Standards/ Frequently Asked Questions (FAQ)
- BSI Shop (UK) * Expensive, unless a member of BSI
- EN Standard Store (Czech Republic) * Less expensive, available in English
- Estonian Centre for Standardisation * Inexpensive, available in English
- Techni-K (Food Safety only) * Free BRCGS Position Statements
Quality/ ISO Certification
- AS/EN 9100 Design & installation
- AS/EN 9110 Maintenance & repair
- AS/EN 9120 Stockholding & distribution
What is Annex SL?
ISO Directives Annex SL defines the format (index) of all new/revised ISO (International Organisation for Standardization) management system standards: 0) Introduction, 1) Scope, 2) Normative references, 3) Terms and definitions, 4) Context of the organization, 5) Leadership, 6) Planning, 7) Support, 8) Operation, 9) Performance evaluation, 10) Improvement.
What do the abreviations BS, CEN, EN, ISO PAS, PD stand for? (eg BS EN ISO 9001 or PD CR ISO 15608)
ISO: International Organisation for Standardization Worldwide technical terminology/procedure standards published by ISO Technical Committee
EN: European Norm European technical terminology/procedure standards published by, for example CEN (Comite European De Normalisation)
BS: British Standard UK technical terminology/procedure standards published by British Standards Institution
CEN (previously CR): Comite European De Normalisation Report European minor standard published by CEN (Comite European De Normalisation)
PAS: Publicly Available Specification UK minor standard published by BSI (British Standards Institution)
Investors In Excellence [Mentoring & on-site assessment by Midlands Excellence] Quality award for small/medium companies (lightweight 'Business Excellence' model). No connection with Investors In People.
What is ISO 9001 (formerly BS 5750)? (updated 30 September 2015, amended February 2024)
What is ISO 13485?
Medical Devices Quality Management System [On-site assessment by most Certification Bodies] Quality Management System (based on ISO 9001) for manufacturers of medical equipment, not pharmaceuticals.
What is ISO 14001?
See 3) Environmental
What is ISO 22301 (BS 25999)?
What is ISO 27001?
Principles for a Human-Centred Organisation [Code of practice] Describes seven high-level, human-centred principles for board members in order to optimize performance, minimize risks to organizations and individuals, maximize well-being in the organization, and enhance relationships with customers.
Risk Management [Code of practice, not intended for assessment] Manage business risks that could impair company performance.
What is ISO 37001 (BS 10500)?
Legal Aid work [On-site assessment by Legal Services Commission] Quality requirement for solicitors whose fees are state subsided.
What is UKAS?
Contractor/ Utilities Certification (construction, maintenance & welding)
First Point Assessment [Assessment by Achilles Information] Quality, Health, Safety & Environmental, Competence & Training award for oil & gas contractors. Companies cannot fail assessment, instead they receive a score (average company score: 8.0). Achilles FPALVerify involves site assessment.
Rail Industry Supplier Qualification Scheme [Assessment by Achilles Information] Financial, Quality, Health, Safety & Environmental award for transport (mainly rail) contractors. RISQS is normally achieved by document submission although some "product codes" (eg trackside working) involve site assessment.
Supplier Qualification Scheme [Assessment by Avetta] Health & Safety award for construction/maintenance contractors. Avetta is achieved by submission of documentation & references.
Building Information Modelling [BRE BIM Level 2 Business Systems Certification Assessment by BRE Global] Information management (to PAS 1192-2) and Construction Prequalification Questionnaires (to PAS 91). From April this year, all centrally procured government projects of any size will have to be carried out using building information modelling (BIM) to level 2.
