top of page

Leveraging Compliance Gap Analysis for ISA/IEC 62443-4-1 Certification: Riello UPS



Overview 


Riello Elettronica, founded in 1986 by Mr. Pierantonio Riello, has a presence today in the Electrical manufacturing industry with two divisions: Energy, Automation and Security. It is a leader in the Uninterruptible Power Supply market with the well-known brand Riello UPS.

Energy represents the Group’s core business, in particular with the manufacture of UPS.

Riello UPS designs and produces strategical solutions for every kind of requirement and make a bespoke offering according to the clients’ needs: from banks to the hospitals, transport to infrastructures, from domestic use to data centres.


With two excellent research centres located in Legnago (Verona) and Cormano (Milano) dedicated to the development and testing of UPS, Riello UPS always looks to improve product performance by continuously innovating, so much so that today Riello UPS has 32 lines of UPS products for energy management based on a broad range of technological architectures. www.riello-ups.com


Business Challenge


As part of its ongoing commitment to product innovation and cybersecurity, Riello UPS wanted to secure ISA/IEC 62443-4-1 and ISA/IEC 62443-4-2 certifications for its network communication product, NetMan 208. These certifications are key to meeting cybersecurity requirements in the industrial and medical sectors, ensuring that Riello UPS products meet the highest security standards.


The ISA/IEC 62443 standards define stringent security benchmarks for Industrial Automation and Control Systems (IACS), setting best practices for maintaining secure operations across various sectors. These standards are widely recognized for their holistic approach to cybersecurity, addressing the intersection of Operational Technology (OT) and Information Technology (IT), and aligning process safety with robust cybersecurity measures.


Although awareness of these standards has grown significantly in recent years, their complexity can be a barrier to adoption. For organizations like Riello UPS, understanding how to navigate these requirements is essential for maintaining compliance and ensuring the highest levels of security across their product lines.



Caption: "NetMan 208 - Interface for remote UPS management
NetMan 208 - Interface for remote UPS management"


The Solution


To meet these certification requirements, Riello UPS partnered with Security Pattern for a comprehensive compliance gap analysis, followed by DEKRA for the final certification. This structured approach helped Riello UPS to successfully achieve ISA/IEC 62443-4-1 certification within six months—a critical milestone in securing product safety and performance.

The compliance gap analysis undertaken by Security Pattern provided Riello UPS with the following key benefits:

 

●      Understanding Compliance Requirements: The initial phase involved in-depth analysis of the ISA/IEC 62443-4-1 and ISA/IEC 62443-4-2 standards. This allowed Riello UPS to fully comprehend the specific security requirements and their impact on the company’s production processes and the NetMan 208 product.

 

●      Gap Identification: Security Pattern identified areas where Riello UPS’s existing controls and processes fell short of regulatory and certification requirements, highlighting specific areas for improvement.

 

●      Action Plan Development: Security Pattern developed a clear, prioritized action plan based on the gap analysis. This plan provided concrete steps to align Riello UPS's processes and product development with the necessary cybersecurity standards.

 

●      Final Certification: DEKRA has confirmed that Riello UPS has successfully addressed the compliance gaps identified in the secure development of products. Through the certification process, Riello UPS has demonstrated adherence to the ISA/IEC 62443-4-1 standard, which establishes foundational requirements for the secure development of products in sectors such as industrial automation and healthcare.



Results and Impact


By obtaining the ISA/IEC 62443-4-1 certification, Riello UPS has strengthened its competitive position in the following markets:


● Critical Power Sector: Compliance with ISA/IEC 62443 cybersecurity standards is critical for companies operating in any critical power application (Data Centre, Industry, Transport) sector, where the secure operation of control systems is paramount.

● Medical Sector: Compliance with ISA/IEC 62443 implies alignment with the medical standard IEC 81001-5-11 which governs the safety, effectiveness, and security of health software and IT systems. This enables Riello UPS to meet the healthcare industry's expected cybersecurity posture.


These certifications enhance product security and open new business opportunities by meeting the rigorous demands of highly regulated markets.

 

Conclusion


Through the strategic use of compliance gap analysis, Riello UPS has successfully achieved industry-leading cybersecurity certifications, demonstrating its commitment to innovation, security, and regulatory compliance. This process has not only improved the security posture of its NetMan 208 product but also positioned Riello UPS as a trusted provider of secure, high-performance UPS solutions in the global marketplace.

The certification process, supported by the collaboration with Security Pattern and DEKRA, highlights the critical need to understand and comply with regulatory requirements in today's complex cybersecurity environment. Riello UPS's achievement of ISA/IEC 62443-4-1 certification serves as a reference point for companies seeking to strengthen product security and meet global market standards.


____


About Security Pattern

We help creators of smart and connected devices to design, implement, and operate their systems with a sustainable security level.

We strongly believe that security is a combination of hardware, software and procedures. Thanks to our proven knowledge in the field of cryptography, security, and embedded systems, we can facilitate the protection of smart and connected devices for medical, industrial, automotive, and consumer electronics.

We support device manufacturers in reaching their security and business targets by offering state-of-the-art consultancy, products, and training.  www.securitypattern.com 

 

About DEKRA

DEKRA was originally founded in 1925 to ensure road safety through vehicle inspection. With a much wider scope today, DEKRA is the world’s largest independent non-listed expert organization in the testing, inspection, and certification sector. As a global provider of comprehensive services and solutions, we help our customers improve their safety, security, and sustainability outcomes. In 2023, DEKRA generated revenue of EUR 4.1 billion. The company currently employs around 49,000 people who offer qualified and independent expert services in approximately 60 countries on five continents. With a platinum rating from EcoVadis, DEKRA is now in the top one percent of sustainable businesses ranked. www.dekra.com

 






Comments


Commenting has been turned off.
bottom of page