Overview

This 4-day course provides a comprehensive introduction to the ISA/IEC 62443 standards, focusing on the management perspective for securing industrial automation and control systems (IACS). Participants will gain a solid understanding of the key concepts, structures, and applicability of the standard, and learn how to establish and implement an effective IACS security programme. Covering both foundational knowledge and practical application, the course aligns with ISO/IEC 27001 principles and addresses specific considerations for industrial environments, supervisory control and data acquisition (SCADA) systems, and industrial networks. By the end of the course, learners will be equipped to lead or contribute to the development of a security programme that enhances resilience in critical infrastructure and industrial operations.

Read more +

Prerequisites

Participants should have:

  • A basic understanding of industrial automation, control systems, or operational technology.
  • Familiarity with cybersecurity concepts and risk management frameworks.
  • Experience in industrial environments is recommended but not required.

Target audience

This course is designed for:

  • Industrial control system (ICS) engineers
  • Automation and control system designers
  • Cybersecurity professionals
  • IT/OT managers and engineers
  • Industrial network administrators
  • System integrators
  • IACS security analysts
  • Risk and compliance managers
  • Control system operators
  • Maintenance and support personnel in industrial environments
  • Professionals working with critical infrastructure resilience (CER)

Read more +

Learning Objectives

By the end of this course, learners will be able to:

  • Describe the structure, purpose, and scope of the ISA/IEC 62443 standards.
  • Explain the key concepts, terminology, and models that underpin IACS security.
  • Identify security requirements for industrial systems, components, and networks.
  • Assess threat landscapes and recognise key areas of concern for IACS environments.
  • Define and apply maturity levels and security levels within IACS contexts.
  • Build and manage an IACS security programme, including risk assessment, policy development, training, incident response, and monitoring.
  • Understand how ISA/IEC 62443 aligns with ISO/IEC 27001 and its adaptations for specific industries and IoT.
  • Apply the foundational and system requirements to strengthen the security posture of industrial systems.

Read more +

Course Outline

Part 1: Foundations of ISA/IEC 62443 (Day 1 and 2)

  • Introduction to industrial automation and control systems (IACS)
  • Key terms and IACS technologies
  • Structure and purpose of the ISA/IEC 62443 family of standards
  • Core concepts of ISA/IEC 62443 (based on ISA/IEC 62443-1-1)
  • IACS networking and system security requirements
  • Maturity levels and security levels
  • Threat landscape and typical threat actors in IACS environments
  • Areas of special concern unique to IACS
  • Foundational requirements (FR) and system requirements (SR)
  • Overview of covered standards:
    • ISA/IEC 62443-2-1: Establishing an IACS security programme
    • ISA/IEC 62443-2-3: Patch management in the IACS environment
    • ISA/IEC 62443-3-3: System requirements and security levels
    • ISA/IEC 62443-4-3: Security technologies for IACS
    • ISA/IEC 62443-4-4: Component security requirements and assurance levels

Part 2: Building an IACS security programme (Day 3)

  • Phases of the security programme:
    • Establish
    • Risk assessment
    • Policy development
    • Organisation
    • Training
    • Incident response
    • Testing
    • Monitoring
  • Consideration of related ISA/IEC 62443 standards not covered in detail (e.g. secure product lifecycle and supply chain security)
  • Summary of the programme and key takeaways
  • Course completion and wrap-up

Exams and assessments

After attending the course, you are eligible to apply for sitting the exam. If you successfully pass the exam, you can apply for the “PECB Certified ISA 62443 Lead Implementer” credential. This credential will demonstrate your knowledge and professional capabilities to support and lead disaster recovery teams in implementing disaster recovery strategies based on best practices.

Hands-on learning

This course includes:

  • Scenario-based exercises on building an IACS security programme.
  • Group discussions on risk assessment, incident response, and policy development.
  • An exam voucher is included with this course.
  • Case studies exploring applications of ISA/IEC 62443 in industrial and critical infrastructure environments.
  • Guided instructor-led walkthroughs of foundational and system requirements.

Read more +

QA is a PECB Authorized Platinum Partner.

View all PECB courses

Need to know

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Let's talk

A member of the team will contact you within 4 working hours after submitting the form.

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.