- BS EN 1090-1 Defines CE Mark documentation - updated 2011
- BS EN 1090-2 Fabrication of hot rolled structural steelwork (steel columns, beams & hollow sections) - updated June 2018
- BS EN 1090-3 Fabrication of hot rolled structural aluminium (aluminium columns, beams & hollow sections) - updated April 2019
- BS EN 1090-4 Fabrication of cold-formed structural steelwork (thin gauge steel roof, ceiling, wall & floor profiles) - published December 2018
- BS EN 1090-5 Fabrication of cold-formed structural aluminium (thin gauge aluminium roof, ceiling, wall & floor sheets) - published March 2017
What is CCNSG Safety Passport?
Client/Contractor National Safety Group Safety Passport [Administerd by ECITB (Engineering Construction Industry Training Board)] Reputable Health & Safety training not for a company, but for a person involved in construction/maintenance. CCNSG Safety Passport comprises: National Course (mandatory, 2 days), Renewal Course (1 day), Supervising Safety Course (1 day).
What is CHAS? {SSIP Forum Member}
Contractors Health & Safety Scheme [Assessment by Merton Council] Health & Safety award for construction/maintenance contractors. CHAS is achieved by document submission. CHAS requires annual renewal.
- CHAS Elite (CHAS)
- Common Assessment Standard (Build UK, Constructionline, ECA, SMAS Worksafe)
What is Construction Products Regulations (CPR)/Construction Products Directive (CPD)?
Construction Products Regulations [Product assessment (CE Mark) by a Notified Body] From July 2014, building products sold within the European Economic Area need to be assessed to their 'harmonised' technical specification (recognised by manufacturers of similar product). Although the product receives a CE Mark, the assessment process for building products differs; CPR is based on a quality audit of the design/manufacturing process rather than product testing. CPR normally involves site assessment.
What is Constructionline? {SSIP Forum Member}
Construction companies' on-line assessment [Assessment by Acclaim (for H&S) and Constructionline (for other modules) - Bronze, Silver, Gold and Platinum memberships)]. Certificate states "Certifies the company meets pre-qualification requirements appropriate to public & private sector procurement". For construction/maintenance companies. Bronze includes modules: Acclaim SSIP, Work, Identity, Financial & Insurance. Constructionline is achieved by data submission. Acclaim Accreditation included.
What is Contractor Plus?
ContractorPlus [Assessment by Lambert Smith Hampton, Safety Management & Monitoring Services] Health & Safety award for building contractors. ContractorPlus is inexpensive & is achieved by on-line document submission.
What is CSCS/ CPCS/ ECS/ CITB/ JIB?
Construction Skills Certification Scheme [Administered by CITB (Construction Industries Training Board)] Health, Safety & Environmental test (& technical requirement) not for a company, but for a person involved in construction/ maintenance. JIB (Joint Industry Board) is a corporate membership discount on multiple CSCS Cards. The Health, Safety & Environmental element for all CSCS Cards is achieved by sitting a £50 multiple-choice test at a CSCS accredited testing centre.
CSCS Cards are colour coded:
[CSCS Yellow Card ('Visitor' to construction sites) - no longer available]
CSCS Green Card ('Labourer' - previously 'Construction Site Operative') requires a NVQ Level 1 health & safety qualification (eg one day IOSH Working Safely)
CSCS Red Card (Several versions eg 'Experienced Worker' or 'Manager') is issued temporarily while NVQ is achieved
CSCS Blue Card ('Skilled Worker') issued temporarily, requires a NVQ Level 2 craft qualification or craft evidence (qualification/ experience)
CSCS Gold Card ('Advanced Craft/Supervisory' eg electrician) requires a NVQ Level 3 craft qualification or craft evidence (qualification/ experience)
CSCS affiliated schemes (technical requirement for CSCS Blue/Gold Card) include:
ACE Assurance in Competence in Engineering Construction
CCDO Certificate of Competence of Demolition Operatives
CISRS Construction Industry Scaffolders Record Scheme
CPCS Construction Plant Competence Scheme
ECS Electrotechnical Certification Scheme [NVQ Level 3]
EUSR Energy & Utility Skills Register [One day training course]
IPAF International Powered Access Federation
SPA Core Day certificate holders are exempt from the CSCS Health, Safety & Environment Test (touch screen).
