BS ISO 27000 Series of Information Security Standards
Information from the British Standards Institute has confirmed that BS ISO/IEC 27002:2005 has
been superseded by BS ISO/IEC 27002:2013. There are changes to the content of the standard.
BS ISO/IEC 27002:2013 (formerly BS ISO/IEC 27002:2005) is the international
standard for information security management and replaces BS ISO/IEC 27002:2005.
All information security requirements in the NHS Information Governance
toolkit are based on the standard. The ISO/IEC standard provides a useful reference
for those wishing to gain a greater understanding of the security controls, or those
who wish to become fully compliant with the standard.
BS ISO/IEC 27001:2013 replaces BS ISO/IEC 27001:2005 and is used to formulate an
Information Security Management System (ISMS) (that part of the overall management
system, based on a business risk approach, to establish, implement, operate, monitor,
review, maintain and improve information security) for those organisations wishing to
fully comply with the standard. Alternatively, it can be used as a mechanism by Trust
senior management to formulate a cyclic review of the implementation of IG toolkit
Downloading copies of the standard
The BSI licence allows for one copy of the standard per NHS organisation. Only
NHS IG administrators are authorised to download a copy on behalf of the
NHS IG Toolkit administrators should ensure they have logged on to the IGT web
site and click on the links below (it is not possible to download without being
As you are not an NHS IG Toolkit Organisation Administrator you do not currently have
access to download these documents.
Some administrators have reported that when attempting to download the ISO
documents an empty window opens but the document can not be viewed. This is
probably due to network security settings established by local organisations.
To overcome this problem right click on the document hyperlink and choose 'Save
Target As...'. Then save the document with an appropriate name to a local
BS ISO/IEC 27002:2013 Information technology - Security techniques -
Code of practice for information security controls
BS ISO/IEC 27001:2013 Information technology - Security
techniques - Information security management systems - Requirements
BS ISO/IEC 27005:2011 Information technology - Security techniques -
Information security risk management
BS ISO/IEC 27002:2013 & BS ISO/IEC 27001:2013 (and any direct updates) are
reproduced on Health and Social Care Information Centre intranet/CD ROM with the permission of BSI
under licence number 2005AT0115. Hard copies of British Standards are available
from BSI Customer Services, 389 Chiswick High Road, London W4 4AL, United
Kingdom. (+44 (0)845 086 9001).
Web: http://shop.bsigroup.com Email: firstname.lastname@example.org
NHS Digital Helpdesk
All queries regarding NHS use of the licence should be addressed to the
Helpdesk on 0300 3034034, or email email@example.com.
Calls are dealt with in order of receipt and will usually be resolved within 5-10 working days. Escalation
calls will only be dealt with after the 10 day target has been reached.
Page Processing Time: 0.02 seconds
Page Render Time: seconds