UnixTime

Research Note

Building Management System Security Review

Use this review where building management systems are in ISMS scope or can affect information processing facilities.

On this page

When to use this

Use this review where building management systems are in ISMS scope or can affect information processing facilities.

Review table

BMS/component Utility/facility affected Owner Network exposure Access control Backup Patch/vulnerability process Logging/monitoring Gap/action
TBD HVAC/power/fire/environmental TBD Isolated/internal/vendor remote TBD TBD TBD TBD TBD

Review checklist

  • BMS ownership is defined.
  • Access rights are controlled and reviewed.
  • Remote vendor access is controlled.
  • Backups/configuration exports exist where needed.
  • Malware/vulnerability/patching approach is defined.
  • Logs or alarms are reviewed where relevant.
  • BMS outage impact is considered in continuity planning.