IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
This PAS provides requirements and guidance for ensuring and assuring functional safety and
security in different ‘stages of the lifecycle. lt will help the coordination of risk assessment,design and management and operation processes, avoiding conflicts between functional safety
This specification does not aim to define a completely new lifecycle, but based on the functional
safety lifecycle,security lifecycle and other’state of the art engineering processes,it aims toprovide requirements and suggestions to support coordination between functionalsafety andsecurity.
The objective of this document is Industrial Automation Control Systems (IACS), including theEquipment Under Control(EUC) system and the safety-related system.
The following documents are referred to in the text in such a way that some or all of their contentconstitutes requirements of this document. For dated references, only the edition cited applies.
For undated’references,the latestedition of the referenced document(including anyamendments) applies.
There are no normative references in this document.
3Terms，definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
lsO and lIEC maintain terminological databases for use in standardization at the followingaddresses:
. Iso Online browsing platform: available at https://www.iso.org/obp.IEC Electropedia: available at http://www.electropedia.orgr
More definitions could refer to the IEC 62443 series and the lEC 61508 series.
situation when one or several safety measures and one or several security countermeasures are
not in coordination with each other and one or several safety measures cannot achieve itsrequired target performance
Nate 1 to entry: This conflict definition is in the context of this document,
freedom from unacceptable risk
[SOURCE: IEC 61508-4;2010,3.1.11 and lEC 62443-1-1:2009,3.2.94]
part of the overall safety relating to the EUC and the EUC control system that depends on thecorrect functioning of the E/E/PEsafety-related systems and other risk reduction measures[SOURCE: IEC 61508-4:2010,3.1.12]
a) measures taken to protect a system
b) condition of a system that results from the establishment and maintenance of measures to
protect the system
c) condition of system resources being free from unauthorized access and from unauthorized or
accidental change, destruction, or loss.
d) capability of a computer-based system to provide adequate confidence that unauthorized
persons and systems can neither’modify the software and its data nor gain access to thesystem functions, and yet to ensure that this is not denied to authorized persons and systems
e) prevention of illegal or unwanted penetration of,or interference with the proper and intended
operation of an industrial automation and control system
Nete 1 to entry: Measures can be eontrols related to physica security (controling physical access to camputingassets) or logical secumity (capability to login to a given system and application).
[SOURCE: IEC 62443-1-1;2009,3.2.99]
potential for violation of security, which exists when there is a circumstance, capability, action,or event that could breach security and cause harm
[SOURCE: IEC 62443-1-1;2009,3.2.125]
flaw or weakness in a system’s design，implementation，or operation and management thatcould be exploited to violate the system’s integrity or security policy
physical or logical object which has a perceived or a defined value for an IACS combined safetyand operational functionality
Note 1 to entry: This assetdefinition is in the contaxt of this document
activity of the IACS, which means:
– all risk-related factors have been considered and are controlled;- risk management process is reasonably implemented;
– no conflict exists between safety measures and security countermeasures.