Which technologies do you consult on?

All of the major location, identification and IoT technologies: RTLS (UWB, BLE, Wi-Fi), RFID (passive, active and RAIN UHF), industrial IoT and sensors, GPS and GNSS, AGV and AMR robot fleets, and hybrid stacks that combine them. We recommend the right mix for each zone and use case, not a single technology.

Are you really vendor-neutral?

Yes. We do not sell hardware or a software platform of our own, and we take no resale commissions, so our technology and vendor recommendations serve your outcome rather than a product we need to move.

Do you work outside the UK?

We are UK-based and work across Europe and internationally, delivering in English, German and French. Engagements can be remote or on-site depending on the work.

What does a consulting engagement include?

Typically discovery and requirements, vendor-neutral technology selection, vendor evaluation and RFP support, ROI and business case, solution architecture, and an implementation roadmap. We scope each engagement to where you are.

Can you help after the decision is made?

Yes. We work across the full lifecycle - we can also deploy, integrate, and operate the system, so you can keep one independent team from business case through to live operation.

How do we get started?

Usually with a short call or a fixed-fee discovery to scope the problem, followed by a proposal with clear deliverables, timeline and fees. There is no obligation and no platform pitch.

COMPLIANCE · OT SECURITY

IEC 62443 & RTLS — OT cybersecurity.

RTLS is operational technology. It runs alongside your PLCs, SCADA, MES and historian, and its compromise can ripple into production. IEC 62443 is the framework most enterprise OT teams use to scope and secure it. This is the operator-level summary.

Book a 30-minute scoping call

The Purdue model and where RTLS lives

IEC 62443 inherits the Purdue Enterprise Reference Architecture: a layered model where Level 0 is sensors / actuators, Level 1 is basic control, Level 2 is supervisory (HMI), Level 3 is manufacturing operations (MES), and Level 4–5 is enterprise IT.

RTLS components live across multiple layers: anchors and gateways at L1-L2, location-intelligence platform at L3, analytics and reporting at L4. The architecture must respect the conduits between these zones.

Security Levels — SL 1 through SL 4

IEC 62443 defines four Security Levels by attacker capability: SL 1 against casual misuse, SL 2 against intentional unsophisticated attack, SL 3 against sophisticated specifically-targeted attack, SL 4 against sophisticated extensive-resource attack.

Most industrial RTLS deployments target SL 2 across the platform, with SL 3 for the management and integration layers. Achieving these requires both vendor capability and deployment-design choices.

Zones, conduits and what crosses them

Every IEC 62443 architecture defines zones (logical groupings of equipment with common security requirements) and conduits (the controlled communication paths between them).

For RTLS this typically means: a dedicated RTLS-anchor zone at L1-L2, an analytics zone at L3, and explicit, monitored conduits to the MES, WMS and historian. Cross-zone traffic uses authenticated, encrypted protocols with strict allow-listing — not flat networks.

Patch management, secure deployment and the lifecycle

IEC 62443 requires ongoing security across the deployment lifecycle, not just at handover.

This means documented patch-management processes, secure-by-default vendor settings, periodic vulnerability assessment, and incident-response playbooks specific to OT (where ‘pull the plug’ is rarely an acceptable response).

These are designed as part of stage 1 and 3 of the TRACIO Programme Method.

FAQ

Frequently asked questions

Do we need IEC 62443 certification, or just alignment?

Most enterprises target IEC 62443 alignment with documented design and operational practices — not formal certification.

Formal certification (typically to 62443-4-1 for products or 62443-2-1 for processes) is required only in specific regulated contexts (some critical infrastructure, some defence). Alignment is sufficient for the vast majority of industrial deployments.

Which Security Level should we target?

SL 2 for most industrial RTLS, SL 3 for the management and integration layers and for deployments in critical infrastructure or with elevated threat profiles. We help you scope the appropriate level per zone at gate 1, jointly with your CISO.

How does this affect vendor selection?

Significantly. Vendors who can't articulate their Security Development Lifecycle (typically 62443-4-1 capable) drop out of the shortlist. Most enterprise RTLS suppliers are now there, but verification is non-trivial — we run it during vendor evaluation.

Can we retrofit IEC 62443 alignment to an existing deployment?

Yes, but more expensively than designing it in. Retrofit usually means re-segmenting the network, re-keying device certificates, hardening platform configurations and rebuilding incident-response procedures. We do this work as part of programme rescue engagements.

Last updated: 26 May 2026

IEC 62443 &amp; RTLS — OT cybersecurity.