ISO IEC 27019:2017 pdf free
ISO IEC 27019:2017 pdf free.Information technology一Security techniques一Information security controls for the energy utility industry
For the purpose of exchanging information on process control- specific security issues and to facilitate cross-organizational cooperation, contact should be maintained with national and international vendor and operator associations and their corresponding working groups dealing with security issues. The process of information exchange should take into account the applicable legal context.Energy utilities should ensure that the information received through contacts with special interest groups is analysed and evaluated in the context of the organization by subject matter experts and distributed to responsible parties within the organization in a timely manner.
Process control systems can consist of complex individually customized systems and components.System vendors, integrators and other external parties are often involved in the maintenance and operation processes of these systems to a high degree. For maintenance and fault correction processes,it is possible that these external parties need to use remote access connections that allow maintenance to be carried out from remote locations. It is also possible that employees of external parties also need access to security-controlled areas to perform on-site maintenance.
Close cooperation between the different system operators on the production, generation, transmission and distribution levels can require close interconnection of the control systems and communication networks of different organizations. Furthermore, external parties such as vendors, system integrators or business partners can also require access to information related to critical assets.
The risks resulting from such external party access to critical assets and related information should be assessed and taken into consideration, especially in terms of the exposure to risk of the physical process that is to be controlled or monitored. If external parties have access to critical assets or confidential information, it should be ensured, e.g. through contractual agreements, that they have implemented a comparable security level as defined for the internal organization of the energy utility.ISO IEC 27019 pdf free download.