Topic

Digital

In our increasingly connected world, newfound risks including misinformation, digital deception and a blurring of the lines between personal and digital safety are threatening trust in business' digital systems and technologies. BSI's collection of digital standards empower organizations to safeguard their information, people, systems, and technology, to ensure safety, security, compliance, privacy, ethical requirements, and brand reputation to enable business effectiveness and efficiencies.

Protecting information, people and reputation

Read how standards can help you to achieve industry digital compliance and best practice

Reimagining data privacy compliance with BS EN ISO/IEC 27701:2025
Article

Reimagining data privacy compliance with BS EN ISO/IEC 27701:2025

According to the UK Business Data Survey 2024, 75% of businesses said it felt like a burden to comply with UK data protection laws. With regulatory complexity rising and stakeholder expectations at an all-time high, organizations are looking for smarter, more sustainable ways to manage privacy. That’s where BS EN ISO/IEC 27701:2025 comes in. A modern privacy standard built for flexibility BS EN ISO/IEC 27701:2025 Information security, cybersecurity and privacy protection – Privacy Information management systems – Requirements and guidance provides a comprehensive, scalable framework for managing Personally Identifiable Information (PII) in line with global regulations. Unlike its predecessor, this new edition is a stand-alone  a stand-alone Type A Management System Standard (MSS), no longer dependent on BS EN ISO/IEC 27001 or BS EN ISO/IEC 27002. This shift makes it easier for organizations, whether mature or just beginning their privacy journey, to implement a future-ready Privacy Information Management System (PIMS). Whether you're a data controller, processor, or subcontractor, this standard is designed to help you manage privacy risk efficiently while demonstrating accountability and trustworthiness. Explore how standards empower organizations to navigate digital transformation with confidence. Visit our Digital industry page to learn more. Who can use BS EN ISO/IEC 27701:2025? This standard is designed for any organization that collects, processes, stores, or manages personal data, regardless of size, sector, or geographic location. It’s highly relevant for: PII Controllers and Processors including subcontractors and third-party service providers. Technology Companies dealing with cloud, SaaS, AI, and user analytics. Healthcare Providers managing patient records, diagnostics, and sensitive health data. Financial Services handling transactional and identity data under strict regulatory oversight. Public Sector Bodies managing citizen data and digital services with public trust at stake. Retail and E-commerce processing vast volumes of consumer data, often across borders.  What’s new in BS EN ISO/IEC 27701:2025? This revision introduces several important updates: Stand-alone MSS: Now established as a Type A Management System Standard, aligned to ISO’s Harmonized Structure and no longer dependent on BS EN ISO/IEC 27001 or BS EN ISO/IEC 27002. Broader applicability: Designed for organizations of any size, sector, or jurisdiction that manage personal data whether they already operate an Information Security Management System. Reorganized controls: Existing controller, processor and subcontractor requirements have been consolidated into a single, clearer annex structure. The intent remains the same, but numbering and layout have been updated for easier implementation. Strengthened risk-based approach: Privacy-specific risk assessment and treatment are now embedded within the core management-system clauses, reinforcing accountability and continual improvement. Clearer roles and accountability: Refined definitions and responsibilities for PII controllers, processors and subcontractors provide greater operational clarity, especially where organizations act in multiple roles. Modern context: The updated text reflects contemporary data-processing environments such as cloud computing, cross-border transfers and emerging AI-related activities, ensuring the standard remains relevant without adding new technical controls. Three ways BS EN ISO/IEC 27701 adds value to your organization BS EN ISO/IEC 27701:2025 offers organizations a powerful way to elevate their privacy practices beyond baseline compliance. 1. Confident and compliant data management By adopting this stand-alone framework, businesses gain a structured and internationally recognized approach to managing Personally Identifiable Information (PII) that is both practical and future ready. It enables companies to respond effectively to evolving data protection laws and regulatory scrutiny, while also reinforcing internal governance and accountability.  2. Operational clarity in a complex digital landscape The standard brings clarity to roles and responsibilities, making it easier for data controllers and processors to coordinate their efforts, reduce risks, and maintain operational transparency. For organizations navigating complex digital environments, particularly those using cloud-based services, AI, or operating across jurisdictions - BS EN ISO/IEC 27701:2025 provides much-needed alignment with frameworks such as GDPR. 3. Building trust while reducing compliance burden Beyond compliance, the standard supports stronger stakeholder trust. With privacy now central to public perception and brand reputation, demonstrating commitment through a robust, certifiable management system can differentiate an organization in the marketplace.  BS EN ISO/IEC 27701:2025 also streamlines internal processes, reduces the cost and complexity of audits, and provides a flexible model that can grow with an organization’s privacy maturity over time. Ready to take control of your privacy management? Download your copy of BS EN ISO/IEC 27701:2025 today and equip your organization with a trusted, future-ready framework for data protection, compliance, and stakeholder confidence.Read more
From risk to resilience: Strengthening cybersecurity with ISO/IEC 27000 series of standards
Article

