British Standards Institution

Sector: Governance & Resilience

Overview: Under the direction of the British Electrotechnical Committee and the Standards Policy and Strategy Committee, is responsible for the UK input into ISO/IEC JTC 1/SC 27; recommending action to be taken on issues relevant to ISO/IEC JTC1 that concern the planning and coordination of Security, cybersecurity and privacy protection work; coordinating standardization activities within the scope of ICT/- and maintaining liaison with other groups within and outside BSI concerned with security standardization. IST/33 is also responsible for providing the UK input to CEN/CLC/JTC 13 (Cyber Security and Data Protection)

Committee standards activity

In Progress (77)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
Revision of BS 7799-3:2017 -	Information security management systems - Guidelines for information security risk management Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2023-08-21	Proposal
PD ISO/IEC/TR 27109	Cybersecurity education and training Categories: Unclassified documents Proposal begins :	Proposal
PD ISO/IEC/TR 27024	ISO/IEC 27001 family of standards references list — Use of ISO/IEC 27001 family of standards in Governmental / Regulatory requirements Categories: Unclassified documents Proposal begins :	Proposal
NWIP -	Common security requirements for internet connected radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal
NWIP	Scheme for certification of PII processing operations Categories: Information management \| Standardization. General rules \| Business \| Quality \| Certification. Conformity assessment Proposal begins : 2022-08-24	Proposal
NWI Revision of	EN 17926 Categories: Information management \| Standardization. General rules Proposal begins : 2024-07-22	Proposal
NWI	Common security requirements for radio equipment processing data, namely internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal
NWI	Common security requirements for internet connected radio equipment processing virtual money or monetary value Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal
ISO/IEC/JTC 1/SC 27 N 2042, ISO/IEC NP 20009-3	Information technology - Security techniques - Anonymous entity authentication - Part 3: Mechanisms based on blind signatures concepts Categories: Information management \| Vocabularies \| Information technology. \| Standardization. General rules \| ICT \| Information technology \| Information technology applications Proposal begins : 2020-02-20	Proposal
ISO/IEC PWI TS 7709	Information technology -- Big data security and privacy -- Security and privacy-preserving guidelines for multi-sourced data processing Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-12-07	Proposal

Published (52)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TR 6114:2023	Cybersecurity. Security considerations throughout the product life cycle Categories: Published standard begins : 2023-10-18	Published standard
PD ISO/IEC TR 5895:2022	Cybersecurity. Multi-party coordinated vulnerability disclosure and handling Categories: Published standard begins : 2022-08-18	Published standard
PD ISO/IEC TR 27023:2015	Information technology. Security techniques. Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 Categories: Published standard begins : 2015-07-09	Published standard
PD CEN/CLC ISO/IEC/TS 23532-1:2024	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Published standard begins : 2024-10-14	Published standard
PD CEN ISO/IEC/TS 27006-2:2022	Requirements for bodies providing audit and certification of information security management systems. Part 2: Privacy information management systems Categories: Certification. Conformity assessment \| Published standard begins : 2023-04-17	Published standard
BS ISO/IEC TR 13335-5:2001	Information technology. Guidelines for the management of IT security. Management guidance of network security Categories: Published standard begins : 2001-11-07	Published standard
BS ISO/IEC 29192-2:2019	Information security. Lightweight cryptography. Block ciphers Categories: Published standard begins : 2019-11-28	Published standard
BS ISO/IEC 29191:2012	Information technology. Security techniques. Requirements for partially anonymous, partially unlinkable authentication Categories: Published standard begins : 2013-01-02	Published standard
BS ISO/IEC 27071:2023	Cybersecurity. Security recommendations for establishing trusted connections between devices and services Categories: Published standard begins : 2023-08-04	Published standard
BS ISO/IEC 27050-3:2020	Information technology. Electronic discovery. Code of practice for electronic discovery Categories: \| Information coding. Character sets Published standard begins : 2020-02-05	Published standard

