Topic

Digital

In our increasingly connected world, newfound risks including misinformation, digital deception and a blurring of the lines between personal and digital safety are threatening trust in business' digital systems and technologies. BSI's collection of digital standards empower organizations to safeguard their information, people, systems, and technology, to ensure safety, security, compliance, privacy, ethical requirements, and brand reputation to enable business effectiveness and efficiencies.

Protecting information, people and reputation

Read how standards can help you to achieve industry digital compliance and best practice

Maximizing the value of AI for society with BS ISO/IEC 42001
Article

Maximizing the value of AI for society with BS ISO/IEC 42001

In today's rapidly evolving digital landscape, businesses are increasingly recognizing the transformative power of artificial intelligence (AI) but are struggling to deploy it in a trusted and responsible way. An international standard has published to help organizations use artificial intelligence responsibly in pursuing their objectives. Global AI adoption is growing steadily. In 2022, 35% of companies reported using AI in their business, and an additional 42% reported they are exploring AI. Its deployment can help organizations of all sizes and sectors to drive operational efficiency, optimize decision-making processes, and gain a competitive edge. However, they must navigate a set of challenges to successfully implement and leverage its potential. Some of these challenges include: Perceived complexity and lack of understanding surrounding AI technology. Many businesses may not fully comprehend the various applications and benefits that AI can offer to their specific industry or operations. This lack of awareness can lead to a hesitation to invest in AI solutions. Data privacy and security concerns can also deter businesses from embracing AI. The use of AI often involves collecting and analysing large volumes of data, which raises concerns about protecting sensitive information and complying with relevant regulations. Lack of trust in the quality, accuracy and reliability of AI systems. Faulty or biased AI algorithms can lead to incorrect decisions, compromising the quality of products or services and potentially damaging a business's reputation. Ethical considerations such as bias and transparency, demand careful attention to ensure responsible deployment and gain public trust. Addressing these challenges requires a systematic approach to managing the transition within businesses. BS ISO/IEC 42001 Information Technology — Artificial intelligence — Management system is the first international standard to provide best practice for governing AI effectively. It aims to build trust in the technology, so it becomes more widely trusted and deployed to the advantage of organizations, as well as wider society. What AI guidance does BS ISO/IEC 42001 provide businesses with? Developed by experts from 50 countries, including the UK (via the British Standards Institution), BS ISO/IEC 42001 is an integral part of improving the governance and accountability of AI globally. BS ISO/IEC 42001 specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI management system within the context of an organization. It is what is known as a ‘management system’ standard, developed specifically for AI. A management system sets out the processes an organization needs to follow to meet its objectives and provides a framework of good practice. These standards help organizations to put an integrated system in place, including, for example, senior management support, training, governance processes and risk management – all essential to getting AI governance and accountability right. To learn more about how standards are supporting businesses with their AI adoption, visit our Artificial Intelligence Topic Page. What are the benefits of implementing an artificial intelligence management system? From streamlining workflows and automating routine tasks to extracting invaluable insights and personalizing customer experiences, implementing an AI management system has emerged as a strategic imperative for businesses seeking to thrive in the age of intelligent automation. BS ISO/IEC 42001 benefits businesses by:  Accelerating trust in AI adoption. Its implementation builds trust in how AI innovation is conducted, improving the quality, security, traceability, transparency and reliability of AI applications and reduces regulatory and market confusion. Improving capacity for AI implementation, innovation and adoption. A management system can create a more stable and predictable environment for the development and deployment of AI systems. Improving AI quality as this standard can help to ensure that AI systems are developed and deployed consistently. Supporting compliance with national and global AI objectives, international regulators, and legislators. Cost savings as this standard can reduce the costs associated with developing and deploying AI systems, as businesses can rely on existing frameworks, protocols, and guidelines rather than creating them from scratch. Ensuring proper governance by helping clients use AI in a responsible way. BS ISO/IEC 42001 can help businesses promote accountability by establishing clear lines of responsibility. The impact of BS ISO/IEC 42001 on the AI landscape The UK government has a ten-year plan to turn the UK into an AI ‘superpower’ and has a National AI Strategy to achieve this - balancing good governance with encouraging innovation. The release of this international standard provides agility in a fragmented market where regulations are still in development. This guidance will help accelerate trusted AI development and use, addressing the risks and building confidence as it becomes part of our daily lives. BS ISO/IEC 42001 will be a critical building block for the AI assurance ecosystem as outlined in the UK government’s roadmap. The UK government’s national AI strategy references the standard and its approach is likely to be supported by other regulators and legislators around the world bringing organizations to implement BS ISO/IEC 42001. Do you want to maximize the value of your AI technology? Add BS ISO/IEC 42001 to your collection today.Read more
Achieve better information security management with the revised BS EN ISO/IEC 27001
Article

