How standards can help you to manage cyber security

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:


Standard number/name Description/Benefits Published by
BS ISO/IEC 27001 Information security management systems – Requirements This standard is recognised worldwide. It is designed to meet the needs of users, consultants, auditors and certifiers. It is written using the so-called "common text" standards requirements that appear in all International Standard management systems. This might not be easy to understand for all small-business owners, however, there are several books that aid comprehension. BSI
BIP 0139 An Introduction to ISO/IEC 27001:2013 BSI publishes An Introduction to ISO 27001 which provides a straightforward guide to implementation and is aimed at businesses of all sizes. BSI
BIP 0071 Guidelines on Requirements and Preparation for ISMS Certification based on ISO/IEC 27001 This more detailed BSI publication can both help a business build such a management system, whether intended for formal certification or not. BSI
BIP 0073:2013 Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 This more detailed BSI publication can help a business audit its security controls, or prepare for audit by a third party. BSI
ISO/IEC 27001 for Small Businesses - Practical advice A handbook on the use of ISO/IEC 27001 for small businesses is available from the ISO web store. ISO
BS ISO/IEC 27003 Information security management system implementation guidance BS ISO/IEC 27003 is a supporting standard that deals with implementing ISO/IEC 27001, although the books identified above are probably better suited to small-business readers. BSI
IASME (Information Assurance for Small and Medium Enterprises) IASME is a maturity-based information assurance standard that is designed to be affordable and practical for small firms. It is managed by the IASME Consortium IASME Consortium
Information Security Framework There are approaches to cyber security management that aren't based on ISO/IEC 27001. One example designed for use by SMEs is the Information Security Framework (developed by the International Association of Accountants Innovation & Technology Consultants). International Association of Accountants Innovation & Technology Consultants
BS 10012 Specification for a personal information management system If you are particularly interested in managing personal information BS 10012 Specification for a personal information management system, can help ensure compliance with the Data Protection Act 1998. BSI