ISO 21384-3:2023

INTERNATIONAL ISO
STANDARD 21384-3
Second edition
2023-10
Unmanned aircraft systems —
Part 3:
Operational procedures
Aéronefs sans pilote —
Partie 3: Modes opératoires
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 Safety and security .5
5.1 General . 5
5.2 Safety. 5
5.2.1 Safety policy . 5
5.2.2 Requirements for operators conducting UAS operations in VLOS or EVLOS . 6
5.2.3 Additional requirements for operators conducting UAS operations in
BVLOS at VLL . 7
5.2.4 Additional requirements for operators conducting UAS operations in
controlled airspace, above VLL and under IFR and for C2CSP . 7
5.2.5 Tasks of the COMO . 8
5.2.6 Tasks of the SAFO . 8
5.3 Security . 9
5.3.1 Requirements for operators conducting UAS operations in VLOS or EVLOS . 9
5.3.2 Additional requirements for operators conducting UAS operations in
BVLOS at VLL . 10
5.3.3 Additional requirements for operators conducting UAS operations in
controlled airspace, above VLL and under IFR and for C2CSP . 10
5.3.4 Tasks of the SECO . 11
6 Data protection — Operator requirements .12
7 Operator .12
7.1 Documentation .12
7.1.1 Documents held by the UAS operator .12
7.1.2 Documents to be available at the point of operations .13
7.2 Insurance . 14
8 Airspace .14
8.1 Compliance with airspace regulations . 14
8.2 Airspace information . 14
8.3 Operations above 500 ft (150 m) . 14
8.4 Special zones at very high flight levels (FL) 600 . 14
8.5 Facility and equipment and requirements . 14
8.6 Registration . 14
8.7 UA identification . 14
8.8 Compatibility . 15
9 Operations .15
9.1 Flight operations . .15
9.2 Operational plan — Flight planning . 15
9.3 Flight preparation . . 16
9.3.1 Pre-flight inspections . 16
9.3.2 Communication planning . 17
9.4 In flight operations . 17
9.4.1 Responsibilities of the remote pilot in command (RPIC) . 17
9.4.2 Operational limitations . 18
9.4.3 Transfer of functions and responsibilities . 18
9.4.4 Multiple UA operation . 19
9.4.5 Autonomous operations . 20
iii
9.4.6 Communication and airborne functions for UTM . 20
9.4.7 Operations at night .20
9.4.8 Surface/ground operations . 20
9.4.9 Journey log . 21
9.4.10 Abnormal and contingency procedures . 21
9.5 External services . 21
9.5.1 UAS functions interacting with UTM . 21
9.5.2 Oversight of contracted service providers . . 21
9.5.3 C2 communication service provider (C2CSP) .22
9.6 Personnel qualification and management . 26
9.6.1 General . 26
9.6.2 Competence . 26
9.6.3 Currency . 27
9.6.4 Qualification and training .28
10 Maintenance .28
10.1 General .28
10.2 Hardware updates .29
10.3 Software updates .29
10.4 Service release .29
10.5 Configuration management . 29
11 Conflict management .30
11.1 General .30
11.2 Separation provision and collision avoidance .30
11.3 Operational procedure .30
Annex A (normative) Privacy etiquette .36
Annex B (informative) External services .37
Bibliography .38
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use
of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles,
Subcommittee SC 16, Unmanned aircraft systems.
This second edition cancels and replaces the first edition (ISO 21384-3:2019), which has been
technically revised.
