-
Disclosure to Promote the Right To Information
Whereas the Parliament of India has set out to provide a
practical regime of right to information for citizens to secure
access to information under the control of public authorities, in
order to promote transparency and accountability in the working of
every public authority, and whereas the attached publication of the
Bureau of Indian Standards is of particular interest to the public,
particularly disadvantaged communities and those engaged in the
pursuit of education and knowledge, the attached public safety
standard is made available to promote the timely dissemination of
this information in an accurate manner to the public.
इंटरनेट मानक
“!ान $ एक न' भारत का +नम-ण”Satyanarayan Gangaram Pitroda
“Invent a New India Using Knowledge”
“प0रा1 को छोड न' 5 तरफ”Jawaharlal Nehru
“Step Out From the Old to the New”
“जान1 का अ+धकार, जी1 का अ+धकार”Mazdoor Kisan Shakti
Sangathan
“The Right to Information, The Right to Live”
“!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता
है”Bhartṛhari—Nītiśatakam
“Knowledge is such a treasure which cannot be stolen”
“Invent a New India Using Knowledge”
है”ह”ह
IS 15024-1 (2001): Technical Product Documentation -Handling of
Computer-Based - Technical Information, Part1: Security
Requirements [PGD 24: Drawings]
-
L-.4$
IS 15024 (Part l):2001ISO 11442-1:1993 ; !
‘, 4
$77ww7w 7
~
m %T TI*44 *—’*- n
11’(TITI*II* ?’qywmwm ,%;::,mlgTwMl@
Indian Standard
TECHNICAL PRODUCT DOCUMENTATION —HANDLING OF COMPUTER-BASED
TECHNICAL INFORMATIONPART 1 SECURITY REQUIREMENTS
ICS 01.1 10; 35.240.10
:._
0 BIS 2001
BUREAU OF INDIAN STANDARDSMANAK BHAVAN, 9 BAHADUR SHAH ZAFAR
MARG
NEW DELHI 110002
A./gust 2001 Price Group 2
.’
-
Drawings Sectional Committee, BP 24
“*-..
NATIONAL FOREWORD
This Indian Standard (Part 1) which is identical with ISO
11442-1 : 1993 ‘Technical productdocumentation — Handling of
computer-based technical information: Part 1 Security
requirements’issued by the International Organization for
Standardization (ISO) was adopted by the Bureau ofIndian Standards
on the recommendation of Drawings Sectional Committee and approval
of the Basicand Production Engineering Division Council.
This standard (Parl 1) covers security aspects involved in the
handling of computer-aided design(CAD) information. These computer
security is with regard to installation and operation;
systemsecurity; document contents and communication. Other parts of
this series are given as follows:
IS 15024 (Part 2): 2001 Technical product documentation —
Handling of computer-basedtechnical information: Part 2 Original
documentation
IS 15024 (Part 3) :2001 Technical product documentation —
Handling of computer-basedtechnical information: Part 3 Phases in
the product design process
IS 15024 (Part 4): 2001 Technical product documentation —
Handling of computer-basedtechnical information: Pati 4 Document
management and retrievalsystem
The text of ISO Standard has been approved as suitable for
publication as Indian Standard withoutdeviations. In this adopted
standard, certain terminology and conventions are not identical to
thoseused in Indian Standards. Attention is particularly drawn to
the following:
a) Wherever the words ‘International Standard’ appear, referring
to this standard, they should beread as ‘Indian Standard’.
b) Comma (,) has been used as a decimal marker while in Indian
Standards the current practiceis to use a full point (.) as the
decimal marker.
In this adopted standard, reference appears to certain
international Standards for which IndianStandards also exist. The
corresponding Indian Standards which are to be substituted in their
placeare listed below along with their degree of equivalence for
the editions indicated:
,..-
.
International Corresponding Indian StandardStandard
ISO 10209-1:1992 IS 8930 (Part 1) : 1995 Technical
productdocumentation — Vocabulary Part 1 Termsrelating to technical
drawings: General and types ofdrawings (first revision)
iSO/TR 10623:1991 IS 15025:2001 Technical product documentation—
Requirements for computer-aided design anddraughting —
Vocabulary
Degree ofEquivalence
Identical
do
-
.-
1S 15024 ( Part 1 ) :2001
ISO 11442-1 : 1993
IndianStandard
TECHNICAL PRODUCT DOCUMENTATION —HANDLING OF COMPUTER-BASED
TECHNICAL INFORMATIONPART 1 SECURITY FiEQUIREMENTS
1 Scope
This part of ISO 11442 covers security aspects in-volved in the
handling of computer-aided design(CAD) information. Such computer
security is dividedinto four areas:
a) security with regard to installation and operation;
b) system security;
c) security with regard to document contents;
d) security with regard to communication.
