Schneider Electric’s global Secure Development Lifecycle (SDL) process has been certified to comply with the internationally recognized ISA/IEC 62443-4-1 cybersecurity standard.
The certification, provided by TÜV Rheinland, ensures cybersecurity is considered in every phase of the company’s product development process. Schneider Electric was the first to have its site-specific SDL certified to the ISA/IEC 62443-4-1 standard, which specifies the process requirements for secure product development.
“Because we helped create the ISA/IEC 62443-4-1 standard, we were able to apply our unique experience to improve how we develop and deliver more secure products,” said Klaus Jaeckle, chief product security officer at Schneider Electric. “This certification from TÜV Rheinland affirms our commitment to improving the safety and security of our customers’ operations.”
The company’s global policies support SDL practices on every development project, from legacy to next generation, using improvement-oriented deep dives and process quality checklists. From product conception through commercialization, this user-centric approach emphasizes specialized role-based training on the SDL practices, which ensures everyone involved in the development process is personally responsible for the security of the company’s offers. The training includes videos for every project role that stress responsibility and accountability and examine how SDL artifacts are integrated into all software, firmware, hardware and system development lifecycles.
“The TÜV Rheinland certification shows Schneider Electric’s serious commitment to developing, delivering and maintaining secure products, systems and solutions, from smart homes and cities to the most critical operations,” said Thomas Steffens, regional business segment manager, TÜV Rheinland. “Certifying its SDL process to the ISA/IEC 62443-4-1 standard means Schneider Electric has further strengthened its development process to help its customers avoid and counter cyber risks.”