ISA/IEC 62443-2-1 removes material on the information security management program (ISMS), allowing stakeholders to rely on ISO/IEC 27001 for the information security program and ISO/IEC 27002 for related controls. ISA/IEC 62443-2-1 retains OT-specific requirements for security programs.