The risk-based approach chosen in the ICT minimum standard for drinking water enables water utilities of all sizes to self-assess themselves based on a uniform industry standard regarding cyber risks and to adapt their level of protection according to their resources, risk assessment and supply relevance. The ICT minimum standard document is based on existing, proven principles such as the risk and hazard analysis of the water supply of the Federal Office for National Economic Supply. This enables a uniform approach, making it possible to obtain comparable results in the industry and to improve the overall safety level of ICT systems in water supply.
The ICT minimum standard document provides a practical roadmap for water utilities to protect themselves with the highest possible level of security against attackers as well as malicious tampering, and to recover as quickly as possible in the event of an incident. Our primary objective is not only to provide guidelines, but also concrete examples to guide and support users to implement the ICT minimum standard on their own.
The document was created with the Swiss Gas and Water Industry Association (SGWA). The SGWA offers interested users further information and training on the application of the ICT minimum standard. Further information can be found on the SGWA homepage.