iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN ISO/IEC 27019:2020

(Main)

Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)

Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)

EN-ISO/IEC 27019 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following: - central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices; - digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements; - all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes; - communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology; - Advanced Metering Infrastructure (AMI) components, e.g. smart meters; - measurement devices, e.g. for emission values; - digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms; - energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations; - distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations; - all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System); - any premises housing the above-mentioned equipment and systems; - remote maintenance systems for above-mentioned systems.

Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmaßnahmen für die Energieversorgung (ISO/IEC 27019:2017, korrigierte Fassung 2019-08)

Dieses Dokument gibt auf Basis von ISO/IEC 27002:2013 Hinweise für Systeme der Prozesssteuerung der Energieversorgung, die zur Steuerung, Regelung und Überwachung von Gewinnung oder Erzeugung, Übertragung, Speicherung und Verteilung von Strom, Gas, Öl und Wärme und für die Steuerung von unterstützenden Prozessen dienen. Dies umfasst insbesondere:
- zentrale und dezentrale Prozesssteuerungs-, Leit-, Automatisierungs- und Überwachungstechnik sowie die für ihren Betrieb genutzten Informationssysteme, wie z. B. Programmier- und Parametriergeräte;
- digitale Steuerungen und Automatisierungskomponenten wie Leit- und Feldgeräte oder Speicherpro-grammierbare Steuerungen (SPSen), inklusive digitaler Sensor- und Aktorelemente;
- alle weiteren in der Prozesstechnik genutzten unterstützenden Informationssysteme, z. B. für die Aufgabe der ergänzenden Datenvisualisierung und zur Steuerung, Überwachung, Datenarchivierung, Langzeitprotokollierung, Berichtswesen und zur Dokumentation;
- in der Prozesstechnik eingesetzte Kommunikationstechnik, z. B. Netzwerk-, Telemetrie-, Fernwirk- und Fernsteuertechnik;
- Advanced-Metering-Infrastruktur-(AMI)-Komponenten, z. B. intelligente Zähler;
- Mess- und Zählvorrichtungen, z. B. zur Emissionswerterfassung;
- digitale Schutz- und Safety-Systeme, z. B. Schutzgeräte, Sicherheits-Steuerungen und Notfallsteuerungsmechanismen;
- Energiemanagementsysteme, z. B. für dezentrale Energieerzeugungssysteme, elektrische Ladeinfra-strukturen, in Privathaushalten, Wohngebäuden oder industriellen Kundeninstallationen;
- verteilte Komponenten von Smart-Grid-Umgebungen, z. B. in Energienetzen, Privathaushalten, Wohn-gebäuden oder industriellen Kundeninstallationen;
- alle Arten von Software, Firmware und Anwendungen, die auf den vorgenannten Systemen eingesetzt werden, z. B. Netzführungs-Anwendungen oder Ausfallmanagementsysteme;
- jegliche Lokalität mit den oben erwähnten Anlagen oder Systemen;
- Fernwartungssysteme für die oben aufgeführten Systeme.
Nicht im Geltungsbereich dieses Dokuments liegt der Bereich der Prozesssteuerung von Kernenergie-anlagen. Dieser Bereich wird von IEC 62645 abgedeckt.
Darüber hinaus enthält dieses Dokument eine Anforderung, um die in ISO/IEC 27001:2013 beschriebenen Risikobeurteilungs- und -behandlungsprozesse an die in diesem Dokument enthaltenen energiesektor-spezifischen Empfehlungen anzupassen.

Technologies de l'information - Techniques de sécurité - Mesures de sécurité de l'information pour l'industrie des opérateurs de l'énergie (ISO/IEC 27019:2017, Version corrigée 2019-08)

Informacijska tehnologija - Varnostne tehnike - Kontrole informacijske varnosti za energetske operaterje (ISO/IEC 27019:2017, popravljena različica 2019-08)

General Information

Status
Published
Publication Date
17-Mar-2020
Withdrawal Date
29-Sep-2020
ICS
03.100.70 - Management systems
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
18-Mar-2020
Due Date
31-Oct-2021
Completion Date
18-Mar-2020
Ref Project
SIST EN ISO/IEC 27019:2020 - Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)

