← Home

IEC 62443-2-1 Clause 10 – Protection of Data

ISA/IEC 62443-2-1:2024, Clause 10 covers protection of data as Security Program Element SPE 5 in the asset owner’s IACS Security Program.

SPE 5 keeps IACS information from being disclosed or altered improperly — through classification, confidentiality and integrity controls, retention rules, cryptography and careful handling of safety-system configuration modes.

Teaching note: The summaries below paraphrase ISA/IEC 62443-2-1:2024 for learning purposes. They are not a verbatim extract of the standard — always refer to the published text for normative wording and assessment.

Reference: ISA/IEC 62443-2-1:2024, Clause 10
Related: Security Program Requirements (2024) | CSMS (2010)

SPE pages: SPE 1 | SPE 2 | SPE 3 | SPE 4 | SPE 5 | SPE 6 | SPE 7 | SPE 8


Requirements in this SPE


DATA 1 – Protection of data

Reference: ISA/IEC 62443-2-1, Clause 10.2

DATA 1.1: Data classification

Clause: 10.2.1

Summary
IACS data that needs protection shall be identified and classified according to how strongly it must be safeguarded.

DATA 1.2: Data confidentiality

Clause: 10.2.2

Summary
Confidentiality controls for IACS data shall match the classification and the harm that disclosure would cause.

DATA 1.3: Safety system configuration mode

Clause: 10.2.3

Summary
Where safety systems are used, configuration changes shall only be made while configuration mode is intentionally enabled, and that mode shall only be turned on when a change is actually required.

DATA 1.4: Data retention policy

Clause: 10.2.4

Summary
Data retention — including secure disposal or purging — shall be defined for the full IACS lifecycle.

DATA 1.5: Cryptographic mechanisms

Clause: 10.2.5

Summary
Where cryptography is used on the IACS, mechanisms shall follow commonly accepted practice.

DATA 1.6: Key management

Clause: 10.2.6

Summary
Where keyed cryptography is approved, keys shall be used, protected and retired in line with practices accepted in both industrial and security communities.

DATA 1.7: Data integrity

Clause: 10.2.7

Summary
Integrity protection shall stop unauthorised alteration of data at rest or in motion — whether the movement is electronic or physical — based on relevant risk.

Key Takeaways