Driver & Vehicle Standards Agency previously VOSA (Vehicle & Operator Services Agency) [Goods Vehicle Operator's Licence] Health, Safety & Environmental requirement for vehicles (weighing over 1,525kg unladen or 3,500kg laden) and trailers (over 1,020kg unladen, with powered brakes). Specification for operating centre, driver training, tachograph, vehicle operation & maintenance.
Electrical Safety Management Certified Contractors Assessment [On-site assessment of office systems (not site work) by Lloyd's Register] Quality, Health, Safety & Environmental requirements for electricity distribution infrastructure contractors employed by Western Power Distribution (originally Central Networks).
Exor [Assessment by Alcumus Group] Pre-Qualification database. Health & Safety, Financial Stability, Equal Opportunities, Environment, Quality award for construction/maintenance contractors. Exor is achieved by document submission.
Fleet Operator Recognition Scheme [On-site assessment by a FORS Auditor] management/ vehicle/ driver & operations assessment of lawfulness, safety, fuel efficiency & emissions.
Gas Industry Registration Scheme [On-site assessment by Lloyd's Register] Technical, Quality, Health, Safety & Environmental requirements for gas distribution infrastructure contractors. GIRS Audit Specification refers to technical standards published by IGEM (Institution of Gas Engineers & Managers).
Hire Association Europe SafeHire [On-site assessment by Hire Association Europe] Quality, Health, Safety & Environmental award for equipment hire & rental companies. Annual inspection of premises & 3 yearly audit of management systems. Linked with CHAS (Contractors Health & Safety Scheme).
Highway Electrical Registration Scheme [On-site assessment by HEA (Highway Electrical Association)] Quality requirement for roadside electrical contractors. Specification defined in HERS Handbook (refers to ISO 9001, NHSS 8 and some NERS requirements). Company registers trained Authorising Officer, Qualified Supervisor and Operatives possessing ECS HERS certificates (cards).
Human Focus [Competence verification database held by Safety Online] an on-line record of personal Health, Safety & Technical compliance training/ qualifications. Site operative carries a plastic card which displays the web address of scanned copies of all his training certificates. The database is accredited by RoSPA (The Royal Society for the Prevention of Accidents). Human Focus also offers on-line health & safety training.
Quality Requirements for Fusion Welding of Metallic Materials (in 6 parts) [On-site assessment by some Certification Bodies] Welding quality guidelines (quality aspects specific to welding, additional to the requirements of ISO 9001) for fabricators of stainless/steel/aluminium. ISO 3834 has been largely superseded by the more technical (and legally binding) requirements of fabrication detailed in BS EN 1090.
Multi-Utilities Recognition Status [Assessment by Lloyd's Register] Contractors who hold NERS, GIRS & WIRS automatically receive MURS (free of charge).
NANDO (New Approach Notified & Designated Organisations) is appointed by the European Commission to identify Accreditation Bodies (UKAS for the UK) & Notified Bodies (which accredit steelwork contractors to BS EN 1090)
What is NCCB?
National Core Competence Benchmark [database held by NCCB] A web based database of recognised Health & Safety related training courses. The database ranks the content of each course against NQF (National Qualificaions Framework) eg Level 2 equates to GCSE, Level 6 equates to a Bachelors Degree. NCCB is approved by RoSPA (Royal Society for the Prevention of Accidents).
What are NEBOSH & IOSH qualifications?
National Examining Board in Occupational Safety & Health [recognised by Institution of Occupational Safety & Health (IOSH)] Health, Safety (& some Environmental) qualification not for a company, but for a person:
- IOSH (1 day, Introduction) eg Working Safely/ Leading Safely / Managing Safely
- NEBOSH Award (3 days, for Team Leaders) eg NEBOSH Health & Safety at Work
- NEBOSH General Certificate (150 hours, for Supervisors) eg NEBOSH General Certificate in Occupational Health & Safety
- University Post Graduate Certificate (225 hours, for Graduates) eg PgCert in Environmental, Health & Safety Management
- NEBOSH Diploma (500 hours, for Chartered Members of IOSH) eg NEBOSH National Diploma in Occupational Health and Safety.
