See organisations for details of ISO and IET.
BS EN ISO/IEC 17025:2005 - General requirements for the competence of testing and calibration laboratories
ISO/IEC 17025 is standard published by ISO and formerly known as ISO/IEC Guide 25. Calibration, testing and sampling including digital forensics.
BS ISO/IEC 27001:2005 (BS 7799-2:2005) - Information security management systems
Specification for an information systems management system (ISMS) and the foundation for third party audit and certification.
BS ISO/IEC 27002:2005 (BS 7799-1:2005, BS ISO/IEC 17799:2005) - Code of practice for information security management
Guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
BS ISO/IEC 27034-1:2011 - Application security - Part 1: Overview and concepts
Building application security into the development life cycle.
Including BS specifications, guidance and codes of practice.
BS 8878:2009 Web accessibility
Draft for public comment.
BS 10008:2008 Evidential weight and legal admissibility of electronic information
Requirements for the implementation and operation of electronic information management systems, storage and transfer of information, and addresses issues relating to authenticity and integrity of information.
Data Protection. Specification for a Personal Information Management System.
BS 25999:2006 Business continuity management
Business continuity management (BCM) principles, processes and terminology.
Codes of Practice
Agreed and developing industry best practice.
Advertising Standards Authority (ASA) CAP Code
The UK code of non-broadcast advertising, sales promotion and direct marketing.
Agreed Upon Procedures (AUP)
Standard procedures for service provider assessment and self-assessment of security, privacy and business continuity from Shared Assessments.
The Association of Chief Police Officers (ACPO) Good Practice Guide for Computer-Based Evidence
Best practice in all dealings with electronic evidence.
Central Office of Information (UK) Website Standards and Guidelines
Public sector website standards and guidelines published and those in consultation.
Centre for the Protection of National Infrastructure (UK) Guidance on Securing Web Sites
Technical Note 06/03 from the former NISCC.
Code of Practice for the investigation of protected electronic information
Powers and duties conferred under Part III of the UK's Regulation of Investigatory Powers Act 2000.
The Employment Practices Code and supplementary guidance
A code of practice from the UK's Information Commissioner which includes a section on monitoring at work.
Guidance on Encrypting Data on Mobile Devices
US government guidance.
Home Office (UK) Good Practice Guidance for the Providers of Social Networking and Other User Interactive Services
Social networking guidance providing advice for industry, parents and children about how to stay safe online.
Updated December 2011.
Information Commissioner's Office (ICO) Privacy Impact Assessment Handbook
How to determine whether a privacy impact assessment (PIA) is needed (UK) and the steps to take for small and large-scale PIAs.
Information Commissioner's Office (ICO) Privacy Notices Code of Practice
Guidance on consumer-friendly privacy notices for paper and online systems (UK).
Interception and Monitoring of Communications in Further Education and Higher Education
UKERNA, who provide the JANET network, produced a code of practice.
Interception of Communications Code of Practice
Code of practice for entitled public authorities to intercepting communications under the RIPA.
The Home office also published (consultation closed 30 August 2006) a revised 'Acquisition and Disclosure of Communications Data Revised Draft Code of Practice' ahead of a public consultation.
National Institute of Science and Technology (NIST) Special Publications (800 Series)
Guidelines on computer security matters, especially important to US federal organizations.
Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications
The gold standard for web application security, adopted by many commercial and public organisations. Version 2, July 2005. See also the Application Security Verification Standard (ASVS), Software Assurance Maturity Model (below), OWASP Testing Guide and OWASP Top Ten most critical web application security flaws referenced by the Payment Card Industry Security Standards Council in their Data Security Standard (below).
Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)
Framework to help organisations of all sizes formulate and implement a strategy for software development security.
Payment Card Industry Data Security Standard (PCI DSS)
Mandatory actions for payment card processing. Version 2.0, October 2010.
Retention of Communications Data under Part 11: Anti-Terrorism, Crime and Security Act 2001
Guidance from the Home Office.
Risk Taxonomy Technical Standard
Risk vocabulary definitions and relationships published by the Open Group.
The Standard of Good Practice for Information Security
From the Information Security Forum http://www.securityforum.org/.
Other web application security resources
Web application security
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.