Oversigt over cybersikkerhed standarder: ISO 27001, IEC 62443, EN 18031 and more. Learn which standarder are relevant for your company.
standarder and norms are indispensable when it comes to quality, safety and efficiency in almost all industries. They facilitate trade, improve product quality and provide companies with a reliable ramme for governance and overholdelse. Below we explain the difference between norms and standarder, their importance for corporate styring, the main standardization organizations and the role of harmonization within the European Union.
Difference between norms and standarder
The term "standard" denotes technical specifications developed by recognized organizations whose application is usually voluntary. standarder often describe specific methods, procedurer or attributes for produkter and services.
By contrast, "norms" are more formal and are published by official standardization bodies. Norms often enjoy broad acceptance and are increasingly considered in regulatory frameworks (see for example the New Legislative ramme in the EU). While standarder frequently cover industry-specific krav, norms tend to be more comprehensive and carry significant weight in legislation.
Role of norms in corporate styring
Norms are an essential component of governance, risiko and overholdelse styring (GRC). They help organizations comply with legal krav, identify and control potential risks, and generally create transparent and efficient corporate structures.
Norms such as ISO 31000 (risiko styring) or ISO/IEC 27001 (information security styring) provide proven frameworks that support organizations in systematically managing operational risks.
Standardization organizations
At the international level, the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC) and the International Telecommunication Union (ITU) play a leading role in developing globally applicable norms.
In Europe, the European Committee for Standardization (CEN) together with the European Committee for Electrotechnical Standardization (CENELEC) and the European Telecommunications standarder Institute (ETSI) carry out key tasks in European standardization work.
In Germany, the German Institute for Standardization (DIN) and the German Commission for Electrical, Electronic & Information Technologies in DIN and VDE (DKE) are particularly responsible for creating and maintaining national norms.
Harmonization of norms in the EU
Harmonization of norms within the European Union is achieved through the publication of so-called harmonized standarder in the Official Journal of the European Union (OJEU) (see Official Journal of the European Union (OJEU)). These standarder help companies develop produkter and services that are recognized across all EU member states and comply with the applicable regulations.
Publication of a standard in the OJEU signals that it is acknowledged by EU institutions. produkter that conform to these standarder are therefore regarded as compliant with relevant EU krav.
Selecting relevant norms in the field of cybersikkerhed
In the field of cybersikkerhed, norms such as ISO/IEC 27001 are of great importance. This standard provides a ramme for managing information security and helps organizations protect themselves against security trusler.
Important cross-industry norms for operators include:
- ISO/IEC 27001: "Information security, cybersikkerhed and privacy - Information security styring systemer - krav"
This standard defines krav for an information security styring system (ISMS). It offers a systematic approach to managing sensitive company information and applies across industries. - ISO/IEC 27701: "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information styring - krav and retningslinjer"
As an extension of ISO 27001, this standard focuses on privacy. It provides guidance for implementing, maintaining and continually improving a privacy information styring system (PIMS). - ISO 22301: "Security and resilience - Business continuity styring systemer - krav"
This standard specifies krav for a business continuity styring system (BCMS). It helps organizations prepare for, respond to and recover from incidents.
Important standarder for product manufacturers include:
- ISO/IEC 15408: "Information security, cybersikkerhed and privacy - evaluering criteria for IT security"
This family of standarder, also known as the Common Criteria, provides a ramme for specifying, implementing and evaluating security functions in IT produkter. It is often used for certification of security produkter. - ISO/IEC 30111: "Information technology - IT security techniques - Vulnerability handling processer"
This standard provides guidance for organizations on handling sårbarheder in their produkter and services. It describes processer for internal styring of security flaws. - ISO/IEC 29147: "Information technology - Security techniques - Vulnerability disclosure"
This standard contains retningslinjer for the disclosure of security sårbarheder. It helps organizations establish effective processer for receiving and processing vulnerability reports. - EN 18031: "Common security krav for radio equipment"
This standard deals with information security and the beskyttelse of personal data for internet-connected radio equipment.