National Electricity Registration Scheme [On-site assessment by Lloyd's Register] Technical, Quality, Health, Safety & Environmental requirements for electricity distribution infrastructure contractors. NERS Audit Specification
National Highways Sector Scheme [On-site assessment by Certification Body (LRQA or SCCS)] Quality requirement for roadside steelwork contractors Encompasses all of ISO 9001 & BS EN 1090:
- NHSS 3 - Stocking & Distribution Activities for Mechanical Fasteners
- NHSS 3B - Stocking & Distribution Activities for Structural Steel Products
- NHSS 8 - Highway Electrical Equipment & Supporting Works
- NHSS 19A - Corrosion Protection of Ferrous Materials by Industrial Coatings
- NHSS 20 - Steelwork in Transportation Infrastructure Assets Requires BCSA Level 3 Bolting Coordinator, qualified Responsible Welding Coordinator & Level 2 NDT Weld Inspectors.
National Inspection Council For Electrical Installation Contracting [On-site assessment by NICEIC] Technical requirement (up to 1kV) for Electrical Contractors . The company registers a Supervisor, who needs to hold NVQ Level 3 City & Guilds (2394 Installation, 2395 Testing & Inspection & 2382 BS7671 17th Edition).
Asset Management [On-site assessment by some Certification Bodies] 'Publicly Available Specification' - Whole-life management system for physical assets (eg buildings).
What is PAS 91?
Pre-qualification criteria in the construction industry [On-site assessment by Lloyd's Register] 'Publicly Available Specification' - Good practice for construction procurement managers issuing tenders.
Reset [Competence verification database held by Reset] an on-line record of personal Health, Safety & Technical compliance training/ qualifications. Site operative carries a plastic card which displays the web address of scanned copies of all his training certificates. Some hospitals require contractors to carry a Reset Card.
What is SafeContractor? {SSIP Forum Member}
Safe Contractor [Assessment by Alcumus Group, previously Santia Consulting] Health & Safety award for construction/maintenance contractors. SafeContractor is achieved by document submission. SafeContractorplus has additional requirements for Environment, Quality, Equality & Diversity.
Light Steel Frame System [Assessment to NHBC Standards by SCI (Steel Construction Institute)] Technical award for the manual/ software supplied to designers of LSF (Light Steel Frame) System to avoid Structural Engineers working from first principles for every application. Scope comprises durability, strength, fire, condensation & cladding. Light Steel Frame System is achieved by document submission.
Skills Development Recognition Pre-Qualification Questionnaire [Assessment by IceBlue Marketing & Design] Quality, Health, Safety & Environmental award for construction contractors in the Midlands. Skills Development Recognition is achieved by document submission.
Safety Management Advisory Services Worksafe [Assessment by SMAS] Health & Safety award for construction/maintenance contractors. SMAS is achieved by document submission.
Site Management Safety Training Scheme (5 day course)/ Site Supervisors' Safety Training Scheme (2 day course) [Administered by CITB (Construction Industries Training Board) Site Safety Plus (training division)] Well-regarded Health, Safety, Welfare & Environmental qualification not for a company, but for a person managing a construction site. Qualification is valid for 5 years.
Safety Pass Alliance [Training & testing by an SPA approved training provider] Health & Safety training not for a company, but for a person involved in construction/maintenance/operation. SPA Passport comprises: Core Day (mandatory, 1 day), followed by a choice of 17 'sector specific' courses (1 day) eg Quarries, Food & Drink (not to be confused with Level 2 (Basic) Food Hygiene), Petrol Retail, Supervisor. SPA Core Day certificate holders are exempt from the CSCS Health, Safety & Environment Test (touch screen).
