ISA/IEC 62443 Lead Implementer

This 4-day course provides a comprehensive introduction to the ISA/IEC 62443 standards, focusing on the management perspective for securing industrial automation and control systems (IACS). Participants will gain a solid understanding of the key concepts, structures, and applicability of the standard, and learn how to establish and implement an effective IACS security programme. Covering both foundational knowledge and practical application, the course aligns with ISO/IEC 27001 principles and addresses specific considerations for industrial environments, supervisory control and data acquisition (SCADA) systems, and industrial networks. By the end of the course, learners will be equipped to lead or contribute to the development of a security programme that enhances resilience in critical infrastructure and industrial operations.

By the end of this course, learners will be able to:

• Describe the structure, purpose, and scope of the ISA/IEC 62443 standards.
• Explain the key concepts, terminology, and models that underpin IACS security.
• Identify security requirements for industrial systems, components, and networks.
• Assess threat landscapes and recognise key areas of concern for IACS environments.
• Define and apply maturity levels and security levels within IACS contexts.
• Build and manage an IACS security programme, including risk assessment, policy development, training, incident response, and monitoring.
• Understand how ISA/IEC 62443 aligns with ISO/IEC 27001 and its adaptations for specific industries and IoT.
• Apply the foundational and system requirements to strengthen the security posture of industrial systems.

Participants should have:

• A basic understanding of industrial automation, control systems, or operational technology.
• Familiarity with cybersecurity concepts and risk management frameworks.
• Experience in industrial environments is recommended but not required.

Target audience

This course is designed for:

• Industrial control system (ICS) engineers
• Automation and control system designers
• Cybersecurity professionals
• IT/OT managers and engineers
• Industrial network administrators
• System integrators
• IACS security analysts
• Risk and compliance managers
• Control system operators
• Maintenance and support personnel in industrial environments
• Professionals working with critical infrastructure resilience (CER)

Part 1: Foundations of ISA/IEC 62443 (Day 1 and 2)

• Introduction to industrial automation and control systems (IACS)
• Key terms and IACS technologies
• Structure and purpose of the ISA/IEC 62443 family of standards
• Core concepts of ISA/IEC 62443 (based on ISA/IEC 62443-1-1)
• IACS networking and system security requirements
• Maturity levels and security levels
• Threat landscape and typical threat actors in IACS environments
• Areas of special concern unique to IACS
• Foundational requirements (FR) and system requirements (SR)
• Overview of covered standards:
  • ISA/IEC 62443-2-1: Establishing an IACS security programme
  • ISA/IEC 62443-2-3: Patch management in the IACS environment
  • ISA/IEC 62443-3-3: System requirements and security levels
  • ISA/IEC 62443-4-3: Security technologies for IACS
  • ISA/IEC 62443-4-4: Component security requirements and assurance levels

Part 2: Building an IACS security programme (Day 3)

• Phases of the security programme:
  • Establish
  • Risk assessment
  • Policy development
  • Organisation
  • Training
  • Incident response
  • Testing
  • Monitoring
• Consideration of related ISA/IEC 62443 standards not covered in detail (e.g. secure product lifecycle and supply chain security)
• Summary of the programme and key takeaways
• Course completion and wrap-up

Exams and assessments

After attending the course, you are eligible to apply for sitting the exam. If you successfully pass the exam, you can apply for the “PECB Certified ISA 62443 Lead Implementer” credential. This credential will demonstrate your knowledge and professional capabilities to support and lead disaster recovery teams in implementing disaster recovery strategies based on best practices.

Hands-on learning

This course includes:

• Scenario-based exercises on building an IACS security programme.
• Group discussions on risk assessment, incident response, and policy development.
• An exam voucher is included with this course.
• Case studies exploring applications of ISA/IEC 62443 in industrial and critical infrastructure environments.
• Guided instructor-led walkthroughs of foundational and system requirements.