1 Security at the highest level
Endress+Hauser has taken the next step toward achieving the highest standard in digital product and services security. After achieving the demanding StarAudit certification, Endress+Hauser Digital Solutions has been awarded the internationally recognized ISO 27001 certification for its comprehensive information security management system. In addition, confirmation has been received that the Netilion IIoT ecosystem fulfills the requirements of ISO 27017, a standard designed specifically for cloud application information security.
Endress+Hauser receives the ISO 27001 certification for information security
Dr Rolf Birkhofer, managing director at Endress+Hauser Digital Solutions
Achieving ISO 27001 certification requires setting aside resources and making investments. “This was an effort that we were glad to undertake, because ultimately we lower our risks and optimize our business processes. But the even more important aspect is that we build trust among our customers. With these measures we’re in a position to reliably detect threats and actively protect our customers’ data as a result,” says Birkhofer in explaining the motivation.
Three years ago Endress+Hauser was one of the first industrial companies to receive the StarAudit certification, which confirmed that the company’s web-based services operate in accordance with specially defined standards. The internationally recognized ISO certification also requires a holistic approach and ensures that all affected activities at Endress+Hauser Digital Solutions are taken into account, not just individual applications. As part of these efforts the Netilion cloud solution also reached a new milestone with ISO 27017 certification, which provides confirmation that the Endress+Hauser IIoT ecosystem continues to fulfill all the requirements for cloud services.
2 Endress+Hauser meets highest cyber security standard
With its certification, TÜV Rheinland has confirmed that the product development processes and product life cycles at Endress+Hauser meet the IEC 62443-4-1 international industry standard for cyber security. By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants.
By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants
To optimally protect its customers’ production systems, Endress+Hauser lays the foundation for secure operation as early as the planning and development phases of its products and services. In March, TÜV Rheinland, one of the world’s leading testing service providers, issued a certification in line with the IEC 62443-4-1 norm confirming that this product development process, as well as the product life cycle, meets the highest international standards.
Mirko Brcic, Product Security Officer at Endress+Hauser
Stringent requirements for automation technology
By aligning the processes with IEC 62443-4-1, among other things Endress+Hauser ensures that products are developed from the beginning with all security requirements in mind and that the components it delivers pose no risks. Added to that are other measures such as code analyses and reviews, penetration tests and the installation of security updates. A total of eight different areas define what a secure product development process should look like:
· Security management
· Security requirements specification
· Secure design guidelines
· Secure implementation guidelines
· Verification and validation of security properties
· Vulnerabilities management
· Creation and publication of security updates
· Security product documentation
Strong capacity for innovation
“With IEC 62443-4-1, a proven certification standard in industrial automation, we ensure that all employees involved in these internal processes are working at the same level of security. That allows us to lay the cornerstone to be able to offer high-quality measurement, automation and IIoT products for connected production environments, now and in the future,” adds Mirko Brcic.
Endress+Hauser has a long tradition of investing in innovation. Last year the IETF recommended for standardization the innovative CPace security technology developed by Endress+Hauser, which provides password-protected instrument access. Patent applications are regularly at high levels as well. The Group currently boasts a portfolio of 8900 patents and patent filings.