This discussion is locked.
You cannot post a reply to this discussion. If you have a question start a new discussion

IET Safety and Security Code of Practice - Input needed

Briefing Document - we want your feedback

The IET Safety TPN has been working closely with the IET Standards Team on a scope for a new Safety and Security Code of Practice.   The briefiing document is attached so have a look and let us know what you think of the idea, does it cover what you would expect, would this be useful and any other comments that we can feed back to the committee.

Next Stage

Get involved and give us your thoughts on this page.


The next stage is to hold a scoping meeting at with around 30 interested stakeholders.  If you are interested in participating in a future scoping workshop on the area, please contact Andrew Cooney (Portfolio Development Manager, IET Standards).

IET Standards

For those of you who may not know a lot about the IET Standards, IET Standards publishes authoritative standards, codes of practice and guidance materials for professional engineers and other key stakeholders, using its expertise to achieve consensus on best practice in emerging and established technology fields. Have a look to see what we already have and what is coming soon.
  • James Inge‍ , Brian Penfold‍ , Andy German, John Canning‍ , Ronald Bell‍,  if you have anyone you want to push this out to, or any comments, please leave them as a reply. 


    Thanks


    Lynsay
  • Dear Lynsay


    Thaks for the invitation to offfer suggesitons.


    In principle such a code of practice sounds like a good idea, and something that would show that the IET is fufilling our interdisciplinary role.  But, as the scoping document lists, there is a lot out there already, so the key questions seems, to me, to be: What will our document do that helps engineers better than others have produced?  What would make this the "must go-to-and-read" document, not just a reading guide for the other documents?


    My apologies if that sounds like a wet blanket, but I have had experience in a previous life of trying to produce the overarching ultimate guide to multiple standards and codes and know how dififcult it can be.  Has the market for a new document been tested to know what is the unique offering that we can provide?


    If we are clear on these matters, this could be a world-beater for lots of industry sectors.


    Good luck


    Barry


  • Thanks Lynsay


    Lynsay Callaghan
    :
    James Inge‍ , Brian Penfold‍ , Andy German, John Canning‍ , Ronald Bell‍,  if you have anyone you want to push this out to, or any comments, please leave them as a reply. 


    Thanks


    Lynsay




     

  • Happy to support - email sent to Andrew


    Barry makes a valid point, and we are going through the same scoping exercise with the SCSC Safety of Autonomous Vehicles activity... defining what should, and what should not, be in scope will be a challenge.  Making it too wide ranging may mean it is too generic for everyone, and hence less useful for anyone.  But if we can get it right, it will be VERY useful!
  • Thank you all for your input.  I will collate everything that we get here and pass it on to the team.  If anyone else has anthing they would like to add, please get involved in the discussion, or share it out.
  • I'd be happy to support this activity, however I share the concerns about the scope.

    The title could be taken to be a CoP that addresses Safety, Securty, and their interaction.

    I believe the intended scope is CoP for securing safety related systems? ie. it is not trying to write a CoP for safety, or a CoP for Security of systems.


    It should look at the cases where safety & security are in conflict as well as when they have common interests.

    As has been identified the language of the domains should be addressed, as should the regulatory and governance similarities and differences.


    There is a potential link here with the SCSC work on assurance cases (www.scsc.org.uk/gc) where the interaction of safety and security will be discussed from an assurance perspective so I see potential for synergy between these two initiatives.


    Phil
  • Thanks Phil.  Some good advice and we will be sure to link in with the SCSC and the work they are doing.
  • Hi Sandy.  Thanks for this.  Let me check with the team and get back to you.  Lynsay
  • Former Community Member
    0 Former Community Member
    Hi Lynsay


    ​I am happy to assist. I will forward an email to Andrew as described.


    ​I agree with the concerns over scope but I also think there's a great opportunity here to clarify the approach and language about the way these two facets of system design interact. I believe the NCSC are soon to look at and perhaps update the old CPNI guidance regarding automation/SCADA systems. If somebody has a contact it might also be an opportunity to get some alignment between the two pieces of work.


    ​Regards

    David
  • Hi Lynsay


    I think that a code of practice covering the full range of systems that are highly connected to those that are relatively isolated from the internet is very ambitious. An alternative starting point would be a technical paper which discussed the issues, and provided guidance to help the engineer balance competing requirements derived from safety and security standards. Depending on user feedback this could grow to become a set of guidelines.

    Such a paper should start with the domain specific definitions of risk which is not straightforward as the safety domain considers  people, property and the environment while the security domain focuses on confidentiality, integrity and availability.


    Regards

    David Cronheim