iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

oSIST prEN ISO/IEC 27019:2025

(Main)

Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)

Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)

This document provides information security controls for the energy utility industry, based on ISO/IEC 27002:2022, for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes.

Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Informationssicherheitsmaßnahmen für die Energieversorgung (ISO/IEC 27019:2024)

Sécurité de l'information, cybersécurité et protection de la vie privée - Mesures de sécurité de l'information pour l'industrie des opérateurs de l'énergie (ISO/IEC 27019:2024)

Informacijska varnost, kibernetska varnost in varstvo zasebnosti - Kontrole informacijske varnosti za energetske operaterje (ISO/IEC 27019:2017, popravljena različica 2019-08)

General Information

Status
Not Published
Public Enquiry End Date
03-Nov-2025
ICS
03.100.70 - Management systems
27.010 - Energy and heat transfer engineering in general
35.030 - IT Security
Technical Committee
ITC - Information technology
Current Stage
4020 - Public enquire (PE) (Adopted Project)
Start Date
21-Aug-2025
Due Date
08-Jan-2026
Ref Project
prEN ISO/IEC 27019 - Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)

Relations

Revises
SIST EN ISO/IEC 27019:2020 - Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
Effective Date
11-Jun-2025
prEN ISO/IEC 27019:2025prEN ISO/IEC 27019:2025
PreviousNext
Draft
prEN ISO/IEC 27019:2025
English language
47 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2025
Informacijska varnost, kibernetska varnost in varstvo zasebnosti - Kontrole
informacijske varnosti za energetske operaterje (ISO/IEC 27019:2017, popravljena
različica 2019-08)
Information security, cybersecurity and privacy protection - Information security controls
for the energy utility industry (ISO/IEC 27019:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre -
Informationssicherheitsmaßnahmen für die Energieversorgung (ISO/IEC 27019:2024)
Sécurité de l'information, cybersécurité et protection de la vie privée - Mesures de
sécurité de l'information pour l'industrie des opérateurs de l'énergie (ISO/IEC
27019:2024)
Ta slovenski standard je istoveten z: prEN ISO/IEC 27019
ICS:
03.100.70 Sistemi vodenja Management systems
27.010 Prenos energije in toplote na Energy and heat transfer
splošno engineering in general
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

International
Standard
ISO/IEC 27019
Second edition
Information security, cybersecurity
2024-10
and privacy protection —
Information security controls for
the energy utility industry
Sécurité de l'information, cybersécurité et protection de la vie
privée — Mesures de sécurité de l'information pour l'industrie
des opérateurs de l'énergie
Reference number
ISO/IEC 27019:2024(en) © ISO/IEC 2024

ISO/IEC 27019:2024(en)
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC 27019:2024(en)
Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 2
3 Terms, definitions and abbreviated terms . 2
3.1 Terms and definitions .2
3.2 Abbreviated terms .4
4 Structure of this document . 4
5 Organizational controls . 4
5.1 Policies for information security . .4
5.2 Information security roles and responsibilities .4
5.3 Segregation of duties.4
5.4 Management responsibilities .4
5.5 Contact with authorities .5
5.6 Contact with special interest groups . .5
5.7 Threat intelligence .5
5.8 Information security in project management .5
5.9 Inventory of information and other associated assets .6
5.10 Acceptable use of information and other associated assets .6
5.11 Return of assets .6
5.12 Classification of information .6
5.13 Labelling of information .7
5.14 Information transfer .7
5.15 Access control .7
5.16 Identity management .7
5.17 Authentication information .8
5.18 Access rights .8
5.19 Information security in supplier relationships .8
5.20 Addressing information security within supplier agreements .8
5.21 Managing information security in the ICT supply chain .9
5.22 M onitoring, review and change management of supplier services .9
5.23 Information security for use of cloud services .9
5.24 Information security incident management planning and preparation .9
5.25 A ssessment and decision on information security events .9
5.26 Response to information security incidents .9
5.27 Learning from information security incidents .9
5.28 Collection of evidence . .9
5.29 Information security during disruption .9
5.30 ICT readiness for business continuity .9
5.31 L egal, statutory, regulatory and contractual requirements .10
5.32 Intellectual property rights .10
5.33 Protection of records .10
5.34 Privacy and protection of PII .10
5.35 Independent review of information security .10
5.36 C ompliance with policies, rules and standards for information security .10
5.37 Documented operating procedures .10
5.38 ENR – Identification of risks related to external business partners .10
5.39 ENR – Addressing security when dealing with customers .11
6 People controls .12
6.1 Screening . 12
6.2 Terms and conditions of employment . 12
6.3 Information security awareness, education and training . 12
6.4 Disciplinary process . 12

