ISA Security Compliance Institute News Release
Contact: Becky Schneider
Research Triangle Park, NC (11 November 2010) –The ISA Security Compliance Institute (ISCI) announced that exida has earned provisional accreditation for providing ISASecure EDSA Certification services under ISCI’s globally recognized cybersecurity conformance scheme.
During the month of October, ANSI/ACLASS assessors evaluated exida’s operational conformance to requirements in ISO/IEC Guide 65 (EN45011), ISO/IEC 17011 and ISO/IEC 17025 guidelines, and the ISASecure EDSA Certification program definition. Having satisfactorily demonstrated conformance to all elements in these rigorous requirements for quality and technical competency, exida is the first certification lab to achieve this designation in the ISASecure EDSA Certification program.
”exida is a highly respected organization staffed with some of the industry’s most talented engineers in the fields of safety and security,” stated Andre Ristaino, ISCI managing director. ”With operating sites located strategically around the globe, exida establishes the operational foundation for ISCI’s internationally recognized cybersecurity certification program.”
Suppliers seeking to certify embedded devices are directed to contact exida, who will conduct certifications on behalf of ISCI. exida is uniquely qualified to provide both the device testing and organizational assessments required in the ISASecure EDSA Certification. The certification consists of three elements: a device Functional Security Assessment (FSA), a device Communication Robustness Test (CRT), and an organizational Software Development Security Assessment (SDSA).
Dr. William Goble, managing director of exida, stated, “The ISCI cybersecurity certification program fits well with our functional safety certification program. Recent events have shown that a strong control system cybersecurity defense is an essential part of control system safety and availability. That defense starts with industrial control devices such as PLC, DCS, SIS, and SCADA controllers that are resilient to rogue communications and unauthorized access and developed with a security mindset.”
About ISASecure EDSA Certification
The ISASecure program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide improvement of cybersecurity for Industrial Automation and Control Systems (IACS). It achieves this goal by offering a common industry-recognized set of device and process requirements that drive device security, simplifying procurement for asset owners and device assurance for equipment vendors.
ISASecure Embedded Device Security Assurance Certification (ISASecure EDSA), the first ISASecure certification, focuses on security of embedded devices and addresses device characteristics and supplier development practices for those devices. Through this certification, an embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification—a trademarked designation that provides instant recognition of product security characteristics and capabilities. ISASecure EDSA offers three certification levels for a device based on increasing levels of device security assurance: ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices.
The ISASecure EDSA certification is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized industrial automation controls cybersecurity certification program. This third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure certification by attesting to the competence and qualification of ISCI certification bodies and laboratories.
Visit www.ansi.org/isasecure for details on the ISASecure ANSI/ACLASS accreditation process.