advantage for all professionals who develop activities in the industrial field, to be active members of ISA, and to maintain active membership year after year. ISA offers significant benefits for members that favor and facilitate career development. There is no doubt about the importance and value of more than 150 international standards for global industry.

Professional development with a good academic agnostic background, accompanied by the benefits that ISA provides to its members, results in a very positive impact for the industry and, therefore, for the organizations that hire them. In case you need advice for the incorporation of membership in the professional career programs, please contact us. Act!

ISA Secure – Certification Scheme

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations 8We are active members of ISA Secure and were the first company in Latin America to become active collaborators of the organization.

Link: https://www.isasecure.org/en-US/News-Events/WisePlant-HQ-joins-ISA-Security-Compliance-Institu

ISAGCA – Alliance for Industrial Cybersecurity

Industrial Cybersecurity for ISA/IEC-62443 and Popular Regulations 9We are founding members of the alliance of companies for the development and dissemination of best practices in Industrial Cybersecurity.

Link: https://isaautomation.isa.org/cybersecurity-alliance/

Have questions? Contact Us

[ws_form id=”8″]