Search - National Standard Microsite

This document informs the creation of auditing systems.

With many organisations now wanting to combine a number of management systems into one, there has been awareness to also combine auditing capabilities into one for these management systems. As a result the international standard BS EN ISO: 19011:2011 has created this standard to provide organisations the knowledge for auditing modern management systems, the principles and guidance to ensuring they deliver a high standard of auditing capabilities and that organisations do not fail which could have damaging effects such as losing out on contracts, certifications, and operational efficiency.

Organisations can save vast amount of time, money and resources, by applying a single approach to multiple management systems by streamlining their auditing processes and removing duplication of effort.

This document shed insights into planning, decision-making and evaluating audits.

The standard includes (but not limited to:

• Scope

• Principles of Auditing

• Managing an audit programme

• Establishing the Audit programme

• Implementing the audit programme

• Monitoring an audit programme

• Reviewing and improving the audit programme

• Conducting audit activities

• Preparing audit report

• Conducting audit evaluation

• And much more

Fee applies of £254.00 (members price: £127.00) for accessing the standard.

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This document provides guidance on the requirements for an information security management system (ISMS) as specified in ISO/IEC 27001 and provides recommendations (‘should’), possibilities (‘can’) and permissions (‘may’) in relation to them. It is not the intention of this document to provide general guidance on all aspects of information security.

Clauses 4 to 10 of this document mirror the structure of ISO/IEC 27001:2013.

This document does not add any new requirements for an ISMS and its related terms and definitions. Organisations should refer to ISO/IEC 27001 and ISO/IEC 27000 for requirements and definitions. Organisations implementing an ISMS are under no obligation to observe the guidance in this document.

An ISMS emphasises the importance of the following phases:

• understanding the organisation’s needs and the necessity for establishing information security policy and information security objectives;

• assessing the organisation's risks related to information security;

• implementing and operating information security processes, controls and other measures to treat risks;

• monitoring and reviewing the performance and effectiveness of the ISMS; and

• practising continual improvement.

 UTF-8, an encoding form for Unicode character sets, for government digital services and technology encodes all Unicode characters without changing the ASCII code.

Unicode is based on the American Standard Code for Information Interchange (ASCII) character set.

UTF-8 is an international standard used by, data scientists, data analysts and developers. It allows you to read, write, store and exchange text that remains stable over time and across different systems. It also have accurately translated languages moving between systems and prevent accidental or unanticipated corruption of text as it transfers between systems.

This makes UTF-8 flexible for a wide range of uses.

The government chooses standards using the open standards approval process and the Open Standards Board has final approval. Read more about the approval process for cross-platform character encoding. 

All vehicles (VEH01) is a dataset of all licensed and registered vehicles in Great Britain and the UK, produced by Department for Transport.

It contains licensed vehicles, registered vehicles for the first time, vehicles by numbers of keepers, Statutory Off Road Notification (SORN) and the Ultra-low emissions vehicles (ULEVs).

For more information please contact Vehicles statistics

Emailvehicles.stats@dft.gov.uk

Public enquiries: 020 7944 3077

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

The Cyberspace is a complex environment resulting from the interaction of people, software and services on the Internet, supported by worldwide distributed physical information and communications technology (ICT) devices and connected networks. However there are numerous security gaps not covered by current information security, Internet security, network security and ICT security. The aim of this international standard is to address Cyberspace security issues and bridge the gap between different security domains in the cyberspace.

International Standard provides technical guidance for addressing common cybersecurity risks such as social engineering, hacking, spyware and proliferation of malicious software.

It also provides guidelines for addressing risk such as preparing for attacks, detecting and monitoring attacks and responding to attacks.

The International Standard also provides a framework for information sharing, coordination, and incident handling.

The Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email standard that used in email transactional activity. It helps validates a senders identity using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). The receiving email service uses SPF and DKIM to confirm the sender’s identity. If the receiving email service confirms the sender’s identity it will forward the email to the receiver’s inbox. If the receiving email service cannot confirm the sender’s identity it will mark the email as spam. 

Using DMARC has its benefits such as helps to protect the users, employees from cybercrime, reduce customer support costs relating to email fraud and improve trust in the emails organisation sends and receives.

Open Document Formats (ODF) 1.2 standard was selected by the Open Standards Board for use across the UK government. ODF works on most operating systems (including desktops, laptops, mobiles and tablets). This is because it is an open standards that allows suppliers to create interoperable office productivity solutions, can lower IT costs as ODF is low cost or free to use, allows government staff to share and edit documents, allows stricter security checks therefore helping it to prevent common cyber-attack scenarios, can add digital signatures to a document. 

ODF standard works with several software tools as Mac, Windows, Linux, and Android operating systems as well as many others. User needs are very important when selecting an ODF complaint solution, therefore the research and analysis is critical.

The standard also includes the following information:

• Buying ODF compliant solutions

• Migrating to ODF compliant solutions

• Securing ODF compliant solutions

• Integrating ODF compliant solutions

• Setting up ODF complaint solutions

National Institute of Standards and Technology (NIST), covers a wide range of topics including Bioscience, Chemistry, Advanced Communications, Cybersecurity, Energy, Materials, Nanotechnology, Neutron research, Physics, Health, Infrastructure, Public Safety, Standards, Transportation and many more.

NIST also cover a wide range of publications, laboratories and programs, Research projects, Services and Resources Software, Data, Computer Security Resource Center, and News and Events.

Under Cybersecurity, there is a framework developed to help organisations to better understand and improve their management of cybersecurity risk.

The Cybersecurity framework consists of standards, guidance, and best practices.

It stages of the framework:

1. Identify

2. Protect

3. Detect

4. Respond

5. Recover

The cyber security framework help organisations prioritise, become flexible and cost-effective in promoting and dealing with protection and resilience of critical infrastructure and other parts critical to the national security and economy.

For further information and/or questions about the Cybersecurity Framework please contact:  cyberframework@nist.gov

The Technology Code of Practice is a set of criteria to help government design, build and buy technology. Technology Code of Practice should be used for all technology projects and programmes and should be aligned to the mandatory code and as much as possible align the organisation’s technology and business strategies to the Technology Code of Practice.

Following the Technology Code of Practice will help introduce or update technology so that it:

• meets user needs, based on research with your users

• is easier to share across government

• is easy to maintain

• scales for future use

• is less dependent on single third-party suppliers

• provides better value for money

• makes use of open standards

Organisations must consider all points of the Technology Code of Practice as part of the Cabinet Office spend control process as it’s used as a cross-government agreed standard in the spend controls process. Where legacy technology limits your ability to adhere to the standard, you must explain this to the GDS Standards Assurance team.

Industry Security Notices (ISNs)

 A Industry Security Notice (ISN) is an official document that tells people in industry about important instructions, guidance or other information relating to security.

Information from Ministry of Defence, that provides updates.

• ‘ISN 2014/04 Farnborough International Air Show 2014: exhibition clearances’ has been removed

• ‘ISN 2014/01: Government Security Classification Scheme’ updated April 2014

• ‘ISN 2011/05 Defence & Security Equipment International (DSEi) 2011: exhibition clearances’ has been removed

• ‘ISN 2011/02: incident report’ has been superseded by ‘2011/07: incident reporting’

• ‘ISN 2011/03: Nato personnel security clearances’ has been superseded by ‘2014/03: Procedure for UK contractors to obtain Nato personnel security clearances’