User:I72alllj/sandbox

ISO/IEC TR 27019 is a security standard, part of the ISO/IEC 27000 family of standards, developed for the energy utility industry to provide guiding principles to process control systems used by it. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

It is based on ISO/IEC 27002, but it is applied for energy management (to control generation, transmission, storage and distribution of electric power) and for the control of associated supporting processes. It is not applied to the process control of nuclear facilities and it is not applied to telecommunication systems and components used in the process control environment. ISO/IEC TR 27019 first version was published on July of 2013. and its latest version was published on November 27 of 2017.

Standard Versions
That standard has two versions:


 * ISO/IEC 27019:2013
 * ISO/IEC 27019:2017

Structure of the standard
The official title of the standard is "Information technology — Security techniques — Information security controls for the energy utility industry". ISO/IEC 27019:2017 has eighteen sections, plus a long annex, which cover:
 * 1. Scope
 * 2. Normative References
 * 3. Terms and definitions
 * 4. Structure of the document
 * 5. Information security policies
 * 6. Organization of information security
 * 7. Human resource security
 * 8. Asset management
 * 9. Access control
 * 10. Cryptography
 * 11. Physical and environmental security
 * 12. Operations security
 * 13. Communications security
 * 14. System acquisition,development and maintenance
 * 15. Supplier relationships
 * 16. Information security incident management
 * 17. Information security aspects of business continuity management
 * 18. Compliance

Objectives
This standard provides guiding and good practices principles to management of security of information applied to energy utility industry. The aim of the standard is to be part of the ISO/IEC 27000 family of standards to extend it to the domain of control process systems and automation technology. In this way, it allows to create an Information security management (ISM) which follows the principles described at ISO/IEC 27001.