IEC PAS 63325:2020 pdf free download

IEC PAS 63325:2020 pdf free download Lifecycle requirements for functional safety and security for IACS
1 Scope
This PAS provides requirements and guidance for ensuring and assuring functional safety and security in different ‘stages of the lifecycle. lt will help the coordinationof risk assessment,design and management and operation processes, avoiding conflicts between functional safety and security.
This specification does not aim to define a completely new lifecycle, but based on the functional safety lifecycle，security lifecycle and other state of the art engineering processes,it aims toprovide requirements and suggestions to support coordination between functional safety andsecurity.
The objective of this document is Industrial Automation Control Systems (IACS), including theEquipment Under Control (EUC) system and the safety-related system.
2Normative references
The following documents are referred to in the text in such a way that some or all of their contentconstitutes requirements of this document.For dated references, only the edition cited applies.
For undated references,the latest edition of the referenced document(including anyamendments) applies.
There are no normative references in this document.
3Terms，definitions and abbreviated terms
3.1Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and lEC maintain terminological databases for use in standardization at the followingaddresses:
. Iso Online browsing platform: available at https:/www.iso.orglobp. IEC Electropedia: available at http://www.electropedia.orgl
More definitions could refer to the lEC 62443 series and the lEC 61508 series.
3.1.1
conflict
situation when one or several safety measures and one or several security countermeasures are
not in coordination with each other and one or several safety measures cannot achieve itsrequired target performance
Note 1 to entry: This conflict definition is in the context of this document.
3.1.2
safety
freedom from unacceptable risk
[SOURCE: lEC 61508-4:2010,3.1.11 and lEC 62443-1-1:2009,3.2.94]
3.1.3
functional safety
part of the overall safety relating to the EUC and the EUC control system that depends on thecorrect functioning of the E/E/PE safety-related systems and other risk reduction measures
[SOURCE: IEC 61508-4:2010,3.1.12]
3.1.4
security
a) measures taken to protect a system
b) condition of a system that results from the establishment and maintenance of measures to protect the system
c) condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss.
d) capability of a computer-based system to provide adequate confidence that unauthorized persons and systems can neither modify the software and its data nor gain access to thesystem functions, and yet to ensure that this is not denied to authorized persons and systems
e) prevention of illegal or unwanted penetration of, or interference with the proper and intended operation of an industrial automation and control system
Note 1 to entry: Measures can be controls related to physical security (controlling physical access to computingassets) or logical security (capability to login to a given system and application).
[SOURCE: IEC 62443-1-1:2009,3.2.99]
3.1.5
threat
potential for violation of security, which exists when there is a circumstance, capability, action,or event that could breach security and cause harm
[SoURCE: IEC62443-1-1:2009,3.2.125]
3.1.6
vulnerability
flaw or weakness in a system’s design，implementation，or operation and management thatcould be exploited to violate the system’s integrity or security policy
[SOURCE: IEC 62443-1-1:2009,3.2.135]
3.1.7
asset
physical or logical object which has a perceived or a defined value for an IACS combined safetyand operational functionality
Note 1 to entry: This asset definition is in the context of this document.3.1.8
coordination
activity of the IACS, which means:
all risk-related factors have been considered and are controlled;risk management process is reasonably implemented;