Achieve better information security management with the revised BS EN ISO/IEC 27001

Have you heard the news? The bestselling international information security management system standard BS EN ISO/IEC 27001 has been revised. This standard helps companies secure their information assets – crucial in today's world where the number and complexity of cyberattacks are rising. As organizations become more digitized, cybercriminals’ methods have become increasingly sophisticated. Without the right information security protection, your business is at risk. After a breach, 21% of companies reported losing money, data, or assets, while 1 in 3 reported suffering wider business disruption such as lost staff time. BS EN ISO/IEC 27001:2023+A1:2024 Information security management systems. Requirements is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. These standards give you the tools you need to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Their adoption can help to inspire trust in your business, provide opportunities to train your staff, lead to more productive ways of working, result in better customer experiences, and more. In particular, BS EN ISO/IEC 27001 helps organizations manage and protect their information assets through the implementation of an information security management system (ISMS). This refers to a set of internal processes and systems that helps you to keep your information safe and secure. Its guidance helps you to continually review and refine the way you do this, not only for today but also for the future. This British Standard is the UK implementation of ISO/IEC 27001. It is identical to ISO/IEC 27001:2022. It does not supersede BS EN ISO/IEC 27001:2017, this version will be withdrawn once the European version is adopted. BSI, as a member of CEN, is obliged to publish the European version. BSI requested for a derogation from CEN as its national standard is intended be identical to ISO/IEC 27001:2022. The request was granted by CEN, on the condition that BSI would align its national standard with any future EN that will be published on the subject. Why should businesses adopt BS ISO/IEC 27001? If your business handles any kind of data, such as staff personal records, payroll information, or confidential business data, then it can benefit from the protection BS EN ISO/IEC 27001 offers. Without effective data security to protect your business, you’re at risk of a data breach. BS EN ISO/IEC 27001 offers an approach to keeping data safe that can be adopted by any business in any sector. While the standard's focus is identifying and managing information security risks, adopting its guidance offers much broader benefits to your business than just protecting data. It can help your business to: Reduce the likelihood of a data breach, which could result in reputational damage or fines Built trust with existing clients and customers and appeal to new ones by boosting your reputation Improve efficiency and productivity across the entire organization Ensure business continuity in the event of an attempted cyber attack Reduce information security costs by assessing risks and employing a more selective approach And it isn't just the large companies that can reap the benefits of BS EN ISO/IEC 27001. Small and medium-sized organizations are facing an information security crisis, with cyberattacks targeting them increasing at a rapid rate. Often, this is because they are part of a wider supply chain, so it’s essential that they are in control of, and manage, their information security and cyber-risks to protect themselves and others. Discover the impact the adoption of our standards might have on your information security with our interactive tool. What are the key changes to BS ISO/IEC 27001 and why do they matter? Triggered by the revision of BS EN ISO IEC 27002 Information security controls in February 2022, BS EN ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape. While there are no major technical changes in this latest version of the standard, the amendment introduces several key business benefits. These include: Reinforced resilience Change: The guidance of BS EN ISO/IEC 27001 continues to be under a process of constant evolution. Business benefit: The technology used by cybercriminals has come a long way in the five years since BS EN ISO/IEC 27001 was last updated. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today’s risks. These frequent revisions ensure that it remains one of the most relevant risk management tools for fighting off the millions of attacks that occur globally each year. A catalyst for conformance Change: Some editorial changes have been made in BS EN ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022. Business benefit: This change ensures the conformance of BS EN ISO/IEC 27001 on a global level. For businesses, this means that using the BS EN ISO/IEC 27001 specification can help give your organization a reputation for digital trust - assuring your clients that your information security management system has been developed to the highest standards. Continuous control Change: The guidance in BS EN ISO/IEC 27001 has been realigned to the updated content in BS EN ISO/IEC 27002 Information security controls, including a revision to Annex A. Business benefit: This change to the specifications in BS EN ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust. Learn more about the changes to ISO/IEC 27002 by reading our article ‘The 4 pillars of control: A modern approach to information security controls’ Effective implementation Change: There has been a reordering of clauses in BS EN ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards. Business benefit: This change ensures that BS EN ISO/IEC 27001 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001, ISO 14001, etc.). This has been put in place to help organizations that are implementing more than one management system standard at a time, achieve effective adoption of these processes. To learn more about implementing BS EN ISO/IEC 27001:2023+A1:2024 into your organization, download our ‘Adopting ISO/IEC 27001 - Your next steps’ infographic. Current users of ISO/IEC 27001:2017 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period. Want to have access to all your information security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information management system. The flexibility and visibility it provides enable you and your team to get the most from standards - from cybersecurity and digital trust to technological transformation. Request to learn more. Achieve better information security management in your business, by adding the revised BS EN ISO/IEC 27001:2023+A1:2024 to your collection today.
The 4 pillars of control: A modern approach to information security controls
Article

