How standards can help you to manage cyber security

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international collegues in an open,  consensous-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:

Standard number/name Description/Benefits Published by
BS ISO/IEC 27001 Information security management systems – Requirements This standard is recognised worldwide. It is designed to meet the needs of users, consultants, auditors and certifiers. It is written using the so-called "common text" standards requirements that appear in all International Standard management systems. This might not be easy to understand for all small-business owners, however, there are several books that aid comprehension. BSI
BIP 0139 An Introduction to ISO/IEC 27001:2013 BSI publishes An Introduction to ISO 27001 which provides a straightforward guide to implementation and is aimed at businesses of all sizes. BSI
These two more detailed BSI publications can both help businesses to build such a management system, whether intended for formal certification or not.


ISO/IEC 27001 for Small Businesses - Practical advice A handbook on the use of ISO/IEC 27001 for small businesses is available from the ISO web store. ISO
BS ISO/IEC 27003 Information security management system implementation guidance BS ISO/IEC 27003 is a supporting standard that deals with implementing ISO/IEC 27001, although the books identified above are probably better suited to small-business readers. BSI
IASME (Information Assurance for Small and Medium Enterprises) IASME is a maturity-based information assurance standard that is designed to be affordable and practical for small firms. It is managed by the IASME Consortium IASME Consortium
ISSA-UK 5173 Information Security for Small and Medium Sized Enterprises There are approaches to cyber security management that aren’t based on ISO/IEC 27001. One example is ISSA 5173 (developed by the UK Chapter of the Information Systems Security Association) Information Systems Security Association
Information Security Framework Another example of an approach to cyber security management that isn't based on ISO/IEC 27001 is the Information Security Framework (developed by the International Association of Accountants Innovation & Technology Consultants International Association of Accountants Innovation & Technology Consultants
BS 10012 Specification for a personal information management system If you are particularly interested in managing personal information BS 10012 Specification for a personal information management system, can help ensure compliance with the Data Protection Act 1998. BSI