What is SSIP? (www.SSIP.org.uk)
Safety Schemes in Procurement [Recognition of Health & Safety Scheme Assessment Bodies by NHBC Services (Division of National House Building Council)] Registered SSIP Members comprise Assessment/Certification Bodies who agree to recognise the certifications awarded by each other's construction pre-qualification Health & Safety schemes. Eg OHSAS 18001/ISO 45001 certification satisfies all the H&S requirements for CHAS & SMAS. SSIP do not charge a fee, however Assessment/Certification Bodies (SSIP Members) may charge an audit fee (£150).
Water Industry Mechanical & Electrical Specifications [Code of practice (specifications) published on-line by PumpCentre.com] Pump Centre membership allows accces to technical documentation recognised by majority of Water Utility companies.
What is WIRS?
Water Industry Registration Scheme [On-site assessment by Lloyd's Register] Technical, Quality, Health, Safety & Environmental requirements for water distribution infrastructure contractors laying water mains & services.
Water Industry Registration Scheme - Accredited Entity [On-site assessment by Lloyd's Register] Technical, Quality, Health, Safety & Environmental requirements for water distribution retail contractors installing water meters & carrying out disconnections.
Environmental Certification (greenhouse gas, sustainability)
- D6400 Organic recovery (aerobic) of plastic
- D6868 Organic recovery (aerobic) of plastic/polymer laminated paper
Environmental Management System [On-site assessment by some Certification Bodies] Controlling activities that affect the environment eg resource consumption and waste disposal. BS 8555 is designed for small & medium sized enterprises, where implementation is in 5 phased stages. Level 5 is equivalent to ISO 14001 (Environmental Management System), BS 8555 certification is supplied at all 5 levels.
- Composting - Home: Waste is Shredded; EN 13432 plus biodegrades in soil at ambient temperature (90% in 2 years at 20-30°C)
- Composting - Open Windrow: Waste is Shredded; Turned (for oxygen, moisture, heat) for 2 months; Screened (remove plastics)
- Composting - Industrial IVC: In-Vessel Composting. Temperature around 60°C
- Composting - Industrial AD: Anaerobic Digestion (no fungi). Animal & food waste only, produces Biogas
- No. of employees 250
- Turnover £44m & a Balance Sheet Total (ie gross balance) £38m
- Compliance Period - Year including 31/12/14, report by 5/12/15
- Compliance Period - Year including 31/12/18, report by 5/12/19
- Compliance Period - Year including 31/12/22, report by 5/12/23
- Compliance Period - Year including 31/12/26, report by 5/12/27 (TBC)
Forest Stewardship Council [On-site assessment by Exova BM Trada & other Certification Bodies] International certification to identify that a manufacturer's wood & paper is procured from well managed forests &/or recycled materials. Categories: FSC 100% Controlled (all legally & sustainably logged), FSC Recycled (all reclaimed wood), FSC Mix (min 70% Recycled & Controlled Wood).
Green Achiever [Assessment by E4environment] Inexpensive Environmental Management Scheme
Self Assessed achieved through document submission
Silver involves on-site surveillance
Gold requires reduction (off-setting) carbon emissions & involves on-site assessment.
- Fewer pesticides
- No artificial colours & preservatives
- Free range
- No routine use of antibiotics
- No GM ingredients
Programme for the Endorsement of Forest Certification [Not a certification body] PEFC endorses national forestry sustainability certification schemes, for example the UK Woodland Assurance Standard & Sustainable Forest Initiative Standard. A less rigorous alternative to FSC (Forest Stewardship Council).
- No. of employees 250
- Turnover £36m
- Balance Sheet Assets (ie gross balance) £18m
Library of sustainability training resources [www.supplychainschool.co.uk] Free training (Sustainability, Digital, FIR, Lean Construction, Management, Offsite, People and Procurement) for the construction industry. Recognised by some Principal Contractors for Pre-Qualification Questionnaires.