The 4 pillars of control: A modern approach to information security controls

An important information security management system standard was revised in 2022. BS EN ISO/IEC 27002 Information technology, cybersecurity and privacy protection—Information security controls provides guidance for organizational information security controls and offers best practices for information security management. The revision of this standard brings a modern approach to managing cybersecurity. It takes into consideration a business’ unique security risk environment, by focusing on the organization’s selection, implementation, and management of security controls. It aims to provide businesses, of every size and sector, with updated security control guidance, with the aim of simplifying it to make it more versatile for choosing and assessing the type of security controls most suited to the organization. Why is BS EN ISO/IEC 27002 on information security controls important for your business? BS EN ISO/IEC 27002 is an important standard that underpins all cybersecurity systems across sectors. Cybersecurity is a key priority of the Digital Sector Strategy and the wider UK Government’s plan in protecting and growing the UK economy, especially with the growing frequency of cyber-attacks. As a result, BS EN ISO/IEC 27002 is a practical tool to support the desired outcomes of the 2021-2026 National Cyber Security Strategy. Every business needs to be implementing measures to protect its information assets. The forced acceleration of digitalization and shift to hybrid working many organizations have experienced since the start of the COVID-19 pandemic, have led to greater vulnerabilities, whilst cybercrime technology has also become more advanced. BS EN ISO/IEC 27002 will help your business to: Identify suitable and proportionate security controls within the process of setting up an Information Security Management System (ISMS) Achieve best practices in information security management Meet legal, statutory, regulatory, and contractual requirements in relation to information security Strengthen risk management and reduce the likelihood of information security breaches Increase confidence in the organization’s ISMS Increase the overall robustness and resilience of ISMS and strengthen risk management Contribute to UN Sustainable Development Goal 9 on industry, innovation, and infrastructure BS EN ISO/IEC 27002 is best used as a supplementary guide based on BS EN ISO/IEC 27001 for identifying suitable and appropriate security controls within the processing of setting up an ISMS and aids businesses in demonstrating a stable ISMS. To read more about how an information security system can support your business, click here. What has changed in the revised BS EN ISO/IEC 27002? Within the revised BS EN ISO/IEC 27002, users will find that there has been a re-structure of the existing controls and the number of security control listed has decreased from 114 to 93, with some controls being removed as they no longer reflect best practices. Steve Watkins, Chair of IST 33, says “The welcome update of BS EN ISO/IEC 27002 brings the control options and descriptions up to date and introduces the concepts of themes and attributes to assist organizations in their selection and deployment of them to manage cybersecurity risks.” Eleven new controls have been introduced in the latest version of the BS EN ISO/IEC 27002 standard. These reflect the evolvement in technologies and industrial practices including threat intelligence, information security for use of cloud services, and data leakage prevention. This will ensure that businesses are able to maintain continuous control over their information security, despite the nature of cyberattacks changing. BS EN ISO/IEC 27002 aims to ensure that no necessary information security control has been overlooked and that the information security management guidance is consolidated into four key areas, making it easier for businesses to adopt. These four thematic categories of controls are Organizational, People, Physical and Technological. Attributes can also be used to filter, sort, and present controls from different perspectives for different audiences. Organizational Organizational controls are controls that help to embed a culture of information security and digital trust in your business. They help your organization to identify threats intelligently. Examples of the organizational controls identified in BS EN ISO/IEC 27002 include threat intelligence, identity management, and business continuity readiness. People People controls help your business to manage the information risk associated with its stakeholders, to protect peoples’ privacy. These people could be employees, customers, supply chain partners, etc. Examples of the people controls identified in BS EN ISO/IEC 27002 include controls relevant to the activities of Human Resources (HR). Physical Physical controls help your business physically monitor what is happening within your organization to minimize the risk of cyberattacks. Examples of the physical controls identified in BS EN ISO/IEC 27002 include physical entry controls and physical security monitoring. Technological Technological controls help your business protect its information using technology to secure your systems. Examples of the technological controls identified in BS EN ISO/IEC 27002 include data leakage prevention and information deletion and data obfuscation, or masking, for privacy and secure coding. Is your business future-ready? Ensure your organization has the tools it needs to establish effective control within its information security management and prevent cyberattacks, by adding the revised BS EN ISO/IEC 27002:2022 to your collection today.
Strengthen your information security risk management with BS EN ISO/IEC 27005
Article

