← Home
IEC 62443-2-1 Clause 10 – Protection of Data
ISA/IEC 62443-2-1:2024, Clause 10 covers
protection of data as Security Program Element SPE 5
in the asset owner’s IACS Security Program.
SPE 5 keeps IACS information from being disclosed or altered improperly — through
classification, confidentiality and integrity controls, retention rules, cryptography and
careful handling of safety-system configuration modes.
Teaching note: The summaries below paraphrase ISA/IEC 62443-2-1:2024 for
learning purposes. They are not a verbatim extract of the standard — always refer to the
published text for normative wording and assessment.
Reference: ISA/IEC 62443-2-1:2024, Clause 10
Related:
Security Program Requirements (2024)
|
CSMS (2010)
SPE pages: SPE 1 | SPE 2 | SPE 3 | SPE 4 | SPE 5 | SPE 6 | SPE 7 | SPE 8
DATA 1 – Protection of data
Reference: ISA/IEC 62443-2-1, Clause 10.2
DATA 1.1: Data classification
Clause: 10.2.1
Summary
IACS data that needs protection shall be identified and classified according to how strongly
it must be safeguarded.
DATA 1.2: Data confidentiality
Clause: 10.2.2
Summary
Confidentiality controls for IACS data shall match the classification and the harm that
disclosure would cause.
DATA 1.3: Safety system configuration mode
Clause: 10.2.3
Summary
Where safety systems are used, configuration changes shall only be made while configuration
mode is intentionally enabled, and that mode shall only be turned on when a change is
actually required.
DATA 1.4: Data retention policy
Clause: 10.2.4
Summary
Data retention — including secure disposal or purging — shall be defined for the full IACS
lifecycle.
DATA 1.5: Cryptographic mechanisms
Clause: 10.2.5
Summary
Where cryptography is used on the IACS, mechanisms shall follow commonly accepted practice.
DATA 1.6: Key management
Clause: 10.2.6
Summary
Where keyed cryptography is approved, keys shall be used, protected and retired in line with
practices accepted in both industrial and security communities.
DATA 1.7: Data integrity
Clause: 10.2.7
Summary
Integrity protection shall stop unauthorised alteration of data at rest or in motion —
whether the movement is electronic or physical — based on relevant risk.
Key Takeaways
- SPE 5 protects IACS data confidentiality and integrity across the lifecycle.
- Seven DATA requirements under Clause 10 cover classification through cryptography and integrity.
- See Security Program Requirements (2024) for SP context.