The ISA Security Compliance Institute (ISCI, www.isasecure.org) announced on Nov. 11 that exida (www.exida.com), a Sellersville, Pa.-based safety and security services firm, has earned provisional accreditation for providing ISASecure EDSA Certification services under ISCI’s globally recognized cyber-security conformance scheme.
exida is the first certification lab to achieve ANSI/ACLASS accreditation for the ISASecure EDSA Certification program, the ISCI said. ACLASS is one of two brands of the American National Standards Institute-American Society of Quality (ANSI-ASQ) National Accreditation Board.
ISASecure EDSA (for Embedded Device Security Assurance) Certification focuses on security of embedded devices, and addresses device characteristics and supplier development practices for those devices. An embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification—a trademarked designation indicating product security characteristics and capabilities. ISCI developed the ISASecure EDSA Certification within the framework of the International Society of Automation’s ISA99 Industrial Automation and Control Systems security standards.
“exida is a highly respected organization staffed with some of the industry’s most talented engineers in the fields of safety and security,” said Andre Ristaino, ISCI managing director. ”With operating sites located strategically around the globe, exida establishes the operational foundation for ISCI’s internationally recognized cyber-security certification program.”
Suppliers seeking to certify embedded devices are directed to contact exida, who will conduct certifications on behalf of ISCI. The certification consists of three elements: a device Functional Security Assessment (FSA), a device Communication Robustness Test (CRT), and an organizational Software Development Security Assessment (SDSA).
William Goble, managing director of exida, stated, “The ISCI cyber-security certification program fits well with our functional safety certification program. Recent events have shown that a strong control system cyber security defense is an essential part of control system safety and availability. That defense starts with industrial control devices such as PLC (programmable logic controller), DCS (distributed control system), SIS (safety integrated system) and SCADA (supervisory control and data acquisition) controllers that are resilient to rogue communications and unauthorized access and developed with a security mindset.”
ISA Security Compliance Institute