Withdrawn (46)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 27006-2:2021	Requirements for bodies providing audit and certification of information security management systems. Privacy information management systems Categories: Certification. Conformity assessment \| Withdrawn begins : 2023-04-17	Withdrawn
PD ISO/IEC TS 23532-1:2021	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Withdrawn begins : 2024-10-14	Withdrawn
PD ISO/IEC TR 27008:2011	Information technology. Security techniques. Guidelines for auditors on information security controls Categories: Withdrawn begins : 2019-01-24	Withdrawn
PD ISO/IEC TR 18044:2004	Information technology. Security techniques. Information security incident management Categories: Withdrawn begins : 2011-09-13	Withdrawn
PD ISO/IEC TR 15446:2004	Information technology. Security techniques. Guide for the production of protection profiles and security targets Categories: Withdrawn begins : 2009-09-24	Withdrawn
PD ISO/IEC TR 15443-2:2012	Information technology. Security techniques. Security assurance framework. Analysis Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
PD ISO/IEC TR 15443-1:2012	Information technology. Security techniques. Security assurance framework. Introduction and concepts Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
DD ISO/IEC PAS 11889-4:2009	Information technology. Trusted Platform Module. Commands Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-3:2009	Information technology. Trusted platform module. Structures Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-2:2009	Information technology. Trusted platform module. Design principles Categories: \| Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn

Message Committee Become a committee member

Committee members

Nominating organizations

AB&A UK LIMITED
Amazon Web Services UK Ltd
Association of British Certification Bodies
Audio Engineering Society
Automate UK
B C S - British Computer Society
B E A M A Limited
B S I A - British Security Industry Association
B U P A
BCS Information Risk and Assurance (IRMA)
BCS The Chartered Institute for IT
British Business Federation Authority
Business Compliance and Recovery Management Ltd
Cabinet Office
CESG - Communications-Electronics Security Group
Chris Mitchell Consulting
Cisco Systems
Committee Manager
Consumer and Public Interest Network
Continuity Forum
DEVCE - Digital Evidence Virtual Centre of Excellence
DNV-GL
DSIT - Department for Science, Innovation & Technology
Equiniti Group
FieldFisher
FIRST - Forum for Incident Response & Security Teams
FTI Consulting
Future Six Ltd
Google
GyroFalco Ltd
Huawei Technologies
I B M UK Ltd
Identity Management Decisions Ltd
IMS-Smart
Information Commissioner's Office
Integrated InfoSec
Intel Corp (UK) Ltd
International Register of Certified Auditors
ISO Solutions Ltd
Jockey Club
K P M G LLP
Kindred Group
Kinsnall Consulting
Low Power Radio Association
Manufacturing Technologies Association
MASS
Mastercard International
Microsoft Limited
Ministry of Defence
National Cyber Security Centre
Newcastle University
Oracle
Royal Holloway, University of London
Security & Standards Associates Ltd
Siemens
Thales UK
The Remote Gambling Association
Toshiba Europe Ltd
Trilateral Research
tScheme Ltd
TÜV UK Ltd
UK Finance
University College London
University of Bath
University of Birmingham
University of Bristol
University of Surrey
Verifiable Credentials Ltd
Visa
Vodafone Limited

Liaisons with other committees

Chair - IST/33/1
Chair - IST/33/1/1
Chair - IST/33/3
Chair - IST/33/4
Chair - IST/33/4/5
Chair - IST/33/5
Chair – IST/33/5/2
Co Opted - ISO/IEC 27011
Co Opted - UKAS
Individual Capacity - Charity Sector
Individual Capacity - Control Attributes Expert
Individual Capacity - Crisis Resilience & Security Risk Management
Individual Capacity - Cyber security, person identification
Individual Capacity - Cybersecurity
Individual Capacity - Data Protection & Privacy Expert
Individual Capacity - Identity Assurance
Individual Capacity - Information Assurance Expert
Individual Capacity - ISO/IEC 27001
Individual Capacity - IT Systems Assurance
Individual Capacity - Network Security
Individual Capacity - Offensive Security and Evasion Strategies
Individual Capacity - Privacy Expert
Individual Capacity - Royal Bank of Scotland
Individual Capacity - Software Developer and Business Continuity Expert
Individual Capacity – Certification & Auditing
Individual Capacity – Industrial Affairs
Individual Capacity – Info Security Expert
Individual Capacity- RHUL Student
Liaison - GW/1
Liaison - ICT/1
Liaison - ICT/4
Liaison - IST/12
Liaison - IST/17
Liaison - IST/33 - IST/34
Liaison - MSEG
Liaison - RM/1
Liaison – DLT/1
Liaison – IST/60/2
Secretary - FSM/1

BSI roles

Committee Chair

Standards Development

IST/33 - Information security, cybersecurity and privacy protection

Committee standards activity