Call for evidence outcome

Cyber security organisational standards: call for evidence

• From: Department for Business, Innovation & Skills and Cabinet Office
• Published: 1 March 2013
• Last updated: 28 November 2013 — See all updates

This was published under the 2010 to 2015 Conservative and Liberal Democrat coalition government

This call for evidence has closed

Download the full outcome

Call for evidence on a preferred standard in cyber security: government response

Ref: BIS/13/1308

PDF, 113 KB, 6 pages

Detail of outcome

Businesses said that cyber security standards need to:

• be internationally-recognised
• promote international trade
• allow sytems to exchange and use information
• be auditable, like those in the ISO27000-series

Businesses also said we should balance compliance-based and outcome-based standards, whilst helping companies implement the right parts of a standard in the right parts of their business. This is what the Information Assurance for Small and Medium-sized Enterprises (IASME) and the Information Security Forum’s (ISF) ‘Standard of Good Practice’ offer.

Government will now work with industry to develop a new implementation profile, based on ISO27000-series standards.

The ‘UK Cyber Security Standards Research’ report provides a clearer overview of cyber security standards, and current and potential uptake.

---

Original call for evidence

Summary

Seeks evidence to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.

This call for evidence ran from
1 March 2013 to 11:45pm on 14 October 2013

Call for evidence description

The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management. There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote.

On 30 April 2013 we published a guidance document and a response form to help organisations and groups prepare their evidence for submitting.

Cyber security strategy and standards

Government published its ‘Cyber security strategy’ in November 2011. This set out our intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information, and to encourage companies that are good at managing information risk to make this a selling point for their business. This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in.

Further information

For further information on particular aspects of this call for evidence, contact us at cybersecurity@bis.gsi.gov.uk.

Documents

Cyber security organisational standards: a call for views and evidence

Ref: BIS/13/659

PDF, 119 KB, 8 pages

Cyber security organisational standards: guidance

Ref: BIS/13/853

PDF, 172 KB, 14 pages

Published 1 March 2013
Last updated 28 November 2013 + show all updates

1. 28 November 2013

   Government response published.

2. 30 April 2013

   We published a guidance document and a response form to help organisations and groups prepare their evidence for submitting.

3. 1 March 2013

   First published.