The ISA Security Compliance Institute (ISCI) announces recently that the Honeywell Phoenix, Arizona product development site in the US has achieved the ISASecure SDLA lifecycle certification. Honeywell received the conformance certificate from exida, LLC, an ISASecure ISO 17065 accredited certification body.
The certification independently confirms that Honeywell’s named system development lifecycle (SDL), the Standard HPS Iterative Process (HIP), meets the security development lifecycle requirements of the ISASecure Security Development Lifecycle Assurance (SDLA) certification, which is based upon the IEC 62443 industrial cybersecurity standards. The certification can be viewed here.
The ISASecure SDLA certification provides assurance to Honeywell’s customers and their procurement teams that Honeywell has made a substantial and institutional commitment to cybersecurity. The certification demonstrates that the certified Honeywell site uses a product development lifecycle in which cybersecurity is considered at all phases—from design to phase out.
“Honeywell continues to demonstrate leadership in ensuring cybersecurity of industrial automation and control systems,” commented Andre Ristaino, ISCI managing director. “They were the first supplier to submit products for the ISASecure EDSA certification. And then, significantly, they followed that up with the ISASecure SDLA certification of their Phoenix development site.”
Jason Urso, Vice President of Technology for HPS, said “ISASecure provides a comprehensive framework for cybersecurity in the process control industry. Honeywell embraces and applies ISASecure methodologies as a fundamental part of our software development lifecycle, including certification of our products to meet their high standards. Honeywell is excited to continue participation with the ISA Security Compliance Institute in the future. Just like safety standards, cybersecurity is an essential part of an industrial control company’s strategy. ISASecure is key partner in helping us to achieve our cybersecurity goals.”
Mike Medoff, Senior Safety and Cybersecurity Engineer at exida, stated: “Incorporating cybersecurity in all phases of your development process is an important step in developing secure products. This certification shows that Honeywell has taken this step and is committed to delivering secure products to their customers.”
ISASecure SDLA certified supplier development organizations are registered on the www.isasecure.org website, here: SDLA certified sites.
Honeywell International (www.honeywell.com) is a Fortune 100 diversified technology and manufacturing leader, serving customers worldwide with aerospace products and services; control technologies for buildings, homes and industry; automotive products; turbochargers; and specialty materials. Based in Morris Township, N.J., Honeywell’s shares are traded on the New York, London, and Chicago Stock Exchanges. For more news and information on Honeywell, please visit www.honeywellnow.com. Honeywell Process Solutions is part of Honeywell’s Automation and Control Solutions group, a global leader in providing product and service solutions that improve efficiency and profitability, support regulatory compliance, and maintain safe, comfortable environments in homes, buildings and industry. For more information, visit www.honeywell.com/ps.
exida is a world leading engineering services & certification body focused on helping automation suppliers and users improve the safety, security and reliability of their industrial automation systems. Established by several of the world’s top safety, security, and reliability experts, the company is owned by these partners and independent of any vendor ownership. exida’s main offices are located in Sellersville, PA, USA and Munich, Germany with service centers worldwide. For more information, visit www.exida.com.
About The ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS).
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Schneider Electric, Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure designation ensures that IACS products conform to industry consensus cyber security standards such as IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. For more information, visit www.isasecure.org.
SOURCE: The ISA Security Compliance Institute (ISCI)