Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments

Many organizations have established policies and procedures governing the IT security in their office environment; many of these are based on ISO/IEC 27001/2. Some have attempted to address their operational technology (OT) infrastructure under the same management system, and have leveraged many IT/OT commonalities. The ISA/IEC 62443 series explicitly addresses issues such as these; this helps an organization to maintain conformance with ISO/IEC 27001 through common approaches wherever feasible, while highlighting differences in IT vs. OT approach where needed.

This white paper offers guidance for organizations familiar with ISO/IEC 27001 and interested in protecting the OT infrastructure of their operating facilities based on the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used within one organization to protect both IT and OT.

This white paper is available at no cost. Request your copy by submitting the form to the right, and we'll email you a link to download the file.

Untitled-Project (3)


Learn how ISO/IEC 27001/2 and ISA/IEC
62443 should be combined to
protect the OT infrastructure
of operating facilities.
Untitled-Project (2)


Discover how ISO/IEC 27001/2 addresses the IT infrastructure, while ISA/IEC 62443 addresses the OT infrastructure.


Stay Up-to-Date

Find out how you can implement these approaches using a reference map of the set of related ISO/IEC 27001/2
controls under each SPE or sub-SPE of 62443-2-1 .
Request Your Copy
Applying ISO IEC 27001 2 and the ISA IEC 62443 Series White Paper_Page_01


ISA/IEC 62443 does not require the use of an underlying Information Security Management System (ISMS). However it requires that, if the organization has an established ISMS, the security program in the OT environment should be coordinated with it. This white paper considers the use case of an existing ISMS based on ISO/IEC 27001/2.
Organizations could use reference mapping as a starting point for the development of their OT security programs and adjust it to their specific needs as necessary.
Pierre Kobes, author of the guide on behalf of the ISA Global Cybersecurity Alliance