British Standards Institution

Sector: Governance & Resilience

Overview: Under the direction of the British Electrotechnical Committee and the Standards Policy and Strategy Committee, is responsible for the UK input into ISO/IEC JTC 1/SC 27; recommending action to be taken on issues relevant to ISO/IEC JTC1 that concern the planning and coordination of Security, cybersecurity and privacy protection work; coordinating standardization activities within the scope of ICT/- and maintaining liaison with other groups within and outside BSI concerned with security standardization. IST/33 is also responsible for providing the UK input to CEN/CLC/JTC 13 (Cyber Security and Data Protection)

Committee standards activity

In Progress (85)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
Revision of BS 7799-3:2017 -	Information security management systems - Guidelines for information security risk management Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2023-08-21	Proposal
PD ISO/IEC/TR 27109	Cybersecurity education and training Categories: Unclassified documents Proposal begins :	Proposal
PD ISO/IEC/TR 27024	ISO/IEC 27001 family of standards references list — Use of ISO/IEC 27001 family of standards in Governmental / Regulatory requirements Categories: Unclassified documents Proposal begins :	Proposal
NWIP -	Common security requirements for internet connected radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal
NWIP	Scheme for certification of PII processing operations Categories: Information management \| Standardization. General rules \| Business \| Quality \| Certification. Conformity assessment Proposal begins : 2022-08-24	Proposal
NWI Revision of	EN 17926 Categories: Information management \| Standardization. General rules Proposal begins : 2024-07-22	Proposal
NWI ballot on	Generic Security Requirements Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI ballot on	Principles for cyber resilience Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI ballot	on Vulnerability Handling Categories: Information management \| Standardization. General rules Proposal begins : 2024-11-27	Proposal
NWI	Common security requirements for radio equipment processing data, namely internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment Categories: Information management \| Standardization. General rules \| ICT \| Information technology \| Information technology. General Proposal begins : 2022-09-21	Proposal

Published (54)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TR 6114:2023	Cybersecurity. Security considerations throughout the product life cycle Categories: Published standard begins : 2023-10-18	Published standard
PD ISO/IEC TR 5895:2022	Cybersecurity. Multi-party coordinated vulnerability disclosure and handling Categories: Published standard begins : 2022-08-18	Published standard
PD ISO/IEC TR 27023:2015	Information technology. Security techniques. Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 Categories: Published standard begins : 2015-07-09	Published standard
PD CEN/CLC ISO/IEC/TS 23532-1:2024	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Published standard begins : 2024-10-14	Published standard
PD CEN ISO/IEC/TS 27006-2:2022	Requirements for bodies providing audit and certification of information security management systems. Part 2: Privacy information management systems Categories: Certification. Conformity assessment \| Published standard begins : 2023-04-17	Published standard
BS ISO/IEC TR 13335-5:2001	Information technology. Guidelines for the management of IT security. Management guidance of network security Categories: Published standard begins : 2001-11-07	Published standard
BS ISO/IEC 29192-2:2019	Information security. Lightweight cryptography. Block ciphers Categories: Published standard begins : 2019-11-28	Published standard
BS ISO/IEC 29191:2012	Information technology. Security techniques. Requirements for partially anonymous, partially unlinkable authentication Categories: Published standard begins : 2013-01-02	Published standard
BS ISO/IEC 27562:2024	Information technology. Security techniques. Privacy guidelines for fintech services Categories: Finances. Banking. Monetary systems. Insurance \| \| IT applications. Banking Published standard begins : 2024-12-18	Published standard
BS ISO/IEC 27071:2023	Cybersecurity. Security recommendations for establishing trusted connections between devices and services Categories: Published standard begins : 2023-08-04	Published standard

