In this presentation, I will share my experience of using established standards and frameworks to construct a robust security program for an electronics manufacturing company with a growing SaaS division. Along the way, I encountered challenges and gained valuable insights. During our discussion, I’ll delve into some of the pitfalls I faced and provide guidance on avoiding them in your own security journey.

We’ll explore two primary standards: ISO 27001 and IEC 62443. However, our customers also express interest in additional certifications and reports, including TISAX, UK Cyber Essentials, and SOC 2. Furthermore, frameworks , such as the NIST Cyber Security Framework, Cloud Security Alliance Cloud Controls Matrix, OWASP, and more, play a role in this story. Throughout the talk, I’ll paint a holistic view of how these elements align to create a comprehensive security landscape.