The main changes are as follows:
— Clause 2: addition of normative references;
— Clause 3: addition of several terms and definitions;
— 5.1: addition of applicable management systems and equipment requirements;
— 5.2: major restructuring of the subclause, addition of requirements for operators under different
preconditions and specified tasks for different personnel to be conducted;
— 9.1: designation of a remote pilot in control added;
— 9.4: addition of requirements for handovers of functions and responsibilities, precautions for the
operation of multiple UA by one remote pilot, communication and airborne functions for UTM;
— 9.5: addition of new subclauses on organizational, operational and technical requirements for
external service regarding UTM and C2CSP;
— Clause 11: new clause on conflict management including operational charts and descriptions.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
This document outlines requirements for unmanned aircraft (UA) operational procedures which, when
applied together with any other current and future standard on unmanned aircraft systems (UAS),
form a robust UA safety and quality standard. This document applies to all commercial UAS regardless
of size, categorization, application or location and represents the international best practice for the safe
operation of all commercial UAS. This document is structured in a way to provide a logical pathway
from core principles to specific requirements.
vi
INTERNATIONAL STANDARD ISO 21384-3:2023(E)
Unmanned aircraft systems —
Part 3:
Operational procedures
1 Scope
This document specifies the requirements for safe commercial unmanned aircraft system (UAS)
operations, including the external safety-critical service providing command and control (C2) link.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 12100, Safety of machinery — General principles for design — Risk assessment and risk reduction
ISO 21384-4, Unmanned aircraft systems — Part 4: Vocabulary
ISO 23629-12:2022, UAS traffic management (UTM) — Part 12: Requirements for UTM service providers
ISO 23665, Unmanned aircraft systems — Training for personnel involved in UAS operations
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 21384-4 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
C2 Link communications service provider
C2CSP
entity which provides a portion of or all of the C2 Link (3.4) service for operation of an UAS
Note 1 to entry: The definition is adapted from Reference [16].
3.2
designated operational coverage
DOC
volume where the C2 Link QoSD (3.9) meets the C2 Link (3.4) specified performances and supports the
corresponding intended UAS operations
Note 1 to entry: The definition is adapted from Reference [16].
3.3
collision avoidance
third layer of conflict management which activates when the separation mode has been compromised
Note 1 to entry: The definition is adapted from Reference [17].
3.4
C2 Link
command and control link service
telecommunication service provided for the purpose of supporting command and control of the aircraft
Note 1 to entry: The definition is adapted from Reference [16].
3.5
crew resource management
CRM
utilization of all resources available to the crew to manage human error
3.6
DAA system
detect and avoid system
system that supports the remote pilot to see, sense or detect conflicting traffic or other hazards and
take the appropriate action
3.7
external service
service and related provider, necessary for the safety of the UAS flight, encompassing:
a) command and control link communication service provider (C2CSP) (3.1);
b) other operation support services, whose purpose is to support a single flight but not to manage
traffic;
c) UTM services
Note 1 to entry: The definition is adapted from Reference [20].
Note 2 to entry: Additional information on external services is provided in Annex B.
Note 3 to entry: Only the safety critical C2CSP is covered in this document.
Note 4 to entry: UTM services and non-safety-critical operation support services are covered in ISO 23629-12.
3.8
quality of service
QoS
totality of the characteristics of an entity that bear on its ability to satisfy stated and implied needs
Note 1 to entry: The definition is adapted from Reference [16].
3.9
quality of service delivered
QoSD
statement of the QoS (3.8) achieved or delivered to the UAS operator by the C2 Link communications
service provider (C2CSP) (3.1)
Note 1 to entry: The definition is adapted from Reference [16].
3.10
quality of service experienced
QoSE
statement expressing the QoS (3.8) that remote pilots believe they have experienced
Note 1 to entry: The definition is adapted from Reference [16].
3.11
quality of service required
QoSR
statement of the QoS (3.8) requirements of the UAS operator to the C2 Link communications service
provider (C2CSP) (3.1)
Note 1 to entry: The definition is adapted from Reference [16].
3.12
remain-well-clear
ability to detect, analyse and manoeuvre in order to ensure that a UA is not being operated in such
proximity to other aircraft as to create a collision hazard
3.13
remote pilot in command
RPIC
pilot designated by the operator as being in command and charged with the safe conduct of a flight
3.14
safety assurance
set of activities providing for system monitoring, measuring, assessment, and corrective action to
assure the effectiveness of risk controls
3.15
safety management system
SMS
systematic approach to managing safety, including the necessary organizational structures,
accountabilities, policies and procedures
Note 1 to entry: The definition is adapted from Reference [12].