From risk to resilience: Strengthening cybersecurity with ISO/IEC 27000 series of standards

In recent months, a wave of cyberattacks targeting several major UK businesses has sent a stark message to organizations across every sector: cybersecurity is no longer just an IT issue, but a critical management issue involving serious business risks and impacts. These high-profile breaches are prompting many organizations to reassess their strategies, strengthen safeguards, and elevate cyber risk management to the executive agenda. But amid this menacing landscape of risks and threats, there is a tried-and-tested set of international standards can help organizations of all sizes strengthen their cyber defences and reduce their risk - the BS EN ISO/IEC 27000 series (the national adoption of the international standards). This family of standards, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), offers a robust framework for information security management. By implementing the controls and principles outlined in these standards, businesses can create a structured approach to identifying risks, protecting systems, and responding to incidents. Understanding the BS EN ISO/IEC 27000 series The BS EN ISO/IEC 27000 series is a comprehensive set of standards designed to support organizations in managing the security of information assets such as financial data, intellectual property, employee details, and information entrusted by third parties. There are several standards in the series, and these are centered around BS EN ISO/IEC 27001. This standard is the global benchmark for establishing an Information Security Management System (ISMS). Here's a quick overview of key standards within the series:  BS EN ISO/IEC 27000: Provides an overview of the entire series.  BS EN ISO/IEC 27001: Specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS. BS EN ISO/IEC 27002: Offers guidance on information security controls that can be selected during implementation.  BS EN ISO/IEC 27005: Focuses on information security risk management. BS EN ISO/IEC 27017 and BS EN ISO/IEC 27018: Provide guidelines for cloud security. BS ISO/IEC 27031: Provides guidance on ICT readiness for business continuity, helping organizations ensure their information and communication systems can support critical operations during disruption. BS ISO/IEC 27035: A multi-part standard offering comprehensive guidance on managing information security incidents - from planning and detection to response and lessons learned. Each standard complements the others and together they form a unified strategy to mitigate risks, enhance resilience, and support regulatory compliance (e.g., GDPR). Learn more about how standards can help your organization reduce cybersecurity risks by visiting our Digital page. Cybercriminal tactics and the modern digital risk landscape Today’s cybercriminals are sophisticated, well organized, and increasingly successful in their attacks on businesses. Recent attacks have highlighted several core methods in their arsenal: Social engineering: Gaining trust or exploiting the human weakness of employees to trick them into divulging credentials or approving unauthorised actions, Phishing methods: Using fraudulent emails, text messages, phone calls, or websites to trick individuals into revealing sensitive information like passwords, credit card numbers, or personal details, Ransomware: a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files, Credential stuffing: Using leaked passwords from previous breaches to access accounts, Supply chain attacks: Targeting smaller suppliers to eventually compromise larger organizations. This arsenal of attacks underscore why businesses must go beyond antivirus software and firewalls. The BS EN ISO/IEC 27000 series is specifically designed to address these complex risks, particularly those involving human behaviour, identity compromise, and lack of procedural and management controls. By incorporating human factors, enforcing strong identity and access controls, and embedding clear security policies, these standards empower organizations to take a proactive, structured approach to cybersecurity rather than simply reacting to incidents after they occur. BS EN ISO/IEC 27001 in action: Building a resilient ISMS At the heart of the BS EN ISO/IEC 27001 standard is the Information Security Management System (ISMS). This framework is designed to be risk-based approach to information security, integrating security into daily operations rather than treating it as a standalone concern, and ensuring the security control profile an organisation adopts is continually reviewed to reflect the changing environment it operates in. Key benefits of implementing an ISMS include: Top management and support: Establishes management requirements for leadership and commitment, awareness and training, management reviews and internal audits, Risk management: Systematic identification and