ISA’s Global Cybersecurity Alliance has released new guidance and resources on aligning ISA/IEC 62443 with ISO/IEC 27001/27002 standards. This content helps organizations that already have an Information Security Management System (ISMS) in place based on ISO/IEC 27001/27002 to extend cybersecurity controls into Operational Technology (OT) environments. While ISO/IEC 27001/27002 defines risk-based management for IT systems, ISA/IEC 62443 addresses the unique challenges of industrial automation and control systems. The resources explain how these can be used together to achieve comprehensive protection for both IT and OT infrastructure.

The materials include a white paper and related blog posts outlining a mapping between ISO/IEC 27001/27002 controls and the security program structure defined in ISA/IEC 62443‑2‑1. They explain that although ISA/IEC 62443 does not require an ISMS by itself, if an ISMS exists, OT programs should coordinate with it. The guidance covers the role-based responsibilities (asset owners, service providers, product suppliers), use of security zones and conduits, risk assessment strategies, and how to apply controls from both frameworks consistently across technical and procedural measures.

‍

Source: https://gca.isa.org/blog/new-resources-exploring-isa-iec-62443-iso-iec-27001-and-iso-iec-27002