Cyber Security for OT / IACS

Independent consultancy services in the areas of Operational Technology related Industrial Control Systems Cyber Security

Services Overview

Interconnection between Functional Safety and Cyber Security

Cyber Security in Operational Technology (OT)/Industrial Automation & Control System (IACS) has a lot of differentiators versus Information Technology (IT) systems, technologies (real time) and dedicated controllers. OT/IACS need different approaches and solutions. For this reason, we have to comply with the dedicated ISA/IEC 62443 series in addition to the ISO 27001 standard.


Cyber Security is a vast subject that involves Humans & Technologies “People at the Heart of Digital”

There are a lot of similarities and interactions between Functional Safety and Cyber Security for Industrial Control Systems (IACS), our clients have been looking for this since the end of 90’s.

In the 2020’s, cyber threats/vulnerabilities shifted into cybercrime, rather than simply denied of services. This requires much more effort in the company’s organisation.

Resulting in:

  • Cyber-attacks can have an impact on manufacturing plant safety risks (human, assets and the environment) and must be considered in functional safety studies,
  • Modification of the mandatory safety requirements of IEC 61511 2nd Edition 2016 – clause 8.2.4 is ensuring that a Security Risk Assessment (or also called Cyber Security Risk Assessment) is carried out to identify security vulnerabilities of Safety Instrumented Systems (SIS),
  • Evolution of ISO 27001 standard,
  • New ISA/IEC 62443 (Formerly ISA-99) series.

As an independent consultancy services company, eXcelsior Safety can provide services in the following areas of Operational Technology related Industrial Control & Safety System (ICSS) Cyber Security – ISA/IEC 62443 / ISO 27001 series.

Our Services

Security Risk Analysis (SRA)

Qualitative hazard and risk analysis in support of IEC 61511 - Clause 8.2.4 and ISA/IEC 62443 requirements.

Assets Inventory and Cartography

Collect data of the network elements and establish a schematic overview for a synthetic vision of the localised or distributed installations.

Security Program Analysis (SPA)

Qualitative analysis of Security Level (SL) and Maturity Level (ML) to evaluate the Security Program (SP) of asset owners.

Cyber Security Requirement Specification (CRS)

Development or evaluations of Cyber Security Requirements Specification for provision of IACS.

Security Level Capability Assessment

Qualitative assessment at control system level in aid of ISA/IEC 62443 foundational requirements (FRs) to asset ICS compliance.

Design, Engineering and Validation Test Support

Design and Engineering consultancy for the Industrial Automation and Control Systems (IACS) from design to validation test phase in accordance with ISA/IEC 62443 requirements.

Cyber Security Lifecycle and Management

Cyber Safety Lifecycle and Management is key to demonstrate how Cyber Safety is to be implemeneted and achieved.

Cyber-Attack Recovery & Operational Continuity Solutions

With the exponentially increase in cyber-attack rates on critical assets, breaches have become unavoidable. Downtime results in significant economic loss, damage to corporate reputation, and risk to human lives. Cyber response measures have become a must.
Met ISA/IEC 62443 requirements.