British Standards Institution

Sector: Governance & Resilience

Overview: Under the direction of the British Electrotechnical Committee and the Standards Policy and Strategy Committee, is responsible for the UK input into ISO/IEC JTC 1/SC 27; recommending action to be taken on issues relevant to ISO/IEC JTC1 that concern the planning and coordination of Security, cybersecurity and privacy protection work; coordinating standardization activities within the scope of ICT/- and maintaining liaison with other groups within and outside BSI concerned with security standardization. IST/33 is also responsible for providing the UK input to CEN/CLC/JTC 13 (Cyber Security and Data Protection)

Committee standards activity

In Progress (77)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
Revision of BS 7799-3:2017 -	Information security management systems - Guidelines for information security risk management Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2023-08-21	Proposal
PD ISO/IEC/TR 27109	Cybersecurity education and training Categories: Unclassified documents Proposal begins :	Proposal
PD ISO/IEC/TR 27024	ISO/IEC 27001 family of standards references list — Use of ISO/IEC 27001 family of standards in Governmental / Regulatory requirements Categories: Unclassified documents Proposal begins :	Proposal
NWIP -	Common security requirements for internet connected radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal
NWIP	Scheme for certification of PII processing operations Categories: Information management \| Standardization. General rules \| Business \| Quality \| Certification. Conformity assessment Proposal begins : 2022-08-24	Proposal
NWI Revision of	EN 17926 Categories: Information management \| Standardization. General rules Proposal begins : 2024-07-22	Proposal
NWI ballot on	Generic Security Requirements Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI ballot on	Principles for cyber resilience Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI ballot	on Vulnerability Handling Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI	Common security requirements for radio equipment processing data, namely internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal

Published (57)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TR 6114:2023	Cybersecurity. Security considerations throughout the product life cycle Categories: Published standard begins : 2023-10-18	Published standard
PD ISO/IEC TR 5895:2022	Cybersecurity. Multi-party coordinated vulnerability disclosure and handling Categories: Published standard begins : 2022-08-18	Published standard
PD ISO/IEC TR 27023:2015	Information technology. Security techniques. Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 Categories: Published standard begins : 2015-07-09	Published standard
PD CEN/CLC ISO/IEC/TS 23532-1:2024	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Published standard begins : 2024-10-14	Published standard
PD CEN ISO/IEC/TS 27006-2:2022	Requirements for bodies providing audit and certification of information security management systems. Part 2: Privacy information management systems Categories: Certification. Conformity assessment \| Published standard begins : 2023-04-17	Published standard
BS ISO/IEC TR 13335-5:2001	Information technology. Guidelines for the management of IT security. Management guidance of network security Categories: Published standard begins : 2001-11-07	Published standard
BS ISO/IEC 29192-2:2019	Information security. Lightweight cryptography. Block ciphers Categories: Published standard begins : 2019-11-28	Published standard
BS ISO/IEC 29191:2012	Information technology. Security techniques. Requirements for partially anonymous, partially unlinkable authentication Categories: Published standard begins : 2013-01-02	Published standard
BS ISO/IEC 27562:2024	Information technology. Security techniques. Privacy guidelines for fintech services Categories: Finances. Banking. Monetary systems. Insurance \| \| IT applications. Banking Published standard begins : 2024-12-18	Published standard
BS ISO/IEC 27071:2023	Cybersecurity. Security recommendations for establishing trusted connections between devices and services Categories: Published standard begins : 2023-08-04	Published standard

Withdrawn (44)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 27006-2:2021	Requirements for bodies providing audit and certification of information security management systems. Privacy information management systems Categories: Certification. Conformity assessment \| Withdrawn begins : 2023-04-17	Withdrawn
PD ISO/IEC TS 23532-1:2021	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Withdrawn begins : 2024-10-14	Withdrawn
PD ISO/IEC TR 27008:2011	Information technology. Security techniques. Guidelines for auditors on information security controls Categories: Withdrawn begins : 2019-01-24	Withdrawn
PD ISO/IEC TR 18044:2004	Information technology. Security techniques. Information security incident management Categories: Withdrawn begins : 2011-09-13	Withdrawn
PD ISO/IEC TR 15446:2004	Information technology. Security techniques. Guide for the production of protection profiles and security targets Categories: Withdrawn begins : 2009-09-24	Withdrawn
PD ISO/IEC TR 15443-2:2012	Information technology. Security techniques. Security assurance framework. Analysis Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
PD ISO/IEC TR 15443-1:2012	Information technology. Security techniques. Security assurance framework. Introduction and concepts Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
DD ISO/IEC PAS 11889-4:2009	Information technology. Trusted Platform Module. Commands Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-3:2009	Information technology. Trusted platform module. Structures Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-2:2009	Information technology. Trusted platform module. Design principles Categories: \| Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn

Message Committee Become a committee member

Committee members

Nominating organizations

Amazon Web Services UK Ltd
Association of British Certification Bodies
Audio Engineering Society
Automate UK
B C S - British Computer Society
B E A M A Limited
B S I A - British Security Industry Association
B U P A
British Business Federation Authority
Business Compliance and Recovery Management Ltd
Cabinet Office
CESG - Communications-Electronics Security Group
Chris Mitchell Consulting
Cisco Systems
Committee Manager
Consumer and Public Interest Network
Continuity Forum
DEVCE - Digital Evidence Virtual Centre of Excellence
DNV-GL
DSIT - Department for Science, Innovation & Technology
Equiniti Group
FieldFisher
FIRST - Forum for Incident Response & Security Teams
FTI Consulting
GyroFalco Ltd
Huawei Technologies
I B M UK Ltd
IMS-Smart
Information Commissioner's Office
Kindred Group
Kinsnall Consulting
Low Power Radio Association
MASS
Mastercard International
Microsoft Limited
Ministry of Defence
National Cyber Security Centre
Newcastle University
Open University
Oracle
Ricardo
Royal Holloway, University of London
Samsung
Security & Standards Associates Ltd
Siemens
Signly
The Remote Gambling Association
tScheme Ltd
TÜV UK Ltd
UK Finance
University College London
University of Bath
University of Birmingham
Vodafone Limited

Liaisons with other committees

Chair - IST/33/1
Chair - IST/33/3
Chair - IST/33/4
Chair - IST/33/5
Co Opted - UKAS
Individual Capacity - Charity Sector
Individual Capacity - Control Attributes Expert
Individual Capacity - Cybersecurity
Individual Capacity - Information Assurance Expert
Individual Capacity - Offensive Security and Evasion Strategies
Individual Capacity - Privacy Expert
Individual Capacity - Software Developer and Business Continuity Expert
Individual Capacity – Certification & Auditing
Individual Capacity – Industrial Affairs
Individual Capacity- RHUL Student
Liaison - GW/1
Liaison - ICT/1
Liaison - ICT/4
Liaison - IST/17
Liaison - IST/33 - IST/34
Liaison - MSEG
Liaison – DLT/1
Liaison – IST/60/2
Liaison – TCT/301
Secretary - FSM/1

BSI roles

Committee Chair

Standards Development

IST/33 - Information security, cybersecurity and privacy protection

Committee standards activity