NR NR/L1/SCT/002 ISSUE 1 PDF

This document applies to all Network Rail employees, contractors and third parties who own, manage, operate, maintain, and interface with Network Rail digital systems.

It applies to all digital systems, data and information that is accessed, processed, used, or handled in digital and non-digital format.

Failure to comply with this standard may constitute a breach of terms and conditions of employment and could lead to legal or disciplinary action, including dismissal or termination of contract. In instances where disciplinary action is required, this will be in accordance with the Network Rail Fair Culture process. 

Purpose 

The purpose of this document is to set the governance and controls framework for cyber security and resilience of digital systems to: 

a) align to business requirements and security strategy; 

b) enable compliance with the Network and Information Systems Regulations (NIS-R) 2018; and 

c) facilitate alignment and certification, where sought, to recognised industry standards, including ISA/IEC 62443, CENELEC TS 50701 and ISO/IEC 27001. 

This is so that Network Rail owned and operated digital systems are protected, resilient and available to support delivery of the rail essential service.