You can download a DRM-free copy of this document here.

What is PAS 185 about?

Connected places – also known as smart cities – use data and information to enhance provision and services for citizens. However, more data and a greater dependence on digital technologies can create new vulnerabilities and security issues. PAS 185:2023 offers principles and requirements to deal with the security risks that arise.

Who is PAS 185 for?

• decision-makers in connected places from the public, private and third sectors
• place data officers
• anyone interested in using data and information to deliver connected place objectives

What does PAS 185 cover?

It specifies the principles and requirements for developing and implementing a security-minded approach within a connected place to tackle the security risks that arise from the increased use of, and dependence on, digital technologies and cyber-physical systems, and from the wider sharing and use of data and information.

PAS 185:2023 enables the development of an overall security strategy and management plan for the deployment of sensors, networks, and applications as well as for the handling, management and sharing of data and information. It can be used to inform and guide the development and delivery of connected place projects and subsequent operation, delivery, evolution and disposal of assets and services.

This framework can be used to create and cultivate an appropriate, risk-based safety and security mindset and culture across the many organizations, services and individuals which use shared, disclosed and derived data, and includes the need to monitor and audit compliance.

It covers the use of trustworthiness and security controls applicable to the smart city framework (SCF) (see BS ISO 37106), smart city concept model (SCCM) (see BS ISO/IEC 30182) and the data framework used for sharing data and information services (see PAS 183).

Why should you use PAS 185?

• It increases protection of citizen data. As data collection and reliance on digital systems increases, this standard can deter cybercriminals and reduce the number, cost and duration of cyberattacks.
• It reduces the risk of service disruptions and increases protection of critical infrastructure. Interconnected systems like communications and transport networks present potential targets for cyberattacks that can cause disruption and safety hazards or incur economic losses. PAS 185:2023 can reduce these incidences.
• It can help build citizen confidence. For connected places to realize their full potential, residents, businesses and other stakeholders need to trust that personal data will be protected. PAS 185:2023 helps demonstrate the effort being made to safeguard privacy and secure data.
• It’s cost effective. Users can ensure that security measures are appropriate and proportionate to the risks faced.
• It can help with compliance. PAS 185:2023 helps users meet regulatory requirements around data protection, privacy and cybersecurity.
• It’s internationally applicable. The standard was written to be used nationally and internationally.
• Ultimately it can help enhance services. By establishing trust, PAS 185:2023 can encourage greater citizen participation and yield more data and information to help develop services. Thus, it supports the delivery of smart city/connected places objectives.
• It’s up to date. PAS 185:2023 is a full revision of the 2017 document which reflects the increasing use of the term “connected place” instead of “smart city”, plus it reflects the newer initiatives that connected places may undertake and adds links to new NCSC guidance
• It can help accelerate the adoption of innovation. By increasing confidence in information security, product and service development and the willingness to adopt emerging technologies are enhanced.
• It strengthens risk management. It can increase resilience; help minimize the impact of cyber incidents; and contribute to quicker recovery from incidents.

What’s new about PAS 185:2023?

This full revision replaces PAS 185:2017. The main changes in PAS 185:2023 are:

1. clarification around, and the addition of, referencing guidance that has been published since the last version of the PAS was published
2. updated definitions taken from PAS 1192-5 to BS EN ISO 19650-5
3. amendments to reflect the increasing use of the term “connected place”, replacing “smart cities” with connected place throughout
4. amendments to reflect the type of new initiatives which a connected place might interact with – for example, mapping of underground assets and actions to meet Carbon Net Zero
5. links to new guidance available through NCSC.