Topic

Digital

In our increasingly connected world, newfound risks including misinformation, digital deception and a blurring of the lines between personal and digital safety are threatening trust in business' digital systems and technologies. BSI's collection of digital standards empower organizations to safeguard their information, people, systems, and technology, to ensure safety, security, compliance, privacy, ethical requirements, and brand reputation to enable business effectiveness and efficiencies.

Protecting information, people and reputation

Read how standards can help you to achieve industry digital compliance and best practice

Reimagining data privacy compliance with BS EN ISO/IEC 27701:2025
Article

Reimagining data privacy compliance with BS EN ISO/IEC 27701:2025

According to the UK Business Data Survey 2024, 75% of businesses said it felt like a burden to comply with UK data protection laws. With regulatory complexity rising and stakeholder expectations at an all-time high, organizations are looking for smarter, more sustainable ways to manage privacy. That’s where BS EN ISO/IEC 27701:2025 comes in. A modern privacy standard built for flexibility BS EN ISO/IEC 27701:2025 Information security, cybersecurity and privacy protection – Privacy Information management systems – Requirements and guidance provides a comprehensive, scalable framework for managing Personally Identifiable Information (PII) in line with global regulations. Unlike its predecessor, this new edition is a stand-alone  a stand-alone Type A Management System Standard (MSS), no longer dependent on BS EN ISO/IEC 27001 or BS EN ISO/IEC 27002. This shift makes it easier for organizations, whether mature or just beginning their privacy journey, to implement a future-ready Privacy Information Management System (PIMS). Whether you're a data controller, processor, or subcontractor, this standard is designed to help you manage privacy risk efficiently while demonstrating accountability and trustworthiness. Explore how standards empower organizations to navigate digital transformation with confidence. Visit our Digital industry page to learn more. Who can use BS EN ISO/IEC 27701:2025? This standard is designed for any organization that collects, processes, stores, or manages personal data, regardless of size, sector, or geographic location. It’s highly relevant for: PII Controllers and Processors including subcontractors and third-party service providers. Technology Companies dealing with cloud, SaaS, AI, and user analytics. Healthcare Providers managing patient records, diagnostics, and sensitive health data. Financial Services handling transactional and identity data under strict regulatory oversight. Public Sector Bodies managing citizen data and digital services with public trust at stake. Retail and E-commerce processing vast volumes of consumer data, often across borders.  What’s new in BS EN ISO/IEC 27701:2025? This revision introduces several important updates: Stand-alone MSS: Now established as a Type A Management System Standard, aligned to ISO’s Harmonized Structure and no longer dependent on BS EN ISO/IEC 27001 or BS EN ISO/IEC 27002. Broader applicability: Designed for organizations of any size, sector, or jurisdiction that manage personal data whether they already operate an Information Security Management System. Reorganized controls: Existing controller, processor and subcontractor requirements have been consolidated into a single, clearer annex structure. The intent remains the same, but numbering and layout have been updated for easier implementation. Strengthened risk-based approach: Privacy-specific risk assessment and treatment are now embedded within the core management-system clauses, reinforcing accountability and continual improvement. Clearer roles and accountability: Refined definitions and responsibilities for PII controllers, processors and subcontractors provide greater operational clarity, especially where organizations act in multiple roles. Modern context: The updated text reflects contemporary data-processing environments such as cloud computing, cross-border transfers and emerging AI-related activities, ensuring the standard remains relevant without adding new technical controls. Three ways BS EN ISO/IEC 27701 adds value to your organization BS EN ISO/IEC 27701:2025 offers organizations a powerful way to elevate their privacy practices beyond baseline compliance. 1. Confident and compliant data management By adopting this stand-alone framework, businesses gain a structured and internationally recognized approach to managing Personally Identifiable Information (PII) that is both practical and future ready. It enables companies to respond effectively to evolving data protection laws and regulatory scrutiny, while also reinforcing internal governance and accountability.  2. Operational clarity in a complex digital landscape The standard brings clarity to roles and responsibilities, making it easier for data controllers and processors to coordinate their efforts, reduce risks, and maintain operational transparency. For organizations navigating complex digital environments, particularly those using cloud-based services, AI, or operating across jurisdictions - BS EN ISO/IEC 27701:2025 provides much-needed alignment with frameworks such as GDPR. 3. Building trust while reducing compliance burden Beyond compliance, the standard supports stronger stakeholder trust. With privacy now central to public perception and brand reputation, demonstrating commitment through a robust, certifiable management system can differentiate an organization in the marketplace.  BS EN ISO/IEC 27701:2025 also streamlines internal processes, reduces the cost and complexity of audits, and provides a flexible model that can grow with an organization’s privacy maturity over time. Ready to take control of your privacy management? Download your copy of BS EN ISO/IEC 27701:2025 today and equip your organization with a trusted, future-ready framework for data protection, compliance, and stakeholder confidence.Read more
Building confidence in a connected world: The role of a standards subscription in digital trust
Article

