IC33
Also known as: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
IC33 is the second course in ISA's ISA/IEC 62443 Cybersecurity Certificate Program, focused on assessing the cybersecurity of new or existing Industrial Automation and Control Systems and developing a Cybersecurity Requirements Specification (CRS).
Last updated: April 2026
Key Facts
- Term
- IC33
- Full title
- Assessing the Cybersecurity of New or Existing IACS Systems
- Issued by
- International Society of Automation (ISA)
- Prerequisite
- IC32 (Cybersecurity Fundamentals Specialist) and exam
- Course duration
- 3 days (classroom or virtual classroom)
- Formats
- Classroom (IC33), virtual classroom (IC33V), instructor-guided online (IC33E), self-paced modular (IC33M)
- CEUs
- 2.1
- Certificate awarded
- ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
- Position in programme
- 2 of 4 (between IC32 fundamentals and IC34 design)
- Exam eligibility window
- 6 months from course completion
What is IC33?
IC33 covers identifying and documenting IACS assets, performing cybersecurity vulnerability and risk assessments, developing zone and conduit models, identifying security level targets, and producing a Cybersecurity Requirements Specification (CRS).
Successful completion of IC33 plus the associated exam awards the ISA/IEC 62443 Cybersecurity Risk Assessment Specialist certificate. IC33 sits between IC32 (fundamentals, prerequisite) and IC34 (design and implementation) in the four-course certificate programme. Per ISA/IEC 62443-2-1, risk assessments must be performed on both new (greenfield) and existing (brownfield) applications, and IC33 covers both scopes.
ISA/IEC 62443 Cybersecurity Certificate Programme
| Course | Title | Days | Certificate |
|---|---|---|---|
| IC32 | Using ISA/IEC 62443 to Secure Industrial Control Systems | Variable by format | Cybersecurity Fundamentals Specialist |
| IC33 | Assessing the Cybersecurity of New or Existing IACS | 3 | Cybersecurity Risk Assessment Specialist |
| IC34 | IACS Cybersecurity Design and Implementation | Variable by format | Cybersecurity Design Specialist |
| IC37 | IACS Cybersecurity Operations and Maintenance | Variable by format | Cybersecurity Maintenance Specialist |
| IC48 | ISA/IEC 62443 Cybersecurity Fast Track | 5 | Combines IC33, IC34, IC37 (after IC32 prerequisite) |
Completion of all four courses (IC32, IC33, IC34, IC37) automatically awards the ISA/IEC 62443 Cybersecurity Expert designation.
How Industrial Cybersecurity Training Providers Deliver IC33
IC33 is one of the highest-volume courses in the industrial cybersecurity training market because risk assessment is the entry point for most ISA/IEC 62443 implementation projects.
Training providers deliver IC33 as both open-enrolment public cohorts and private corporate cohorts for asset owners and system integrators starting major OT cybersecurity programmes. The course requires cohort scheduling that respects ISA's six-month exam eligibility window, identity verification at exam, integration with proctored online testing, verifiable certificates, audit-ready completion records, and the ability to deliver lab exercises (some formats use cyber range environments such as the Virginia Tech facility used by ISA's IC33M format). Multi-tenant capability matters because providers commonly run private cohorts for several client organisations in parallel.
Common Questions
What are the prerequisites for IC33?
Successful completion of IC32 (Using the ISA/IEC 62443 Standards to Secure Your Industrial Control Systems) and the associated Cybersecurity Fundamentals Specialist exam. Three to five years of IT cybersecurity experience with industrial exposure is recommended but not mandatory.
How long does IC33 take?
The classroom and virtual classroom versions are three days, with the certificate exam taken separately. The self-paced modular format gives delegates up to a year to complete the modules before sitting the exam.
What certificate does IC33 lead to?
The ISA/IEC 62443 Cybersecurity Risk Assessment Specialist certificate, the second of four certificates in the ISA programme. Completing all four (IC32, IC33, IC34, IC37) automatically awards the ISA/IEC 62443 Cybersecurity Expert certificate.
Is there a faster path through the programme than taking IC33, IC34, and IC37 separately?
Yes. ISA's IC48 Fast Track is a five-day intensive that covers the content of IC33, IC34, and IC37 in one course, after which delegates sit each certificate exam separately. IC32 is still a prerequisite for IC48.
Train Your Delegates with Blend-ed
Blend-ed supports industrial cybersecurity training providers delivering IC33 and the full ISA/IEC 62443 certificate programme to asset owners and integrators.
- For delegates preparing for IC32 (the IC33 prerequisite): Free IEC 62443 IC32 Practice Quiz
- Read: Best LMS for Compliance Training in Regulated Industries 2026
