IS/ISO/IEC 27019 : 2024 Information Security - Cybersecurity and Privacy Protection - Information Security Controls for the Energy Utility Industry
NATIONAL FOREWORD
This Indian Standard (First Revision) which is identical to 'ISO/IEC 27019 : 2024 Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry' issued by the International Organization Standardization (ISO) and International Electrotechnical Commission (IEC) was adopted by the Bureau of Indian Standards (BIS) on the recommendations of the Information Systems Security And Privacy Sectional Committee and approval of the Electronics and Information Technology Division Council.
This standard was first published in 2019 and was identical to ISO/IEC 27019 : 2017. This revision has been brought out to to align it with the latest version of ISO/IEC 27019 : 2024. The main changes are as follows:
a) alignment of the controls to the organizational, people, physical and technological themes covered in ISO/IEC 27002 : 2022;
b) the 'Guidance' and 'other information' in Clauses 5 to 8 have been updated, to avoid redundancies with ISO/IEC 27002 : 2022; and
c) attributes have been added to the controls specific to this document.
The text of ISO/IEC standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions and terminologies are, however, not identical to those used in Indian Standards. Attention is particularly drawn to the following:
a) Wherever the words 'International Standard' appear referring to this standard, they should be read as 'Indian Standard'; and
b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to use a point (.) as the decimal marker.