Strengthen your information security risk management with BS EN ISO/IEC 27005

Protecting the security of your organization’s information – whether it be commercially sensitive or the personal details of your clients - has never been more under the spotlight. An international standard will help. In our hyper-connected, technology-driven world, data breaches and cyberattacks remain a significant threat to organizations. It is, therefore, unsurprising that in this current environment of frequent and highly publicized cyberattacks across every sector, public trust in the ability of companies to securely store their data has fallen significantly over recent years. And it is businesses’ lack of awareness of their information security risks that is often to blame. Managing information security risks requires a suitable risk assessment and risk treatment method which can include an estimation of the costs and benefits, legal requirements, the concerns of stakeholders, and other inputs and variables as appropriate. The revised BS EN ISO/IEC 27005:2024 Information security, cybersecurity and privacy protection – Guidance on managing information security risks provides guidance for organizations on how to wade through it all by providing a framework for effectively managing these risks. How BS EN ISO/IEC 27005 helps you manage information security risks With the increasing number of internal and external information security threats, organizations recognize the importance of adopting a formal risk management program. Without a mechanism to identify, analyze and manage information security risks, it’s difficult for organizations to prioritize their security remediation efforts and resource allocation and associated costs. This leaves organizations more susceptible to security breaches, which can lead to financial and reputational damage. BS EN ISO/IEC 27005 provides guidance for organizational information security standards and offers best practices for information security risk management. It takes into consideration a business’ unique information security risk environment by focusing on the organization’s selection, implementation, and management of controls. It is best used as a supplementary guide based on BS EN ISO/IEC 27001 Information security, cybersecurity and privacy protection – Information security management systems – Requirements for identifying information security risks within the processing of setting up an Information Security Management System (ISMS) and aids businesses in demonstrating a stable ISMS. It provides detailed risk management guidance to help meet related requirements specified in BS EN ISO/IEC 27001. To learn more about how our standards support businesses to achieve resilient information management processes, visit our Information Management topic page. What’s changed in the new revision of BS EN ISO/IEC 27005? As technology advances, so does the way you need to manage the emerging cybersecurity risks to your information. Our standards undergo periodic revisions to ensure that their guidance is up to date with changes in the markets. This ensures that your business can be at the forefront of protecting your information, even when the nature of cyberattacks evolves. Complementary to BS EN ISO/IEC 27001, which provides the requirements for an information security management system (ISMS), BS EN ISO/IEC 27005 has recently been updated to reflect the new version of BS EN ISO/IEC 27001 and thus ensure it is best equipped to meet the demands of organizations of today. The main changes compared to the previous edition are as follows: All guidance text was updated to be in line with the newest editions of BS EN ISO/IEC 27001 and ISO 31000 Risk management. Guidelines Terminology was modified according to ISO 31000:2018 Structure of clauses was adjusted to the layout presented in BS EN ISO/IEC 27001 Risk scenario concepts were introduced Event-based approach is contrasted with the asset-based approach to risk identification The content of the annexes has been revised and restructured into a single annex By adopting the newest version of BS EN ISO/IEC 27005, you can ensure your information security management system is enriched with the most relevant risk management guidance. This will give your stakeholders confidence in your organization’s resilience to handle sensitive and private data securely, as well as reduce the likelihood of any cyberattacks or information breaches from occurring. Digital trust: Understanding the ISO/IEC 27000 series Digital trust empowers organizations to safeguard their information, people, systems, and technology, to ensure safety, security, compliance, privacy, ethical requirements, and brand reputation to enable business effectiveness and efficiencies. Using standards can help to build greater trust in the digital world, allowing your business to demonstrate its commitment to information security, and putting consumers and stakeholders’ minds at ease. BS EN ISO/IEC 27005 is one of more than a dozen standards in the ISO/IEC 27000 series that make up the cyber-risk toolkit, led by the flagship BS EN ISO/IEC 27001 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Others in the series include those for protecting information in the cloud, information security in the telecoms sector, information security systems auditing, and more. Both BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 Information security, cybersecurity and privacy protection. Information security controls within this series have undergone recent full revisions. It is recommended that all businesses that currently use or are looking to implement these standards make sure they adopt the 2022 versions. Ensure your business is working with the latest expert industry guidance when it comes to managing its information security risks. Add BS ISO/IEC 27005 to your collection today. BS EN ISO/IEC 27005 has been adopted by CEN In August 2024, BS EN ISO/IEC 27005:2024 Information security, cybersecurity and privacy protection. Guidance on managing information security risks was adopted by the European Committee for Standardization. BSI Knowledge Subscription As technology continues to advance rapidly across all sectors, accessing the standards your business needs to adapt to emerging digital innovations does not have to be complicated and time-consuming. Our tailored BSI Knowledge subscription service provides flexibility, access, visibility, and control over the standards and insights your team needs to evaluate, implement, and manage new technologies. Request to learn more.

Key Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Latest Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Trending Digital Topics