Endress+Hauser has been awarded the IEC 62443-4-1 certification, affirming its commitment to secure product development and enhancing compliance with the European Cyber Resilience Act (CRA). The certification, granted by TÜV Rheinland in October 2024, validates the secure development processes at the company according to the maturity level 3 of the IEC 62443-4-1 security standard. Five of the company’s product centers have met the rigorous requirements set for the entire product life cycle.
The Cyber Resilience Act, passed by the Council of the European Union in October 2024, mandates that products demonstrate robust cybersecurity throughout their life cycle, necessitating that security measures are integrated from the product development phase. The company employs a “Security by Design” approach to ensure that customers receive optimal support in safeguarding their systems.
Mirko Brcic, Product Security Officer at the company, expressed pride in this achievement, stating, “This certificate reflects our long-standing commitment to achieving the highest security standards across our product centers. It underscores the significance we place on cybersecurity in our structured approach across various development sites.”
One tangible outcome of these cybersecurity initiatives is the secure Bluetooth access to its measuring devices. The IETF, the internet standards organization, has even endorsed the CPace protocol utilized in the Endress+Hauser SmartBlue app for secure, password-protected access.
The IEC 62443-4-1 standard encompasses various critical aspects for a company to demonstrate that cybersecurity is integrated throughout a product’s life cycle. The certification process evaluates elements such as:
- Risk and threat assessments
- Security by design principles
- Security testing protocols
- Vulnerability management practices
- Customer security documentation
“With the IEC 62443-4-1 certification, we have established a solid foundation for delivering secure products in the future, positioning ourselves well for upcoming regulations like the CRA,” Brcic noted. The five certified competence centers include Endress+Hauser Flow, Endress+Hauser Level+Pressure, Endress+Hauser Liquid Analysis, Endress+Hauser Temperature+System Products, and Endress+Hauser Digital Solutions.
