Cybersecurity and resilience in operational technology (OT) environments are typically addressed through multiple overlapping frameworks, each with a different focus. While many of these frameworks consider networks, systems, and organisational controls, industrial radio communications are often treated as implicit dependencies rather than explicit subjects of assessment.

​

SIR Certification exists to address this gap by providing assurance focused specifically on radio communications used within OT environments.

​

This overview explains how SIR Certification can be understood in context with other frameworks, without duplicating or replacing them.

What RED addresses

​

The Radio Equipment Directive establishes essential requirements that radio equipment must meet before being placed on the market. Recent delegated acts under RED introduce cybersecurity-related considerations, particularly in relation to network harm, data protection, and misuse.

​

RED is primarily a product conformity framework. Its focus is on ensuring that equipment meets baseline requirements at the point of manufacture and market entry.

​

How SIR relates

SIR Certification does not assess product conformity and does not imply RED compliance. Instead, it focuses on how radio communications behave once deployed within operational systems.

​

SIR Certification can therefore be seen as complementary to RED by addressing:

• Communications behaviour in operational context

• Deployment assumptions and limitations

• Ongoing assurance rather than market entry compliance

What NIS addresses

​

NIS and NIS2 focus on organisational governance, risk management, and resilience of essential and important services. Obligations typically apply at the organisational and operational level, rather than to individual technologies.

​

How SIR relates

​

SIR Certification does not certify compliance with NIS or NIS2. However, it can support organisations by:

• Making radio communications risks explicit

• Providing structured assurance evidence

• Supporting documentation of operational dependencies

This can assist organisations in demonstrating that radio communications have been considered as part of a broader risk management approach.

What CAF addresses

​

The CAF provides an outcomes-based framework for assessing the cyber resilience of systems supporting essential services. It focuses on governance, protection, detection, response, and recovery.

​

CAF assessments are typically high-level and outcomes-driven.

​

How SIR relates

​

SIR Certification aligns conceptually with CAF by supporting:

• Visibility of system boundaries and dependencies

• Understanding of communications integrity and resilience

• Evidence-based discussion of risk and assurance

SIR Certification does not replace CAF assessments and does not claim equivalence. It provides communications-specific context that may otherwise be difficult to evidence.

What IEC 62443 addresses

​

IEC 62443 is a family of standards focused on securing industrial automation and control systems. It introduces concepts such as zones, conduits, and risk-based security levels.

​

How SIR relates

​

Industrial radio links frequently function as conduits between zones. SIR Certification aligns with the intent of IEC 62443 by:

• Supporting assurance of communications pathways

• Encouraging risk-proportionate controls

• Clarifying assumptions around data integrity and authenticity

SIR Certification does not claim compliance with IEC 62443. It provides focused assurance relevant to radio communications within systems designed or assessed under IEC 62443 principles.

What the principles address

​

The NCSC Secure Design Principles for OT provide guidance on designing and operating OT systems with security and resilience in mind. They emphasise understanding assumptions, dependencies, and failure modes.

How SIR relates

SIR Certification supports these principles by encouraging:

• Explicit treatment of radio communications as system dependencies

• Documentation of trust assumptions

• Proportionate assurance aligned to operational impact

This makes SIR Certification a natural complement to secure-by-design thinking in OT environments.

What safety frameworks address

​

Functional safety standards focus on preventing hazardous outcomes through systematic design and assessment of safety-related systems.

​

How SIR relates

​

SIR Certification does not assess safety integrity levels or replace safety analysis. However, it can support safety cases by:

• Clarifying communications assumptions

• Supporting documentation of dependencies that may influence safety functions

This helps ensure that cybersecurity and safety considerations remain aligned rather than siloed.

SIR Certification:

• Is not a regulatory framework

• Does not certify compliance with RED, NIS, CAF, IEC 62443, or safety standards

• Does not mandate technologies or products

• Does not replace existing assessments or audits

It is intended to complement existing approaches by addressing a specific and often under-examined layer: industrial radio communications.

No single framework addresses all aspects of operational technology risk. Effective governance typically requires multiple perspectives, applied proportionately.

​

SIR Certification is designed to integrate into this landscape by providing:

• Communications-specific assurance

• Clear articulation of system behaviour and limitations

• Evidence that radio communications have been considered explicitly

Used appropriately, it supports clearer conversations between engineers, operators, risk managers, regulators, and insurers.

This overview is provided for context and understanding only. Organisations remain responsible for determining how applicable frameworks and obligations apply to their specific environments.