PR NF ISO/IEC 27019, Z74-219PR (11/2023)

This document contains recommendations based on ISO/IEC 27002:2013 applied to process control systems used by the energy operator industry to control and monitor the production, transportation, storage and distribution of electricity, gas, oil and heat, as well as for the control of associated support processes. This includes in particular: — centralized and distributed process control and monitoring technologies, automation systems and information systems used for their operation, such as programming and parameterization devices; — digital controllers and automation components such as control and field equipment or programmable logic controllers (PLCs), including digital sensors and actuators; — all other supporting information systems used in the field of process control, e.g. for additional data visualization tasks and for the purposes of control, monitoring, data archiving and logs (historical logging) , reporting and documentation generation; — communication technologies used in the field of process control, for example networks, telemetry, tele-driving applications and remote control technologies; — components of smart metering infrastructures, such as smart meters; — measuring equipment, intended for example to measure emission values; — digital protection and safety systems, such as protection relays, programmable safety controllers or emergency regulators; — energy management systems, for example, for decentralized energy production (DER, Distributed Energy Resources), electric charging infrastructures, in private homes, in residential buildings or in customer installations industrial; — distributed components of smart grid environments, for example in energy networks, in private homes, in residential buildings or in industrial customer installations; — all software, firmware and applications installed on the systems mentioned above, for example, Distribution Management Systems (DMS) or Outage Management Systems (OMS); — all premises housing the equipment and systems mentioned above; — remote maintenance systems for the systems mentioned above. This document does not apply to the area of process control of nuclear installations. This area is covered by IEC 62645. This document also contains a requirement for adapting the risk assessment and treatment processes described in ISO/IEC 27001:2013 to industry-specific recommendations energy operators provided in this document.
(Automatic translation from French)