We perform on-site assessments against the NIST 800-82 and IEC-62443 standards for Industrial Control Systems. The compliance report gives you insight in the current compliance or maturity of the controls that you wish to be assessed against, like: roles and responsibilities, OT network design and security, OT security management and OT security operations & procedures. Besides the report we will advice you on how to close the compliance gap.
Security Controls Scope
The different standards cover the entire cybersecurity scope, generally:
- Risk Management,
- Awareness and Culture,
- Network Design and Security,
- Systems Design and Security,Operations and Security Management.
Together we define the scope and provide recommendations on how to become compliant.
Besides industry standards like NIST, IEC-62443, ISO-27001 we also advice on regulatory requirements like NIS (EU) and WIB (NL).
CSMS and GRC Framework (Governance Risk and Compliance)
Create and maintain a security culture! With a CSMS you demonstrate that you optimally manage the automation and security in your OT environment; your policies are clear and followed by your organization and contracting companies. Processes are managed, controlled and continuously improved to defend against disruption. We will set up the control system, draft the policies and standards and align the CSMS and ISMS with your input, industry standards and regulatory requirement. We will set up a continuous compliance monitoring system and help improve if the results fall short.