BS ISO 27000 Series of Information Security Standards


Information from the British Standards Institute has confirmed that BS ISO/IEC 27002:2005 has been superseded by BS ISO/IEC 27002:2013. There are changes to the content of the standard.

BS ISO/IEC 27002:2013 (formerly BS ISO/IEC 27002:2005) is the international standard for information security management and replaces BS ISO/IEC 27002:2005. All information security requirements in the NHS Information Governance toolkit are based on the standard. The ISO/IEC standard provides a useful reference for those wishing to gain a greater understanding of the security controls, or those who wish to become fully compliant with the standard.

BS ISO/IEC 27001:2013 replaces BS ISO/IEC 27001:2005 and is used to formulate an Information Security Management System (ISMS) (that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security) for those organisations wishing to fully comply with the standard. Alternatively, it can be used as a mechanism by Trust senior management to formulate a cyclic review of the implementation of IG toolkit action planning.

Downloading copies of the standard

The BSI licence allows for one copy of the standard per NHS organisation. Only NHS IG administrators are authorised to download a copy on behalf of the organisation.

NHS IG Toolkit administrators should ensure they have logged on to the IGT web site and click on the links below (it is not possible to download without being logged on):

As you are not an NHS IG Toolkit Organisation Administrator you do not currently have access to download these documents.

Please Note:
Some administrators have reported that when attempting to download the ISO documents an empty window opens but the document can not be viewed. This is probably due to network security settings established by local organisations. To overcome this problem right click on the document hyperlink and choose 'Save Target As...'. Then save the document with an appropriate name to a local folder.


BS ISO/IEC 27002:2013 & BS ISO/IEC 27001:2013 (and any direct updates) are reproduced on Health and Social Care Information Centre intranet/CD ROM with the permission of BSI under licence number 2005AT0115. Hard copies of British Standards are available from BSI Customer Services, 389 Chiswick High Road, London W4 4AL, United Kingdom. (+44 (0)845 086 9001). Web:   Email:

NHS Digital Helpdesk

All queries regarding NHS use of the licence should be addressed to the Helpdesk on 0300 3034034, or email Calls are dealt with in order of receipt and will usually be resolved within 5-10 working days. Escalation calls will only be dealt with after the 10 day target has been reached.

Page Processing Time: 0.02 seconds
Page Render Time:  seconds
Supported By: SOCITM society logo SOCITM Local CIO Council logo Directors of adult social services logo