Security standards

security resources

International standards

See organisations for details of ISO and IET.

BS EN ISO/IEC 17025:2005 - General requirements for the competence of testing and calibration laboratories

ISO/IEC 17025 is standard published by ISO and formerly known as ISO/IEC Guide 25. Calibration, testing and sampling including digital forensics.

BS ISO/IEC 27001:2013 - Information security management systems

Specification for an information systems management system (ISMS) and the foundation for third party audit and certification.

BS ISO/IEC 27002:2013 - Code of practice for information security controls

Reference hadnbook for selecting controls.

BS ISO/IEC 27034-1:2011 - Application security - Part 1: Overview and concepts

Building application security into the development life cycle.

British standards

Including BS specifications, guidance and codes of practice.

BS 8878:2010 Web accessibility

Draft for public comment.

BS 10008:2008 Evidential weight and legal admissibility of electronic information

Requirements for the implementation and operation of electronic information management systems, storage and transfer of information, and addresses issues relating to authenticity and integrity of information.

BS 10012:2009

Data Protection. Specification for a Personal Information Management System.

BS 25999:2006 Business continuity management

Business continuity management (BCM) principles, processes and terminology.

Codes of Practice

Agreed and developing industry best practice.

Advertising Standards Authority (ASA) CAP Code

The UK code of non-broadcast advertising, sales promotion and direct marketing.

Agreed Upon Procedures (AUP)

Standard procedures for service provider assessment and self-assessment of security, privacy and business continuity from Shared Assessments.

The Association of Chief Police Officers (ACPO) Good Practice Guide for Computer-Based Evidence

Best practice in all dealings with electronic evidence.

The Employment Practices Code and supplementary guidance

A code of practice from the UK's Information Commissioner which includes a section on monitoring at work.

Gov.UK (UK) Cloud Security Guidance

CESG''s information for the UK public sector.

Gov.UK (UK) Resources for Developrs and Web Operations Engineers

UK government website standards and guidelines.

Guidance on Encrypting Data on Mobile Devices

US government guidance.

Home Office (UK) Good Practice Guidance for the Providers of Social Networking and Other User Interactive Services

Social networking guidance providing advice for industry, parents and children about how to stay safe online.

Information Commissioner's Office (ICO) Guidance on the Rules on Use of Cookies and Similar Technologies

Updated May 2012.

Information Commissioner's Office (ICO) Privacy Impact Assessment Handbook

How to determine whether a privacy impact assessment (PIA) is needed (UK) and the steps to take for small and large-scale PIAs.

Information Commissioner's Office (ICO) Privacy Notices Code of Practice

Guidance on consumer-friendly privacy notices for paper and online systems (UK).

Information Commissioner's Office (ICO) Protecting Personal Data in Online Services: Learning From the Mistakes of Others

The most common issues leading to failures to safeguard personal data online (UK).

Interception and Monitoring of Communications in Further Education and Higher Education

UKERNA, who provide the JANET network, produced a code of practice.

Interception of Communications Code of Practice

Code of practice for entitled public authorities to intercepting communications under the RIPA.

Investigation of Protected Electronic information Code of Practice

Powers and duties conferred under Part III of the UK's Regulation of Investigatory Powers Act 2000.

National Institute of Science and Technology (NIST) Special Publications (800 Series)

Guidelines on computer security matters, especially important to US federal organizations.

Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications

The gold standard for web application security, adopted by many commercial and public organisations. Version 2, July 2005. See also the Application Security Verification Standard (ASVS), Software Assurance Maturity Model (below), OWASP Testing Guide and OWASP Top Ten most critical web application security flaws referenced by the Payment Card Industry Security Standards Council in their Data Security Standard (below).

Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)

Framework to help organisations of all sizes formulate and implement a strategy for software development security.

Payment Card Industry Data Security Standard (PCI DSS)

Mandatory actions for payment card processing. Version 3.0, November 2013.

Retention of Communications Data under Part 11: Anti-Terrorism, Crime and Security Act 2001

Guidance from the Home Office.

Risk Taxonomy Technical Standard

Risk vocabulary definitions and relationships published by the Open Group.

Other web application security resources

Web application security legislation, organisations, and publications.

Contact Watson Hall

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.

Act now

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.

To discuss security matters in confidence and without obligation, telephone us on 020 7183 3710 or complete the enquiry form

© 2007-2015 Watson Hall Ltd, last reviewed 3 March 2015

These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified professional on any specific problem or matter.

© 2007-2015 Watson Hall Ltd, last reviewed 3 March 2015

Watson Hall Ltd is a company registered in England no 6004969 at North Bastle, Gatehouse, NE48 1NG, United Kingdom.
Watson Hall Ltd - Standards and codes of practice
Requested by: on Monday, 30 November 2015 at 15:09 hrs