Unclassified documents

Committee: ZZ/4
Origin: BSI
Close date: 06/03/2018
View moreView less

This PAS specifies requirements for the security-minded management of manufacturing organizations and the associated value chain utilizing information, digital technologies and associated control systems for the design, production, operation, maintenance and disposal of products and systems. These requirements aim to protect organizational reputation and liability, intellectual property, safety and security of manufacturing assets, and the integrity and value of the manufactured items.

It covers how to identify security threats throughout the manufacturing value chain and product lifecycle: design; manufacture (including processing and mixing); commissioning and handover; operation and maintenance; performance management; change of use/modification; and disposal. It also addresses security issues within the digital ecosystem that the organization and its supporting supply chain operate.

This PAS covers the following elements of security: people, physical, process and technological.

It explains the need for, and application of, trustworthiness and security controls throughout a manufacturing value chain to deliver a holistic approach encompassing: safety; authenticity; availability (including reliability); confidentiality; integrity; possession; resilience; and utility.

This PAS addresses the steps required to create and cultivate an appropriate security mind-set and culture within a manufacturing organization and across its supply chain, including the need to monitor, audit and evaluate effectiveness.

The approach outlined in this PAS is applicable to any manufacturing organization and its ecosystem where manufacturing information is processed and used in digital form.


NOTE This PAS also aligns with the approach advocated by the Centre for the Protection of National Infrastructure (CPNI) for raising security mindedness across sectors[1].

The PAS is for use by senior executive managers, operational managers, engineers, and operatives in manufacturers of products and systems and their associated supply chains and its ecosystem. It might also be of use to insurers and trainers.


[1] CPNI Website: https://www.cpni.gov.uk