Building confidence in a connected world: The role of a standards subscription in digital trust

From data protection and cybersecurity to AI governance and supply chain transparency, digital trust underpins how customers, partners and regulators perceive an organization. Establishing this trust requires more than technology alone, it demands recognized best practices and globally aligned standards. BSI Knowledge, a comprehensive standards and best practices platform, equips businesses with the resources needed to tackle these challenges and build confidence in an increasingly connected world. The digital trust challenge Organizations operating across complex digital ecosystems face a range of risks that can undermine trust if not effectively managed: Cybersecurity threats: The frequency and sophistication of cyberattacks continue to rise, increasing the risk of data breaches, operational disruption, and reputational damage. Data protection and privacy expectations: Regulations such as GDPR have heightened expectations around how personal and sensitive data is managed, stored, and shared. Emerging technologies: The adoption of AI, cloud services, and digital supply chains introduces new ethical, governance, and accountability considerations. Regulatory complexity: Digital regulations continue to evolve globally, requiring organizations to demonstrate robust controls and consistent oversight. BSI Knowledge helps organizations address these risks consistently across teams and regions by providing shared, standards-based frameworks. How BSI Knowledge can help BSI Knowledge offers a structured approach to managing digital risks and building stakeholder confidence. With access to over 120,000 standards, organizations can: Strengthen information security: Apply standards such as BS EN ISO/IEC 27001 to establish and maintain effective information security management systems. Support data protection and privacy: Use frameworks like BS EN ISO/IEC 27701 to enhance privacy information management and demonstrate compliance with data protection expectations. Govern emerging technologies responsibly: Access guidance such as BS ISO/IEC 42001 (AI management systems) alongside standards for risk management and digital resilience to support ethical, transparent innovation. Enhance resilience and continuity: Align with standards like BS EN ISO 22301 (business continuity management) to strengthen operational resilience in the face of digital disruption. Demonstrate accountability: Use globally recognized best practices to communicate trustworthiness and assurance to customers, partners, and regulators. Stay ahead of the curve: Benefit from early access to new and updated standards from BSI, supported by expert insight into emerging digital and regulatory trends. Key benefits of BSI Knowledge Comprehensive standard library: Access over 120,000 international standards across 54 modules, covering digital trust, security, privacy, quality, and compliance. Flexible subscription models: Tailor multi-user access to suit organizational and departmental needs and budget. Regular updates: Keep pace with evolving standards, amendments, and adoptions through BSI’s in-house expertise. Tracked changes: Quickly identify what’s changed with tracked updates provided at no additional cost. Effortless collaboration: Enable shared access across teams, improving alignment and governance. Easy access anytime, anywhere: Manage and access critical standards from a single platform, across locations and devices. Take the next step Ready to strengthen digital trust across your organization? Request a live demo of BSI Knowledge and see how embedding standards into digital strategy can help move beyond compliance and build long-term confidence in a rapidly evolving digital landscape. Request your free demo now.
Achieve better information security management with the revised BS EN ISO/IEC 27001
Article

Achieve better information security management with the revised BS EN ISO/IEC 27001

