ISASecure Certification Accepted as ANSI Pilot Accreditation Program
The American National Standards Institute (ANSI) and the ANSI-ASQ National Accreditation Board (ANAB)/ACLASS brand have launched a formal pilot accreditation program based on the requirements of the ISA Security Compliance Institute (ISCI) ISASecure™ Embedded Device Security Assurance (EDSA) certification program.
ISASecure recognizes and promotes cyber-secure products and practices for industrial automation suppliers and operational sites. A new agreement between ISCI, ANSI, and ACLASS establishes ANSI/ACLASS as the Accreditation Body for organizations that provide product certifications in accordance with the ISASecure EDSA conformance scheme as well as ISO/IEC Guide 65, General Requirements for Bodies Operating Product Certification Systems.
”This announcement is a major milestone in the ISCI ISASecure EDSA certification program,” stated Andre Ristaino, ISCI managing director. ”With our device certification requirements and lab accreditation requirements complete, we can now accredit labs to international standards to provide certification services. The ANSI/ACLASS accreditation requirement supports our goal to operate a credible, globally recognized certification program.”
Third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure process by attesting to the competence and qualification of certification bodies and laboratories, offering them a significant distinction from their competitors in the marketplace.
Companies desiring to become an accredited ISASecure EDSA certification body and/or laboratory should visit the ANSI website, www.ansi.org/isasecure, for a description of the ISASecure EDSA program and information on accreditation requirements, fees, and the application process. The 30-day open period to apply for accreditation under the pilot program began Aug. 2 and ends Sept. 1, 2010.
"The industry’s vision to set up a globally recognized security assessment program for our automation control systems is being realized through ISCI,” explained Ivan Susanto, manager PCN & SCADA security of Chevron and ISCI board vice-chair. “This program establishes a clearly articulated baseline level of security for automation controls bearing the ISASecure certification. It will simplify procurement processes for many companies because it provides clarity for control systems suppliers on security requirements and we, as asset owners, can build our security effort on top of the ISASecure certification baseline.”
“ANSI/ACLASS are proud to be selected by ISCI as accreditor for a program that contributes to the safety and security of systems controlling critical infrastructure,” stated Lane Hallenbeck, ANSI vice president for accreditation services.
The ANSI/ACLASS accreditation program will be implemented in accordance with all relevant international standards, including ISO/IEC 17011, Conformity Assessment – General Requirements for Accreditation Bodies accrediting conformity assessment bodies. The ANSI/ACLASS program will assess the competence of Chartered Certification Bodies and Laboratories against the requirements of the international standards ISO/IEC Guide 65 and ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories, as well as the International Accreditation Forum (IAF) Mandatory Document for the Application of ISO/IEC Guide 65, and the additional requirements as specified by the ISASecure EDSA certification program.
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key technical members include Exida, Mu Dynamics, and Rockwell Automation.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The Institute’s ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure™ products and systems and creating product differentiation for suppliers conforming to the ISASecure™ specification.
The American National Standards Institute is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system.