- Program Definition
- Training Course Requirements
- Examination Process
Why did ISA develop the ISA/IEC 62443 Cybersecurity Certificate Programs?
ISA has developed this program to increase knowledge and awareness of the ISA/IEC 62442 standards. The first certificate in the program is the ISA/IEC 62443 Cybersecurity Fundamentals Specialist. Other specialization certificates are also available in the areas of risk assessment, system design, and operations/maintenance.
The ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate program is designed for professionals involved in IT and control system security roles that need to develop a command of industrial cybersecurity terminology and understanding of the material embedded in the ISA/IEC 62443 standards.
Who can say they hold a certificate?
The ISA/IEC 62443 Cybersecurity certificates are awarded to those who successfully complete a designated training course and pass a 75-100 question multiple choice exam.
– top –
Training Course Requirements
Why are courses required for the ISA/IEC 62443 certificate program exam candidates?
Certificate programs are typically associated with mastery of specific course content and may or may not require work experience. The ISA/IEC 62443 certificate program was developed by ISA working with industry experts. The program(s) increase knowledge/awareness and application of the ISA/IEC 62443 standard through mastery of the course material and examination.
What if I already took the IC32 course?
If you took either course LESS THAN one year from the date you wish to take the exam, you do not have to retake the course and can register for the certificate exam. If you took either course MORE THAN one year from the date you wish to take the exam, you must retake the course in order to be eligible to sit for the certificate exam.
Will course participants receive CEUs for the courses taken?
Yes. The number of CEUs is determined by the number of instructional hours, and awarded upon successful completion of the course. Completing course post-tests and receiving CEUs for course completion are not connected to passing scores on one of the certificate exams.
What if a course is rescheduled by a candidate or ISA?
A candidate is not eligible to sit for the exam until he or she successfully completes the prerequisite course.
– top –
What paperwork must be completed to take one of the exams?
No application is required for the ISA/IEC 62443 Cybersecurity certificate exams.
What are the pre-requisites for the certificate program?
There are no required prerequisites for this program; however, it is highly recommended that applicants have:
- Three to five years of experience in the IT cybersecurity field with some experience in an industrial setting-with at least two years specifically in a process control engineering setting
- Some level of knowledge or exposure to the ISA/IEC 62443 standards
- More advanced courses have recommended coursework, in addition to experience, but it is not required. Certificate 1 attainment is required to go onto all other certificate levels.
What are the fees for the certificate program?
Fees for required courses can be found on the course registration page. The exam fee for an ISA/IEC 62443 certificate exam is €195. This fee includes one electronic exam.
Can an exam be rescheduled without incurring fees?
Applicants may reschedule an exam appointment during the six (6) month eligibility period by contacting Prometric at least 2 days (48 hours) prior to the scheduled exam time for Prometric locations in the United States/Canada and at least 5 days (120 hours) prior to the scheduled exam time for all other Prometric locations. No reschedule fee will apply.
What are the reschedule fees?
Candidates who do not appear for their scheduled exam appointment and do not give proper advance notice of intent to reschedule their exam will incur a fee of €150.
Can a candidate retest and what is the retest fee?
Applicants may retest within the six (6) month eligibility period for a fee of €150. If you are outside the six (6) month eligibility period, you must register again for the required course and exam and re-take both.
What if a candidate cannot make the scheduled appointment or is late for the appointment?
For candidates who fail to appear for a scheduled exam, or arrive more than 15 minutes after the scheduled start time, the € 150 reschedule fee will apply. The exam must be rescheduled within the candidate’s six (6) month eligibility period.
– top –
The ISA/IEC 62443 Cybersecurity Certificate Program exams are offered electronically through the Prometric global network of testing centers in early 2014. For testing center locations, visit www.prometric.com/isa. The exams are not offered the day after completing the required course.
How does one become eligible to take an ISA/IEC 62443 certificate exam?
Certificate program applicants must register for the required course and the exam, and successfully complete the required course.
How long is an applicant eligible to take an ISA/IEC 62443 certificate program exam?
The certificate exam and any retests must be taken within six (6) months of the last day of the certificate program course.
What if the required course is not completed?
If the applicant is still interested in pursuing the certificate, he/she must register for the course and exam again and re-take the course. Once the course is successfully completed, the candidate is eligible to sit for the exam.
What if a candidate does not pass the certificate exam?
If a candidate fails the exam, he/she may retest one time within the initial six (6) month eligibility window for a fee of €150. If an applicant does not pass the exam within the six (6) month window after the course and would like to receive the certificate, the applicant must register for the course and exam again and re-take both.