Have you heard the news? The bestselling international information security management system standard BS EN ISO/IEC 27001 has been revised. This standard helps companies secure their information assets – crucial in today's world where the number and complexity of cyberattacks are rising. As organizations become more digitized, cybercriminals’ methods have become increasingly sophisticated. Without the right information security protection, your business is at risk. After a breach, 21% of companies reported losing money, data, or assets, while 1 in 3 reported suffering wider business disruption such as lost staff time. BS EN ISO/IEC 27001:2023+A1:2024 Information security management systems. Requirements is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. These standards give you the tools you need to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Their adoption can help to inspire trust in your business, provide opportunities to train your staff, lead to more productive ways of working, result in better customer experiences, and more. In particular, BS EN ISO/IEC 27001 helps organizations manage and protect their information assets through the implementation of an information security management system (ISMS). This refers to a set of internal processes and systems that helps you to keep your information safe and secure. Its guidance helps you to continually review and refine the way you do this, not only for today but also for the future. This British Standard is the UK implementation of ISO/IEC 27001. It is identical to ISO/IEC 27001:2022. It does not supersede BS EN ISO/IEC 27001:2017, this version will be withdrawn once the European version is adopted. BSI, as a member of CEN, is obliged to publish the European version. BSI requested for a derogation from CEN as its national standard is intended be identical to ISO/IEC 27001:2022. The request was granted by CEN, on the condition that BSI would align its national standard with any future EN that will be published on the subject. Why should businesses adopt BS ISO/IEC 27001? If your business handles any kind of data, such as staff personal records, payroll information, or confidential business data, then it can benefit from the protection BS EN ISO/IEC 27001 offers. Without effective data security to protect your business, you’re at risk of a data breach. BS EN ISO/IEC 27001 offers an approach to keeping data safe that can be adopted by any business in any sector. While the standard's focus is identifying and managing information security risks, adopting its guidance offers much broader benefits to your business than just protecting data. It can help your business to: Reduce the likelihood of a data breach, which could result in reputational damage or fines Built trust with existing clients and customers and appeal to new ones by boosting your reputation Improve efficiency and productivity across the entire organization Ensure business continuity in the event of an attempted cyber attack Reduce information security costs by assessing risks and employing a more selective approach And it isn't just the large companies that can reap the benefits of BS EN ISO/IEC 27001. Small and medium-sized organizations are facing an information security crisis, with cyberattacks targeting them increasing at a rapid rate. Often, this is because they are part of a wider supply chain, so it’s essential that they are in control of, and manage, their information security and cyber-risks to protect themselves and others. Discover the impact the adoption of our standards might have on your information security with our interactive tool. What are the key changes to BS ISO/IEC 27001 and why do they matter? Triggered by the revision of BS EN ISO IEC 27002 Information security controls in February 2022, BS EN ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape. While there are no major technical changes in this latest version of the standard, the amendment introduces several key business benefits. These include: Reinforced resilience Change: The guidance of BS EN ISO/IEC 27001 continues to be under a process of constant evolution. Business benefit: The technology used by cybercriminals has come a long way in the five years since BS EN ISO/IEC 27001 was last updated. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today’s risks. These frequent revisions ensure that it remains one of the most relevant risk management tools for fighting off the millions of attacks that occur globally each year. A catalyst for conformance Change: Some editorial changes have been made in BS EN ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022. Business benefit: This change ensures the conformance of BS EN ISO/IEC 27001 on a global level. For businesses, this means that using the BS EN ISO/IEC 27001 specification can help give your organization a reputation for digital trust - assuring your clients that your information security management system has been developed to the highest standards. Continuous control Change: The guidance in BS EN ISO/IEC 27001 has been realigned to the updated content in BS EN ISO/IEC 27002 Information security controls, including a revision to Annex A. Business benefit: This change to the specifications in BS EN ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust. Learn more about the changes to ISO/IEC 27002 by reading our article ‘The 4 pillars of control: A modern approach to information security controls’ Effective implementation Change: There has been a reordering of clauses in BS EN ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards. Business benefit: This change ensures that BS EN ISO/IEC 27001 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001, ISO 14001, etc.). This has been put in place to help organizations that are implementing more than one management system standard at a time, achieve effective adoption of these processes. To learn more about implementing BS EN ISO/IEC 27001:2023+A1:2024 into your organization, download our ‘Adopting ISO/IEC 27001 - Your next steps’ infographic. Current users of ISO/IEC 27001:2017 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period. Want to have access to all your information security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information management system. The flexibility and visibility it provides enable you and your team to get the most from standards - from cybersecurity and digital trust to technological transformation. Request to learn more. Achieve better information security management in your business, by adding the revised BS EN ISO/IEC 27001:2023+A1:2024 to your collection today.
Maximizing the value of AI for society with BS ISO/IEC 42001
Article

