After careful planning and development of your system, the last thing you want to worry about is the credibility of your certification. Although it may seem like a given for your certification to be well accepted by your customers, it is never a bad idea to dig a little deeper and educate yourself in hopes to avoid potential risk.
If your certification body is not assessing up to IEC 62443 standard you could be at a greater risk than you may think.
Transparency of the Certification
To ensure that the certification meets your needs, there should be some level of transparency in the report that shows exactly what aspects were considered in the certification. Most certifications will include a certificate, which summarizes to what standard the product is being certified, and a report which defines exactly what was done as part of the certification. The certificate should leave no room for speculation as it clearly summarizes what the product is being certified to, and a report which explicitly defines exactly what was done as a part of the certification.
Certificates and Assessment Reports should always be kept as public documents for reference and customer review.
Trustworthiness of the Certification Body
This is such a key item, but also a difficult one to confirm unless the certification body (CB) is accredited for IEC 62443 work. Accreditation is by a nationally known third party such as American National Standards Institute (ANSI) in the US. Accreditation is what gives your certification its credibility, if your CB does not have a strong accreditation, your certification will not be held sure.
Competence of the CB
Technical competency is also something that is not always easy to determine. However, it is important that the CB has expert knowledge in the area that the certification covers. Good evidence of expert knowledge is the CB publications and contributions to the industry. Do they participate in the committees that develop the standards? Do they publish books and papers on topics relevant to the certification? Do they otherwise demonstrate knowledge and expertise on such topics? Your certification body should be there to assist you with knowledgeable guidance and experience in their field.
There are choices in cybersecurity certification programs. For maximum market impact, consider the issues above.