If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.
Standards Development
This part of IEC 62443 specifies a comprehensive set of requirements for security-related processes that IACS service providers can offer to the asset owner during integration and maintenance activities of an Automation and Control Solution. Because not all requirements apply to all industry groups and organizations, 4.1.4 provides for the development of "profiles" that allow for the subsetting of these requirements. Profiles are used to adapt this document to specific environments, including environments not based on an IACS.
NOTE 1 The term "Automation and Control Solution" is used as a proper noun (and therefore capitalized) in this document to prevent confusion with other uses of this term.
Collectively, the security processes offered by an IACS service provider are referred to as its Security Program. In a related specification, IEC 62443-2-1:2010 [9] describes requirements for the security program of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related.
Figure 1 illustrates the integration and maintenance security processes of service provider(s) and their relationships to the Automation and Control Solution.
NOTE 3 The IACS is a combination of the Automation and Control Solution and the organizational measures necessary for its design, deployment, operation, and maintenance.
NOTE 4 Maintenance of legacy system with insufficient security technical capabilities, implementation of policies, processes and procedures can be addressed through risk mitigation.
Please see draft for Figure 1 – Scope of service provider processes
In Figure 1, the Automation and Control Solution is illustrated to contain essential functions that include safety functions, commonly implemented by a Safety System, and complementary and control functions, commonly implemented by supporting applications, such as batch management, advanced control, historian, and security-related applications. The dashed boxes identify organizational roles that perform the indicated actions.
NOTE 5 Automation and Control Solutions typically have a single control system (product), but they are not restricted to do so. In general, the Automation and Control Solution is the set of hardware and software, independent of product packaging, which is used to control a physical process (e.g. continuous or manufacturing) as defined by the asset owner.
NOTE 6 Service providers often provide generic architectures that can be adapted for integration into an Automation and Control Solution. These generic architectures are often referred to as "reference architectures".
Required form fields are indicated by an asterisk (*) character.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment by: