NIS2, IEC 62443, and GMP/FDA 21 CFR Part 11 all ask the same underlying question: who changed what, when, and why. SDA answers it automatically, for every PLC, every site, every vendor.
Prove compliance in minutes, not audit season
Most plants have a timestamp. Nothing more.
-
Regulation — NIS2 is already in force
Regulation — NIS2 is already in force
Germany’s NIS2 implementation took effect in December 2025 with no transition period. Roughly 30,000 companies fall into scope, with personal liability for management alongside corporate fines.
-
Reality — Third-party access is the norm, not the exception
Reality — Third-party access is the norm, not the exception
In OT, external access isn’t rare — it’s how plants run. Without session-level logging, every external login is a compliance blind spot waiting to be found during an audit or an incident.
-
30.000+German companies now within the scope of NIS2
-
€ 10MMaximum fine, or 2% of global turnover
-
30%of breaches now involve a third party (Verizon DBIR 2025)
-
<5Minutes — to generate a complete audit report, not weeks
Frameworks we support, and how
-
NIS2 (EU Directive)
Versioned change histories for all automation software, role-based access control for engineering environments, and session-level audit logs through IDEaaS Session Recording — mapped directly to Article 21 reporting requirements.
-
IEC 62443 (OT security standard)
Native support for on-premise and air-gapped deployments, with no outbound internet connection required from the OT segment — the SDA server runs entirely inside your own infrastructure.
-
GMP / FDA 21 CFR Part 11 (Life sciences)
Complete, immutable history of who changed what, when, and why. Used today by regulated manufacturers including Boehringer Ingelheim and Cytiva, where documentation and change control are non-negotiable.
-
SOC 2 & ISO 27001 (Platform certification)
SDA itself is SOC 2 Type 2 and ISO 27001 certified, with encryption at rest and in transit and enterprise SSO/MFA support via Azure AD, Okta, and other identity providers.
FEATURE SPOTLIGHT
IDEaaS Session Recordings: the audit answer in minutes
Native, vendor-neutral session recording for IDE access — for your own engineers and external providers alike. Full replay, playback controls, and filtering by user or vendor turn "what did they do last Tuesday" from a multi-day investigation into a two-minute lookup.
- Full session replay — Every IDE session is recorded end to end, with playback controls so you can scrub directly to the change in question.
- Filter by user or vendor — Isolate a specific contractor, integrator, or internal engineer's activity across any time range, on any controller.
- See IDEaaS Session Recordings in action
-
ExploreImprove productivity and reduce downtime while improving factories’ security posture.
-
Explore
Industrial-grade OT security, by design
We take the security of your operations very seriously. SDA was built from the start using design principles to ensure security, availability, reliability, and data protection. -
Explore
Secure your automation with Firmware Vulnerability Monitoring
Secure, compliant, and always up to date — automated firmware intelligence for your entire control environment.
Frequently asked questions.
-
Is SDA suitable for regulated industries like pharma or food and beverage?
Is SDA suitable for regulated industries like pharma or food and beverage?
Yes. SDA is designed for regulated manufacturing environments where change traceability, audit trails, and validation are critical. The platform provides a complete history of who changed what, when, and why — supporting GMP, FDA 21 CFR Part 11, and other regulatory frameworks.
-
How does SDA help with NIS2 compliance in OT environments?
How does SDA help with NIS2 compliance in OT environments?
The EU NIS2 Directive, implemented in Germany on 6 December 2025, requires structured change management, access controls, and incident documentation for OT systems. SDA supports this with versioned change histories, role-based access control, and session-level audit logs.
-
Does SDA work in air-gapped or restricted OT networks?
Does SDA work in air-gapped or restricted OT networks?
Yes. SDA supports on-premise deployment for environments where OT networks are isolated from the internet or subject to strict security policies, including IEC 62443 and NIS2 requirements — with no outbound internet connection needed from the OT segment.
-
Does SDA log third-party or contractor access to PLCs?
Does SDA log third-party or contractor access to PLCs?
Yes. IDEaaS Session Recording captures every IDE session — internal engineers and external providers alike — with full replay and filtering by user or vendor, so audit questions about specific access events are answered in minutes.