What It Is

IEC 62443 is the ISA/IEC series of international standards for securing Industrial Automation and Control Systems (IACS). It provides a comprehensive, risk-based framework spanning governance, system design, and component security tailored to OT environments with unique constraints like availability and long lifecycles.

Key Components

• Four groupings: General (-1), Policies (-2), System (-3), Components (-4).
• Seven Foundational Requirements (FR1-7) like authentication, integrity, and availability.
• Zones/conduits model for segmentation; SL 0-4 with SL-T (target), SL-C (capability), SL-A (achieved).
• ISASecure modular certifications: SDLA (4-1), CSA (4-2), SSA (3-3).

Why Organizations Use It

• Mitigates OT cyber risks impacting safety/production.
• Enables supplier qualification, procurement specs, insurance benefits.
• Builds stakeholder trust via certifications; horizontal standard for cross-sector compliance.
• Supports modernization (IIoT/cloud) with defense-in-depth.

Implementation Overview

Phased: CSMS governance (2-1), risk assessment/zoning (3-2), controls (3-3/4-2), certification. Applies to asset owners/integrators/suppliers in critical infrastructure; multi-year program with audits.

What It Is

Basel III is the global regulatory framework issued by the Basel Committee on Banking Supervision (BCBS) post-2007-09 financial crisis. It strengthens bank prudential standards through risk-based capital, leverage constraints, and liquidity requirements, addressing weaknesses in capital quality, leverage, and funding.

Key Components

• **Three pillarsMinimum capital requirements (Pillar 1: CET1 4.5%, Tier 1 6%, Total 8% plus buffers), supervisory review (Pillar 2: ICAAP), market discipline (Pillar 3: disclosures).
• Leverage ratio (3% Tier 1 over exposure), LCR (100% HQLA for 30-day stress), NSFR (stable funding over 1-year).
• Built on risk sensitivity balanced with simplicity; output floor limits internal models.

Why Organizations Use It

Banks adopt for regulatory compliance (national laws mandate), enhanced resilience against shocks, reduced systemic risk via G-SIB buffers. Improves comparability, curbs arbitrage; builds stakeholder trust, optimizes balance sheets strategically.

Implementation Overview

Phased enterprise transformation: governance setup, gap analysis, data/system builds, testing, ongoing monitoring. Applies to internationally active banks globally; no certification but supervisory audits, Pillar 3 reporting.