Buy Standard

EN ISO/IEC 27019:2020EN ISO/IEC 27019:2020
PreviousNext
Standard
EN ISO/IEC 27019:2020
English language
46 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN ISO/IEC 27019:2020EN ISO/IEC 27019:2020
PreviousNext
Standard
EN ISO/IEC 27019:2020
English language
46 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO/IEC 27019:2020
01-maj-2020
Informacijska tehnologija - Varnostne tehnike - Kontrole informacijske varnosti za
energetske operaterje (ISO/IEC 27019:2017, popravljena različica 2019-08)
Information technology - Security techniques - Information security controls for the
energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmaßnahmen für die
Energieversorgung (ISO/IEC 27019:2017, korrigierte Fassung 2019-08)
Technologies de l'information - Techniques de sécurité - Mesures de sécurité de
l'information pour l'industrie des opérateurs de l'énergie (ISO/IEC 27019:2017, Version
corrigée 2019-08)
Ta slovenski standard je istoveten z: EN ISO/IEC 27019:2020
ICS:
03.100.70 Sistemi vodenja Management systems
27.010 Prenos energije in toplote na Energy and heat transfer
splošno engineering in general
35.030 Informacijska varnost IT Security
SIST EN ISO/IEC 27019:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 27019:2020

---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 27019:2020


EUROPEAN STANDARD
EN ISO/IEC 27019

NORME EUROPÉENNE

EUROPÄISCHE NORM
March 2020
ICS 03.100.70

English version

Information technology - Security techniques - Information
security controls for the energy utility industry (ISO/IEC
27019:2017, Corrected version 2019-08)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren -
- Mesures de sécurité de l'information pour l'industrie Informationssicherheitsmaßnahmen für die
des opérateurs de l'énergie (ISO/IEC 27019:2017, Energieversorgung (ISO/IEC 27019:2017, korrigierte
Version corrigée 2019-08) Fassung 2019-08)
This European Standard was approved by CEN on 2 March 2020.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.



















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27019:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 27019:2020
EN ISO/IEC 27019:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 27019:2020
EN ISO/IEC 27019:2020 (E)
European foreword
The text of ISO/IEC 27019:2017 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
EN ISO/IEC 27019:2020 by Technical Committee CEN/CLC/JTC 13 “Cybersecurity and Data Protection”
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2020, and conflicting national standards
shall be withdrawn at the latest by September 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Lu
...

SLOVENSKI STANDARD
SIST EN ISO/IEC 27019:2020
01-maj-2020
Informacijska tehnologija - Varnostne tehnike - Kontrole informacijske varnosti za
energetske operaterje (ISO/IEC 27019:2017, popravljena verzija 2019-08)
Information technology - Security techniques - Information security controls for the
energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmaßnahmen für die
Energieversorgung (ISO/IEC 27019:2017, korrigierte Fassung 2019-08)
Technologies de l'information - Techniques de sécurité - Mesures de sécurité de
l'information pour l'industrie des opérateurs de l'énergie (ISO/IEC 27019:2017, Version
corrigée 2019-08)
Ta slovenski standard je istoveten z: EN ISO/IEC 27019:2020
ICS:
03.100.70 Sistemi vodenja Management systems
27.010 Prenos energije in toplote na Energy and heat transfer
splošno engineering in general
35.030 Informacijska varnost IT Security
SIST EN ISO/IEC 27019:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 27019:2020

---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 27019:2020


EUROPEAN STANDARD
EN ISO/IEC 27019

NORME EUROPÉENNE

EUROPÄISCHE NORM
March 2020
ICS 03.100.70

English version

Information technology - Security techniques - Information
security controls for the energy utility industry (ISO/IEC
27019:2017, Corrected version 2019-08)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren -
- Mesures de sécurité de l'information pour l'industrie Informationssicherheitsmaßnahmen für die
des opérateurs de l'énergie (ISO/IEC 27019:2017, Energieversorgung (ISO/IEC 27019:2017, korrigierte
Version corrigée 2019-08) Fassung 2019-08)
This European Standard was approved by CEN on 2 March 2020.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.



















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27019:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 27019:2020
EN ISO/IEC 27019:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 27019:2020
EN ISO/IEC 27019:2020 (E)
European foreword
The text of ISO/IEC 27019:2017 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
EN ISO/IEC 27019:2020 by Technical Committee CEN/CLC/JTC 13 “Cybersecurity and Data Protection”
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2020, and conflicting national standards
shall be withdrawn at the latest by September 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxe
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO/IEC 27001:2023(Main)
Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
SIST EN ISO/IEC 27001:2023

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
SIST EN ISO/IEC 27007:2022

ISO/IEC 27007 provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.
ISO/IEC 27007 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27017:2021(Main)
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
SIST EN ISO/IEC 27017:2021

This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27011:2020(Main)
Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations (ISO/IEC 27011:2016)
SIST EN ISO/IEC 27011:2020

The scope of this Recommendation | ISO/IEC 27011:2016 is to define guidelines supporting the implementation of information security controls in telecommunications organizations.
The adoption of this Recommendation | ISO/IEC 27011:2016 will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

  • Standard
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27000:2020(Main)
Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2018)
SIST EN ISO/IEC 27000:2020

