Currently software development processes follow more a natural growth and security is hardly ever a core component of it. With the new ISO/IEC 62443 standard the first secure development process was outlined which can be certified. This gives developers and vendors the possibility to be on the same page regarding how to develop secure products. During this talk we will look at the 62443-4-1 and 62443-4-2 standards, which are relevant for developers and architects who want to introduce security into their software development process. We will talk about our experience in helping industrial vendors to achieve certification as well as common pitfalls.