3.16
safety promotion
set of activities providing guidance for training and communication to promote safety as a core value in
the organization
3.17
safety risk management
SRM
set of activities using task analysis, hazard identification, risk analysis, and risk assessment to develop
risk controls
3.18
separation provision
second layer of conflict management and tactical process of keeping aircraft away from hazards by
at least the appropriate separation minima which is only used when strategic conflict management
(3.20) (i.e. airspace organization and management, demand and capacity balancing and traffic
synchronization) cannot be used efficiently
Note 1 to entry: The definition is adapted from Reference [17].
3.19
service level agreement
SLA
enforceable agreement between the C2 Link communications service provider (C2CSP) (3.1) and the
UAS operator covering the safety, performance, coverage and security of the C2 Link (3.4) provision as
required for the RPAS operator’s intended operations
Note 1 to entry: The definition is adapted from Reference [16].
3.20
strategic conflict management
first layer of conflict management that is achieved through the airspace organization and management,
demand and capacity balancing and traffic synchronization components
Note 1 to entry: The definition is adapted from Reference [17].
3.21
unmanned aircraft accident
occurrence associated with the operation of an unmanned aircraft which takes place between the time
the aircraft is ready to move with the purpose of flight until it comes to rest at the end of the flight and
the primary propulsion system is shut down, in which:
a) a person is fatally or seriously injured as a result of direct contact with any part or exposure to any
emission of the UA or other component of the UAS, including parts which have become detached
from the aircraft; or
b) the aircraft sustains damage or structural failure which prevents safe operation
3.22
unmanned aircraft incident
occurrence, other than an unmanned aircraft accident (3.21), associated with the operation of an aircraft
which affects or can affect the safety of operation, including the loss of unmanned aircraft
3.23
VLL
very low level
airspace below the minimum heights for VFR traffic as established by the competent authority
4 Abbreviated terms
AIS aeronautical information service
ANSP air navigation service provider
ATS air traffic service
BVLOS beyond visual line-of-sight
CofA certificate of airworthiness
COMO compliance monitoring officer
DAL design assurance level
EVLOS extended visual line-of-sight
FW firmware
FOD foreign object debris
GNSS global navigation satellite system
IFR instrument flight rules
ISMS information security management system
MCM maintenance control manual
MEL minimum equipment list
NOTAM notice to airmen
OEM original equipment manufacturer
PIC pilot in command
RF radio frequency
RPS remote pilot station
SAFO safety officer
SECO security officer
SW software
UA unmanned aircraft
UAS unmanned aircraft system
UTM UAS traffic management
VLOS visual line-of-sight
VO visual observer
5 Safety and security
5.1 General
UAS operators and providers of safety critical external services shall implement an SMS and an ISMS
as standard practice regardless of the type of UAS operated or size of operation. Both SMS and ISMS
are comprehensive, process-oriented approaches to managing safety and security throughout an
organization.
Any machine or equipment used at the UAS operator’s or service provider’s premises, facilities or
workshops, shall be designed according to ISO 12100 or equivalent, to be safe for their intended use by
involved personnel.
NOTE 1 Safety management systems for occupational health and safety of the personnel are defined in
ISO 45001.
NOTE 2 Information security management systems are described in ISO/IEC 27001.
NOTE 3 Aviation safety management, as defined in Reference [12], has instead the purpose of protecting the
safety of third parties, in the air or on the ground, during UAS operations.
5.2 Safety
5.2.1 Safety policy
A safety policy shall be defined for UAS operators and providers of external services to accomplish their
goals. Human error in UA operation and supporting system management can be controlled by a safety
policy.
The policy shall be complemented by procedures and organizational structures for safety risk
management, safety assurance and safety promotion.
