Why the Pan-African Standards Council exists
PASC was created to provide African institutions, practitioners and communities with clear, high-quality standards for the responsible governance of security, risk and critical services — and, where relevant, standards that protect dignity, wellbeing and sovereignty.
Each standard published under PASC is designed to be practical, testable and usable in day-to-day management, audits and policy discussions. We focus on measurable indicators of institutional health: quality of service, reduction of avoidable harm, protection of people and assets, and continuous improvement over time.
OSPCRM is not a theoretical proposal. Early implementations in large organisations (financial services, insurance, auto-finance and global technology providers) have reported:
- Reduction from ~6,000 “critical” items to 0 open criticals in 12 months, with no increase in severe incidents.
- 90% reduction in nominal “critical” vulnerabilities through proper contextualisation, validated by audit and regulators.
- 99% reduction in noise and false “critical” signals, enabling ISO/IEC 27001 certification to focus on real risks.
- Movement from repeated red audits to green within 4 months through impact- and identity-centric classification.
- Resilience against major supply-chain compromises affecting peers on the same infrastructure, thanks to process- and identity-centric controls rather than intensified patching alone.
These results were obtained without weakening regulatory compliance. In several cases, internal and external auditors explicitly endorsed the move from raw CVSS counts to impact- and context-based models compatible with ISO/IEC 27001, ISO 31000, NIST CSF, NIS2 and DORA.
Who maintains PASC standards
The Pan-African Standards Council (PASC) is an independent standards consortium focused on human-centred, measurable governance of security, risk and critical services — with expanding work on standards that protect wellbeing and dignity.
To protect the neutrality and independence of ongoing work, some members serve in a non-public capacity (for example current regulators, operators of critical infrastructure, or senior security leaders). Public materials therefore emphasise roles, skills and sectors rather than individual names.
Standards are overseen by dedicated technical committees (TCs). Governance is structured around:
- PASC Council – overall strategic direction, approval of standards;
- Technical Committees – drafting, annexes, pilot feedback;
- Advisory Pool – practitioners and scholars consulted on specific topics;
- Coordination Office – publication workflow, DOIs, website, registry and verification.
PASC operates as a distributed consortium, currently coordinated from [Senegal, Dakar], with members contributing remotely from multiple countries. Standards are published as open, citable documents with DOIs and a documented revision process (draft review, feedback from early adopters and transparent versioning).
Where PASC develops standards
Standards in this branch address predictive cyber risk, contextual vulnerability scoring and responsible governance of digital infrastructures. OSPCRM v1.0 defines a P0–P4 impact model, mandatory context signals, and incident-linked metrics such as False Negative Rate (FNR) and P0/P1 precision.
This branch focuses on tools for assessing the overall health and quality of institutions and governance systems. The emphasis is on transparency, fairness, accountability and quality of service, with indicators that can be used constructively in reform programmes.
PASC-PD standards define evidence-based, African-norm grounded requirements and scoring for housing and the built environment, with explicit attention to: psychological effectiveness (including trauma-informed healing), cultural fit, environmental impact, life-cycle cost sustainability, space minimums, airflow/thermal comfort, and community safety.
How we handle contact data
PASC only collects contact details submitted via the forms on this site in order to respond to specific requests (information, collaboration, verification). We do not sell or lease this information to third parties.
Basic traffic logs may be kept to protect the site from abuse. No tracking cookies or advertising pixels are used.
Current PASC standards
OSPCRM v1.0 defines an open, royalty-free standard for contextual, predictive and sovereignty-aware cyber risk management. It specifies a P0–P4 business impact scale, mandatory context factors (asset criticality, data sensitivity, exposure, threat activity, resilience controls), and incident-linked metrics such as False Negative Rate (FNR) and P0/P1 precision.
Security note: only download from official sources.
PASC-PD v1.1 is an ISO-style, evidence-based standard that defines measurable requirements for African residential housing to reflect actual priorities: wellbeing, psychological effectiveness (including trauma-aware healing), environmental impact & resilience, cultural fit, life-cycle cost sustainability, airflow/thermal performance, minimum space per inhabitant, and community safety.
The standard includes Normative Annexes (A–G) for exact scoring rules, climate-zone equivalences, post-occupancy evaluation, safety & security patterns, materials maintainability, and assessor governance (registry, conflict-of-interest, appeals, audits).
Implementation note: for public procurement, reference the Record ID and the normative annexes to prevent “aesthetic-only” compliance.
This document sets out the core principles for becoming PASC certified (solutions and services) or PASC accredited (training providers, certification bodies, assessment partners), as well as the expectations for PASC Certified Practitioners.
PASC will expand psychodesign to a modular standard family: a shared PASC-PD Core plus separate parts for education facilities (PASC-PD-ED), health facilities (PASC-PD-HF), neighborhoods (PASC-PD-UR), public spaces (PASC-PD-PS), and landscape architecture (PASC-PD-LA).
If you are a practitioner, academic, regulator, or procurement leader and want to contribute peer review, contact the coordination team.
Yearly predictive briefs (last 3 years)
PASC publishes concise yearly briefs on predictive cyber risk and governance, designed for boards, regulators and senior practitioners.
- YB-2025-01 – State of Predictive Cyber Risk & Governance
Based on 2024 trends. Download PDF - YB-2024-01 – State of Predictive Cyber Risk & Governance
Based on 2023 trends. Download PDF - YB-2023-01 – State of Predictive Cyber Risk & Governance
Based on 2022 trends. Download PDF
For earlier briefs and archives, please contact the coordination team.
Quick start for teams & providers
- 1. Identify relevant branch & standard. Start with the standard that best matches your current need.
- 2. Map your existing processes. Compare current methods to required scales, factors and evidence rules.
- 3. Implement the minimum model. Start with the core scale and minimum evidence set.
- 4. Align with regulators & partners. Use mapping tables and annexes for audit-ready adoption.
- 5. Iterate & contribute feedback. Share implementation outcomes to inform future revisions.
Verify a certificate, solution or organisation
Any solution, organisation or individual claiming PASC recognition must be verifiable against the official PASC registry.
Contact the PASC coordination team
Use this form to reach the PASC team about standards, pilots, training, certification, product accreditation, or access to older yearly briefs and observatory materials.