Press release

IECEE approves Bureau Veritas Taiwan as a Qualified IEC 62443 CB Testing Laboratory (CBTL) for Cybersecurity Assessment

Apr. 7 2021

Bureau Veritas, a leading Testing, Inspection and Certification provider has announced that its Taiwan laboratory is approved as a qualified IEC 62443 CB Testing Laboratory (CBTL) for Cybersecurity Assessment effective 22 March 2021.

IEC 62443 is currently the most accepted standard for industrial automation. Today, it has been adopted by many sectors such as railway, industrial products, automotive, smart building, smart city, energy, utilities, etc. With IEC’s credibility, this standard will become one of the most critical information security standards in non-consumer fields, such as industrial control, transportation, and medical treatment. IEC 62443 describes detailed specifications in addition to the general rules of IEC 62443-1, various sub-specifications are further defined. The industry can build an information security framework based on the specifications to create a more secure OT system.

Pascal LE-RAY, the General Manager of Bureau Veritas Taiwan's Technology Lab., pointed out that IEC 62443 is very important to the Taiwan industry as Taiwanese companies have always been export-oriented, hence, their products must meet the requirements of overseas clients. In recent years, incidents of OT cyberattacks have been rising. Therefore, global industry players have been paying more and more attention to information security. Under this situation, Taiwanese manufacturers must first obtain certification for their products before grasping the corresponding business opportunities in smart manufacturing.

Bureau Veritas is proposing a global solution to help its customer to achieve IEC 62443 certification to demonstrate clients’ cybersecurity compliance. This solution includes first a risk analysis identifying the elements to be protected and the appropriate level of protection. Then Bureau Veritas will guide its customers to implement good practices such as security governance, risk mapping and security systems, planned maintenance, detection tools and in-depth defense mechanisms.