Contents

What's in the package?

A curated set of 70+ documents covering the full scope of IEC 62443 — policies, procedures, registers and records, grouped into four implementation packs. Plus an Excel self-assessment for your SRs and FRs.

59+

Documents

Implementation packs

59+

Word templates

Excel self-assessment

Word

Policies, procedures, registers & records

All in .docx, with a consistent structure, headings and placeholders. Replace [organisation], [site], [zone] and [owner] and you're off.

Excel

Self-assessment for SRs & FRs

Score per System Requirement from IEC 62443-3-3, automatic heatmap per Foundational Requirement, gap analysis and SL determination. One file to track your progress.

The toolkit uses a consistent naming convention. Each abbreviation refers to a document type:

POL— PolicyPRO— ProcedureREG— RegisterTPL— TemplatePLN— PlanREC— RecordAUD— AuditMGT— Mgmt reviewMAN— ManualMAT— MatrixSOA— SoAOBJ— ObjectivesCTX— ContextGDE— GuideMAP— Map

Pack 1

CSMS Governance & System Foundation

Scope, governance, policies, roles and the core registers of the management system.

16 documents

Use first.

POL· 3PRO· 1REG· 4TPL· 1PLN· 1REC· 1MAN· 1OBJ· 1CTX· 1GDE· 1MAP· 1

RGI-CSMS-GDE-00Guide

Master Index & Customer User Guide

IEC ref: All clauses

RGI-CSMS-MAN-01Manual

CSMS Manual & Process Map

IEC ref: 62443-2-1: 4–7

RGI-CSMS-MAP-01Map

IEC 62443 Coverage Map

IEC ref: 62443-2-1; 3-3

RGI-CSMS-CTX-01Context

CSMS Context & Scope Statement

IEC ref: 4.1; 4.3

RGI-CSMS-POL-01Policy

OT Cyber Security Policy

IEC ref: 4.3.2

RGI-CSMS-POL-06Policy

Data Confidentiality Policy

IEC ref: FR4

RGI-CSMS-POL-07Policy

Identification & Access Policy

IEC ref: FR1; FR2

RGI-CSMS-OBJ-01Objectives

OT Security Objectives & KPI Tracker

IEC ref: 4.3.4

RGI-CSMS-TPL-02Template

Roles & Responsibilities (RACI)

IEC ref: 4.3.2.3

RGI-CSMS-REG-01Register

Stakeholders & Requirements Register

IEC ref: 4.2

RGI-CSMS-REG-02Register

Legal & Regulatory Obligations Register (incl. NIS2)

IEC ref: 4.2; 4.4

RGI-CSMS-REG-03Register

Document Register & Retention Periods

IEC ref: 4.4

RGI-CSMS-REG-04Register

IACS Asset Inventory

IEC ref: 4.2.3

RGI-CSMS-PRO-01Procedure

Documented Information Control Procedure

IEC ref: 4.4

RGI-CSMS-PLN-01Plan

CSMS Communication Plan

IEC ref: 4.3.2.5

RGI-CSMS-REC-09Record

Policy Review Record

IEC ref: 4.4.3.7

Pack 2

Risk, Zones & Conduits, Applicability

Risk criteria, ZCR 2-7 partitioning, SL-T assignment and Statement of Applicability.

9 documents

After scope + asset inventory.

POL· 1PRO· 1REG· 1TPL· 5SOA· 1

RGI-CSMS-PRO-03Procedure

Cyber Security Risk Assessment Procedure

IEC ref: 62443-3-2 ZCR 1–7

RGI-CSMS-TPL-22Template

Initial High-Level Risk Assessment

IEC ref: ZCR 2

RGI-CSMS-TPL-04Template

Zone & Conduit Definition

IEC ref: ZCR 3; 7

RGI-CSMS-TPL-23Template

Detailed Risk Assessment per Zone

IEC ref: ZCR 5

RGI-CSMS-TPL-05Template

SL-T Determination per Zone

IEC ref: ZCR 4–6

RGI-CSMS-REG-06Register

OT Risk Register

IEC ref: 4.2.3

RGI-CSMS-SOA-01SoA

Statement of Applicability (SR & RE)

IEC ref: 62443-2-1; 3-3

RGI-CSMS-POL-02Policy

Network Segmentation & Zoning Policy

IEC ref: FR5

RGI-CSMS-TPL-08Template

Conduit Specification

IEC ref: FR5

Pack 3

IACS Lifecycle, Patching & Operational Controls

Change, patch, FAT/SAT, hardening, monitoring, removable media.

