PCP Platform Standardization and Information Security Compliance
Summary
This program standardizes PCP IT infrastructure worldwide, implements the Distinct Compute Reference Design (DCRD), establishes unified information security (IS) governance, and brings all sites to ISO 27001:2022 readiness—delivering readiness, not the certification audit.
Goals
- Deploy DCRD globally and segment workloads cleanly (Shared Platform, L3/L4/R&D).
- Implement ISO 27001 controls in a structured way (organizational, people, physical, technological).
- Establish global IT governance with clear roles and responsibilities.
- Unify infrastructure and operations: build a Single Source of Truth, convert shadow IT into visible managed infrastructure, increase efficiency, leverage synergies, and enable simple exchange across sites, countries, and divisions.
Scope & boundaries
In scope: site gap assessments, core categories, global/local action plans, templates & SOPs, KPI / Power BI dashboards.
Out of scope: ISO certification (the program delivers “ready,” not the audit).
Structure
- 25 core categories
- Infrastructure layers: Shared Platform ↔ Workloads (L3/L4/R&D) ↔ Applications
- Roles & organization: Program Owner, Leading Expert, Technical Experts, Key Users
Compliance dashboard
Overview
The dashboard shows site- and country-level progress against DRD and ISO/IEC 27001 controls.
Purpose
Use it to plan next steps: make PCP’s global infrastructure safer step by step while keeping user complexity low. Security and speed can pull in different directions—so we collaborate to find the right balance for safety and efficient work.
Explainer video
DCRD Site Compliancy
ISO 27001 Site Compliancy
Distinct Compute — Reference Design (3BPA000154, Rev. D)
Official document: Link
What it is
A group-wide information security (IS) standard for planning and operating “Distinct” IT environments (Engineering, LAB/Research, Factory, Software Build, etc.). It defines zones, network segregation, access patterns, minimum controls, and platform requirements so sites are built consistently, securely, and are audit-ready (e.g., ISO/IEC 27001, NIST).
Who it’s for
IS roles that design, build, and operate local managed infrastructures at ABB sites.
If you are interested in how the DCRD is implemented in the PCP, please visit the 'IT Infrastructure' page. Link
ISO27001:2022
ISO/ 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It uses a risk-based approach and a defined set of controls (Annex A) to protect the confidentiality, integrity, and availability of information across people, processes, and technology. Organizations can certify against the standard through independent audits, showing they manage information-security risks systematically and effectively.
If you are interested in how the ISO27001:2022 is implemented in the PCP, please visit the 'IS27001' page. Link
Core categories
| Number | Core Category | Status | Contact | Link |
|---|---|---|---|---|
| 01 | A5 Organisational controls | not started | Slawomir Majewski | |
| 02 | A6 People controls | not started | Slawomir Majewski | |
| 03 | A7 Physical controls | not started | Slawomir Majewski | |
| 04 | A8 Technological controls | not started | Slawomir Majewski | |
| 05 | Software approval | not started | t.b.d | |
| 06 | Annual recertification process | not started | t.b.d | |
| 07 | Cyber security | not started | t.b.d | |
| 08 | SOPs for controls & security policy exception management | not started | t.b.d | |
| 09 | Vulnerability management | not started | t.b.d | |
| 10 | Compliance reporting | not started | t.b.d | |
| 11 | IaaS and PaaS | not started | t.b.d | |
| 12 | Facility management | not started | t.b.d | |
| 13 | Network and firewall | in progress | Demi Ostrowski | Link |
| 14 | Storage devices | not started | t.b.d | |
| 15 | IS access management | not started | t.b.d | |
| 16 | Hypervisor and physical systems | in progress | Anthony Lin | Link |
| 17 | Monitoring | not started | t.b.d | |
| 18 | Automation | not started | t.b.d | |
| 19 | Backup | not started | Slawomir Majewski | |
| 20 | IS Process | not started | t.b.d | |
| 21 | Design & Documentation | in progress | Timo Diemer | Link |
| 22 | Policy / standards evaluation and mapping | not started | t.b.d | |
| 23 | GRC (Governance, Risk & Compliance) ITSM solution | not started | t.b.d | |
| 24 | Change management | not started | t.b.d | |
| 25 | Password server | not started | t.b.d | |
| 26 | PCP domain (for Distinct infrastructure) | not started | t.b.d |
Contact Information
For more information about the PCP Improvement Program, please contact:
Timo Diemer
Email: timo.diemer@de.abb.com
Global IS Infrastructure and Information Security Manager - PCP
This document is intended for internal use within ABB and should not be distributed outside the organization without prior approval.