Sustainable Forest Initiative Standards [On-site assessment by some Certification Bodies] North American certification including Forest Management, Fibre Sourcing, Chain of Custody & On-Product Labels.
Food & Feed Safety Certification
- Food Safety - Companies with on-site food processing or packing
Additional Modules (scopes): Global GAP, Meat Supply, European Coeliac (gluten-free), Modernization (USA), Culture Excellence - Consumer Products - Manufacturers of non food products
either General Merchandise or Personal Care & Household (either Foundation Level or Higher Level)
Additional Modules (scopes): Factored Products, Moulded Accessories, Repacked Products - Storage & Distribution - Wholesalers of food & non food product
Additional Modules (scopes): Wholesale, Contract (ie sub-contract), Vehicle, Repacking - Packaging Materials - Manufacturers of primary & secondary packaging
Additional Modules (scopes): Traded Goods, Environmental Awareness, Audit One - Retail - Companies who buy & sell food or food packaging
- Agents & Brokers - Companies who buy, sell or facilitate the trade of food or food packaging
- Gluten-Free Certificate Programme - Companies who manufacture, process or pack gluten-free products
- Plant-Based - Framework for production of plant-based food
- Ethical Trade & Responsible Sourcing - Framework for evaluating suppliers
- START! - Framework for food safety in small sites.
- Standards/ Maximum Residue Levels (MRLs): Specifications for individual foods eg allowable max water content in honey
- Guidelines/Codes of Practice: Specifications for food in general eg allowable nutrition & health claims
Commission Regulation on plastic materials & articles intended to come into contact with food [European Union legislation] Technical specification for laboratory migration testing of plastic (leaching into food), to ensure plastic packaging is safe in contact with food.
Global Food Safety Initiative [Recognition ("accreditation") of food & packaging safety certifications] GFSI Guidance Document specifies benchmarking model (it is not itself a food safety standard). Recognised CPOs (food safety Certification Programme Owners) includes BRCGS, (but not BRCGS Consumer Products), FSSC 22000 (but not ISO 22000), IFS Food and SQF.
Hazard Analysis and Critical Control Points (HACCP) is a Risk Assessment applied in the food industry to identify potential food safety hazards, so that key actions (Control Points) can be taken to prevent food poisoning. Control Points are early opportunities to control a food safety hazard, a Critical Control Point is the last (therefore essential) chance to control contamination prior to consumption. HACCP was devised by NASA for the manufacture of food for astronauts.
- Food - Process food, or pack loose food
- Logistics - Transport of food & non-food products
- Cash & Carry/Wholesale
- Broker - Trader does not come into direct contact with the product
- HPC - Household & personal care products
- PACsecure - Manufacture primary & secondary packaging material (developed jointly with Packaging Association of Canada)
What is PAS 223?
Publicly Available Specification - Prerequisite programmes and design requirements for food safety in the manufacture and provision of food packaging [On-site assessment by some Certification Bodies] Specification for food packaging manufacturers to meet the requirements of prerequisite programmes (PRPs) as specified in ISO 22000 (Food Safety Management System).
Safe & Local Supplier Approval [On-site assessment by Institute of Food Science & Technology (IFST)] Food legal/ quality compliance certification for small food & drink producers (1-50 employees).
Support, Training & Services [On-site assessment by Support, Training & Services Ltd] Food safety certification for food processors/suppliers to the Public Sector (eg hospitals).
Universal Feed Assurance Scheme [On-site assessment by KIWA PAI, accredited by United Kingdom Accreditation Service (UKAS)] Aims to protect animal/human health, by certifying the safety of the feed for food producing animals, based on HACCP principles.
Safety/ Ethics Certification
Benefit for All Corporations [On-line Impact Assessment verified by B Lab analyst] BIA Score based on Governance, Workers, Community, Environment & Customers. Verified minimum 80% BIA score required for Certification.