5.2.2 Requirements for operators conducting UAS operations in VLOS or EVLOS
All operators conducting UAS operations in VLOS or EVLOS shall:
a) address the structure, responsibilities, processes and procedures that promote and establish an
environment and culture of continuing improvement and enhancement of safety;
b) appoint a person as COMO;
c) appoint a person as SAFO;
d) designate the COMO and the SAFO based on professional qualities and expert knowledge of laws,
regulations and practices on safety of unmanned aviation and the ability to fulfil tasks respectively
referred to in 5.2.5 and 5.2.6;
e) train and qualify personnel on safety management related to intended operations;
f) establish procedures for prescriptive safety including as a minimum:
1) monitor and assess changes to regulations which can affect operations;
2) establish evidence that all applicable regulations are complied with;
g) establish procedures to support reactive safety through:
1) maintain records of any operational activity for at least three months (can be longer if required
by regulations or because the State authority competent for the matter has opened an accident
or incident investigation);
2) provide in a timely manner any information required by the authority;
h) establish procedures for proactive safety including as a minimum:
1) the possibility for staff, customers, subcontractors or other partner SPs to report any relevant
and perceived safety occurrence;
2) mandatory reporting of safety occurrences to the competent authority, based on applicable
regulations;
3) voluntary reporting to the competent authority of any additional and relevant observed safety
occurrence, in a manner that would allow a further safety analysis by the authority, if deemed
appropriate by the latter;
4) collection of received or originated safety occurrence reports;
5) timely feedback to originators of the report;
6) storage of received or originated safety occurrence reports;
7) protection of related information, in particular identity of the author of the report, in
accordance with Annex A;
8) dissemination of safety information to involved personnel and affected stakeholders;
9) taking decisions, implementing and monitoring effect of corrective actions originated by
received reports;
i) establish procedures for interorganizational safety management, allowing exchange of safety
information with affected stakeholders.
NOTE 1 The COMO or SAFO can be or not be employees of the UAS operator.
NOTE 2 A single COMO or single SAFO can perform such a function on behalf of several organizations,
providing that no conflict of interest arises.
NOTE 3 A single physical person can perform both the function of COMO and of SAFO.
5.2.3 Additional requirements for operators conducting UAS operations in BVLOS at VLL
In addition to 5.2.1 and 5.2.2, all operators conducting UAS operations in BVLOS at VLL shall:
a) not change configuration of the systems used for respective operations or the procedures thereof,
without prior evaluation of the related hazards, considering safety, security and privacy, and
emerging risks, complemented by verified implementation of the mitigations stemming from the
evaluation;
b) control system configuration and operational procedures and manage changes, demonstrate
and document their compliance with applicable regulations, monitor actual application of such
procedures and maintain related records for at least two years;
c) establish procedures for predictive safety including as a minimum, safety assessment of any change
affecting operations; such safety assessment should include:
1) identification of the scope of the change;
2) verification that the foreseen change is compliant with applicable regulations;
3) identification of related hazards;
4) determination of the safety criteria applicable to the change;
5) risk analysis in relation to the harmful effects or improvements in safety related to the change;
6) risk evaluation and, if required, risk mitigation for the change to meet the applicable safety
criteria;
7) verification that the change is in accordance with the scope that was subject to safety
assessment, and meets the safety criteria, before the change is put into operation;
8) acquisition of prior approval to implement the change, from the competent authority, when
required by regulations;
9) specification of the monitoring requirements necessary to ensure that the operations will
continue to meet the safety criteria after the change has been implemented.
NOTE 1 Further guidance on risk assessment for UAS operations is given in Reference [20].
NOTE 2 Procedures for managing changes can include analysis, calculations, simulation, laboratory testing,
regression testing for software or testing in real environment, as well as distribution of necessary information to
stakeholders and additional training for staff.
