TÜV Informationstechnik (TÜViT) has audited TK Elevator’s product development process in accordance with the IEC 62443-4-1 part of the standard. With the certification of this part of the standard, the manufacturer proves that the topic of security is taken into account as part of a process from the product definition to the “End of Life Declaration”. With certification by TÜV NORD CERT, the manufacturer of lift systems can now demonstrate a secure product development process in accordance with IEC 62443-4-1.
Networked industrial plants bring with them many advantages, but they also harbour dangers. If cyber criminals manage to gain access, they can sometimes put entire industrial plants out of operation. With the aim of increasing IT security in the environment of the process and automation industry, the IEC 62443 standard was therefore developed, which has established itself as an international standard for cybersecurity in industrial automation. Part 4-1 of the standard contains requirements for the life cycle of secure product development.
TK Elevator also knows that IT security can only be achieved if it is taken into account throughout the entire product life cycle and has therefore had the security of its product development process (PDLC) tested by TÜViT. In a first step, TÜViT carried out a GAP analysis with the aim of evaluating the completeness of the existing PDLC. The focus was on requirements that are placed on the secure development of products, such as the development, maintenance and decommissioning of hardware, software or firmware, secure implementation and patch management. This is to ensure that potential vulnerabilities of systems or individual components can be detected and closed within the life cycle. Among other things, the security documentation and the security strategy, which defines information such as scope, roles and responsibilities with regard to the product life cycle, were evaluated. With the fulfilment of the requirements checked within the scope of a certification audit by TÜViT and the final successful certification.
“With the successful certification according to IEC 62443-4-1, TK Elevator can now objectively prove that industrial security has been thought through from the very beginning and that the company’s products meet the highest cybersecurity standards,” says Axel Lange, Head of Marketing & Sales at TÜViT.