© ISO/IEC 2024 – All rights reserved
iii
ISO/IEC 27019:2024(en)
6.5 Responsibilities after termination or change of employment. 12
6.6 Confidentiality or non-disclosure agreements . 12
6.7 Remote working . 13
6.8 Information security event reporting. 13
7 Physical controls .13
7.1 Physical security perimeters . 13
7.2 Physical entry . 13
7.3 Securing offices, rooms and facilities . 13
7.4 Physical security monitoring . . 13
7.5 Protecting against physical and environmental threats .14
7.6 Working in secure areas .14
7.7 Clear desk and clear screen .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO/IEC 27019:2020(Main)
Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
EN ISO/IEC 27019:2020

ISO/IEC 27019:2017 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following:
-      central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices;
-      digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements;
-      all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes;
-      communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology;
-      Advanced Metering Infrastructure (AMI) components, e.g. smart meters;
-      measurement devices, e.g. for emission values;
-      digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms;
-      energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations;
-      distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations;
-      all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System);
-      any premises housing the above-mentioned equipment and systems;
-      remote maintenance systems for above-mentioned systems.
ISO/IEC 27019:2017 does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645.
ISO/IEC 27019:2017 also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector?specific guidance provided in this document.

  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27019:2020(Main)
Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
EN ISO/IEC 27019:2020

ISO/IEC 27019:2017 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following:
-      central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices;
-      digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements;
-      all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes;
-      communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology;
-      Advanced Metering Infrastructure (AMI) components, e.g. smart meters;
-      measurement devices, e.g. for emission values;
-      digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms;
-      energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations;
-      distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations;
-      all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System);
-      any premises housing the above-mentioned equipment and systems;
-      remote maintenance systems for above-mentioned systems.
ISO/IEC 27019:2017 does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645.
ISO/IEC 27019:2017 also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector?specific guidance provided in this document.

  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 18080:2025(Main)
Glass in building - Reaction to fire - Mounting and fixing instructions for glass products and extended application of test results
EN 18080:2025

This document gives precisions on the mounting and fixing rules for testing glass products and provides guidance. It defines procedures for extended application of test results obtained in accordance with EN ISO 1716, EN ISO 11925 2, EN ISO 1182 and EN 13823 and classified according to EN 13501 1.
The extended application rules in this document are not applicable to laminated glass comprising plastic glazing sheet material.
This document is not applicable to joints and cables, junction boxes, glues, mounting seals and any fixing devices used to install the glass product.

  • Standard
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 13060:2025(Main)
Sterilizers for medical purposes - Small steam sterilizers - Requirements and testing
EN 13060:2025

This document specifies the performance requirements and test methods for small steam sterilizers and sterilization cycles which are used for medical purposes or for materials that are likely to come into contact with blood or body fluids.
This document applies to automatically controlled small steam sterilizers that generate steam using electrical heaters or use steam that is generated by a system external to the sterilizer.
This document applies to small steam sterilizers used primarily for the sterilization of medical devices with a chamber volume of less than 60 l and unable to accommodate a sterilization module (300 mm × 300 mm × 600 mm).
The requirements concerning the quality management and risk management are addressed by other standards (e.g. EN ISO 13485, EN ISO 14971).
This document does not apply to small steam sterilizers that are used to sterilize liquids or pharmaceutical products.
This document does not specify safety requirements related to risks associated with the zone in which the sterilizer is used (e.g. flammable gases).
This document does not specify requirements for the validation and routine control of sterilization by moist heat.
NOTE   Requirements for the validation and routine control of sterilization by moist heat are given in EN ISO 17665.
This document does not specify requirements for other sterilization processes that also employ moist heat as part of the process (i.e. formaldehyde, ethylene oxide).

  • Standard
    121 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 63180:2021/A1:2025(Amendment)
Methods of measurement and declaration of the detection range of detectors - Passive infrared detectors for major and minor motion detection (IEC 63180:2020/AMD1:2025)
EN IEC 63180:2020/A1:2025
  • Amendment
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 19932-3:2025(Main)
Equipment for crop protection - Knapsack sprayers - Part 3: Inspection of knapsack sprayers in use (ISO 19932-3:2025)
EN ISO 19932-3:2025

This document specifies the requirements and test methods for inspection of the use of knapsack sprayers carried on the back or shoulder of the operator for use with plant protection products (PPPs).
The requirements relate mainly to the condition of the sprayer with respect to its potential risk to the operator and the environment and its performance to achieve good application.
This document is applicable to lever-operated knapsack sprayers, knapsack compression sprayers and knapsack sprayers driven by an engine or electric motor using hydraulic pressure atomisation of the spray liquid, intended for use primarily in agriculture, forestry and horticulture, with a nominal volume of more than 6,0 l.
It does not apply to
—    knapsack combustion engine-driven air-blast sprayers, which are covered in ISO 28139:2019/Amd 1:2024,
—    controlled droplet application equipment utilizing rotary atomisers, or
—    portable application equipment for spatial application (such as foggers).