An ISA99/IEC 62443 certificate program exam must be taken within six (6) months of the last day of the certificate program required course. If a candidate fails the exam, he/she may retest one (1) time within the six (6) month eligibility period. If a candidate does not pass the exam within the six (6) month window after the course and would like to receive the certificate, the applicant must register for the course and exam again and re-take both.
Once the computer-based exam is available, applicants who sucessfully complete the program requirements will receive an email with an eligibility code to use to schedule their exam through Prometric. In this case, you would go to www.prometric.com/isa to review locations and schedule an appointment.
Once scheduled, how is an exam confirmed?
Exam appointments are confirmed by Prometric via email. ISA does not provide candidate email addresses to Prometric-the candidate provides the email address they wish to receive the exam confirmation.
What if an exam confirmation is not received from Prometric?
Contact Prometric Candidate Care at 800-853-6769 and ask that it be emailed to you again. ISA cannot provide the confirmation for you.
Who should be contacted to reschedule an exam appointment?
Candidates must contact ISA if an exam appointment needs to be rescheduled. If the appointment is not cancelled at least 2 days in advance at Prometric locations in the United States/Canada or at least 5 days in advance at other Prometric locations, a reschedule form must be completed and sent to ISA with payment before the candidate eligibility can be re-set.
– top –
Once a candidate is eligible, how much time is available for testing?
The eligibility period to take a certificate exam is six (6) months from the date the course is completed. You must complete all testing within the six (6) month eligibility period, including any reschedules or retests. Candidates have two hours to complete the exam.
Are there testing windows for taking certificate exams?
There are no testing windows for taking any of the certificate exams. Testing center availability is set by each Prometric testing center in the Prometric network. Some Prometric testing centers offer evening and Saturday appointments.
When should a candidate arrive at the testing center?
Candidates should arrive at the testing center no later than 30 minutes prior to the scheduled exam time to sign-in and receive instruction. All examinations are given in a two hour time period.
What if the testing center cannot accommodate an exam appointment?
If technical difficulties or inclement weather cause the cancellation of an appointment or the closure of a Prometric testing center, Prometric will attempt to contact the candidate using the phone numbers provided to them by ISA. Last minute cancellation situations will be handled on a case-by-case basis, and ISA and Prometric will work together to reschedule the candidate as quickly as possible.
What should be brought to the testing center?
The Confirmation Letter from Prometric and a valid government issued photo ID with signature.
Are there any materials that are not allowed at the testing center?
All exams are closed book. No reference material will be allowed in the testing center. A location for personal items such as a pocket book, palmtop, mobile phone, or pager will be made available to you. Please note that storage space will be limited.
Will anything be provided to candidates at the testing center?
A whiteboard with marker will be provided when candidates check-in at the testing center, and a scientific calculator will be available as a hot button on the computer screen.
When are candidates notified of their certificate status?
Results are reported immediately at the testing center. If a candidate passes, a certificate will be mailed within thirty (30) days of the exam date. Failing candidates receive a diagnostic report of how they performed on the exam at the testing center.
What if the testing center does not provide the testing results?
If the testing center is unable to provide testing results, have the test center administrator complete a candidate incident report and then let ISA know by calling Customer Service at 0031 653 898 537.
– top –
Because the ISA/IEC 62443 Cybersecurity Certificate Programs are certificates and not certifications, you are not required to renew your ISA/IEC 62443 certificate(s); however, once obtained your certificate(s) will only be considered current for three (3) years. After your three-year expiration date, your certificate’s status will no longer be considered active and you will not be able to claim that you hold a current/active ISA/IEC 62443 certificate. Click here to learn more about extending the current status of your certificate(s).
– top –
Displaying Your ISA/IEC 62443 Certificate Program Credentials
How should I display my ISA/IEC 62443 certificate designation(s) on business cards, in signature blocks, etc.?
ISA recommends the following for displaying or noting your credentials:
- If you have achieved ISA/IEC 62443 Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist (ISA/CFS)
- If you have achieved ISA/IEC 62443 Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (ISA/CRS)
- If you have achieved ISA/IEC 62443 Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist (ISA/CDS)
- If you have achieved ISA/IEC 62443 Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist (ISA/CMS)
Because these are certificate programs and not certification programs, you should not list your ISA/IEC 62443 certificate designations directly after your name. On your business card (signature block, resume, etc.), you should display/include your ISA/IEC 62443 certificate designation in an area distinctly separate from your name and certificate/licensure/degree designations (e.g. CAP, PE, MBA, etc.). When possible, include “Certificate” or “Certificate Holder” after your ISA/IEC 62443 designation listing (e.g. ISA/IEC 62443 Cybersecurity Fundamentals Specialist Specialist Certificate Holder).