5.2.4 Additional requirements for operators conducting UAS operations in controlled airspace,
above VLL and under IFR and for C2CSP
In addition to 5.2.1, 5.2.2 and 5.2.3, all operators conducting UAS operations in controlled airspace,
above VLL and under IFR and all C2CSP, shall:
a) establish a manual containing all safety management procedures and reporting lines;
b) in the context of prescriptive safety, establish a system of periodical internal audits to demonstrate
and document compliance with applicable regulations and organizational procedures;
c) in the context of reactive safety, establish procedures for internal safety investigations on
significant safety occurrences;
d) as part of the inter-organizational processes for safety management, establish arrangements
with other relevant organizations (e.g. other aircraft operators, vertiport operators, UTM service
providers) to ensure continuous improvement of the safety of operations.
The arrangements with other organizations may include inter-organizational teams for joint safety
investigation, safety analysis and development of joint corrective action plans.
NOTE The safety management manual cannot be combined with other manuals of the organization.
5.2.5 Tasks of the COMO
The UAS operator or C2CSP shall ensure that the COMO receives any instructions regarding the exercise
of the tasks in this subclause only from the SP top management or from the competent State authorities.
The COMO shall not be dismissed or penalized by the organization for performing her/his tasks.
The COMO shall directly report to the highest management level of the operator or C2CSP organization.
The COMO shall be bound by secrecy or confidentiality concerning the performance of his or her tasks,
taking into account applicable legislation.
The COMO may fulfil other tasks and duties in the integrated management system, providing that any
such tasks and duties do not result in a conflict of interests. Therefore, the COMO may be responsible,
for example, for data protection or safety management, but not for operations or service provision,
maintenance or other activities related to production.
The COMO shall have at least the following tasks:
a) inform and advise the organization's top management and the employees who carry out tasks
with regulatory compliance implications of their obligations pursuant to applicable regulatory
provisions;
b) monitor compliance with applicable legislation, with this document and with the policies of
the operator or C2CSP in relation to regulatory provisions, in the context of prescriptive safety
management and including the assignment of responsibilities, awareness-raising and training of
staff involved in relevant operations;
c) manage the related internal audits, if applicable, report the findings to the highest management
level in the organization, advice on corrective action plans and monitor implementation of
corrective actions;
d) support possible audits or inspections by competent authorities and prepare responses to
respective protocol questions;
e) provide advice to the organization's top management where requested as regards regulatory
compliance;
f) act as the contact point for the authorities on issues relating to regulatory compliance;
g) to systematize and analyse working information, keep the necessary documentation and draw up
reports.
5.2.6 Tasks of the SAFO
The UAS operator or C2CSP shall ensure that the SAFO receives any instructions regarding the exercise
of the tasks in this subclause only from the organization's top management or from the competent State
authorities.
The SAFO shall not be dismissed or penalized by the organization for performing her/his tasks.
The SAFO shall directly report to the highest management level of the organization.
The SAFO shall be bound by secrecy or confidentiality concerning the performance of his or her tasks,
taking into account applicable legislation.
The SAFO may fulfil other tasks and duties in the integrated management system, providing that any
such tasks and duties do not result in a conflict of interests. Therefore, the SAFO may be responsible, for
example, for data protection, compliance monitoring or security management, but not for operations,
service provision, maintenance or other activities related to production.
The SAFO shall have at least the following tasks:
a) compile, update and control the configuration of the safety management manual, if applicable;
b) inform and advise the organization top management and the employees who carry out tasks having
safety implications of their obligations pursuant to applicable safety provisions;
c) monitor all activities for reactive, proactive, predictive and inter-organizational safety
management, taking into account applicable legislation, with this standard and with the policies
of the organization in relation to safety, including the assignment of responsibilities, awareness-
raising and training of staff involved in safety relevant tasks;
d) participate to joint safety teams, where established;
e) provide advice to the organization's top management where requested as regards any safety
matters;
f) cooperate with the national authorities on safety matters, where applicable;
g) act as the contact point for the authorities on issues relating to safety.