European Conformity [Product assessment by self-certification &/or Notified Body)] Mandatory safety evaluation of 'hazardous' products (including construction products, machinery, medical devices & toys) sold within European Economic Area. Conformity Assessment Procedures classify risk & hence Modules (options) to certify product. Class 1 CE mark is easily attainable, the manufacturer prepares Technical Documentation and Declaration of Conformity. Class 3 CE mark is the most stringent, requiring formal toxicology studies.
Liquid soaps are preferable to solid bars, as less likely to be contaminated with micro organisms
iii) Wipes transfer insufficient quantity of alcohol to be an effective antiseptic
"Successful Health and Safety Management" (HSG65) is the original guide to health & safety management, first published in 1991 by HSE (Health & Safety Executive). ISO 45001 has superseded HSG65 because of its compatibility with other ISO standards (ISO 9001 & ISO 14001).
What is Investors In People (IIP)?
Investors In People [On-site assessment by approved training centre] Staff training award. IIP (Bronze, Silver or Gold) is achieved by confidential on-site interviews of employees to establish the organisation's ability to train, develop & motivate staff.
i) If you think safety is expensive, try having an accident ie human cost, fines, legal costs, FFI (HSE Fee For Intervention);
- BS 45002-0 General guidance on application of ISO 45001
- BS 45002-1 Guidance on managing occupational health
- BS 45002-2 Topic-specific guidance on application of ISO 45001
- BS 45002-3 Guidance on incident investigation
What is WRAP?
Security/ IT Certification
IT accreditation [Assessment by National Computer Centre (IT trade association)] Quality award for Information & Communication Technologies (ICT) companies. Accredit UK is achieved for a defined IT specialism by completing a self-assessment workbook followed by site assessment.
Secure destruction of confidential material [Code of practice, not intended for assessment] Recommendations for disposal of electronic & paper media.
CESG Assured Service (Telecoms) [On-site assessment by LRQA or KPMG] Information Security accreditation for telecommunications companies supplying public sector organisations working on the PSN (Public Services Network). Based on ISO 27001 (Information Security Management System), with additions defined by CESG (Communications-Electronics Security Group) - the government's national technical authority for IA (Information Assurance) working with the Health Service, law enforcement, local government, & utilities.
CESG Business Impact Level quantifies the threat to national security resulting from an organisation's potential information loss, Business Impact Level ranges:
from 0 (no impact), to 6 (extreme impact ie widespread loss of life, £10 billion financial loss to business).
- ISO 27001 - Information Security Management System (see below): Satisfies 'Data Security' requirements of GDPR/Data Protection Act
- BS 10012 - Personal Information Management System: Satisfies 'Citizen's Rights' requirements of GDPR/Data Protection Act
- ISO/IEC 27701 - Privacy Information Management System: Satisfies 'Citizen's Rights' requirements of GDPR/Data Protection Act
Service Management System [On-site assessment by most Certification Bodies] Management of Customer Services (including cyber security) of IT Services, Facilities Management. ISO 20000-3 is a guidance document.
Information Security Management System [On-site assessment by most Certification Bodies] Protects information (confidentiality, integrity & availability) including verbal, paper, electronic and film data whether printed, filmed, stored/transmitted electronically or verbally.
- ISO 27002 - Guidance on the implementation of ISO 27001
- ISO 27017 - Additional guidelines for information security of cloud services
- ISO 27018 - Additional guidelines for information security of public cloud services
- ISO 27701 - Privacy Information Management System (below)
- BS 10012 - Personal Information Management (GDPR)
- PAS 555 - Cyber Security Risk Governance & Management (below)
- Cyber Essentials (Plus) (below).
Privacy Information Security Management System [On-site assessment by most Certification Bodies] Extends ISO 27001 (Information Security Management System) to completely cover GDPR (General Data Protection Regulation).