treatment of risks tailored to the business environment, Compliance: Simplifies meeting legal and regulatory requirements such as GDPR, the UK Data Protection Act, and PCI DSS, Business continuity: Ensures the organisation  remain available and operational in the event of a breach or disruption, Customer trust: Certification provides assurance to clients and partners about your commitment to information security. The ISMS also drives internal improvements, creating clear policies, accountability structures, and audit trails, fostering a culture of security awareness throughout the organization. Discover more about BS EN ISO/IEC 27001 by reading our article Achieve better information security management with the revised BS EN ISO/IEC 27001. Cybersecurity for small businesses A common misconception about cyber risk is that only large organizations are attractive targets. In truth, micro-business as well as small and medium-sized enterprises (SMEs) are increasingly the target of cybercriminals, often because they lack the robust defences of larger counterparts. From family-run retailers to growing SaaS start-ups, smaller businesses are frequently seen as easy targets and, in many cases, as potential gateways into the supply chains of bigger firms. The BS EN ISO/IEC 27000 series is particularly well-suited to address these challenges. Its framework is scalable, making it accessible to businesses of all sizes. Even without pursuing full certification, micro-business  and SMEs can benefit significantly by applying the core principles of BS EN ISO/IEC 27001. For instance, introducing structured security practices such as implementing stronger authentication protocols, classifying sensitive data, and managing access based on user roles can markedly reduce exposure to common threats. Guidance on the design and implementation of information security controls is available in BS EN ISO/IEC 27002, not only providing a comprehensive list of controls that any organisation should consider but providing guidance on the design and development of them. Just as critical is the ability to prepare for and respond to cyber incidents. The four-part BS ISO/IEC 27035 series provide valuable direction on how to detect, contain, and manage security breaches effectively, helping smaller businesses build resilience even with limited internal resources. . Complementing this is BS ISO/IEC 27031, which focuses on ICT readiness for business continuity. It offers guidance to help organizations ensure that their information and communication technology can continue to support critical business operations during and after a disruption, forming a crucial link between cybersecurity and broader business resilience planning. In today’s landscape, it’s no longer viable for small businesses to treat cybersecurity as an afterthought. Embracing the BS EN ISO/IEC 27000 series equips them with the tools and strategies needed to defend against modern threats and secure their future. A roadmap to implementation For organizations considering adoption, here’s a basic roadmap to leveraging the BS EN ISO/IEC 27000 series: 1. Top management support, commitment and leadership: Ensure Top Management is managing the process with necessary support, commitment and resources and the board understands cybersecurity as a business risk, not just an IT issue. 2. Define the ISMS scope: Clarify what parts of the business the ISMS will cover. 3. Assess and manage risk: Follow BS EN ISO/IEC 27005 to perform a risk assessment and define treatment plans. 4. Implement risk treatment plan: Determine a set of controls from relevant sources (for example ISO, IEC, NIST, COBIT standards etc) to mitigate the assessed risks and then do a comparison with the reference set of controls BS EN ISO/IEC 27002 to check that no controls are missing from this reference set.  The set of controls to be implemented should be included in a risk treatment plan. 5. Training and awareness: Build a culture of security from the ground up. 6. Performance evaluation and continuous improvement: Monitor, audit, and revise the ISMS regularly using process specified in BS EN ISO/IEC 27001. Accredited third-party certification bodies in the UK can provide external validation, adding a layer of trust and marketability to your security posture. Take control of your cybersecurity future today Whether you’re leading a multinational organization or running a growing small business, the BS EN ISO/IEC 27000 series offers a proven path to stronger, smarter security. These internationally recognized standards help you identify vulnerabilities, protect sensitive data, and respond with confidence to the evolving threat landscape. Get your copy of the standards in the BS EN ISO/IEC 27000 series here.
Achieve better information security management with the revised BS EN ISO/IEC 27001
Article

Achieve better information security management with the revised BS EN ISO/IEC 27001

