Schneider Electric's global Secure Development Lifecycle (SDL) process has been certified to comply with the internationally recognized ISA/IEC 62443-4-1 cybersecurity standard. The certification, provided by TÜV Rheinland, warrants that cybersecurity is considered in every phase of the company’s product development process.
Schneider Electric was the first to have its site-specific SDL certified to the ISA/IEC 62443-4-1 standard, which specifies the process requirements for secure product development. Additionally, Schneider Electric’s product security engineers participated in the working group that developed the ISA/IEC 62443-4-1 standard.
“Because we helped create the ISA/IEC 62443-4-1 standard, we were able to apply our unique experience to improve how we develop and deliver more secure products,” said Klaus Jaeckle, chief product security officer, Schneider Electric. “This certification from TÜV Rheinland affirms our commitment to improving the safety and security of our customers’ operations. We go beyond merely adhering to the ISA/IEC 62443-4-1 standard; we ensure cybersecurity becomes everyone’s job. Through this approach, we enable our customers to reduce risks to their people, their assets and their operations.”
The company’s global policies support SDL practices on every development project, from legacy to next generation, using improvement-oriented deep dives and process quality checklists. From product conception through commercialization, the user-centric approach emphasizes specialized role-based training on the SDL practices, which ensures everyone involved in the development process is personally responsible for the security of the company’s offers. The training includes videos for every project role that stress responsibility and accountability and examine how SDL artifacts are integrated into all software, firmware, hardware and system development lifecycles.