British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.
You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:
Standard number/name | Description/Benefits | Published by |
BS ISO/IEC 27002 Code of practice for information security controls | BS ISO/IEC 27002 covers the main security issues arising from supplier relationships. | BSI |
BS ISO/IEC 27036-1 Information security for supplier relationships. Overview and concepts | This part of ISO/IEC 27036 describes the key concepts in securing supplier relationships from the viewpoints of both acquirers and suppliers. It also provides an introduction to the other parts of ISO/IEC 27036. Please note that 27036-2 (fundamental requirements) will be available shortly, and 27036-4 (supplier relationships in the cloud) is still under development. | BSI |
BS ISO/IEC 27036-3 Information security for supplier relationships. Guidelines for information and communication technology supply chain security | This specialist part of ISO/IEC 27036 provides guidance on managing the information security risks caused by physically dispersed and multi-layered ICT supply chains; responding to the information security risks from global ICT supply chains; and integrating processes and practices to support information security controls into wider system and software lifecycle processes. | BSI |
BS ISO 28000 Specification for security management systems for the supply chain | There are well-established International Standards in the ISO/IEC 28000 series for managing security aspects of supply chain relationships. These are not cyber security standards, but may well help when considering supply chain cyber security issues. | BSI |
PCI-DSS | The PCI Security Standards Council is responsible for the PCI-DSS standard that covers payment card security. All major payment processors will insist that you comply with this standard if you want to accept online payments. | PCI Security Standards Council |