Areas a) and b) apply to computerization in any
form,irrespective of the subject area, and are therefore notdealt
with in detail in this part of ISO 11442, with theexception of
backup copying, to which special atten-tion should be paid in
computer-aided design tech-niques.
The use of this part of ISO 11442 is intended to
facil-itate:
—
—
—
2
communication with quality assurance functionswithin the company
and outside;
consideration of the different security aspects inthe design
work;
purchase of appropriate systems and services.
Normative references
The following standardsthrough reference in thisof this part of
ISO 11442.
contain provisions which,text, constitute provisionsAt the time
of publication,
the editions indicated were valid. All standards aresubject to
revision, and parties to agreements basedon this part of ISO 11442
are encouraged to investi-gate the possibility of applying the most
recent edi-tions of the standards indicated below. Members ofIEC
and ISO maintain registers of currently validInternational
Standards.
ISO 10209-1:1992, Technics/ product documentation— Vocabulary —
Part 1: Terms relating to technicaldrawings: general and types of
drawings.
lSO/TR 10623:1991, Technics/product documentation— Requirements
for computer-aided design anddraughting — Vocabulary.
3 Definitions
For the purposes of this part of ISO 11442, the defi-nitions
given in ISO 10209-1 apply. Further termin-ology is given in lSOflR
10623.
4 Structural relationship of computersecurity
The structural relationship of the various security sys-tems is
presented schematically in figure 1.
5 Security with regard to installationand operation
NOTE 1 For access authorization. see 7.1.
5.1 Installation
Installation of computer equipment shall follow
thespecifications of the supplier.
,
---
1
-
....—IS 15024 ( Part 1 ) :2001
ISO 11442-1 : 1993
-—..
5.1.1 Electricity supply Once a week as a minimum the entire
database con-cerned should be backup-copied. The original
backup
In addition to correct voltage and power, the quality copy is
physically stored in a location different fromof the electricity
supply (protection against brief that of the original
document.Power cuts and transients) shall be considered.
Thisapplies to ordina~ power as well as backup powersupplies.
6 System security
5.1.2 Ventilation 6.1 Security of operation systems
Adequate ventilation is required to remove heat gen- 6.2
Security of application systemserated by the computer.
The computer program actually used should be regu-5.1.3 Cooling
Iarly checked against the version that was intended to
be used.Extensive computer equipment may require separatecooling
facilities. 7 Security of document contents
5.1.4 Magnetism7.1 Authorization
Magnetic tapes, disks and other magnetic media shallbe protected
against magnetic fields. Rules shall be laid down concerning
authorization to
create/design, read/copy, check/approve, revise and
5.1.5 Electrostatic environment
The equipment shall be protected against static elec-tricity
caused by, for example, synthetic floor cover-ings.
5.1.6 Trespassing
The location of computers in work areas may
requirereconsideration of access regulation, to reduce therisk of
unauthorized access.
5.2 Operation
5.2.1 Service end maintenance
Service contracts are recommended to limit computerdowntime,
5.2.2 Stand-by equipment
To eliminate, as far as possible, long computerdowntimes in
connection with serious equipmentfaults, access to suitable
stand-by equipment shouldbe guaranteed.
5.2.3 Backup copy
Original backup copying shall be carried out in ac-cordance-
with established and documented routines.This ensures that entered
data are not lost by, e.g.,faults in the electrical system,
computer malfunctionor operator error. The routine shall specify
personalresponsibility, time schedule, storage medium andstorage
place, etc. Temperature and humidity controlis necessary for some
storage media.
Original backup copying is recommended at the endof each day for
transactions carried out during the day.
phase out document contents
These rules shall be documented with regard to,among other
things, quality assurance.
The use of user identification (user ID) and passwords(or card
of authorization, etc.) permits access to:
— various computer-aided activities;
— data for a product range or part of a product range;
— different document types (e.g. item list,
assemblydrawing).
Passwords and user IDs should not be shared. Pass-words should
be kept secret and changed regularly;old passwords should not be
re-used.
Table 1 gives an example of a distribution of authoriz-ation
levels.
Each authorized person has a unique user ID andpassword. The
degree of authorization for the user IDshall be approved by the
manager of the function areainvolved and shall be administered by
the person incharge of the system. The user ID and passwordshould
not have any connection to name, employ-ment number, social
security number, birth date orany other related information.
Passwords may includenon-alphabetic as well as alphabetic
characters.
