Exor International has been certified to IEC 62443-4-1:2018 for its Secure Development Lifecycle (SDL), achieving Maturity Level 2 (ML2). The assessment was performed by TÜV Italia, which issued certificate TUV IT 25 CYB A 005 to Exor International S.p.A., San Giovanni Lupatoto (VR), Italy.
In practical terms, this confirms a managed, repeatable process that applies consistent security practices to every product we develop.
What 62443-4-1 covers?
IEC 62443-4-1 certifies that an organization follows secure development lifecycle practices for industrial automation and control systems—embedding cybersecurity from design through decommissioning rather than adding it later. In our case, the scope covers Exor’s SDL as defined in CPRO 6.0 (rev. 1.1) and confirms ML2 across all practice areas (security management, requirements & threat modeling, secure design/implementation, verification & validation, defect and update management, and security guidance).
Why 62443-4-1 matters for customers and partners?
The certification provides independent confirmation that Exor applies repeatable, measured security practices across the product lifecycle—how requirements are defined, implemented, tested, and maintained over time (including patch delivery and vulnerability handling). This supports security by design and consistent risk reduction in industrial automation projects.
Two concrete benefits:
- Independent assurance. You don’t have to take our word for it: TÜV Italia has verified our SDL end to end. That gives procurement and security teams third-party evidence when assessing suppliers, clear, traceable proof rather than vendor claims.
- Streamlined compliance. When you face NIS2 risk assessments or ISO/IEC 27001 audits, this certificate serves as ready-made proof that your supplier follows a certified secure development process. It shortens questionnaires, reduces the documentation you need to assemble, and helps closing reviews faster.
What’s next?
This certification is the foundation of our security strategy, a step forward in a long-term journey. Our commitment is to embed security into architecture and process, so resilience is sustained from requirements to updates, release after release. We are continuing on this path as we work towards too IEC 62443-4-2 certification for our newer generation of hardware.
Disclaimer - Certification details
- Standard: IEC 62443-4-1:2018
- Certificate No.: TUV IT 25 CYB A 005
- Certification body: TÜV Italia (Industrie Service Division)
- Scope: Exor International Secure Development Lifecycle (CPRO 6.0, rev. 1.1)
- Maturity Level: ML2
- Issue date / Valid until: 31 July 2025 / 30 July 2028
For the full scope, annexes, and validity conditions, see the certificate here.