5.3 Security
5.3.1 Requirements for operators conducting UAS operations in VLOS or EVLOS
Taking relevant security regulation into consideration, all operators conducting UAS operations in
VLOS or EVLOS shall:
a) ensure that their facilities, systems and procedures take into account applicable security legislation,
including that covering good repute of personnel;
b) ensure that all operated UA are registered and identified based on applicable legislation and related
standards;
c) ensure physical security of their facilities and systems used for respective operations as far as
reasonably practicable;
d) ensure that suitable procedures are in place to securely store, exchange and dispose of all data
gathered during operations;
e) ensure that data is not distributed to non-eligible entities;
f) equip the premises, compartment or room where the UAS or other systems for operation are
located, with suitable security to prevent access of unauthorized persons;
g) ensure that this door be closed and locked during operation, except when necessary to permit
access and egress by authorized persons;
h) establish means to reasonably prevent unauthorized access, comprising as a minimum means for
monitoring the area outside the door to identify persons requesting entry and to detect suspicious
behaviour or potential threat;
i) ensure the physical protection of the systems used for provisions of respective services when no
personnel are inside the premises, room or compartment;
j) released portable equipment for operations, including UA and their station, only for use to
authorized personnel and only for the time necessary;
k) ensure that portable equipment for operations, including UAS, when not in use, is stored in a secure
place.
5.3.2 Additional requirements for operators conducting UAS operations in BVLOS at VLL
In addition to 5.3.1, all operators conducting UAS operations in BVLOS at VLL, shall:
a) address the structure, responsibilities, processes and procedures that promote and establish an
environment and culture of continuing improvement and enhancement of operation's security;
b) appoint a person as SECO;
c) designate the SECO based on professional qualities and expert knowledge of laws, regulations and
practices on national security, aviation security and cyber-security and the ability to fulfil the tasks
referred to in 5.3.4;
d) train and qualify personnel to effectively recognize and respond to possible acts of unlawful
interference against operations;
e) ensure, directly or through service level agreements (SLA) with C2CSP and UTM communication
SPs, that any communication link supporting operations, is secured and assured, in a way
proportionate to the related safety, security and privacy risks;
f) establish procedures for checking identity of personnel before allowing them to access premises,
UAS or other equipment;
g) deny to unauthorized persons the ability to access premises, UAS or equipment;
h) establish procedures to report to the competent authority any information on observed security
occurrences, in a manner that would allow a further impact analysis by the authority, if appropriate;
i) consider, if established by the state, geographical zones within which operations of civil UAS are
restricted or excluded to address risks pertaining to security.
NOTE 1 It is important to note that the registration process is different from the authorization process.
NOTE 2 The SECO can be or not be an employee of the UTM SP.
NOTE 3 A single SECO can perform such a function on behalf of several organizations, providing that no
conflict of interest arises.
5.3.3 Additional requirements for operators conducting UAS operations in controlled airspace,
above VLL and under IFR and for C2CSP
In addition to 5.2.1 and 5.2.2, all operators conducting UAS operations in controlled airspace, above
VLL and under IFR and all C2CSP, shall:
a) conduct appropriate background checks on all personnel involved in operations or provision of
safety critical services to confirm, for example, the validity of someone’s identity, criminal record,
education, and employment history;
b) establish a security management system comprising a threat-based, risk-managed approach under
which to assess and manage their own security risks, threats and impacts;
c) ensure that the security management system includes a risk policy that is transparent, predictable
and controllable, focused on the largest risks and equitable;
d) assess the information systems essential for operation or for provision of safety critical services,
against any potential intentional unauthorized electronic interaction (IUEI) security threat and
vulnerability that could result in an unsafe condition;
e) ensure that the assessment includes as a minimum:
1) determination of the security environment for the information security of respective activities;
2) identification of the relevant assets or systems;
3) identification of the attack paths;
4) assessment of
...