IriusRisk SL- A Technical Member of ISCI
The International Society of Automation (ISA) Security Compliance Institute (ISCI) announced today that IriusRisk SL has joined ISCI as a Technical Member in support of the ISASecure® Cybersecurity Conformance Scheme.
IriusRisk has worked with several organizations to help them overcome the complexity of manual threat modeling with the IriusRisk Automated Threat Modeling platform, an automation engine, extensive security standards, and integration with major issue trackers. As result engineering teams have access to a self-service tool for designing secure applications. This automation process can guide each company’s approach to compliance, and prioritize risk, based on each unique security, governance, and compliance requirement.
The ISASecure certification program is an industry-led effort composed of the leading stakeholders in the process industry. It assesses ICS products and systems to ensure they are robust against network attacks, free from known vulnerabilities, and meet the security capabilities defined in the ISA/IEC 62443 standards.
A key differentiator of the ISASecure program is its inclusion of end users in its certification development process. End user members directly contribute to ISASecure certification development, ensuring their needs are reflected in the certification requirements.
Charles Marrow, Head of Center of Excellence at IriusRisk, comments: “ISCI’s pursuit of better security standards across a broad range of industries is such important work. Threat modeling and risk assessments can also play a pivotal role in this: all organizations operating in the industrial, automotive, transport and medical industries should be doing it on a regular basis, building in security from the very beginning of the software development lifecycle.”
Andre Ristaino, ISA Managing Director, Consortia and Conformance Programs welcomes IriusRisk as a new ISASecure member: “Companies like IriusRisk are key to enabling the adoption of the ISA/IEC 62443 standards for supplier companies. Commercial tools that simplify the threat analysis and compliance tasks during product development remove barriers to applying the ISA/IEC 62443 standards.”