In the final application, an appropriate security environment is needed to be in place for protecting both the operational environment and the safety-related systems.

For this purpose, a threat and risk analysis (TRA) according to IEC 62443 is needed to be carried out on a final application system level.

An adequate reduction of risk against malevolent attacks is necessary for a meaningful application of this document. This document does not describe any measures which will lower the risk of malevolent attacks, but addresses the topic “functional safety”, only.

During compliance tests for this document, security aspects are not part of the scope, as it is assumed that the underlying base mechanisms (i.e. methods) already provide adequate security.