Security Open Standards

The 2700X range supports the police in meeting the requirements of the MoPI Code of Practice and the SPF. They should be considered best practice.

Adherence and implementation will be driven by the specific risks the organisation faces and agreement will need to be made on which areas are to be followed. They are complementary to HMG guidance, but may be used on their own where guidance is missing.

The relevant standards for UK policing are:

ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements

ISO/IEC 27002:2005 Information technology — Security techniques — Code of practice for information security management

ISO/IEC 27003:2010 Information technology — Security techniques — Information security management system implementation guidance

ISO/IEC 27004:2009 Information technology — Security techniques — Information security management — Measurement

ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk management

ISO/IEC 27013:2012 Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

ISO/IEC 27018:2014 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27031:2011 Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity

ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cyber security

ISO/IEC 27033-1:2009 Information technology — Security techniques — Network security — Part 1: Overview and concepts

ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security

ISO/IEC 27033-3:2010 Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues

ISO/IEC 27034-1:2011 Information technology — Security techniques — Application security — Part 1: Overview and concepts

ISO/IEC 27034-2 Information technology — Security techniques — Application security — Part 2: Organization normative framework (Under Development)

ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management

ISO/IEC 27036-1:2014 Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts

ISO/IEC 27036-1:2014 Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts

ISO/IEC 27036-2:2014 Information technology — Security techniques — Information security for supplier relationships — Part 2: Requirements

ISO/IEC 27036-3:2013 Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security

ISO/IEC 27037:2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition, and preservation of digital evidence NB. Other related standards are under development 27041 27042 27043 and 27050

ISO/IEC 27038:2014 Information technology — Security techniques — Specification for digital redaction

ISO/IEC 27039:2015 Information technology — Security techniques — Selection, deployment and operations of intrusion detection systems (IDPS)

ISO/IEC 27040:2015 Information technology — Security techniques — Storage security

ISO/IEC 27043:2015 Information technology — Security techniques — Incident investigation principles and processes

Other Standards

ISO 22301:2014 Business Continuity Management

BS EN ISO 19011:2011 Guidelines for auditing management systems

ISO/IEC 20000-1:2011 Information technology. Service management. Service management system requirements

ISO/IEC 24762:2008 Information technology. Security techniques. Guidelines for information and communications technology disaster recovery services

BS ISO 31000:2009 Risk management. Principles and guidelines

BIP 2153:2013 Managing Risk the ISO 31000 Way

BS 31100:2011 Risk management. Code of practice and guidance for the implementation of BS ISO 31000

IEC 31010:2009 Risk management — Risk assessment techniques

BS 10008 Evidential Weight and Legal Admissibility of Electronic Information

BIP 0008-1:2014 Evidential Weight and Legal Admissibility of Information Stored Electronically: Code of Practice for the Implementation of BS 10008

BIP 0008-2:2014 Evidential Weight and Legal Admissibility of Information Transferred Electronically: Code of Practice for the Implementation of BS 10008

BIP 0008-3:2014 Evidential Weight and Legal Admissibility of Linking Electronic Identity to Document: Code of Practice for the Implementation of BS 10008