scope:

This standard applies to TfL and London Underground (LU) staff, as well as Third Parties, performing or overseeing Operations & Maintenance activities on SSR Operational Systems and Assets.

This standard applies to all LU Operational Systems and Assets supporting Operations and Maintenance activities on the SSR network.

The control measures and requirements set out within this document must be applied to each Operational System or Asset and must be maintained and updated through the life of the system.

Purpose

This document sets out the high-level requirements for implementing and maintaining a robust approach to Cyber Security supporting Operations & Maintenance on the Sub-Surface Railway (SSR).

It describes the framework for managing the risk of Cyber Security incidents affecting the SSR operational railway, which has the potential to degrade the safety, reliability, functionality and/or performance levels of Operational Systems and Assets.

Note: This is a parent document to the SSR Operational Technology Cyber Security Governance Standard S1754 (under development)Error! Reference source not found., Detection Standard S1750Error! Reference source not found., Protection Standard S1752Error! Reference source not found. and Response and Recovery Standard S1753Error! Reference source not found., summarising the role of each document and describing the interaction between them.