For further information concerning routines for thedifferent
computer-aided activities, see ISO 11442-3.
7.2 Copyright
Because not all countries have established legislationforbidding
unauthorized copying or use, each docu-ment should be provided with
a clause prohibitingthis.
..-
2
-
IS 15024 ( Part 1 1:2001ISO 11442-1 :1993
. . .—
—-n--!
J,
The clause should be affixed on any document re-corded on a
physical support. A label containing thisclause should be
physically taped on the storage me-dium. The same clause should
appear at the begin-
b ning and end of the data file when transmitted on
acommunication medium.
This procedure is adequate in most countries. To ob-* tain
protection in many other countries, a copyright
marking is required. This marking consists of “oCompany name
19XX” (where 19XX is the year inwhich the contents of the document
were madeavailable).
In cases where the symbol Q cannot be used, it shallbe replaced
by the word “COPYRIGHT”
When important changes are made in the contentsof the document,
the original year shall be retained
Personauthorized
NNA
NNB
NNC
NNC
NND
NNE
Creata/design
x
x
and shall be indicated as shown above. At the sametime, the year
of the revision can be given. This is notmandatory, but the
copyright protection time isthereby extended.
8 Communication security
8.1 Transfer protocol checking
Check the rules according to which the data is beingtransferred
from one application package to another.Data shall be in defined
form (input/output).
8.2 Data transfer protection
The data which are being transferred shall be pro-tected. Output
data shall be in defined form.
Table 1 — Authorization in the design process
Read/copy Check/ RevisaapprovePhase out
x x x
x x
x
x
x x
x x
Documenttype
1
1;3
1;2;3
1;2;3
1
1;3
Productranga
XA
XA
XA
XB
XB
XB. .. .
-
Gvio
I Security I( I
lip
I I IInstallation and
System securityI [
Security of Communicant ionoperational security document
contents security
I
ET clOperation~1-iiiEi!E’“ “’ ‘Ezac+Authorization E=7 =1Dots
transferprotection
EEIE3E3EZIEGIEEIE3
-
Bureau of Indian Standards
BIS is a statutory institution established under the Bureau of
Indian Standards Act, 1986 to promoteharmonious development of the
activities of standardization, marking and quality certification of
goodsand attending to connected matters in the country.
Copyright
BIS has the copyright of all its publications. No part of these
publications may be reproduced in anyform without the prior
permission in writing of BIS. This does not preclude the free use,
in the courseof implementing the standard, of necessary details,
such as symbols and sizes, type or gradedesignations. Enquiries
relating to copyright be addressed to the Director (Publications),
BIS.
Review of Indian Standards
Amendments are issued to standards as the need arises on the
basis of comments. Standards arealso reviewed periodically; a
standard along with amendments is reaffirmed when such review
indi-cates that no changes are needet if the review indicates that
changes are needed, it is taken up forrevision. Users of Indian
Standards should ascertain that they are in possession of the
latest amend-ments or edition by referring to the latest issue of
’61S Catalogue’ and ‘Standards: Monthly Additions’.
This Indian Standard has been developed from Doc : No. BP 24(
0148).
Amendments Issued Since Publication
t
Amend No. Date of Issue Text Affected
BUREAU OF INDIAN STANDARDS
Headquarters :
Manak Bhavan, 9 Bahadur Shah Zafar Marg, New Delhi 110002
Telegrams : ManaksansthaTelephones :3230131,3233375, 3239402
(Common to all offices)
Regional Offices : Telephone
Central : Manak Bhavan, 9 Bahadur Shah Zafar Marg
{
3237617NEW DELHI 110002 3233841
Eastern : 1/14 C.I.T. Scheme Vll M, V. 1.P. Road,
Kankurgachi
{
3378499,3378561KOLKATA 700054 3378626,3379120
Northern : SCO 335-336, Sector 34-A, CHANDIGARH 160022
{
603843602025
Southern : C.I.T. Campus, IV Cross Road, CHENNAI 600113
{
2541216,25414422542519,2541315
Western : Manakalaya, E9 MlDC, Marol, Andheri (East)
{
8329295,8327858MUMBAI 400093 8327891,8327892
Branches : AHMEDABAD. BANGALORE. BHOPAL. BHUBANESHWAR.
COIMBATORE.FARIDABAD. GHAZIABAD. GUWAHATI. HYDERABAD. JAIPUR.
KANPUR.LUCKNOW. NAGPUR. NALAGARH. PATNA. PUNE. RAJKOT.
THIRUVANANTHAPURAM.
Printed at Prabhat Offset Press, New Delhi-2
