Key Takeaways
- NIS2 expanded the number of regulated EU organisations from about 15,000 to 160,000. All of them need OT cybersecurity skills. Training providers are scaling fast.
- No LMS content exists for the company that delivers IEC 62443 training. Everything online is written for the learner.
- The IEC 62443 certification workflow mirrors functional safety: multi-level certificates, prerequisites, cohort delivery, exams, and blended formats.
- Training companies need cohort scheduling, certificate tracking with different expiry rules, corporate client portals, and exam management in one platform.
- Blend-ed is an AI-first LMS built for training companies delivering certification programmes to external clients. One of 12 global Open edX partners.
IEC 62443 is the most referenced standard for OT cybersecurity. The EU NIS2 Directive made it urgent. NIS2 expanded the scope of EU cybersecurity rules from about 15,000 entities under the old directive to roughly 160,000 across 18 sectors. All of them need people trained in industrial cybersecurity. IEC 62443 is the global benchmark for that.
The result: training providers are scaling fast.
ISA runs the certificate programme directly. PECB certifies Lead Implementers and Auditors. TUV SUD offers nine modules. Bureau Veritas charges €1,500 per seat for a two-day course. UL Solutions runs three-day programmes for product manufacturers. Exida has its Cybersecurity Practitioner (CSP) certificate. Hudson Cybertec in the Netherlands uses Kiwa/IBEX for exams. CertX in Switzerland runs a four-day Red Belt programme.
All of them are growing. Most are hitting the same wall.
The problem nobody writes about
Search "IEC 62443 training" and every result is for the learner. How to pass the IC32 exam. What zones and conduits mean. How defence in depth works.
Nothing is written for the person who runs the training business.
If you deliver IEC 62443 programmes, here's what your day looks like:
Multi-level certificates with prerequisites
ISA's programme has four certificates. Certificate 1 (Fundamentals Specialist) is required before 2, 3, or 4. Your platform needs to enforce this order on its own. Not a person checking a spreadsheet before each sign-up.
Blended delivery across formats
ISA offers the IC32 course in four formats: classroom, virtual classroom, instructor-guided online, and self-paced learning. Your LMS needs to treat each format as a separate instance of the same programme, with its own schedule, attendance, and tracking.
Cohort management at scale
Three IC32 cohorts a month. Fifteen to twenty learners in each, from different companies. Fixed start dates. Required attendance. Exam at the end. Self-paced platforms can't do this.
Certificate validity that varies by body
ISA certificates don't expire. Kiwa/IBEX certificates are valid for two years. UL Solutions certificates last three years. If you deliver programmes across multiple bodies, your LMS needs different expiry rules per certificate type and automated renewal alerts.
Corporate client portals
Siemens sends six engineers to one cohort. Shell sends four to another. Each company needs a portal showing only their people, their completions, and their cert status. When Shell's procurement team asks "who is certified and when does it expire," you answer in one click. Not two hours in a spreadsheet.
Exam management
IC32 exam fees are included in the course. Exida's CSP exams are separate. UL uses online proctored exams. Your LMS must handle multiple exam models, record pass/fail results, and trigger the right certificate on pass.
None of this is unusual. It's the daily reality once you move past a handful of cohorts a year.
Why most LMS platforms don't fit
Most platforms are built for two types of buyers. Internal L&D teams training their own employees. Or solo creators selling video courses online.
Training companies sit in neither camp.
Internal L&D platforms handle onboarding and compliance refreshers. They don't offer multi-tenant client portals, cohort scheduling, or certificates with different expiry rules per body.
Creator platforms handle payments and video hosting. They don't track attendance, enforce prerequisites, manage exams, or issue certificates with validity dates.
So training companies stitch things together. Exida Academy, for instance, uses Litmos for self-paced content and GoToTraining for live sessions. Two platforms, two logins, manual work connecting them. It holds together at five cohorts a year. It falls apart at fifty.
What to look for
Cohort scheduling with attendance
Fixed start dates. Timestamped participation records. Logs that hold up in an audit.
Prerequisite gates
Certificate 1 completion blocks access to Certificates 2, 3, and 4. No manual checks.
Blended delivery in one journey
Pre-learning, live sessions, post-session resources, and exams. All in a single learner path, not spread across tools.
Multi-template certificate engine
Different designs, data fields, and expiry rules per certification body. ISA, Kiwa/IBEX, UL, and your own company cert, all from one system.
Client portals
Each corporate client sees their learners only. Their branding. Their reports. Their renewal timelines.
Renewal automation
Different validity periods per cert type. Notifications before expiry. Re-enrolment paths that open on their own.
White-label
Your learners see your brand. For training companies, this is non-negotiable.
How Blend-ed handles this
Blend-ed is an AI-first LMS built for training companies that sell certification programmes to external clients. One of 12 official global Open edX partners.
The typical workflow before Blend-ed: spreadsheets for cohorts, Zoom for sessions, Word templates for certs, email for renewals. Every new cohort means repeating the whole process by hand.
On Blend-ed: learners enrol through your branded portal. Pre-learning content goes out before the live session. Attendance is tracked during the cohort. The exam runs inside the platform with pass/fail thresholds. On pass, the certificate generates with the right template, fields, and expiry date. Corporate clients see their team's status in their own portal. When a cert nears expiry, the learner gets a reminder and a re-enrolment path opens.
The AI Course Creator builds courses and assessments from standards content. You can try a working example: our IEC 62443 practice quiz was built from source material in about 15 minutes.
Risknowlogy, a TUV SUD approved IEC 61508 training provider, runs their full operation on Blend-ed. The IEC 62443 workflow is the same structure: multi-level certs, prerequisite tracking, exam management, cohort delivery, corporate clients.
If you deliver IEC 62443 training and want to see how this works, book a demo.
Frequently Asked Questions
What LMS do IEC 62443 training providers currently use?
Most use a mix of tools. A generic LMS for content. A video platform for live sessions. Spreadsheets for cohorts and certificates. ISA delivers through its own platform. Exida Academy uses Litmos plus GoToTraining. Purpose-built platforms for certification training companies are a newer option.
How many organisations need IEC 62443 training after NIS2?
NIS2 expanded EU cybersecurity rules to roughly 160,000 organisations across 18 sectors. All must show cybersecurity competence. IEC 62443 is the most referenced OT standard. The EU Cyber Resilience Act adds requirements for connected product makers. Training providers are scaling to meet this demand.
How is IEC 62443 training different from IT security training?
IEC 62443 covers industrial automation and control systems, not corporate IT. It focuses on OT concepts: zones and conduits, safety-security overlap, and equipment with 15-25 year lifecycles. Delivery is cohort-based (2-5 day courses) with formal exams and certificates. Not self-paced video.
What certificates does the ISA IEC 62443 programme offer?
Four: Fundamentals Specialist (1), Risk Assessment Specialist (2), Design Specialist (3), Maintenance Specialist (4). All four earns the Cybersecurity Expert title. Certificate 1 is required before the rest.
Can one LMS handle both functional safety and IEC 62443 training?
Yes. The workflows are identical: multi-level certs, prerequisites, cohort delivery with exams, blended formats, client portals, expiry tracking. Risknowlogy delivers IEC 61508 functional safety training on Blend-ed. The same platform handles IEC 62443 without changes.
