IEC 62443 change management without the audit-week scramble
Approval, deployment and audit of every PLC, SCADA and HMI change — aligned to IEC 62443 from day one, generated as a by-product of the work, not assembled the week before the audit.
What counts as an OT change
PLC code
Logic edits, routine changes, function-block swaps, firmware updates.
SCADA tags
Point database additions, alarm threshold edits, scaling changes.
HMI graphics
Screen layout, button bindings, operator permission scopes.
Recipes
Production recipes, setpoints, batch parameters, ingredient lists.
Machine parameters
Drive parameters, IO config, safety thresholds, network topology.
How VEM aligns to IEC 62443
IEC 62443-2-4 SR 7.6 requires the integrator to provide documented, controlled change procedures for the automation solution — including request, review, approval, deployment and verification, with evidence retained for the lifetime of the asset. VEM captures every PLC, SCADA and HMI change as a signed artefact tied to the approver and the running controller, so SR 7.6 evidence is generated as a by-product of the work, not assembled the week before the audit. See the broader the complete OT change management guide for the cross-regime crosswalk.
A discrete-manufacturing site running IEC 62443 Security Level 2 across three production cells uses VEM to log every controller change against the certified baseline. When the certification body sampled 30 changes at the last surveillance audit, every sampled change produced a complete evidence pack — request, approver, diff, before/after signature — in under a minute.
Request → Review → Deploy → Audit
Request
Engineer files a change with the proposed diff attached.
Review
CAB or single approver reviews the diff, risk and deployment plan.
Deploy
VEM pushes the approved version, captures before/after signatures.
Audit
Immutable record links request, approval, diff and deployment.
Other regimes covered
Want the full framework? the complete OT change management guide.