Skip to main content

SEMI E187 and CRA Cybersecurity Workshop with Risk Assessment and SSCA

Day 3 | Thursday, 7 May 2026 | 13:30 - 17:30 

Room @my10, Level 1A, MITEC

Early Bird Rate (Till 15 April)

  • Member Rate: SGD400
  • Non-Member Rate: SGD500
  • Student: NA
 

Published Rate (16 April onwards)

  • Member Rate: SGD520
  • Non-Member Rate: SGD650
  • Student: NA

 

 

 

 

This four hour instructor led workshop focuses on product cybersecurity for semiconductor equipment. SEMI E187 is addressed as an industry standard, while the EU Cyber Resilience Act is addressed as a regulatory requirement. Together, they define product cybersecurity expectations that impact equipment design, deployment, and 

lifecycle management. Risk assessment is used as the primary method for evaluating cybersecurity at the system and operational environment level, enabling participants to analyze realistic fab and equipment scenarios, prioritize controls, and justify implementation decisions based on actual exposure and impact rather than checklist compliance.

In addition, the course introduces SSCA as a supply chain communication and assurance mechanism, focusing on how cybersecurity capabilities and implementation status can be consistently and credibly communicated between equipment suppliers, system integrators, and fabs.

The workshop combines structured explanation of requirements, industry based implementation examples, and guided group exercises. Participants will learn how to interpret requirements, apply risk based thinking at the site and system level, and prepare clear, auditable, and supply chain ready cybersecurity documentation that supports customer reviews, assessments, and regulatory expectations.

 

Course Modules and Key Topics
SEMI E187 Clause Interpretation and Implementation
  • Structure and intent of SEMI E187 requirements
  • Applicability determination for different equipment types and deployment contexts
  • Mapping SEMI E187 clauses to concrete technical, operational, and procedural controls

Industry Implementation Examples
  • Typical cybersecurity architectures for semiconductor equipment
  • Practical examples covering operating system security, access control, logging, communication protection, and vulnerability handling
  • Distinction between design time security controls and operational or deployment dependent controls
     
Common Implementation Pitfalls
  • Overly generic policy or compliance statements lacking operational meaning
  • Inconsistencies across procedures, manuals, technical specifications, and customer facing documents
  • Missing assumptions, limitations, and boundary conditions that affect control validity
  • Controls implemented in practice but not supported by traceable or verifiable evidence

 

CRA Alignment and Product Security Perspective
  • CRA scope and applicability from a semiconductor equipment viewpoint
  • Translation of CRA cybersecurity requirements into engineering tasks and product lifecycle activities
  • Roles and responsibilities across development, product management, quality, and compliance functions
     
Introductory Risk Assessment Concepts
  • Purpose and role of risk assessment in product cybersecurity
  • High level identification of assets, threats, and exposure scenarios
  • Relationship between risk considerations and control selection
     
Introductory SSCA Concepts for Supply Chain Communication
  • Purpose of SSCA in semiconductor supply chain cybersecurity communication
  • Basic understanding of capability and maturity concepts
  • Typical misunderstandings in SSCA related self descriptions
     
Compliance Documentation Writing Direction for SEMI E187
  • Principles for writing auditable and verifiable SEMI E187 compliance descriptions
  • Clear articulation of scope, assumptions, and operational constraints
  • Structuring SEMI E187 control descriptions and evidence references for reviews and assessments
     
Workshop Exercises and Group Discussion
  • Group based exercises to draft SEMI E187 aligned control descriptions
  • Scenario discussions extending SEMI E187 implementation to CRA product cybersecurity requirements
     
Learning Outcomes

After completing the workshop, participants will be able to:

  • Correctly interpret SEMI E187 requirements and explain their practical implications for product cybersecurity
  • Identify common implementation gaps and documentation weaknesses related to SEMI E187 and CRA expectations
  • Produce clearer, auditable, and more defensible SEMI E187 compliance descriptions
  • Improve internal consistency between technical implementation and SEMI E187 compliance documentation
  • Understand the basic role of risk assessment in evaluating product cybersecurity at the system and site level
  • Understand the purpose of SSCA in semiconductor supply chain cybersecurity communication

 

Recommended Participants

This course is recommended for professionals involved in semiconductor equipment cybersecurity, including:

  • Equipment development and engineering teams responsible for secure product design and implementation
  • Product security and vulnerability management teams supporting equipment lifecycle activities
  • System integration and field service engineers involved in deployment, configuration, and maintenance
  • Quality, compliance, and regulatory affairs personnel supporting SEMI E187 and CRA related requirements
  • Fab engineering, automation, and operations teams interfacing with equipment cybersecurity controls
  • Supply chain and procurement personnel involved in cybersecurity requirements communication and assessment coordination

Trainer

SECURE YOUR PLACE TODAY

Workshops@SEMICON SEA are HRD Corp (HRDC) claimable for Malaysian delegates, subject to eligibility and HRD Corp approval. Upskill your team and maximise your training budget while staying ahead of industry developments.