Cybersecurity in operational technology (OT) environments has evolved beyond secure product development and hardening. Resilience requires a “secure by operations approach”, which secures the full lifecycle of industrial OT systems—including how they are maintained while in operation.

Regarding this, Schneider Electric recently reached a major milestone for our Secure Power Services and Power Services lines of business, which represents approximately 90% of the company’s service representatives (SRs) and work orders. These services are now IEC-62443-2-4 certified. This industry standard, which is for security-related processes for industrial and automation control systems (IACS) service providers, is an achievement reflecting a multi-year transformation in how the company operates and protects our customers.

For Schneider Electric, this is not just a certification—it is an evolution in our services culture, processes, tools, and the daily work of thousands of service representatives worldwide. We are a company where safety has long been part of our DNA, especially when it comes to maintaining our customers’ OT operations. With IEC-62443-2-4, we have taken another step by embedding cybersecurity into that DNA.

This transformation is not about cybersecurity as a strategic statement—it is about turning it into an operational reality that is measurable, repeatable, auditable, and applied consistently across the world.

Why IEC-62443-2-4 matters—and how it differs from other IEC-62443 certifications

Schneider Electric has already achieved IEC-62443 certifications for secure development lifecycle (IEC-62443-4-1) as well as for IACS components (IEC-62442-4-2). In addition, the company is aligned with IEC-62443-3-3 for network and system security.

While these three certifications focus on technologies, IEC 62443-2-4 validates the people, processes, and operational discipline behind Schneider Electric’s secure services and how we perform maintenance consistently across the globe. Another major difference between the certifications is that while the above ones can be certified in a lab environment, the certification of services happens in a real-world environment, making it one of the most demanding certifications in the IEC-62443 series.

Schneider Electric worked with TÜV Rheinland, who evaluated the following during the process of certification:  

• Training and competency frameworks for thousands of employees
• Uniform application of standardized processes for secure maintenance actions
• Digital tools for preparing, executing, and documenting service activities
• Global governance and auditability across regions and business lines
• Preventive behaviors built into daily field operations

Evolving from a safety-driven culture to cyber-embedded operations

Every year, our services teams of thousands of service representatives perform over one million work orders. Now with the IEC-62443-2-4 certification, Schneider Electric has embedded cybersecurity into every aspect of our global service operations, ensuring consistent, formalized, and documented cybersecurity practices across vast operational environments.

To ensure readiness for the certification, the company developed the Secure Services Operations Procedure, which includes the following preventative approach to secure maintenance operations:

1. Upskilling of our global services workforce: All our service representatives received cybersecurity training aligned with IEC-62443-2-4 requirements.
2. Pre-site visit cybersecurity risk assessments: Before arriving onsite, service representatives evaluate the cybersecurity context and potential risks of each work order using standardized tools and checklists, which ensures preventive mitigation measures are defined in advance. This shift to proactive, pre-work risk assessment is one of the most important foundations for preventing the introduction of vulnerabilities during service activities.
3. Secure execution procedures during maintenance: Our service representatives follow strict operational controls for:
   • System hardening
   • Access control
   • Secure communications
   • Malware protection
   • Patch application
   • Backup and restore procedures
   • Detailed activity logging
4. Post-work handover: Customers are provided with clear documentation on actions performed, cybersecurity considerations, and any recommendations to maintain a secure posture, which secures the full lifecycle of a maintenance activity—from preparation to execution and closure.

Bringing a higher level of trust to our customers

Schneider Electric works hard to protect our customers and now, with our IEC-62443-2-4 certification, cybersecurity is embedded into every service interaction. Here are some of the benefits this provides to customers:

• Trust by design: Now that our services procedures are fully aligned with IEC requirements, our customers are receiving top-tier cybersecurity protection, adding another layer of trust, which is a foundational value of our business. With service procedures that are standardized, audited, and applied consistently worldwide, our customers can have greater trust and confidence in how services are delivered.
• Proactive risk prevention: Using structured pre‑work checks, our SRs are trained to identify and address vulnerabilities before arriving onsite. This allows for risks to be addressed early, reducing the chance that maintenance introduces vulnerabilities.
• Regulatory compliance: Our alignment with international regulations brings our customers greater peace of mind because each service visit includes clear documentation of actions performed and cybersecurity considerations. Customers now have fully traceability of cybersecurity during visits, supporting compliance, audits, and internal governance.
• Stronger continuity and resilience: By embedding cybersecurity into preparation, execution, and handover, securely maintained systems are more resilient—helping customers protect uptime in critical environments.

Schneider Electric’s IEC-62443‑2‑4 certification transforms cybersecurity from a promise into a repeatable, visible, and measurable part of every service visit—strengthening trust, prevention, compliance, and operational continuity at scale.

A significant milestone—and a foundation for the future

Achieving this IEC certification demonstrates Schneider Electric’s commitment to operational cybersecurity, and it proves that secure service operations can be executed consistently and at scale.

This certification also lays out the foundation for the next phase of our transformation: a future where cybersecurity excellence is not optional—it is embedded in every product, every process, and every maintenance activity.