Information Security according to ISO 27001, IEC 62443/ISA99 and BSI standard (IT-Grundschutz) in industrial production


The protection goals of information security and data protection, availability, integrity, confidentiality and the legally compliant handling of resources and data are an essential part of implementing an information security management system in production.

Unfortunately, however, IT security and information security are still a stepchild in many industrial companies. This can lead to fatal and dangerous consequences if, for example, machines are externally controlled by cyber attacks.

The smooth operation of networked industrial plants requires reliable concepts with regard to the security of internal and external data and information. A holistic approach is of fundamental importance for sustainable success. Partial measures with regard to purely technical security are not sufficient.

The introduction of an information security management system presents machine and system operators with considerable challenges, because the requirements in industrial production differ significantly from those in office IT.
For example, the networking of production plants breaks through traditional plant boundaries and replaces them with flexible value-added chains.

Recognized standards, such as the

  • ISO 27001 (ISMS)
  • ISO 27019 and
  • IEC 62443 (Industrial Communication Network and System Security)
  • VDI/VDE guideline 2182
  • BSI standard (IT-Grundschutz)

form the framework for setting up an information security management system in industrial production.

QSEC as an ISMS according to the requirements of ISO 27001 and the BSI standard (IT-Grundschutz) provides extensive support in the development and operation of an information security management system. Working according to the requirements of ISO 27019 is also already implemented in QSEC. Further standards and guidelines, such as IEC 62443/ISA99 can also be integrated and managed in QSEC.

The user is methodically guided through the requirements of the standards in QSEC and supported by the extensive content, best practices and integrated best practice measures. A sample document and a variety of management reports simplify the work related to

  • Data Protection
  • Compliance Management
  • Risk Management
  • Document Management
  • Security Incident Management
  • Business Impact Analyse / Business Continuity Management

QSEC is integrated as ISMS via interfaces into the existing IT landscape and supports the customer specific requirements with workflow, wizard and task technology.

We would be pleased to show you QSEC in a web demo.


References & case studies


QSEC Online-Demo