ACLASS ISASecure Accreditation
ISASecure™ Embedded Device Security Assurance (EDSA)
Certification Program - Pilot
ACLASS now offers accreditation for communication robustness
testing (CRT) laboratories certifying cyber-secure products in
accordance with the new ISASecure Embedded Device Security
Assurance (EDSA) Certification Program.
The ISASecure Certification Program was developed by the ISA
Security Compliance Institute (ISCI), an industry consortium, to
accelerate industry-wide improvement of cyber-secure products and
practices for industrial automation suppliers and operational
sites. ISCI is an interest area within the Automation Standards
Compliance Institute (ASCI), a non-profit corporation owned by ISA.
ISA incorporated ASCI in 2006 to provide a home for certification,
conformance, and compliance assessment activities in the automation
arena. ASCI has expanded on ISA's 50 years of work in standards
development by facilitating the effective implementation of
automation industry standards.
EDSA, the first ISA Secure certification program, focuses on the
security of embedded devices and addresses device characteristics
and supplier development practices for those devices.
An embedded device that meets the requirements of the ISASecure
EDSA specification earns the ISASecure EDSA certification, a
trademarked designation that provides instant recognition of
product security characteristics and capabilities, and provides an
independent industry stamp of approval similar to a Safety
Integrity Level Certification (ISO/IEC 61508).
The ISASecure designation is earned by industrial control
suppliers for products that demonstrate adherence to an industry
consensus cyber security specification for security characteristics
and supplier development practices.
Labs that wish to become part of the movement to secure critical
infrastructure around the globe, must demonstrate compliance
with:
EDSA-100, ISA Security Compliance Institute -
Embedded Device Security Assurance - ISASecure EDSA certification
scheme, Version 2.0, October 2011
EDSA-200, ISA Security Compliance Institute -
Embedded Device Security Assurance - ISASecure EDSA chartered
laboratory operations and accreditation, Version 2.1, October 2011
[http://www.isasecure.org/PDFs/EDSA-200-Chartered-Lab-Ops-and-Accred(v1_2).aspx]
EDSA-204, ISA Security Compliance Institute -
Embedded Device Security Assurance - Instructions and Policies for
Use of the ISASecure Symbol and Certificate, Version 2.0, October
2011
EDSA-206, ISA Security Compliance Institute -
Embedded Device Security Assurance - ISASecure EDSA CRT laboratory
operations and accreditation, Version 1.1, October 2011
These documents and other documents that are referred to within
these documents can be found at the ISASecure Program site
[http://www.isasecure.org/Certification-Program/ISASecure-Program-Description.aspx].
How to Apply for ISASecure EDSA Chartered Laboratory
Status
An ISASecure EDSA chartered laboratory is a third-party
organization accredited in accordance with ISO/IEC Guide 65 and
ISO/IEC 17025 to evaluate embedded devices according to the
ISASecure EDSA conformance scheme and grant ISASecure EDSA
certifications on behalf of ISCI.
Document EDSA-200
[http://www.isasecure.org/PDFs/EDSA-200-Chartered-Lab-Ops-and-Accred(v1_2).aspx]
provides a description of requirements for accreditation and
operation of a chartered laboratory.
You must complete two separate application forms; one of which
will be processed by ANSI for ISO/IEC accreditation and the second
by ASCI. The ASCI application is a combined application and
contract, including fees for processing the application.
ASCI Fees for Accredited Labs
ASCI initial accreditation application fee: $5,000
ASCI annual accreditation maintenance fee: $3,000
If after reviewing EDSA-200, you believe that your organization
meets the minimum requirements for accreditation as described in
EDSA-200, do the following:
- Apply for ISO/IEC Guide 65 and ISO/IEC 17025 accreditation
through ANSI and ACLASS (operating cooperatively) according to
instructions on the ANSI website at www.ansi.org/isasecure. Additional Guide
65 accreditation instructions are on the "How to Apply" link on the
left menu of the page.
- Complete and sign the application form/contract EDSA-202
[http://www.isasecure.org/PDFs/EDSA-202-Chartered-lab-application-and-contract(v1.aspx]
and submit the completed form and ASCI processing fee payable to
ASCI to: Andre Ristaino, Managing Director, ASCI, 67 Alexander
Drive, Research Triangle Park, NC27709, 919-990-9222, aristaino@isa.org.
- ANSI and ACLASS will cooperatively process your application for
Guide 65 and ISO/IEC 17025 accreditation in accordance with
EDSA-200. You will be contacted by an ANSI-ACLASS assessor who will
schedule site visits and provide logistical details of the
application process. The assessor will conduct a preliminary
assessment and forward the results to ASCI. If your organization
meets the EDSA-200 requirements for provisional lab status, ASCI
will execute the required agreements, described in step 4,
authorizing your organization to conduct ISASecure EDSA
certifications.
- ISCI will counter-sign the application form/contract EDSA-202
if results from the preliminary visit to the laboratory by
ANSI/ACLASS meet the provisional status requirements
listed in EDSA-200. After this contract is signed by both
parties, the organization may begin operating as a chartered
laboratory and process supplier applications for the ISASecure EDSA
certification.
For more information on ISASecure accrediation, contact Roger Muse, 877-344-3044, ext.
202.