ISA/IEC 62443-3-2 provides explicit guidance on performing security risk assessments that directly inform system architecture, including the design of zones and conduits.
Step 1: Purpose of Part 3-2
This part defines how to identify threats, vulnerabilities, and consequences, and how to derive Target Security Levels (SL-T).
Step 2: Zones and conduits linkage
The standard requires that zones be defined based on risk and criticality, and conduits be established to control communications between zones. This architectural outcome is a direct result of the 3-2 risk assessment process.
Step 3: Integrator relevance
System integrators use Part 3-2 to translate risk results into concrete network segmentation and security boundaries.
Step 4: Why other parts do not apply
Other parts address governance, metrics, or product development, not architectural risk-driven design.
