Search - National Standard Microsite

to add a new content

Filter/Order

Status

Help

Status describes what stage of the lifecycle a standard is at:

Draft - This National Standard workstream is resourced, has clear outputs and is actively in development
Review - The National Standards Assurance Board are currently reviewing this National Standard
Consensus - The category community are now being encouraged to review and give feedback on this National Standard
Live - This National Standard has been through the established process and is now live, being reviewed at least annually
Retired - This National Standard has been retired and is present for historical reference only

Classification

Help

National Standards can be classified based on whether they are conceptual, rule based or value based:

Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.

Grade: PMR

Help

National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.

4Pol Criteria:

Support minimum legal requirements where they exist
Align with the National Policing Digital Strategy to ensure strategic alignment and design
Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
Direct relevance and applicability to policing
Represent best practice
Able to be measured and achieved within the unique landscape of policing

Grade: LMR

Help

National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.

Internally Amended / Developed

ISO/IEC 27033-2:2012 IT Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security

ISO 27033-2 gives guidelines to police forces on how to plan, design, implement and document effective network security.

This standard was reviewed by the authoring body in 2018 and still deemed current. This was also further reviewed by the National Standards Assurance Board in May 2021 and still found to be current and of value.

Published 01/08/2012

Authoring body: International Standards Organisation (ISO)

Guidance

ISO/IEC 27031:2011 IT Security Techniques — Guidelines for Information and Communication Technology Readiness for Business Continuity

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

Over the years, information and communication technology (ICT) has become an integral part of many of the activities which are major elements of the critical infrastructures in all organisations. The proliferation of the Internet and other IT capabilities of systems and applications, has also meant that organisations have become ever more reliant on reliable, safe and secure ICT infrastructures. This reliance means that disruptions to ICT can constitute strategic risks to the reputation of the organisation and its ability to operate.

Failures of ICT services, including the occurrence of security issues such as systems intrusion and malware infections, will impact the continuity of business operations. Thus managing ICT and related continuity and other security aspects form a key part of business continuity requirements. In order for an organisation to achieve ICT Readiness for Business Continuity (IRBC), it needs to put in place a systematic process to prevent, predict and manage ICT disruption and incidents which have the potential to disrupt ICT services.

Published 01/01/2011

Authoring body: International Organisation for Standardisation (ISO)

Standards

ISO/IEC 27033-1:2015 IT Security Techniques — Network Security — Part 1: Overview and Concepts

In todays modern world, most organisations have their information systems connected by networks either within the organisation, between different organisations or between the organisation and the general public. The purpose of this International Standard is to provide detailed guidance on the security aspects of the management, operation and use of information system networks, and their inter-connections.

This part of ISO/IEC 27033 provides an overview of network security. It defines and describes the concepts associated with, and provides management guidance on, network security. It also defines how to identify and analyse network security risks and then define network security requirements. It also introduces how to achieve good quality technical security architectures, and the risk, design and control aspects associated with typical network scenarios and network technology areas.

Published 01/01/2015

Authoring body: International Organisation for Standardisation (ISO)

Standards

ISO/IEC 20000-1:2018 IT Service Management — Part 1: Service Management System Requirements

This international standard has been created for establishing, implementing, maintaining and continually improving a service management system (SMS). An SMS supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services, which meet agreed requirements and deliver value for customers, users and the organisation delivering the services. Implementation and operation of an SMS provides on-going visibility, control of services and continual improvement, leading to greater effectiveness and efficiency.

This standard can be used by

Customer seeking services and requiring assurance regarding quality of the service being provided
Customer requiring consistent approach to the service lifecycle by all its service providers
an organisation to demonstrate its capability for the planning, design, transition, delivery and improvement of services
an organisation to monitor, measure and review its SMS and the services
a provider of training or advice in service management.

Published 01/01/2018

Authoring body: International Organisation for Standardisation (ISO)

Standards

ISO/IEC 27018:2019 IT Security Techniques — Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors

Cloud service providers who process Personally Identifiable Information (PII) under contract to their customers need to operate their services in ways that allow both parties to meet the requirements of applicable legislation and regulations covering the protection of PII.

PII is sometimes referred to as personal data or personal information. A public cloud service provider is a “PII processor” when it processes PII for and according to the instructions of a cloud service customer.

This standard was created to help the public cloud service provider to comply with applicable obligations when acting as a PII processor, enable the public cloud PII processor to be transparent in relevant matters, assist the cloud service customer and the public cloud PII processor in entering into a contractual agreement and provide cloud service customers with a mechanism for exercising audit and compliance rights and responsibilities.

There are three main requirements an organisation must identify for the protection of PII:

Legal, Statutory, Regulatory and Contractual Requirements
Risks Assessment
Corporate policies

Published 01/01/2019

Authoring body: International Organisation for Standardisation (ISO)

Standards

Showing 116 to 120 of 204 entries.

Previous Page
Page1
Intermediate Pages
- Page2
- Page3
- Page4
- Page5
- Page6
- Page7
- Page8
- Page9
- Page10
- Page11
- Page12
- Page13
- Page14
- Page15
- Page16
- Page17
- Page18
- Page19
Page23
Page24
Page25
Intermediate Pages
- Page26
- Page27
- Page28
- Page29
- Page30
- Page31
- Page32
- Page33
- Page34
- Page35
- Page36
- Page37
- Page38
- Page39
- Page40
Page41
Next Page

Police Digital Service National Standards

Search - National Standard Microsite

ISO/IEC 27033-2:2012 IT Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security

ISO/IEC 27031:2011 IT Security Techniques — Guidelines for Information and Communication Technology Readiness for Business Continuity

ISO/IEC 27033-1:2015 IT Security Techniques — Network Security — Part 1: Overview and Concepts

ISO/IEC 20000-1:2018 IT Service Management — Part 1: Service Management System Requirements

ISO/IEC 27018:2019 IT Security Techniques — Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors

Knowledge Hub

Quick links

Partners

Contact us