PD ISO/IEC TR 27019:2013

PD ISO/IEC TR 27019:2013

Information security management systems – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry

What is it?

PD ISO/IEC TR 27019:2013 is a sector-specific supplement to BS ISO/IEC 27001:2013 and BS ISO/IEC 27002:2013 for use by energy utilities and related organizations. It contains additional security controls and guidance targeted at process control systems as used in the energy utility industry, beyond that found in BS ISO/IEC 27002:2005.

How does it work?

PD ISO/IEC TR 27019:2013 follows the structure of BS ISO/IEC 27002:2005, providing additional controls and guidance specific to the process control systems as used in the energy utility industry. For example, it proposes an additional control relating to availability of essential services in emergency situations.

It should be noted that PD ISO/IEC TR 27019:2013 is aligned to the 2005 edition of BS ISO/IEC 27002 rather than the current edition, BS ISO/IEC 27002:2013. However, its controls and guidance remain valid.

In comparison with conventional IT environments (e.g. office IT) there are fundamental and significant differences with respect to the development, operation, repair, maintenance and operating environment of process control systems. Furthermore, the process technology referred to in this document may represent integral components of critical infrastructures which means they are therefore essential for the secure and reliable operation of such infrastructures.

Who should buy it?

PD ISO/IEC TR 27019:2013 is important for any organization in the energy utility sector planning to operate an Information Security Management System (ISMS). It may also be useful to related organizations such as utility plant suppliers, systems integrators and auditors.

See the preview for contents

Revision

PD ISO/IEC TR 27019:2013 is currently being revised, with the objective of formal alignment with BS ISO/IEC 27002:2013.