British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.
You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:
Standard number/name | Description/Benefits | Published by |
BS ISO/IEC 27001 Information security management systems – Requirements | This standard is recognised worldwide. It is designed to meet the needs of users, consultants, auditors and certifiers. It is written using the so-called "common text" standards requirements that appear in all International Standard management systems. This might not be easy to understand for all small-business owners, however, there are several books that aid comprehension. | BSI |
BIP 0139 An Introduction to ISO/IEC 27001:2013 | BSI publishes An Introduction to ISO 27001 which provides a straightforward guide to implementation and is aimed at businesses of all sizes. | BSI |
BIP 0071 Guidelines on Requirements and Preparation for ISMS Certification based on ISO/IEC 27001 | This more detailed BSI publication can both help a business build such a management system, whether intended for formal certification or not. | BSI |
BIP 0073:2013 Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 | This more detailed BSI publication can help a business audit its security controls, or prepare for audit by a third party. | BSI |
ISO/IEC 27001 for Small Businesses - Practical advice | A handbook on the use of ISO/IEC 27001 for small businesses is available from the ISO web store. | ISO |
BS ISO/IEC 27003 Information security management system implementation guidance | BS ISO/IEC 27003 is a supporting standard that deals with implementing ISO/IEC 27001, although the books identified above are probably better suited to small-business readers. | BSI |
IASME (Information Assurance for Small and Medium Enterprises) | IASME is a maturity-based information assurance standard that is designed to be affordable and practical for small firms. It is managed by the IASME Consortium | IASME Consortium |
Information Security Framework | There are approaches to cyber security management that aren't based on ISO/IEC 27001. One example designed for use by SMEs is the Information Security Framework (developed by the International Association of Accountants Innovation & Technology Consultants). | International Association of Accountants Innovation & Technology Consultants |
BS 10012 Specification for a personal information management system | If you are particularly interested in managing personal information BS 10012 Specification for a personal information management system, can help ensure compliance with the Data Protection Act 1998. | BSI |