Etteplan News release, August 15, 2023
Etteplan has applied for the certification of IEC 62443-4-1 Secure Product Development Lifecycle process with CertX
The EU has introduced the NIS2 directive to regulate cybersecurity in supply chains for software and devices, impacting large industrial equipment manufacturers. Etteplan has proactively invested in formal cybersecurity capabilities, obtaining ISO 27001 certification and pursuing IEC 62443-4-1 certification for their Secure Product Development Lifecycle (SPDL) process. This positions Etteplan to meet NIS2 directive Article 21 requirements starting in October 2024, and to continue to provide managed services related to software and equipment to customers.
“In order to create more value for our customers, and continue providing projects and managed services to our customers using Etteplan’s processes and methods, Etteplan has made long-term investments into formal cybersecurity capabilities,” explains Antti Tolvanen, Sales Director, Etteplan.
The first step is ISO 27001 Information Security Management System certification of Etteplan’s software development project sites, and the first sites received certification in January 2023. The second step is IEC 62443-4-1 certification of Etteplan’s SPDL process for embedded device and security-related technical product information.
Globally, the IEC 62443-4 series is used to demonstrate compliance with legal and industry-specific cybersecurity requirements. The IEC 62443-4-1 SPDL process can also be used by Etteplan for development and maintenance of digital services, IoT solutions and industrial automation solutions, according to the requirements of our customers.
With ISO 27001 ISMS certification and IEC 623443-4-1 SPDL process, Etteplan is capable to meet NIS2 directive Article 21 requirements that start applying in October 2024, for legally continuing to provide managed services related to software and equipment to our customers.
Etteplan’s SPDL process development work started in February 2023 and all processes were defined by June 2023. Etteplan has in June 2023 applied for certification of the SPDL process with CertX, and the certification process will start during H2/2023. Etteplan selected CertX as certification body due to CertX’s expertise in functional safety and product security in the same core industries where Etteplan operates, and their flexible way of working.
“Many of Etteplan's customers are either developing their first IEC 62443-4-2 certified products or planning to do so. We leverage our formal IEC 62443-4-1 SPDL process, along with our software and hardware designers' extensive experience in implementing robust security functions on various platforms. This positions Etteplan to excel in assisting customers with secure-by-design hardware and software products aligned with new regulations. Additionally, we offer valuable support for clients building their own SPDL processes, strengthening our role as a cybersecurity partner,” concludes Antti Tolvanen.
For more information, contact:
Antti Tolvanen, Sales Director, Software and Embedded Solutions, tel. +358 45 864 3579
Etteplan in brief
We are a rapidly growing technology service company specializing in software and embedded solutions, engineering solutions, and technical communication solutions. We are a forerunner in the engineering industry and we differentiate ourselves by the wide-ranging competence of our experts. Our customers include world’s leading companies in the manufacturing industry. We help them to create a better world through engineering, innovation and digitalization.
Etteplan has lead the way in the engineering field already since 1983. In 2022, we had a turnover of EUR 350.2 million. The company currently has some 4,000 professionals in Finland, Sweden, the Netherlands, Germany, Poland, Denmark and China. Etteplan's shares are listed on Nasdaq Helsinki Ltd under the ETTE ticker. www.etteplan.com