Buy Standards
To purchase a copy of the international standards below please click on the link. Standards are available in PDF or hard copy format and are supplied directly from BSI.
Buy now: BS EN ISO/IEC 27001:2022
Buy now: BS EN ISO/IEC 27002:2022
Buy now: BS EN ISO 9001:2015 - TC
Buy now: BS 8477:2014+A1:2020
BS EN ISO/IEC 27001:2017 - Information Technology Security Techniques and Information Security Management Systems Requirements
What is this standard about?
BS EN ISO/IEC 27001:2017 is the internationally acclaimed standard for information security management. It is the baseline standard of the ISO 27000 series of international information security management standards and the foundation standard for implementing an Information Security Management System (ISMS).
Who is this standard for?
Anyone planning to build, operate, audit or certify an ISMS system. It will also be useful to anyone with an interest in integrated management systems, or a general interest in assessing information security measures.
Why should you use this standard?
Since their inception in the early 1990s, global information security standards have grown in rigour and recognition, so too have information security threats and the best ways to manage them. This standard reflects current best practice for information security management. It provides specific recommendations to help you establish an ISMS, monitor its performance and implement improvements when necessary. It also enables external assessment and certification of an organisation’s information security.
This standard is not unnecessarily prescriptive, allowing flexibility in how requirements are satisfied and giving organisations freedom to implement requirements in a manner best suited to them.
It uses BS EN ISO/IEC 27002:2017, a Code of Practice for information security controls – with which it fully aligns – as its source of possible security measures.
BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 are supported by a wide range of other specialist standards in the 27000 series.
What’s changed since the last update?
This is a technical update of the previous edition. In addition it follows the new high-level structure common to all recent management system standards. This allows easy integration when implementing more than one management system within your organisation, for example when combining information security with quality (BS EN ISO 9001:2015) or environmental management (BS EN ISO 14001:2015).
Buy now: BS EN ISO/IEC 27001:2022
BS EN ISO/IEC 27002:2017
What is this standard about?
This is the reference handbook for selecting controls for use within an Information Security Management System (ISMS) based on BS EN ISO/IEC 27001. It can also be used as a guidance document for any organisation wishing to implement commonly accepted information security controls.
Who is this standard for?
Anyone planning to build, operate, audit or certify an ISMS based on BS EN ISO/IEC 27001:2017. It provides essential further detail on the controls checklist used in BS EN ISO/IEC 27001.
It will also be useful to anyone with an interest in information security management, or a general interest in information security measures.
Why should you use this standard?
It carefully defines a wide range of potential security controls. Each potential control is followed by implementation guidance and other relevant information.
The standard uses a structured approach, whereby similar or related controls are grouped together into categories with a single control objective. These categories are then assigned to one of fourteen basic clauses, each of which addresses a particular aspect of information security.
NOTE: Although BS EN ISO/IEC 27002:2017 is an essential component of building an ISMS based on BS EN ISO/IEC 27001:2017, it can be used independently as a source of information security controls following other methodologies or even as a stand-alone guide to best practice information security.
What’s changed since the last update?
This second edition is a technical and structural revision which replaces the 2005 edition. It also implements three ISO/IEC corrigendum from:
September 2014
November 2015, which modified Subclause 14.2.8
March 2017 which renumbered the standard from BS ISO/IEC 27001:2013 to BS EN ISO/IEC 27001:2017
Buy now: BS EN ISO/IEC 27002:2022
BS EN ISO 9001:2015 - Quality Management Systems Requirements
What is this standard about?
With more than a million organisations certified globally, ISO 9001 is the most widely recognised standard in the world. It sets out what’s needed to implement a quality management system – the purpose of which is to improve overall performance and provide a sound basis for sustainable development initiatives.
Who is this standard for?
It’s suitable for all types of organisation, irrespective of size, location or sector.
Why should you use this standard?
Enables you to better align and integrate multiple management standards
Takes a risk-based approach, becoming a tool for preventive action
Moves away from prescriptive paperwork
Helps organisations of every kind to improve customer satisfaction and build a sustainable future
What’s changed since the last update?
This fifth edition of the standard replaces the 2008 version, which has been technically revised through the adoption of a revised clause sequence and adoption of revised quality management principles and new concepts.
The 2015 version reflects many changes in the way we do business now – using new technology, with greater access to information, higher customer expectations, globalisation and the increasing importance of service industries.
The standard has lost none of the rigour of earlier versions, but cuts bureaucracy by being less prescriptive and focusing more on the context of each organisation. It guides organisations to build a management system suited to specific organisational needs without imposing irrelevant paperwork or requirements which add no value.
Buy now: BS EN ISO 9001:2015 - TC
BS 8477:2014 - Code of Practice for Customer Service
Overview
Meeting or exceeding customer expectations is one of the most important contributing factors in the running of a successful organisation in any sector.
BS 8477 provides a means by which an organisation can judge itself and be judged by its customers. It provides clearly identifiable and verifiable benchmarks for good practice. It does not, therefore, deal in detail with some of the vital “softer” aspects of customer satisfaction that are less susceptible to this approach.
The ongoing success and development of an organisation not only relies on providing reliable good services to the traditional external customer, but also on the need for all organisations to understand the expectation levels and perception of their customers.
Many of the recommendations made in this British Standard are already commonplace in organisations that have a responsive customer service culture.
However, where this is not the case the application of this British Standard allows organisations to:
Set in place mechanisms to ensure levels of customer service that meet the needs and reasonable expectations of customers
Be competitive in the marketplace
Differentiate their services from competitors through providing and maintaining innovative customer services
Increase customers’ positive emotional experience with an organisation’s services and, through this, building and maintaining customer loyalty
Increase customer retention
Attract new customers through positive word of mouth
Reduce marketing costs
Increase service efficiency
Reduce problem incidence rates, therefore reducing time and cost involved in correcting problems experienced by customers and associated complaints that might need to be handled
Maintain and improve services and accountability for public sector service organisations
Create an organisation-wide customer-focused approach to developing and maintaining quality services
Improve the ability of customers to deal with an organisation.
Customer service culture involves being proactive by anticipating or exceeding customer needs; implementation of this British Standard might for many organisations can be the first step in embedding this principle in all aspects of their business and operations.