Withdrawn (47)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 27006-2:2021	Requirements for bodies providing audit and certification of information security management systems. Privacy information management systems Categories: Certification. Conformity assessment \| Withdrawn begins : 2023-04-17	Withdrawn
PD ISO/IEC TS 23532-1:2021	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Evaluation for ISO/IEC 15408 Categories: Withdrawn begins : 2024-10-14	Withdrawn
PD ISO/IEC TR 27008:2011	Information technology. Security techniques. Guidelines for auditors on information security controls Categories: Withdrawn begins : 2019-01-24	Withdrawn
PD ISO/IEC TR 18044:2004	Information technology. Security techniques. Information security incident management Categories: Withdrawn begins : 2011-09-13	Withdrawn
PD ISO/IEC TR 15446:2004	Information technology. Security techniques. Guide for the production of protection profiles and security targets Categories: Withdrawn begins : 2009-09-24	Withdrawn
PD ISO/IEC TR 15443-2:2012	Information technology. Security techniques. Security assurance framework. Analysis Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
PD ISO/IEC TR 15443-1:2012	Information technology. Security techniques. Security assurance framework. Introduction and concepts Categories: \| Information coding. Character sets Withdrawn begins : 2013-10-08	Withdrawn
DD ISO/IEC PAS 11889-4:2009	Information technology. Trusted Platform Module. Commands Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-3:2009	Information technology. Trusted platform module. Structures Categories: Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn
DD ISO/IEC PAS 11889-2:2009	Information technology. Trusted platform module. Design principles Categories: \| Information coding. Character sets Withdrawn begins : 2009-08-26	Withdrawn

Message Committee Become a committee member

Committee members

Nominating organizations

AB&A UK LIMITED
Amazon Web Services UK Ltd
Association of British Certification Bodies
B U P A
Bank of England
BCS The Chartered Institute for IT
British Business Federation Authority
Business Compliance and Recovery Management Ltd
Cabinet Office
Cabinet Office GDS - Enterprise Architect/eIDAS
Cabinet Office GDS - IA Specialist
Cabinet Office GDS – Identity Assurance
CESG - Communications-Electronics Security Group
Committee Manager
Consumer and Public Interest Network
Continuity Forum
Defence Science and Technology Laboratory
DEVCE - Digital Evidence Virtual Centre of Excellence
DMTechno Ltd
DNV-GL
Equiniti Group
Financial Conduct Authority (FCA)
FIRST - Forum for Incident Response & Security Teams
Future Six Ltd
GyroFalco Ltd
I B M UK Ltd
Identity Management Decisions Ltd
IMS-Smart
Institute of Chartered Accountants England and Wales
Integrated InfoSec
Intel Corp (UK) Ltd
International Register of Certified Auditors
ISO 27001 UK User Group
IT Governance Ltd
K P M G LLP
Mastercard International
Microsoft Limited
Ministry of Defence
Newcastle University
Secure Data Media Solutions Ltd
techUK
Thales e-Security Ltd
Thales UK
Trilateral Research
tScheme Ltd
UK Finance
University College London
University of Birmingham
University of Bristol
University of Kent
University of Surrey
University of Warwick
Vice Chair
Vodafone Limited

Liaisons with other committees

Chair - IST/33/1
Chair - IST/33/1/1
Chair - IST/33/2
Chair - IST/33/3
Chair - IST/33/4
Chair - IST/33/4/5
Chair - IST/33/5
Co Opted - ISO/IEC 27000 & 27001 & 27016
Co Opted - ISO/IEC 27011
Individual Capacity - Identity Assurance
Individual Capacity - Information Assurance Expert
Individual Capacity - ISO/IEC 27001
Individual Capacity - ISO/IEC 27003, 27016 27018 & ISMS Auditing
Individual Capacity - IT Consultant
Individual Capacity - Royal Bank of Scotland
Individual Capacity – Certification & Auditing
Liaison - BCM/1
Liaison - ICT/-
Liaison - ICT/-/1
Liaison - IST/12
Liaison - IST/15
Liaison - IST/33 - IST/34
Liaison - IST/33 to IST/44
Liaison - IST/34 - IST/33
Liaison - IST/35
Liaison - IST/44
Liaison - IST/44 to IST/33
Liaison - IST/5
Liaison - MSEG
Liaison - QS/1
Liaison - RM/1
Liaison – DLT/1
Liaison – FSM/1
Liaison – IST/60/2

BSI roles

Committee Chair
Editorial Project Manager
Sector Content Manager - ICT

Standards Development

IST/33 - Information security, cybersecurity and privacy protection

Committee standards activity