[ Compliance ]

Prove compliance in minutes, not audit season

NIS2, IEC 62443, and GMP/FDA 21 CFR Part 11 all ask the same underlying question: who changed what, when, and why. SDA answers it automatically, for every PLC, every site, every vendor.

[ The problem. ]

Most plants have a timestamp. Nothing more.

OEMs, integrators, and machine builders connect to your controllers every week. When an auditor asks what a contractor changed last Tuesday, "we have a backup from that day" is not an answer. Regulators want a trail: who logged in, what they touched, and why.
  • Regulation — NIS2 is already in force

    Regulation — NIS2 is already in force

    Germany’s NIS2 implementation took effect in December 2025 with no transition period. Roughly 30,000 companies fall into scope, with personal liability for management alongside corporate fines.

  • Reality — Third-party access is the norm, not the exception

    Reality — Third-party access is the norm, not the exception

    In OT, external access isn’t rare — it’s how plants run. Without session-level logging, every external login is a compliance blind spot waiting to be found during an audit or an incident.

  • 30.000+
    German companies now within the scope of NIS2
  • € 10M
    Maximum fine, or 2% of global turnover
  • 30%
    of breaches now involve a third party (Verizon DBIR 2025)
  • <5
    Minutes — to generate a complete audit report, not weeks
[ How SDA closes the gap ]

Frameworks we support, and how

SDA doesn't bolt compliance onto your OT environment after the fact. Version control, access control, and audit logging are the platform — which means the evidence auditors ask for is generated continuously, in the background.
  • NIS2 (EU Directive)

    NIS2 (EU Directive)

    Versioned change histories for all automation software, role-based access control for engineering environments, and session-level audit logs through IDEaaS Session Recording — mapped directly to Article 21 reporting requirements.

  • IEC 62443 (OT security standard)

    IEC 62443 (OT security standard)

    Native support for on-premise and air-gapped deployments, with no outbound internet connection required from the OT segment — the SDA server runs entirely inside your own infrastructure.

  • GMP / FDA 21 CFR Part 11 (Life sciences)

    GMP / FDA 21 CFR Part 11 (Life sciences)

    Complete, immutable history of who changed what, when, and why. Used today by regulated manufacturers including Boehringer Ingelheim and Cytiva, where documentation and change control are non-negotiable.

  • SOC 2 & ISO 27001 (Platform certification)

    SOC 2 & ISO 27001 (Platform certification)

    SDA itself is SOC 2 Type 2 and ISO 27001 certified, with encryption at rest and in transit and enterprise SSO/MFA support via Azure AD, Okta, and other identity providers.

FEATURE SPOTLIGHT

IDEaaS Session Recordings: the audit answer in minutes

Native, vendor-neutral session recording for IDE access — for your own engineers and external providers alike. Full replay, playback controls, and filtering by user or vendor turn "what did they do last Tuesday" from a multi-day investigation into a two-minute lookup.

  • Full session replay — Every IDE session is recorded end to end, with playback controls so you can scrub directly to the change in question.
  • Filter by user or vendor — Isolate a specific contractor, integrator, or internal engineer's activity across any time range, on any controller.
  • See IDEaaS Session Recordings in action 
[ Explore More ]
  • Secure Remote Access

    Improve productivity and reduce downtime while improving factories’ security posture.
    Explore
  • Industrial-grade OT security, by design

    We take the security of your operations very seriously. SDA was built from the start using design principles to ensure security, availability, reliability, and data protection.
    Explore
  • Secure your automation with Firmware Vulnerability Monitoring

    Secure, compliant, and always up to date — automated firmware intelligence for your entire control environment.
    Explore
[ Compliance questions we hear most ]

Frequently asked questions.

  • Is SDA suitable for regulated industries like pharma or food and beverage?

    Is SDA suitable for regulated industries like pharma or food and beverage?

    Yes. SDA is designed for regulated manufacturing environments where change traceability, audit trails, and validation are critical. The platform provides a complete history of who changed what, when, and why — supporting GMP, FDA 21 CFR Part 11, and other regulatory frameworks.

  • How does SDA help with NIS2 compliance in OT environments?

    How does SDA help with NIS2 compliance in OT environments?

    The EU NIS2 Directive, implemented in Germany on 6 December 2025, requires structured change management, access controls, and incident documentation for OT systems. SDA supports this with versioned change histories, role-based access control, and session-level audit logs.

  • Does SDA work in air-gapped or restricted OT networks?

    Does SDA work in air-gapped or restricted OT networks?

    Yes. SDA supports on-premise deployment for environments where OT networks are isolated from the internet or subject to strict security policies, including IEC 62443 and NIS2 requirements — with no outbound internet connection needed from the OT segment.

  • Does SDA log third-party or contractor access to PLCs?

    Does SDA log third-party or contractor access to PLCs?

    Yes. IDEaaS Session Recording captures every IDE session — internal engineers and external providers alike — with full replay and filtering by user or vendor, so audit questions about specific access events are answered in minutes.

Software Defined Factory, Munich

Join us in Munich for the third edition of our Software Defined Factory event — dedicated to one defining question: How do we build the self-optimizing factory powered by AI-driven automation for the next industrial era?

Bringing together industry experts, innovative practitioners, and decision-makers, the event explores how software-defined approaches are transforming production environments. Hear directly from leading organizations running these architectures in live production: what worked, what didn't, and what they would do differently.
Register now!