Today is...
Tuesday, March 28, 2017
Welcome to Control.com, the global online
community of automation professionals.
Featured Video...
Featured Video
A tutorial introduction to programming using the QuickBuilder Programming Environment.
Our Advertisers
Help keep our servers running...
Patronize our advertisers!
Visit our Post Archive
ISO 27001
Looking for information on ISO 27001
By Jeremy Pollard on 9 January, 2017 - 7:18 pm

Good evening all... am looking for someone to dialog with regarding this regulation (ISO 27001)....???? can someone help??? TIA

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change

It's a european standard for what we now call cyber security, started in the UK to set some form of standard across the nations.

https://en.wikipedia.org/wiki/ISO/IEC_27001:2005

http://www.british-assessment.co.uk/services/iso-certification/iso-27001-certification/?gclid=CPuZ7faxt9ECFUsq0wodTEAKZg

By Jeremy Pollard on 10 January, 2017 - 2:50 pm

Thank you... is this a regulatory platform for what companies do in the US? Is there an equivalent regulation as such that is in use here? Who really cares if a company is ISO 27001 compliant.. anyone?
TIA - all seems very confusing!!!

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change
Ontario, Canada

I doubt companies in the US are interested in European Regulation...
And the UK has shown (as in 'Brexit' !) what it thinks of European Regulations - especially as in this case it originated in the UK. the Euro-bureaucrats then throw it back at us as though they thought it up.

I'm not aware of equivalent Regulation in the US...cyber-security is kind of self-regulating, with many US companies hot on the subject!

By Jeremy Pollard on 11 January, 2017 - 6:14 pm

Thx oneeye14.. appreciated... have you heard of or seen " top 20 CriticalSecurity Controls (CSC)"? when I spoke with Marty Edwards of DHS - US_CERT he said that if it isn't regulated it wont happen. But ISO stuff is really elective, although some companies require ISO
certification to do business etc.

Wondering if regulation will ever be enforced by law as such..

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change

Jeremy,

In my industry, power generation and turbine control, I am starting to see ISO 27001 trickle down when we talk about supply chain and OT systems. I believe this trend will continue as end customers and OEM's start to implement supply chain cyber security requirements with vendors.

By Jeremy Pollard on 14 January, 2017 - 2:45 pm

Thx Sundbug .. appreciated... may I ask which parts or sections are the more important areas?? Or is it simply all parts?? TIA:)

Cheers from: Jeremy Pollard, CET
The Caring Canuckian!
Crisis, necessity, change

'I DID'

ISO27001 is a standard (part of a suite of standards) developed for IT systems. Because ISO27001 was not specific for use in industrial control systems, ISA formed ISA99 in the early 2000 time frame to develop control system cyber security standards. The suite of control systems cyber security standards are IEC62443.

Joe Weiss, Managing Director ISA99
joe.weiss@realtimeacs.com