EN ISO/IEC 27000 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN ISO/IEC 27010(Main)
Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications (ISO/IEC 27010:2015)
oSIST prEN ISO/IEC 27010:2020
  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9104-1:2023(Main)
Aerospace series - Quality management systems - Part 1: Requirements for Certification of aviation, space, and defense
SIST EN 9104-1:2024

This document defines the industry-accepted requirements for the ICOP scheme, which provides confidence to ASD customers, that organizations with certification of their QMS, issued by accredited CBs, meet applicable AQMS standard requirements. The requirements in this document are applicable to all participants in the ICOP scheme. If there is a conflict between the requirements of this document, and customer or applicable statutory/regulatory requirements, the latter takes precedence.

  • Standard
    50 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9104-3:2023(Main)
Aerospace series - Quality management systems - Part 3: Requirements for Aviation, Space, and Defence Auditor Training, Development, Competence, and Authentication
SIST EN 9104-3:2024

This document defines the minimum requirements for auditors, CBs, auditor authentication bodies (AABs), training provider approval bodies (TPABs), and training providers (TPs) who participate in the IAQG industry controlled other party (ICOP) scheme. The requirements in this document supplement those defined within the EN 9104-001, EN 9104-002, EN ISO/IEC 17021-1, and EN ISO/IEC 17021-3 standards.
Data protection for the parties subject to this document and other relevant requirements of the ICOP scheme are managed via bi-lateral contracts between the joint controllers of the data.

  • Standard
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9103:2023(Main)
Aerospace series - Quality management systems - Variation management of key characteristics
SIST EN 9103:2024

1.1   General
This document is primarily intended to apply to new parts and products intended to be produced in an on-going production phase but can also be applied to parts currently in production (e.g., manufacturing, maintenance). This document is applicable to all production processes that influence the variation of KCs, as well as maintenance and service processes in which KCs are identified. It applies to organizations for assemblies and all levels of parts within an assembly, down to the basic materials including castings and forgings, and to organizations that are responsible for producing the design characteristics of the product.
The variation control process begins with product definition, typically stated in the design documentation (e.g., digital model, engineering drawing, specification) which identifies KCs, and leads to a variation management process for those KCs. This process may also be used for producer-identified KCs (e.g., process KCs, additional/substitute product KCs).
Producers and their subcontractors are responsible for flow down of the standard requirements to those external providers, who produce design characteristics and provide production and service provisions, to ensure that KCs conform to the customer’s requirements.
1.2   Purpose
This document is designed to drive the improvement of manufacturing and maintenance processes through adequate planning and effective management of KC variation. This focus is intended to improve uniformity (less variation or minimum variation of product KCs) and acceptance probability of the end-product.
NOTE   Control of a product or process KC per this document does not constitute, nor imply acceptance of the resulting product. If variation management, under this document, is to be part of an acceptance decision, the requirements need to be specified in the applicable product acceptance plan or contract.
1.3   Convention
The following conventions are used in this document:
-   "shall" indicates a requirement;
-   "should" indicates a recommendation;
-   "may" indicates a permission; and
-   "can" indicates a possibility or a capability.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9101:2023(Main)
Aerospace series - Quality management systems - Requirements for conducting audits of aviation, space, and defence quality management Systems
SIST EN 9101:2024

1.1   General
This document defines requirements for the preparation and execution of the audit process. In addition, it defines the content and composition for the audit reporting of conformity and process effectiveness to the EN 9100-series standards, the organization’s QMS documentation, and customer and statutory/regulatory requirements.
The requirements in this document are additions or represent changes to the requirements and guidelines in the standards for conformity assessment, auditing, and certification as published by ISO/IEC (i.e. ISO/IEC 17000:2020, ISO/IEC 17021 1). When there is conflict with these standards, the requirements of this document take precedence.
NOTE 1   In this document, the term “EN 9100-series standards” comprises the EN 9100, EN 9110, and EN 9120 standards; developed by the IAQG and published by various national standards bodies.
NOTE 2   In addition to this document, the IAQG publishes deployment support material on the IAQG website (see http://www.iaqg.org) that can be used by audit teams, when executing the audit process.
1.2   Application
This document is intended to be used for audits of EN 9100-series standards by Certification Bodies (CBs) for certification of organizations, under the auspices of the ASD industry certification scheme [also known as the Industry Controlled Other Party (ICOP) scheme]. The ICOP scheme requirements are defined in the EN 9104-series standards (i.e. FprEN 9104-1, prEN 9104-2, EN 9104 3).
NOTE   Relevant parts of this document can also be used by an organization in support of internal audits (1st party) and external audits at suppliers (2nd party).

  • Standard
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day