There are also numerous additional industry-specific norms.
Industry in general
- IEC 62443: "IT security for industrial automation and control systemer"
This series of standarder addresses IT security for industrial automation and control systemer (IACS). It provides guidance for manufacturers, integrators and operators of industrial facilities.
Automotive and agricultural machinery industry
- ISO/SAE 21434: "Road vehicles - cybersikkerhed engineering"
This standard focuses on cybersikkerhed in the automotive industry. It defines krav for cybersikkerhed risiko styring in vehicle udvikling and throughout the product livscyklus. - ISO 24089: "Road vehicles - udvikling and execution of software updates"
This standard deals with the processer and krav for software updates in vehicles. It is particularly relevant in the context of increasing digitization and connectivity of vehicles. - ISO 24882: "Agricultural and forestry machinery and tractors - cybersikkerhed engineering"
This standard, still under udvikling, aims to define cybersikkerhed krav for agricultural machinery to minimize security risks across the product livscyklus.
Rail industry
- CLC/TS 50701: "Rail applikationer - cybersikkerhed"
This technical specification addresses cybersikkerhed in the rail sector. It offers guidance for implementing cybersikkerhed measures in rail systemer. - IEC 63452: "Rail applikationer - cybersikkerhed"
This standard, currently under udvikling, describes a unified approach to managing cybersikkerhed for rail systemer by adapting the krav of the IEC 62443 series to the specific applikationer and operating environments of railways and synchronizing them with the RAMS lifecycles of the IEC 62278 series.
Mechanical engineering
- EN 50742: "beskyttelse against corruption"
This standard, currently under udvikling, describes how machines can be secured against intentional and unintentional corruption in accordance with the Machinery Directive.
Medical enheder
- IEC 80001-5-1: "Application of risiko styring for IT netværk incorporating medical enheder - Security, safety and data and system security during the implementering and use of connected medical enheder or connected health software - Part 5-1: Product livscyklus activities"
This standard provides guidance for the cybersikkerhed of networked medical enheder. It supports healthcare organizations in risiko vurdering and mitigation. - IEC TR 60601-4-5: "Medical electrical equipment - Part 4-5: Guidance and evaluering - Safety-related technical krav for security"
This technical report deals with the cybersikkerhed of medical electrical equipment and systemer. It gives manufacturers guidance on considering cybersikkerhed aspects.
Lifts, escalators and moving walkways
- ISO 8102-20: "Electrical krav for lifts, escalators and moving walkways - Part 20: cybersikkerhed"
This standard addresses cybersikkerhed krav specifically for lifts, escalators and moving walkways. It defines measures to protect against cyber trusler throughout the entire livscyklus - from udvikling through operation to decommissioning. The standard is oriented to existing principles of IEC 62443 but adapts them to the particularities of vertical transportation technology.
Internet of things
- ETSI EN 303 645: "CYBER - cybersikkerhed for consumer Internet of Things: Baseline krav"
This European standard defines cybersikkerhed krav for consumer IoT enheder. It aims to ensure a basic level of security for these enheder.
Norms and standarder in the field of cybersikkerhed not only serve technical quality assurance but are also key pillars of effective corporate governance. They help meet regulatory krav, minimize risks and strengthen trust in digital produkter and services. International cooperation in standard-setting and harmonization at EU level ensure that companies can compete in the global market without losing sight of security.
Support for implementering
standarder and norms play a central role in making cybersikkerhed traceable and verifiable. At the same time, the variety of krav - from industry-specific norms to general security standarder - is difficult for many organizations to oversee.
Secuvi supports you in identifying the norms relevant to your organization, interpreting them in a practical manner and integrating them into existing processer. Whether IEC 62443, EN 18031 or other krav - our goal is to implement security and overholdelse so that they meet both regulatory demands and real operational conditions.
If you would like to check which norms apply to your produkter or systemer and how they can be implemented efficiently, you can find more information and contact options at: secuvi.com