DEKRA awards first cyber security certification for connected lighting development process to Signify

May 07, 2020 Digital & Product Solutions

Arnhem, May 7 2020 – International expert organization DEKRA has awarded Signify, the world leader in lighting, the security certification for its development process (IEC62443-4-1) as the first connected lighting company. This certification confirms that Signify’s development of connected lighting systems is based on a secure process.

IEC62443 is the leading security standard not only for industrial automation, but for healthcare and industry 4.0 applications as well. In 2017 DEKRA was recognized as the first European organization to perform assessments and issue certificates against IEC62443. With the IEC62443 series of standards for product development and the integration of connected devices, organizations can show that their processes, products, and solutions comply with the strict fundamental security requirements.
Signify meets all requirements set out in the standard by rigorously following its Signify Security Development Lifecycle (SDL) in all internal and external development activities. Major components of the SDL are a security risk analysis and threat modeling, code analysis and review verification and validation testing, and most importantly vulnerability management.

Connected lighting systems are core to our business and our security processes are built on a strong foundation of industry standards, governance, and procedures. We’re delighted that our dedication to security across all our products, systems, and services, is now officially certified by DEKRA,” said Harshavardhan Chitale, Business Group Leader Professional at Signify.

Within the IEC62443-4-1 (process) certification a threat analysis based on the use case scenario is a fundamental requirement. The organization also needs to show that a product development process is in place to ensure identified security requirements are implemented, verified, tested, and documented with traceability. In addition, device manufacturers must respond appropriately to newly discovered security vulnerabilities and publish security updates in a reliable manner.

DEKRA evaluated Signify’s development process on the IEC 62443-4-1 fundamental security requirements. “We are proud to award the IECEE CB and DEKRA SEAL certification to Signify. As global partner for a safe and connected world, we know that security is key in today’s world. The IEC 62443 standards are the perfect tools to ensure safety and security at work, at home and on the road,” said Bram Holtus, Managing Director of DEKRA Certification B.V.

When people use technology, safety and security are two of the key challenges. In times of the Internet of Things, cyber security has become indispensable, irrespective of the market and the company size, and is an essential part of both safety testing and connectivity testing. Today, almost everything is connected to the internet or to local networks. Securing these products is vital in order to safeguard consumers and critical infrastructures alike.