This part of IEC 62443-2-4 specifies requirements for security capabilities for IACS service
providers that they can offer to the asset owner during integration and maintenance activities
of an Automation Solution.
NOTE 1 The term “Automation Solution” is used as a proper noun (and therefore capitalized) in this part of
IEC 62443 to prevent confusion with other uses of this term.
Collectively, the security capabilities offered by an IACS service provider are referred to as its
Security Program. In a related specification, IEC 62443-2-1 describes requirements for the
Security Management System of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related.
NOTE 3 The term “process” in BPCS may apply to a variety of industrial processes, including continuous
processes and manufacturing processes.
NOTE 4 Clause 4.1.4 describes profiles and how they can be used by industry groups and other organizations to
adapt this International Standard to their specific environments, including environments not based on an IACS.
NOTE 5 Automation Solutions typically have a single control system (product), but they are not restricted to do
so. In general, the Automation Solution is the set of hardware and software, independent of product packaging, that
is used to control a physical process (e.g. continuous or manufacturing) as defined by the asset owner.