Frequently Asked Questions

On this page you will find the answers to the most frequently asked questions

Why did ISA develop the ISA/IEC 62443 Cybersecurity Certificate Programs?
ISA has developed this program to increase knowledge and awareness of the ISA/IEC 62443 standards. The first certificate in the program is the ISA/IEC 62443 Cybersecurity Fundamentals Specialist. Other specialization certificates are also available in the areas of risk assessment, system design, and operations/maintenance.

The ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate program is designed for professionals involved in IT and control system security roles that need to develop a command of industrial cybersecurity terminology and understanding of the material embedded in the ISA/IEC 62443 standards.

Who can say they hold a certificate?
The ISA/IEC 62443 Cybersecurity certificates are awarded to those who successfully complete a designated training course and pass a 75-100 question multiple choice exam.

Why are courses required for the ISA/IEC 62443 certificate program exam candidates?
Certificate programs are typically associated with mastery of specific course content and may or may not require work experience. The ISA/IEC 62443 certificate program was developed by ISA working with industry experts. The program(s) increase knowledge/awareness and application of the ISA/IEC 62443 standard through mastery of the course material and examination.

What if I already took the IC32 course?
If you took either course LESS THAN one year from the date you wish to take the exam, you do not have to retake the course and can register for the certificate exam. If you took either course MORE THAN one year from the date you wish to take the exam, you must retake the course in order to be eligible to sit for the certificate exam.

Will course participants receive CEUs for the courses taken?
Yes. The number of CEUs is determined by the number of instructional hours, and awarded upon successful completion of the course. Completing course post-tests and receiving CEUs for course completion are not connected to passing scores on one of the certificate exams.

What if a course is rescheduled by a candidate or ISA?
A candidate is not eligible to sit for the exam until he or she successfully completes the prerequisite course.

What paperwork must be completed to take one of the exams?
No application is required for the ISA/IEC 62443 Cybersecurity certificate exams.

What are the pre-requisites for the certificate program? 
There are no required prerequisites for this program; however, it is highly recommended that applicants have:

  • Three to five years of experience in the IT cybersecurity field with some experience in an industrial setting-with at least two years specifically in a process control engineering setting
  • Some level of knowledge or exposure to the ISA/IEC 62443 standards
  • More advanced courses have recommended coursework, in addition to experience, but it is not required. Certificate 1 attainment is required to go onto all other certificate levels.

What are the fees for the certificate program? 
Fees for required courses can be found on the course registration page. The exam fee for an ISA/IEC 62443 certificate exam is €195. This fee includes one electronic exam.

Can an exam be rescheduled without incurring fees? 
Applicants may reschedule an exam appointment during the six (6) month eligibility period by contacting Scantron at least 2 days (48 hours) prior to the scheduled exam time for Scantron locations in the United States/Canada and at least 5 days (120 hours) prior to the scheduled exam time for all other Scantron  locations. No reschedule fee will apply.

 What are the reschedule fees? 
Candidates who do not appear for their scheduled exam appointment and do not give proper advance notice of intent to reschedule their exam will incur a fee of €150.

Can a candidate retest and what is the retest fee?
Applicants may retest within the six (6) month eligibility period for a fee of €150. If you are outside the six (6) month eligibility period, you must register again for the required course and exam and re-take both.

What if a candidate cannot make the scheduled appointment or is late for the appointment?
For candidates who fail to appear for a scheduled exam, or arrive more than 15 minutes after the scheduled start time, the € 150 reschedule fee will apply. The exam must be rescheduled within the candidate’s six (6) month eligibility period.

How does one become eligible to take an ISA/IEC 62443 certificate exam? 
Certificate program applicants must register for the required course and the exam, and successfully complete the required course.

How long is an applicant eligible to take an ISA/IEC 62443 certificate program exam? 
The certificate exam and any retests must be taken within six (6) months of the last day of the certificate program course.

What if the required course is not completed? 
If the applicant is still interested in pursuing the certificate, he/she must register for the course and exam again and re-take the course. Once the course is successfully completed, the candidate is eligible to sit for the exam.

What if a candidate does not pass the certificate exam? 
If a candidate fails the exam, he/she may retest one time within the initial six (6) month eligibility window for a fee of €150. If an applicant does not pass the exam within the six (6) month window after the course and would like to receive the certificate, the applicant must register for the course and exam again and re-take both.

An ISA99/IEC 62443 certificate program exam must be taken within six (6) months of the last day of the certificate program required course. If a candidate fails the exam, he/she may retest one (1) time within the six (6) month eligibility period. If a candidate does not pass the exam within the six (6) month window after the course and would like to receive the certificate, the applicant must register for the course and exam again and re-take both.

Once the computer-based exam is available, applicants who sucessfully complete the program requirements will receive an email with an eligibility code and information about how to schedule their exam through Scantron.

Once scheduled, how is an exam confirmed? 
Exam appointments are confirmed by Scantron via email. ISA does not provide candidate email addresses to Scantron. The candidate provides the email address they wish to receive the exam confirmation.

What if an exam confirmation is not received from Scantron? 
Contact candidatesupport@scantron.com or call +1 919 572 6880 and ask that it be emailed to you again. ISA cannot provide the confirmation for you.

Who should be contacted to reschedule an exam appointment? 
Candidates must contact ISA if an exam appointment needs to be rescheduled. If the appointment is not cancelled at least 2 days in advance at Scantron locations in the United States/Canada or at least 5 days in advance at other Scantron locations, a reschedule form must be completed and sent to ISA with payment before the candidate eligibility can be re-set.

Click here for more information about taking the exam

Once a candidate is eligible, how much time is available for testing?
The eligibility period to take a certificate exam is six (6) months from the date the course is completed. You must complete all testing within the six (6) month eligibility period, including any reschedules or retests. Candidates have two hours to complete the exam.

Click here for more information about taking the exam

Because the ISA/IEC 62443 Cybersecurity Certificate Programs are certificates and not certifications, you are not required to renew your ISA/IEC 62443 certificate(s); however, once obtained your certificate(s) will only be considered current for three (3) years. After your three-year expiration date, your certificate’s status will no longer be considered active and you will not be able to claim that you hold a current/active ISA/IEC 62443 certificate. Click here  to learn more about extending the current status of your certificate(s).

How should I display my ISA/IEC 62443 certificate designation(s) on business cards, in signature blocks, etc.?
ISA recommends the following for displaying or noting your credentials:

  • If you have achieved ISA/IEC 62443 Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist (ISA/CFS)
  • If you have achieved ISA/IEC 62443 Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (ISA/CRS)
  • If you have achieved ISA/IEC 62443 Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist (ISA/CDS)
  • If you have achieved ISA/IEC 62443 Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist (ISA/CMS)

Because these are certificate programs and not certification programs, you should not list your ISA/IEC 62443 certificate designations directly after your name. On your business card (signature block, resume, etc.), you should display/include your ISA/IEC 62443 certificate designation in an area distinctly separate from your name and certificate/licensure/degree designations (e.g. CAP, PE, MBA, etc.). When possible, include “Certificate” or “Certificate Holder” after your ISA/IEC 62443 designation listing (e.g. ISA/IEC 62443 Cybersecurity Fundamentals Specialist Specialist Certificate Holder).