Call for evidence outcome

Cyber security organisational standards: call for evidence

This was published under the 2010 to 2015 Conservative and Liberal Democrat coalition government
This call for evidence has closed

Read the full outcome

Detail of outcome

Businesses said that cyber security standards need to:

  • be internationally-recognised
  • promote international trade
  • allow sytems to exchange and use information
  • be auditable, like those in the ISO27000-series

Businesses also said we should balance compliance-based and outcome-based standards, whilst helping companies implement the right parts of a standard in the right parts of their business. This is what the Information Assurance for Small and Medium-sized Enterprises (IASME) and the Information Security Forum’s (ISF) ‘Standard of Good Practice’ offer.

Government will now work with industry to develop a new implementation profile, based on ISO27000-series standards.

The ‘UK Cyber Security Standards Research’ report provides a clearer overview of cyber security standards, and current and potential uptake.


Original call for evidence

Summary

Seeks evidence to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.

This call for evidence ran from
to

Call for evidence description

The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management. There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote.

On 30 April 2013 we published a guidance document and a response form to help organisations and groups prepare their evidence for submitting.

Cyber security strategy and standards

Government published its ‘Cyber security strategy’ in November 2011. This set out our intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information, and to encourage companies that are good at managing information risk to make this a selling point for their business. This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in.

Further information

For further information on particular aspects of this call for evidence, contact us at cybersecurity@bis.gsi.gov.uk.

Documents

Cyber security organisational standards: guidance

Updates to this page

Published 1 March 2013
Last updated 28 November 2013 + show all updates
  1. Government response published.

  2. We published a guidance document and a response form to help organisations and groups prepare their evidence for submitting.

  3. First published.

Sign up for emails or print this page