  • Standard
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 60204-1:2018/A1:2025(Amendment)
Safety of machinery - Electrical equipment of machines - Part 1: General requirements (IEC 60204-1:2016/AMD1:2021)
EN 60204-1:2018/A1:2025

Not available

  • Amendment
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 19932-1:2025(Main)
Equipment for crop protection - Knapsack sprayers - Part 1: Safety and environmental requirements (ISO 19932-1:2025)
EN ISO 19932-1:2025

This document specifies the safety and environmental requirements and their means of verification for the design and construction of knapsack sprayers carried on the back or shoulder of the operator for use with plant protection products. It also specifies the type of information on safe working practices (including residual risks) to be provided by the manufacturer.
This document is applicable to lever-operated knapsack sprayers, knapsack compression sprayers and knapsack sprayers driven by an engine or electric motor using hydraulic pressure atomisation of the spray liquid intended to be used primarily in agriculture, forestry and horticulture with a nominal volume of more than 6,0 l.
This document is not applicable to knapsack sprayers which are manufactured before the date of publication of this document.
It does not apply to knapsack combustion engine-driven air-blast sprayers according to ISO 28139: 2019+A1:2024.
This document deals with all significant hazards, hazardous situations and hazardous events relevant to knapsack sprayers when they are used as intended and under conditions of misuse which are reasonably foreseeable by the manufacturer (see Annex A), excepting the hazards arising from:
—     static electricity;
—     explosion or fire from chemicals for spraying; and
—     insufficient structural integrity.
Noise is not considered to be a relevant hazard for:
—     lever operated knapsack sprayers;
—     electric motor driven knapsack sprayers.
This document does not cover electromagnetic compatibility (EMC) requirements.
This document is intended to be applied in conjunction with ISO 19932-2:2025.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 15531-7:2025(Main)
Service Interface for Real Time Information (SIRI) - Part 7: Passenger Real-Time Information European Profile
CEN/TS 15531-7:2025

The main objective of this WI is to define a SIRI Passenger Real-Time Information European profile:
•   To identify a minimum subset of SIRI with codification rules and constraints for a European level plug and play exchange of real-time passenger information data between organisations at a European level
•   To reflect already existing NeTEx profiles defined at national level (Norway, France, Sweden, etc.).
•   To maintain a relevant real-time information dataset, as small and simple as possible, to ensure interoperability is maximised while at the same time enabling exchange of supplementary national real-time data that will not interfere with the core international dataset
•   To complement the EPIP (NeTEx European Passenger Information Profile) with real-time passenger information
•   To establish quality assessment procedures for implementing validation and quality assessment tools - including compliance checking rules - necessary to fulfil the requirement of the Commission
This profile will complement the NeTEx Passenger information profile and NeTEx Accessibility profile (under drafting) in order to get a set of consistent European profiles fulfilling the requirements of the Priority Action "A" of the ITS Directive.

  • Technical specification
    208 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61643-41:2025(Main)
Low-voltage surge protective devices - Part 41: Surge protective devices connected to DC low-voltage power systems - Requirements and test methods (IEC 61643-41:2025)
EN IEC 61643-41:2025

IEC 61643-41:2025 is applicable to devices for surge protection against indirect and direct effects of lightning or other transient overvoltages.
These devices are intended to be connected to DC power circuits and equipment rated up to 1 500 V DC. Performance and safety requirements, tests and ratings are specified in this document. These devices contain at least one nonlinear component and are intended to limit surge voltages and divert surge currents.
The test requirements provided by this document are based on the assumption that the SPD is connected to a DC power circuit fed by a power source providing a linear voltage-current characteristic. When the SPD is to be connected to a different kind of source, careful consideration is required. This mainly applies with regard to system and fault conditions to be expected in such a system (e.g. expected short circuit current, TOV-stresses).
This document can apply for railway applications, when related product standards do not exist for that area or for certain applications.
Based on a risk assessment it might not be necessary to apply all requirements of this document to SPDs designed for specific power applications only, e.g. circuits with a low power capability, circuits supplied by nonlinear sources, circuits with protective separation from the utility supply.
NOTE 1 More information on risk assessment is provided in IEC Guide 116.
SPDs for PV applications are not covered by this document.
NOTE 2 Such SPDs for PV applications are covered by IEC 61643-31.
NOTE 3 Other exclusions based on national regulations are possible.
This International Standard is to be used in conjunction with IEC 61643-01.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day