Certified security
15.06.20211 Security at the highest level
Endress+Hauser has taken the next step toward achieving the highest standard in digital product and services security. After achieving the demanding StarAudit certification, Endress+Hauser Digital Solutions has been awarded the internationally recognized ISO 27001 certification for its comprehensive information security management system. In addition, confirmation has been received that the Netilion IIoT ecosystem fulfills the requirements of ISO 27017, a standard designed specifically for cloud application information security.
Endress+Hauser receives the ISO 27001 certification for information security
© Endress+Hauser
The importance of digital solutions for customers is growing rapidly. For this reason Endress+Hauser strove to achieve a certification according to the highest industry standard. “As the center of competence for digital solutions at Endress+Hauser, we’re proud to have received ISO 27001 certification,” says Dr Rolf Birkhofer, managing director at Endress+Hauser Digital Solutions.
Dr Rolf Birkhofer, managing director at Endress+Hauser Digital Solutions
© Endress+Hauser
This international norm offers a structured approach for protecting the confidentiality, integrity and availability of the information that is produced and processed in organizations and companies. Using the standard as a foundation, Endress+Hauser created an information security management system (ISMS) and implemented processes that safeguard and continuously optimize the protection of all types of information, data and systems.
High significance
Achieving ISO 27001 certification requires setting aside resources and making investments. “This was an effort that we were glad to undertake, because ultimately we lower our risks and optimize our business processes. But the even more important aspect is that we build trust among our customers. With these measures we’re in a position to reliably detect threats and actively protect our customers’ data as a result,” says Birkhofer in explaining the motivation.
Three years ago Endress+Hauser was one of the first industrial companies to receive the StarAudit certification, which confirmed that the company’s web-based services operate in accordance with specially defined standards. The internationally recognized ISO certification also requires a holistic approach and ensures that all affected activities at Endress+Hauser Digital Solutions are taken into account, not just individual applications. As part of these efforts the Netilion cloud solution also reached a new milestone with ISO 27017 certification, which provides confirmation that the Endress+Hauser IIoT ecosystem continues to fulfill all the requirements for cloud services.
2 Endress+Hauser meets highest cyber security standard
With its certification, TÜV Rheinland has confirmed that the product development processes and product life cycles at Endress+Hauser meet the IEC 62443-4-1 international industry standard for cyber security. By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants.
By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants
© Endress+Hauser
Measurement instruments and components from Endress+Hauser make certain that numerous process engineering systems around the world operate securely and reliably. For industrial plants and Industrial Internet of Things (IIoT) environments, cybersecurity is becoming a growing focus. With networking and connectivity becoming increasingly prevalent, it’s imperative that companies protect their production systems and automation technology from unauthorized access.
To optimally protect its customers’ production systems, Endress+Hauser lays the foundation for secure operation as early as the planning and development phases of its products and services. In March, TÜV Rheinland, one of the world’s leading testing service providers, issued a certification in line with the IEC 62443-4-1 norm confirming that this product development process, as well as the product life cycle, meets the highest international standards.
Mirko Brcic, Product Security Officer at Endress+Hauser
© Endress+Hauser
“This is a testament to the quality of our work, which we are extremely pleased about,” says Mirko Brcic, Product Security Officer at Endress+Hauser. “In light of ongoing technical advances – you only have to think about the advanced physical layer or IIoT products – for us it’s very important that we not only accelerate digitalization but continue to safeguard the security of our instruments and software at the same pace.”
Stringent requirements for automation technology
By aligning the processes with IEC 62443-4-1, among other things Endress+Hauser ensures that products are developed from the beginning with all security requirements in mind and that the components it delivers pose no risks. Added to that are other measures such as code analyses and reviews, penetration tests and the installation of security updates. A total of eight different areas define what a secure product development process should look like:
· Security management
· Security requirements specification
· Secure design guidelines
· Secure implementation guidelines
· Verification and validation of security properties
· Vulnerabilities management
· Creation and publication of security updates
· Security product documentation
Strong capacity for innovation
“With IEC 62443-4-1, a proven certification standard in industrial automation, we ensure that all employees involved in these internal processes are working at the same level of security. That allows us to lay the cornerstone to be able to offer high-quality measurement, automation and IIoT products for connected production environments, now and in the future,” adds Mirko Brcic.
Endress+Hauser has a long tradition of investing in innovation. Last year the IETF recommended for standardization the innovative CPace security technology developed by Endress+Hauser, which provides password-protected instrument access. Patent applications are regularly at high levels as well. The Group currently boasts a portfolio of 8900 patents and patent filings.
