The American National Standards Institute (ANSI, www.ansi.org) and the ANSI-ASQ National Accreditation Board (ANAB)/ACLASS brand have launched a formal pilot accreditation program based on the requirements of the ISA Security Compliance Institute (ISCI, www.isasecure.org) ISASecure Embedded Device Security Assurance (EDSA) certification program. The ISCI announced the pilot program on Aug. 2. ISCI developed the ISASecure EDSA certification within the framework of the International Society of Automation’s ISA99 Industrial Automation and Control Systems security standards. ASQ stands for American Society of Quality.
ISASecure recognizes and promotes cyber-secure products and practices for industrial automation suppliers and operational sites. A new agreement between ISCI, ANSI, and ACLASS establishes ANSI/ACLASS as the Accreditation Body for organizations that provide product certifications in accordance with the ISASecure EDSA conformance scheme as well as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) Guide 65, General Requirements for Bodies Operating Product Certification Systems.
“This announcement is a major milestone in the ISCI ISASecure EDSA certification program,” stated Andre Ristaino, ISCI managing director. “With our device certification requirements and lab accreditation requirements complete, we can now accredit labs to international standards to provide certification services. The ANSI/ACLASS accreditation requirement supports our goal to operate a credible, globally recognized certification program.”
Third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure process by attesting to the competence and qualification of certification bodies and laboratories, offering them a significant distinction from their competitors in the marketplace.
Companies desiring to become an accredited ISASecure EDSA certification body and/or laboratory should visit the ANSI Web site, (www.ansi.org/isasecure), for a description of the ISASecure EDSA program and information on accreditation requirements, fees and the application process. The 30-day open period to apply for accreditation under the pilot program ends on Sept. 1.
“The industry’s vision to set up a globally recognized security assessment program for our automation control systems is being realized through ISCI,” said Ivan Susanto, manager PCN & SCADA security at Chevron, and ISCI board vice chairman. “This program establishes a clearly articulated baseline level of security for automation controls bearing the ISASecure certification. It will simplify procurement processes for many companies because it provides clarity for control systems suppliers on security requirements and we, as asset owners, can build our security effort on top of the ISASecure certification baseline.”
By the book
“ANSI/ACLASS are proud to be selected by ISCI as accreditor for a program that contributes to the safety and security of systems controlling critical infrastructure,” stated Lane Hallenbeck, ANSI vice president for accreditation services.
The ANSI/ACLASS accreditation program will be implemented in accordance with all relevant international standards, including ISO/IEC 17011, Conformity Assessment—General Requirements for Accreditation Bodies accrediting conformity assessment bodies. The ANSI/ACLASS program will assess the competence of Chartered Certification Bodies and Laboratories against the requirements of the international standards ISO/IEC Guide 65 and ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories, as well as the International Accreditation Forum (IAF) Mandatory Document for the Application of ISO/IEC Guide 65, and the additional requirements as specified by the ISASecure EDSA certification program.
American National Standards Institute
ISA Security Compliance Institute