scope:

This Standard applies to TfL and LU staff, as well as third parties, performing or overseeing Operations & Maintenance (O&M) activities on SSR Operational Systems and Assets (CBTC and ICS).

The control measures and requirements set out within this document must be applied to each Operational System or Asset and must be maintained and updated through the life of the system.

Purpose

This document sets out the Response and Recovery Standard requirements for managing Cyber Security breaches on the London underground (LU) Sub-Surface Railway (SSR) network, aligned with the Centre for the Protection of National Infrastructure (CPNI) six-step First Responder's Guide.

It additionally defines an SSR Cyber Security incident and the roles and responsibilities of employees and third parties to categorise the severity of incidents, establish a tiered response process compliant with best practice, and provide a process to manage and resolve incidents.

This document supports the overall Cyber Security requirements, complementing individual Standards for Cyber Security Governance S1754 (under development), Protection S1752 and Detection S1750.