Skip to main content

PCP Platform Standardization and Information Security Compliance

Summary
This program standardizes PCP IT infrastructure worldwide, implements the Distinct Compute Reference Design (DCRD), establishes unified information security (IS) governance, and brings all sites to ISO 27001:2022 readiness—delivering readiness, not the certification audit.


Goals

  • Deploy DCRD globally and segment workloads cleanly (Shared Platform, L3/L4/R&D).
  • Implement ISO 27001 controls in a structured way (organizational, people, physical, technological).
  • Establish global IT governance with clear roles and responsibilities.
  • Unify infrastructure and operations: build a Single Source of Truth, convert shadow IT into visible managed infrastructure, increase efficiency, leverage synergies, and enable simple exchange across sites, countries, and divisions.

Scope & boundaries

In scope: site gap assessments, core categories, global/local action plans, templates & SOPs, KPI / Power BI dashboards.
Out of scope: ISO certification (the program delivers “ready,” not the audit).

Structure

  • 25 core categories
  • Infrastructure layers: Shared Platform ↔ Workloads (L3/L4/R&D) ↔ Applications
  • Roles & organization: Program Owner, Leading Expert, Technical Experts, Key Users

Compliance dashboard

Overview

The dashboard shows site- and country-level progress against DRD and ISO/IEC 27001 controls.

Purpose

Use it to plan next steps: make PCP’s global infrastructure safer step by step while keeping user complexity low. Security and speed can pull in different directions—so we collaborate to find the right balance for safety and efficient work.

Explainer video

Watch the explainer

DCRD Site Compliancy

Open the dashboard

ISO 27001 Site Compliancy

Open the dashboard


Distinct Compute — Reference Design (3BPA000154, Rev. D)

Official document: Link

What it is
A group-wide information security (IS) standard for planning and operating “Distinct” IT environments (Engineering, LAB/Research, Factory, Software Build, etc.). It defines zones, network segregation, access patterns, minimum controls, and platform requirements so sites are built consistently, securely, and are audit-ready (e.g., ISO/IEC 27001, NIST).

Who it’s for
IS roles that design, build, and operate local managed infrastructures at ABB sites.

If you are interested in how the DCRD is implemented in the PCP, please visit the 'IT Infrastructure' page. Link


ISO27001:2022

ISO/ 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It uses a risk-based approach and a defined set of controls (Annex A) to protect the confidentiality, integrity, and availability of information across people, processes, and technology. Organizations can certify against the standard through independent audits, showing they manage information-security risks systematically and effectively.

If you are interested in how the ISO27001:2022 is implemented in the PCP, please visit the 'IS27001' page. Link


Core categories

NumberCore CategoryStatusContactLink
01A5 Organisational controlsnot startedSlawomir Majewski
02A6 People controlsnot startedSlawomir Majewski
03A7 Physical controlsnot startedSlawomir Majewski
04A8 Technological controlsnot startedSlawomir Majewski
05Software approvalnot startedt.b.d
06Annual recertification processnot startedt.b.d
07Cyber securitynot startedt.b.d
08SOPs for controls & security policy exception managementnot startedt.b.d
09Vulnerability managementnot startedt.b.d
10Compliance reportingnot startedt.b.d
11IaaS and PaaSnot startedt.b.d
12Facility managementnot startedt.b.d
13Network and firewallin progressDemi OstrowskiLink
14Storage devicesnot startedt.b.d
15IS access managementnot startedt.b.d
16Hypervisor and physical systemsin progressAnthony LinLink
17Monitoringnot startedt.b.d
18Automationnot startedt.b.d
19Backupnot startedSlawomir Majewski
20IS Processnot startedt.b.d
21Design & Documentationin progressTimo DiemerLink
22Policy / standards evaluation and mappingnot startedt.b.d
23GRC (Governance, Risk & Compliance) ITSM solutionnot startedt.b.d
24Change managementnot startedt.b.d
25Password servernot startedt.b.d
26PCP domain (for Distinct infrastructure)not startedt.b.d

Contact Information

For more information about the PCP Improvement Program, please contact:

Timo Diemer
Email: timo.diemer@de.abb.com Global IS Infrastructure and Information Security Manager - PCP


This document is intended for internal use within ABB and should not be distributed outside the organization without prior approval.