ISO/IEC 27019:2017提供了基于ISO/IEC 27002:2013的指南，应用于能源公用事业行业使用的过程控制系统，用于控制和监测电力、天然气、石油和热量的生产或发电、传输、储存和分配，以及相关支持过程的控制。这尤其包括以下内容: -中央和分布式过程控制、监测和自动化技术以及用于其运行的信息系统，如编程和参数化装置； -数字控制器和自动化部件，例如控制和现场设备或可编程逻辑控制器(PLC)，包括数字传感器和致动器元件； -在过程控制领域中使用的所有其他支持信息系统，例如。g.用于补充数据可视化任务以及用于控制、监控、数据存档、历史记录、报告和文档目的； -过程控制领域中使用的通信技术，例如网络、遥测、远程控制应用和远程控制技术； -高级计量基础设施(AMI)组件，例如智能电表； -测量装置，例如用于排放值； -数字保护和安全系统，例如保护继电器、安全PLC、紧急调速器机构； -私人家庭、住宅建筑或工业客户装置中的能源管理系统，例如分布式能源(DER)、充电基础设施； -智能电网环境的分布式组件，例如在能源网、私人家庭、住宅建筑或工业客户装置中；-安装在上述系统上的所有软件、固件和应用程序，例如DMS（配电管理系统）应用程序或OMS（停电管理系统）； -存放上述设备和系统的任何处所； -用于上述系统的远程维护系统。 ISO/IEC 27019:2017不适用于核设施的过程控制领域。IEC 62645涵盖了该域。 ISO/IEC 27019:2017还包括一项要求，即使ISO/IEC 27001:2013中描述的风险评估和处理流程适应能源公用事业行业？本文件中提供了具体指导。

ISO/IEC 27019:2017 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following: - central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices; - digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements; - all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes; - communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology; - Advanced Metering Infrastructure (AMI) components, e.g. smart meters; - measurement devices, e.g. for emission values; - digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms; - energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations; - distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations; - all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System); - any premises housing the above-mentioned equipment and systems; - remote maintenance systems for above-mentioned systems. ISO/IEC 27019:2017 does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645. ISO/IEC 27019:2017 also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector?specific guidance provided in this document.