Are you interested in KONE as a corporate business or a career opportunity?Corporate site
Press release, KONE Corporation, May 3, 2023
KONE Corporation, a global leader in the elevator and escalator industry, has gained the IEC 62443 cybersecurity certification for its DX class elevators, and ISO 27001 certification for its digital services, including KONE 24/7 Connected Services. These achievements are a first for the global elevator and escalator industry.
Johan Boije af Gennäs, Chief Information Security Officer, KONE, says: "We can see a need to enhance cybersecurity as digitalization increases throughout the industry and the built environment. Solid security practices provide peace of mind for our current and future customers because security is built-in rather than being considered as an afterthought. These certifications are important milestones and a measure of our continuous improvements in cybersecurity and encourage our cross-functional KONE teams to continue the hard work towards better security."
"Quality has always been high on the agenda at KONE, and cybersecurity is becoming an increasingly important part of today's world, where physical and digital are interconnected. We are proud to be the first in our industry to achieve these certificates for the elevator controller and our digital services, including KONE 24/7 Connected Services", says Maciej Kranz, Chief Technology Officer, KONE.
To achieve the certifications, KONE underwent
rigorous independent audits conducted by third-party certification
bodies. The audits evaluated the company's cybersecurity and
information security controls and processes, including policies,
procedures, technical controls and
The certifications also demonstrate KONE's commitment throughout its secure development process, including steps such as threat modeling, security testing, and vulnerability management throughout the product lifecycle. KONE also implements around-the-clock security monitoring for its connected digital solutions. This also means that the DX class elevator is aligned with the new ISO 8102-20 cybersecurity standard for elevators, escalators and moving walkways, which KONE has been involved in creating, alongside industry peers.
KONE continues to explore and develop the digital possibilities and value created by its DX class elevators, with services such as KONE 24/7 Connected Services and KONE Care DX. By working towards better standards in the industry and continuously developing its own capabilities, the company seeks to help customers build better people flow and more sustainable cities.
At KONE, our mission is to improve the flow of urban life. As a global leader in the elevator and escalator industry, KONE provides elevators, escalators and automatic building doors, as well as solutions for maintenance and modernization to add value to buildings throughout their life cycle. Through more effective People Flow®, we make people's journeys safe, convenient and reliable, in taller, smarter buildings. In 2022 KONE had annual sales of EUR 10,9 billion, and at the end of the year over 60,000 employees. KONE class B shares are listed on the Nasdaq Helsinki Ltd. in Finland.
More information about the International
Standards and certification:
ISO 27001 is a management system standard for information security, cybersecurity, and privacy protection. It is a best practice framework to ensure a systematic and risk-based approach to security management. This is especially crucial for customers in the transportation, airports, and utility segments, where security is a critical requirement when choosing a partner to work with.
The International Standard IEC 62443-4-1 defines secure development lifecycle requirements related to cybersecurity for products intended for use in the industrial automation and control systems (IACS). These requirements can be applied to new or existing processes for developing, maintaining, and retiring hardware, software, or firmware.
The International Standard IEC 62443-4-2 defines detailed technical requirements for industrial control system components. The requirements are organized as seven foundational requirements, and each component requirement can be specified at up to four security levels.