Incentive

Information security is relevant for all companies today, but even more important for those operating critical infrastructures. The objective of this standard is to extend the ISO/IEC 27001 requirements to process control and automation technology. Primarily, it is designed for the energy supply industry and its supporting systems and associated infrastructures, but certain requirements may also be applicable to companies operating systems in the OT (Operational Technology) area.
The ISO/IEC 27019 standard can contribute significantly to an effective information security in the process control area.

Outcome

The measures implemented and audited in accordance with ISO/IEC 27019 in the area of process control and automation technology (Operational Technology) help to minimize the specific risks of the critical infrastructure of the energy industry and demonstrate a responsible and proactive approach to the hazards that Operational Technology (OT) can entail.

Target groups

Companies and organizations in the energy sector that maintain energy supply process control systems. Such systems can be used to control, regulate and monitor the extraction or generation, transmission, storage and distribution of electricity, gas, oil and heat and for the control of supporting processes.

Validity

3 years - for the purpose of continuous development, a surveillance audit takes place annually and a recertification audit after 3 years.

Recognition

The SQS certificate ISO/IEC 27019 is internationally valid.

Combinations

ISO/IEC 27019 can only be certified in combination with ISO/IEC 27001.