See organisations for details of ISO and IET.
BS EN ISO/IEC 17025:2005 - General requirements for the competence of testing and calibration laboratories
ISO/IEC 17025 is standard published by ISO and formerly known as ISO/IEC Guide 25. Calibration, testing and sampling including digital forensics.
BS ISO/IEC 27001:2013 - Information security management systems
Specification for an information systems management system (ISMS) and the foundation for third party audit and certification.
BS ISO/IEC 27002:2013 - Code of practice for information security controls
Reference hadnbook for selecting controls.
BS ISO/IEC 27034-1:2011 - Application security - Part 1: Overview and concepts
Building application security into the development life cycle.
Including BS specifications, guidance and codes of practice.
BS 8878:2010 Web accessibility
Draft for public comment.
BS 10008:2008 Evidential weight and legal admissibility of electronic information
Requirements for the implementation and operation of electronic information management systems, storage and transfer of information, and addresses issues relating to authenticity and integrity of information.
Data Protection. Specification for a Personal Information Management System.
BS 25999:2006 Business continuity management
Business continuity management (BCM) principles, processes and terminology.
Codes of Practice
Agreed and developing industry best practice.
Advertising Standards Authority (ASA) CAP Code
The UK code of non-broadcast advertising, sales promotion and direct marketing.
Agreed Upon Procedures (AUP)
Standard procedures for service provider assessment and self-assessment of security, privacy and business continuity from Shared Assessments.
The Association of Chief Police Officers (ACPO) Good Practice Guide for Computer-Based Evidence
Best practice in all dealings with electronic evidence.
The Employment Practices Code and supplementary guidance
A code of practice from the UK's Information Commissioner which includes a section on monitoring at work.
Gov.UK (UK) Cloud Security Guidance
CESG''s information for the UK public sector.
Gov.UK (UK) Resources for Developrs and Web Operations Engineers
UK government website standards and guidelines.
Guidance on Encrypting Data on Mobile Devices
US government guidance.
Home Office (UK) Good Practice Guidance for the Providers of Social Networking and Other User Interactive Services
Social networking guidance providing advice for industry, parents and children about how to stay safe online.
Updated May 2012.
Information Commissioner's Office (ICO) Privacy Impact Assessment Handbook
How to determine whether a privacy impact assessment (PIA) is needed (UK) and the steps to take for small and large-scale PIAs.
Information Commissioner's Office (ICO) Privacy Notices Code of Practice
Guidance on consumer-friendly privacy notices for paper and online systems (UK).
Information Commissioner's Office (ICO) Protecting Personal Data in Online Services: Learning From the Mistakes of Others
The most common issues leading to failures to safeguard personal data online (UK).
Interception and Monitoring of Communications in Further Education and Higher Education
UKERNA, who provide the JANET network, produced a code of practice.
Interception of Communications Code of Practice
Code of practice for entitled public authorities to intercepting communications under the RIPA.
Investigation of Protected Electronic information Code of Practice
Powers and duties conferred under Part III of the UK's Regulation of Investigatory Powers Act 2000.
National Institute of Science and Technology (NIST) Special Publications (800 Series)
Guidelines on computer security matters, especially important to US federal organizations.
Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications
The gold standard for web application security, adopted by many commercial and public organisations. Version 2, July 2005. See also the Application Security Verification Standard (ASVS), Software Assurance Maturity Model (below), OWASP Testing Guide and OWASP Top Ten most critical web application security flaws referenced by the Payment Card Industry Security Standards Council in their Data Security Standard (below).
Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)
Framework to help organisations of all sizes formulate and implement a strategy for software development security.
Payment Card Industry Data Security Standard (PCI DSS)
Mandatory actions for payment card processing. Version 3.0, November 2013.
Retention of Communications Data under Part 11: Anti-Terrorism, Crime and Security Act 2001
Guidance from the Home Office.
Risk Taxonomy Technical Standard
Risk vocabulary definitions and relationships published by the Open Group.
Other web application security resources
Web application security
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.