15 documents

For each IACS project.

POL· 2PRO· 4REG· 1TPL· 5PLN· 2REC· 1

RGI-CSMS-PRO-06Procedure

Change Management Procedure (IACS)

IEC ref: FR3

RGI-CSMS-PRO-13Procedure

Patch & Vulnerability Management Procedure

IEC ref: FR3

RGI-CSMS-PRO-14Procedure

Backup & Recovery Procedure

IEC ref: FR7

RGI-CSMS-PRO-15Procedure

Removable Media & Mobile Device Procedure

IEC ref: FR3; FR5

RGI-CSMS-PLN-03Plan

FAT / SAT Plan

IEC ref: 62443-4-1

RGI-CSMS-REC-03Record

FAT / SAT Test Report

IEC ref: FR7

RGI-CSMS-PLN-05Plan

OT Monitoring & Logging Plan

IEC ref: FR6

RGI-CSMS-TPL-06Template

Identification & Authentication Specification

IEC ref: FR1

RGI-CSMS-TPL-12Template

Access Control & Account Management

IEC ref: FR1; FR2; FR4

RGI-CSMS-TPL-14Template

System Hardening Baseline

IEC ref: FR3

RGI-CSMS-TPL-15Template

Anti-malware Configuration Standard

IEC ref: FR3

RGI-CSMS-TPL-16Template

System Integrity Verification Procedure

IEC ref: FR3

RGI-CSMS-REG-18Register

OT Patch Register

IEC ref: FR3

RGI-CSMS-POL-03Policy

Remote Access Policy (OT)

IEC ref: FR1; FR5

RGI-CSMS-POL-05Policy

Removable Media Policy

IEC ref: FR3

Pack 4

Assurance, Suppliers & Continual Improvement

62443-2-4 supplier, incident response, audit, management review and CAPA.

19 documents

To operate and improve.

PRO· 3REG· 5TPL· 2PLN· 1REC· 2AUD· 4MGT· 1MAT· 1

RGI-CSMS-PRO-08Procedure

Supplier / Integrator Evaluation Procedure

IEC ref: 62443-2-4

RGI-CSMS-TPL-19Template

OT Vendor Questionnaire & Evaluation

IEC ref: 62443-2-4; 4-1

RGI-CSMS-MAT-02Matrix

Supplier / Integrator Responsibility Matrix

IEC ref: 62443-2-4

RGI-CSMS-REG-09Register

OT Supplier Register

IEC ref: 62443-2-4

RGI-CSMS-PRO-09Procedure

OT Cyber Incident Response Procedure

IEC ref: FR6

RGI-CSMS-PLN-07Plan

NIS2 Notification Plan

IEC ref: NIS2 Art. 23

RGI-CSMS-REG-11Register

OT Cyber Incident Register

IEC ref: FR6

RGI-CSMS-REC-07Record

Post-Incident Review Report

IEC ref: FR6

RGI-CSMS-TPL-21Template

Competence Matrix & Training Plan

IEC ref: 4.3.2.4

RGI-CSMS-REC-08Record

Training & Awareness Record

IEC ref: 4.3.2.4

RGI-CSMS-AUD-01Audit

Internal Audit Programme

IEC ref: 4.4.3.4

RGI-CSMS-AUD-02Audit

Internal Audit Plan

IEC ref: 4.4.3.4

RGI-CSMS-AUD-03Audit

IEC 62443 Internal Audit Checklist

IEC ref: 62443-2-1; 3-3

RGI-CSMS-AUD-04Audit

Internal Audit Report

IEC ref: 4.4.3.4

RGI-CSMS-REG-13Register

Audit Findings Register

IEC ref: 4.4.3.4

RGI-CSMS-MGT-01Mgmt review

Management Review Agenda & Minutes

IEC ref: 4.4.3.7

RGI-CSMS-PRO-11Procedure

Nonconformity & Corrective Action Procedure

IEC ref: 4.4.3.6

RGI-CSMS-REG-16Register

CAPA Register

IEC ref: 4.4.3.6

RGI-CSMS-REG-17Register

Continual Improvement Register

IEC ref: 4.4.3.7

Ready to start using these documents?

One-time €199 — instantly downloadable.

Go to package