Pilz products ensure the safety of human, machine and the environment. It thus comes as no surprise that even their development processes have to satisfy certain requirements. TÜV Süd has now certified Pilz: Pilz developments not only safe, but also secure!
The international series of standards IEC 62443 “Industrial communication networks – Network and system security” create the appropriate framework for industrial security in automation. The range of topics includes risk analysis, best practices and the secure development of products (“security by design”). For this development, the standard IEC 62443–4‑1 describes requirements for a so-called “Security Development Lifecycle Process” (SDL process). A development approach in which the security features of a system are systematically considered starting in the design phase. The intention here is to ensure that all security risks in a product are detected by means of modelling the threats and that these risks are ideally already rectified in the product.
TÜV Süd assessed the development processes of Pilz accordingly and checked them based on the standard IEC 62443–4‑1. “This check of the development processes in their entirety for industrial security helps to avoid security incidents and the associated impacts – often devastating – on the company, employees and equipment to the greatest possible extent,” explains Walter Schlögl from TÜV Süd. “To rule out weaknesses during the entire lifecycle of the system and individual components, it is necessary to plan proactively and to take into account security aspects from the very beginning.” The independent certification by TÜV Süd creates trust and gives plant operators and owners the certainty that the purchased product is completely secure and is consistent with the best practices from the industry.
One certificate follows the other
The result of the audit: The development by Pilz meets all requirements of the standard and corresponds to the SDL process. Walter Schlögl says, retrospectively: “Pilz prepared for the audit very well. This is a sign that the development of secure products in accordance with IEC 62443–4‑1 is taken very seriously by Pilz on all levels and is comprehensively embedded in the development process, even in the details. Pilz thus has built a solid foundation for subsequent product certifications.”
In the next step, Pilz is planning the certification in accordance with IEC 62443–4‑2. This standard describes technical requirements that must be implemented by the security functions of the products. If these requirements are met, Pilz offers its customers the benefit of being able to purchase a product with security and safety certification – so with double the safety.