Have you heard the news? The bestselling international information security management system standard BS EN ISO/IEC 27001 has been revised. This standard helps companies secure their information assets – crucial in today's world where the number and complexity of cyberattacks are rising. As organizations become more digitized, cybercriminals’ methods have become increasingly sophisticated. Without the right information security protection, your business is at risk. After a breach, 21% of companies reported losing money, data, or assets, while 1 in 3 reported suffering wider business disruption such as lost staff time. BS EN ISO/IEC 27001:2023+A1:2024 Information security management systems. Requirements is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. These standards give you the tools you need to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Their adoption can help to inspire trust in your business, provide opportunities to train your staff, lead to more productive ways of working, result in better customer experiences, and more. In particular, BS EN ISO/IEC 27001 helps organizations manage and protect their information assets through the implementation of an information security management system (ISMS). This refers to a set of internal processes and systems that helps you to keep your information safe and secure. Its guidance helps you to continually review and refine the way you do this, not only for today but also for the future. This British Standard is the UK implementation of ISO/IEC 27001. It is identical to ISO/IEC 27001:2022. It does not supersede BS EN ISO/IEC 27001:2017, this version will be withdrawn once the European version is adopted. BSI, as a member of CEN, is obliged to publish the European version. BSI requested for a derogation from CEN as its national standard is intended be identical to ISO/IEC 27001:2022. The request was granted by CEN, on the condition that BSI would align its national standard with any future EN that will be published on the subject. Why should businesses adopt BS ISO/IEC 27001? If your business handles any kind of data, such as staff personal records, payroll information, or confidential business data, then it can benefit from the protection BS EN ISO/IEC 27001 offers. Without effective data security to protect your business, you’re at risk of a data breach. BS EN ISO/IEC 27001 offers an approach to keeping data safe that can be adopted by any business in any sector. While the standard's focus is identifying and managing information security risks, adopting its guidance offers much broader benefits to your business than just protecting data. It can help your business to: Reduce the likelihood of a data breach, which could result in reputational damage or fines Built trust with existing clients and customers and appeal to new ones by boosting your reputation Improve efficiency and productivity across the entire organization Ensure business continuity in the event of an attempted cyber attack Reduce information security costs by assessing risks and employing a more selective approach And it isn't just the large companies that can reap the benefits of BS EN ISO/IEC 27001. Small and medium-sized organizations are facing an information security crisis, with cyberattacks targeting them increasing at a rapid rate. Often, this is because they are part of a wider supply chain, so it’s essential that they are in control of, and manage, their information security and cyber-risks to protect themselves and others. Discover the impact the adoption of our standards might have on your information security with our interactive tool. What are the key changes to BS ISO/IEC 27001 and why do they matter? Triggered by the revision of BS EN ISO IEC 27002 Information security controls in February 2022, BS EN ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape. While there are no major technical changes in this latest version of the standard, the amendment introduces several key business benefits. These include: Reinforced resilience Change: The guidance of BS EN ISO/IEC 27001 continues to be under a process of constant evolution. Business benefit: The technology used by cybercriminals has come a long way in the five years since BS EN ISO/IEC 27001 was last updated. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today’s risks. These frequent revisions ensure that it remains one of the most relevant risk management tools for fighting off the millions of attacks that occur globally each year. A catalyst for conformance Change: Some editorial changes have been made in BS EN ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022. Business benefit: This change ensures the conformance of BS EN ISO/IEC 27001 on a global level. For businesses, this means that using the BS EN ISO/IEC 27001 specification can help give your organization a reputation for digital trust - assuring your clients that your information security management system has been developed to the highest standards. Continuous control Change: The guidance in BS EN ISO/IEC 27001 has been realigned to the updated content in BS EN ISO/IEC 27002 Information security controls, including a revision to Annex A. Business benefit: This change to the specifications in BS EN ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust. Learn more about the changes to ISO/IEC 27002 by reading our article ‘The 4 pillars of control: A modern approach to information security controls’ Effective implementation Change: There has been a reordering of clauses in BS EN ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards. Business benefit: This change ensures that BS EN ISO/IEC 27001 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001, ISO 14001, etc.). This has been put in place to help organizations that are implementing more than one management system standard at a time, achieve effective adoption of these processes. To learn more about implementing BS EN ISO/IEC 27001:2023+A1:2024 into your organization, download our ‘Adopting ISO/IEC 27001 - Your next steps’ infographic. Current users of ISO/IEC 27001:2017 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period. Want to have access to all your information security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information management system. The flexibility and visibility it provides enable you and your team to get the most from standards - from cybersecurity and digital trust to technological transformation. Request to learn more. Achieve better information security management in your business, by adding the revised BS EN ISO/IEC 27001:2023+A1:2024 to your collection today.
Maximizing the value of AI for society with BS ISO/IEC 42001
Article