Maximizing the value of AI for society with BS ISO/IEC 42001

In today's rapidly evolving digital landscape, businesses are increasingly recognizing the transformative power of artificial intelligence (AI) but are struggling to deploy it in a trusted and responsible way. An international standard has published to help organizations use artificial intelligence responsibly in pursuing their objectives. Global AI adoption is growing steadily. In 2022, 35% of companies reported using AI in their business, and an additional 42% reported they are exploring AI. Its deployment can help organizations of all sizes and sectors to drive operational efficiency, optimize decision-making processes, and gain a competitive edge. However, they must navigate a set of challenges to successfully implement and leverage its potential. Some of these challenges include: Perceived complexity and lack of understanding surrounding AI technology. Many businesses may not fully comprehend the various applications and benefits that AI can offer to their specific industry or operations. This lack of awareness can lead to a hesitation to invest in AI solutions. Data privacy and security concerns can also deter businesses from embracing AI. The use of AI often involves collecting and analysing large volumes of data, which raises concerns about protecting sensitive information and complying with relevant regulations. Lack of trust in the quality, accuracy and reliability of AI systems. Faulty or biased AI algorithms can lead to incorrect decisions, compromising the quality of products or services and potentially damaging a business's reputation. Ethical considerations such as bias and transparency, demand careful attention to ensure responsible deployment and gain public trust. Addressing these challenges requires a systematic approach to managing the transition within businesses. BS ISO/IEC 42001 Information Technology — Artificial intelligence — Management system is the first international standard to provide best practice for governing AI effectively. It aims to build trust in the technology, so it becomes more widely trusted and deployed to the advantage of organizations, as well as wider society. What AI guidance does BS ISO/IEC 42001 provide businesses with? Developed by experts from 50 countries, including the UK (via the British Standards Institution), BS ISO/IEC 42001 is an integral part of improving the governance and accountability of AI globally. BS ISO/IEC 42001 specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI management system within the context of an organization. It is what is known as a ‘management system’ standard, developed specifically for AI. A management system sets out the processes an organization needs to follow to meet its objectives and provides a framework of good practice. These standards help organizations to put an integrated system in place, including, for example, senior management support, training, governance processes and risk management – all essential to getting AI governance and accountability right. To learn more about how standards are supporting businesses with their AI adoption, visit our Artificial Intelligence Topic Page. What are the benefits of implementing an artificial intelligence management system? From streamlining workflows and automating routine tasks to extracting invaluable insights and personalizing customer experiences, implementing an AI management system has emerged as a strategic imperative for businesses seeking to thrive in the age of intelligent automation. BS ISO/IEC 42001 benefits businesses by:  Accelerating trust in AI adoption. Its implementation builds trust in how AI innovation is conducted, improving the quality, security, traceability, transparency and reliability of AI applications and reduces regulatory and market confusion. Improving capacity for AI implementation, innovation and adoption. A management system can create a more stable and predictable environment for the development and deployment of AI systems. Improving AI quality as this standard can help to ensure that AI systems are developed and deployed consistently. Supporting compliance with national and global AI objectives, international regulators, and legislators. Cost savings as this standard can reduce the costs associated with developing and deploying AI systems, as businesses can rely on existing frameworks, protocols, and guidelines rather than creating them from scratch. Ensuring proper governance by helping clients use AI in a responsible way. BS ISO/IEC 42001 can help businesses promote accountability by establishing clear lines of responsibility. The impact of BS ISO/IEC 42001 on the AI landscape The UK government has a ten-year plan to turn the UK into an AI ‘superpower’ and has a National AI Strategy to achieve this - balancing good governance with encouraging innovation. The release of this international standard provides agility in a fragmented market where regulations are still in development. This guidance will help accelerate trusted AI development and use, addressing the risks and building confidence as it becomes part of our daily lives. BS ISO/IEC 42001 will be a critical building block for the AI assurance ecosystem as outlined in the UK government’s roadmap. The UK government’s national AI strategy references the standard and its approach is likely to be supported by other regulators and legislators around the world bringing organizations to implement BS ISO/IEC 42001. Do you want to maximize the value of your AI technology? Add BS ISO/IEC 42001 to your collection today.

Key Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Latest Digital Standards

Browse or Search our ICT & Telecommunications Standards Catalogue

Trending Digital Topics