A control system upgrade referenced IEC 62443 requirements, but the project team needed a clearer method for defining scope, security zones, target security levels, and compliance evidence.
Fictionalised example
Case Study: IEC 62443 Gap Review for Control System Upgrade
Example scenario showing how high-level IEC 62443 requirements can be translated into project evidence and verification activities.
Example scenarioIEC 62443Project assurance
Placeholder
Client type
Examples on this website are fictionalised or anonymised to show typical problem types without identifying real clients, real sites, real drawings, or real project details.
Regulated industrial operator
Challenge
Assessment and response
Risks identified
- unclear system under consideration
- inconsistent supplier requirement interpretation
- weak traceability from requirements to verification
- late uncertainty before acceptance testing
Meridian approach
- defined the system under consideration
- mapped zones, conduits, and external interfaces
- created a compliance matrix
- identified verification evidence for design, configuration, and testing
Deliverables
- IEC 62443 gap review
- SuC definition
- zones and conduits model
- requirements traceability matrix
- verification plan
Outcome
The project team received a structured method for demonstrating cybersecurity alignment during design review, supplier close-out, and acceptance activities.
Related service and resource pages
Continue through related service, problem and resource pages for the same OT cybersecurity topic.
Need a practical view of your OT cybersecurity risk?
Book a technical discovery call to discuss the control system, project stage, documentation gap, or assurance requirement without exposing sensitive site or client details.