Maximizing the value of AI for society with BS ISO/IEC 42001

In today's rapidly evolving digital landscape, businesses are increasingly recognizing the transformative power of artificial intelligence (AI) but are struggling to deploy it in a trusted and responsible way. An international standard has published to help organizations use artificial intelligence responsibly in pursuing their objectives. Global AI adoption is growing steadily. In 2022, 35% of companies reported using AI in their business, and an additional 42% reported they are exploring AI. Its deployment can help organizations of all sizes and sectors to drive operational efficiency, optimize decision-making processes, and gain a competitive edge. However, they must navigate a set of challenges to successfully implement and leverage its potential. Some of these challenges include: Perceived complexity and lack of understanding surrounding AI technology. Many businesses may not fully comprehend the various applications and benefits that AI can offer to their specific industry or operations. This lack of awareness can lead to a hesitation to invest in AI solutions. Data privacy and security concerns can also deter businesses from embracing AI. The use of AI often involves collecting and analysing large volumes of data, which raises concerns about protecting sensitive information and complying with relevant regulations. Lack of trust in the quality, accuracy and reliability of AI systems. Faulty or biased AI algorithms can lead to incorrect decisions, compromising the quality of products or services and potentially damaging a business's reputation. Ethical considerations such as bias and transparency, demand careful attention to ensure responsible deployment and gain public trust. Addressing these challenges requires a systematic approach to managing the transition within businesses. BS ISO/IEC 42001 Information Technology — Artificial intelligence — Management system is the first international standard to provide best practice for governing AI effectively. It aims to build trust in the technology, so it becomes more widely trusted and deployed to the advantage of organizations, as well as wider society. What AI guidance does BS ISO/IEC 42001 provide businesses with? Developed by experts from 50 countries, including the UK (via the British Standards Institution), BS ISO/IEC 42001 is an integral part of improving the governance and accountability of AI globally. BS ISO/IEC 42001 specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI management system within the context of an organization. It is what is known as a ‘management system’ standard, developed specifically for AI. A management system sets out the processes an organization needs to follow to meet its objectives and provides a framework of good practice. These standards help organizations to put an integrated system in place, including, for example, senior management support, training, governance processes and risk management – all essential to getting AI governance and accountability right. To learn more about how standards are supporting businesses with their AI adoption, visit our Artificial Intelligence Topic Page. What are the benefits of implementing an artificial intelligence management system? From streamlining workflows and automating routine tasks to extracting invaluable insights and personalizing customer experiences, implementing an AI management system has emerged as a strategic imperative for businesses seeking to thrive in the age of intelligent automation. BS ISO/IEC 42001 benefits businesses by:  Accelerating trust in AI adoption. Its implementation builds trust in how AI innovation is conducted, improving the quality, security, traceability, transparency and reliability of AI applications and reduces regulatory and market confusion. Improving capacity for AI implementation, innovation and adoption. A management system can create a more stable and predictable environment for the development and deployment of AI systems. Improving AI quality as this standard can help to ensure that AI systems are developed and deployed consistently. Supporting compliance with national and global AI objectives, international regulators, and legislators. Cost savings as this standard can reduce the costs associated with developing and deploying AI systems, as businesses can rely on existing frameworks, protocols, and guidelines rather than creating them from scratch. Ensuring proper governance by helping clients use AI in a responsible way. BS ISO/IEC 42001 can help businesses promote accountability by establishing clear lines of responsibility. The impact of BS ISO/IEC 42001 on the AI landscape The UK government has a ten-year plan to turn the UK into an AI ‘superpower’ and has a National AI Strategy to achieve this - balancing good governance with encouraging innovation. The release of this international standard provides agility in a fragmented market where regulations are still in development. This guidance will help accelerate trusted AI development and use, addressing the risks and building confidence as it becomes part of our daily lives. BS ISO/IEC 42001 will be a critical building block for the AI assurance ecosystem as outlined in the UK government’s roadmap. The UK government’s national AI strategy references the standard and its approach is likely to be supported by other regulators and legislators around the world bringing organizations to implement BS ISO/IEC 42001. Do you want to maximize the value of your AI technology? Add BS ISO/IEC 42001 to your collection today.

Key Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Latest Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Trending Digital Topics