4.2. IEC

The International Electrotechnical Commission (IEC) develops international standards in various areas, including but not limited to cybersecurity, Artificial Intelligence (AI), internet of things (IoT), transportation, Sustainable Development Goals (SDGs), Energy, Cities and Communities, smart manufacturing. These standards form the basis of testing and certification.

The IEC International standards ISO/IEC 27001 and IEC 62443 are horizontal standards, suitable for all sectors. The IEC 62443 series of standards establishes cybersecurity guidelines and specifications applicable to a variety of industries and critical infrastructure, including transportation. The standard is compatible with the US National Institute of Standards and Technology (NIST) cybersecurity framework. ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS) as well as the terms and definitions commonly used in the ISMS family of standards.  ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organisation. 

Such horizontal standards are complemented by vertical standards covering the specific security needs of the nuclear industry, industrial automation, healthcare, and the maritime industry, among others. These standards include IEC 62645 Nuclear power plants – instrumentation, control, and electrical power systems – cybersecurity requirements, IEC 61850 series for communication networks and systems for power utility automation, IEC 60870 series for telecontrol equipment and systems, and IEC 61162 series for maritime navigation, and radiocommunication equipment and systems.

The IECEE industrial cybersecurity programme tests and certifies cybersecurity in the industrial automation sector, in accordance with the IEC 62443 series. Today, both public and private entities are seeking third-party certification to ensure conformity of their information security management system (ISMS) to ISO/IEC 27001. The organisations verifying conformity should be certified and registered under ISO/IEC 27006.

4.2.1. How to engage in standards development at the IEC

The IEC encourages, through regional centres, participation in its work. The IEC Africa Regional Centre (IEC-AFRC) has been set up to promote awareness of the IEC in the African region, increase the adoption and use of the IEC International Standards and the IEC Conformity Assessment Systems, and support participation and enhance active contributions to the IEC work.

The IEC Affiliate Country Programme provides  the opportunity for the developing and newly industrialised countries to participate in the international standardisation and conformity assessment activities without the financial burden of membership.  Joining  the IEC Affiliate Country Programme is by invitation from the IEC General Secretary & CEO.   

A country can attain an Affiliate Plus status by officially declaring the adoption of at least 50 IEC International Standards as national standards, and establishing a NEC with representatives from the private and public sectors. Affiliate countries are supported to meet their specific needs through the IEC mentoring programme that partners the IEC members with affiliate countries

Figure 2: Benefits of the IEC Affiliate Country Programme Source: IEC

The African Electrotechnical Standardization Commission (AFSEC) is established by statute as a subsidiary body under the auspices of the African Energy Commission. The AFSEC has statutory and affiliate membership. Countries that are statutory members participate in the work of the AFSEC through a National Electrotechnical Committee (NEC).

Standards are developed on the basis of submission of New Work Item Proposal (NWIP) which is considered based on the approval process.