United Kingdom
Select regional store:

Cyber Security Standards

Cyber crime is a critical issue for all organisations, but it can be difficult to know which cyber security measures to prioritise.

Benchmarking your security controls against an established standard is a good way of ensuring you are following best practice. However, with so many cyber security standards to choose from, how do you know which best suits your needs?

This page provides an overview of some of the most popular cyber security standards available.

Discover our full range of cyber security standards >>

Speak to a Cyber Security expert

Call us now on 0333 800 7000 or request a call back using the form below if you would like to know more about any of the cyber security standards mentioned on this page. Our experts are ready and waiting with practical advice.

Contact us

10 steps to cyber security

The UK government published its 10 steps to cyber security in 2012.

They provide an excellent top-level understanding of cyber security, using broader descriptions and objectives, and set out high-level controls that most organisations can easily implement.

The 10 steps can be achieved by applying other standards, and organisations that can tick off all the 10 steps can be reasonably confident in the state of their cyber security.

IT Governance offers a cyber security risk assessment service based on the framework.

Find out more about our cyber security risk assessment services >> 

Cyber Essentials

Based on the government’s 10 steps to cyber security, the Cyber Essentials scheme sets out five basic security controls that can help protect organisations from around 80% of the most common cyber attacks.

There is also an approved certification scheme, giving organisations the opportunity to demonstrate that they have implemented this baseline of security controls via two badges: Cyber Essentials and Cyber Essentials Plus.

All suppliers bidding for government contracts that involve the handling of sensitive and personal information and provision of certain technical products and services are required to be compliant with the scheme’s controls.

Find out more about the Cyber Essentials scheme >>

Minimum Cyber Security Standard

Launched by the UK government in June 2018, the MCSS (Minimum Cyber Security Standard) is the first in a proposed series of technical standards to be developed in collaboration with the NCSC (National Cyber Security Centre). It will be incorporated into the Government Functional Standard for Security when it is published.

The MCSS sets out a series of mandatory cyber resilience outcomes that all government departments (including “organisations, agencies, Arm’s Length Bodies and contractors”) must achieve in order to meet their obligations under the SPF (Security Policy Framework) and National Cyber Security Strategy.

The Standard can also be used by any other organisation to benchmark its cyber resilience efforts.

Find out more about the Minimum Cyber Security Standard >>

PAS 555

PAS 555 was released by BSI (the British Standards Institution) in 2013. Whereas most guidance and standards identify problems and offer solutions, PAS 555 describes the outcomes of effective cyber security measures. In itself, this is difficult to reconcile against a checklist of threats and vulnerabilities but, used with other standards, can be used to confirm that the measures you implement are comprehensive.

PAS 555 targets top management and is deliberately broad in scope: it is primarily intended to help executives and senior management compare their organisation’s cyber security measures with established descriptions at a high level. When implemented, this provides an ‘umbrella’ under which other standards and guidance can be used to achieve the described results.

Buy the standard

ISO/IEC 27001:2013

ISO 27001 is the international standard for information security management. It is a rigorous and comprehensive specification for protecting and preserving the confidentiality, integrity and availability of an organisation’s information assets.

The Standard offers a set of 114 best-practice security controls that can be applied based on the risks you face, and implemented as part of a broad organisational structure to achieve externally assessed and certified compliance.

By implementing an ISO 27001-compliant ISMS (information security management system), you will be fulfilling the majority of the requirements of the other standards and guidance relating to cyber security.

IT Governance has created four fixed-price ISO 27001 implementation bundles to help any organisation achieve certification to ISO 27001. Each solution contains a set of products and services than are delivered online, meaning any organisation in the world can utilise our expertise.

Buy the standard

ISO/IEC 27032

The international standard ISO 27032 provides guidance on cyber security. Although the controls it recommends are not as precise or prescriptive as those supplied in ISO 27001, this standard recognises the vectors that cyber attacks rely upon and includes guidelines for protecting your information beyond the borders of your organisation, such as in partnerships, collaborations or other information-sharing arrangements with clients and suppliers.

As part of the ISO 27000 series of information security standards, ISO 27032 can be neatly integrated with your ISMS simply by updating and expanding the policies, processes and training your organisation needs.

Buy the standard

ISO 22301: 2012

ISO 22301 is the international standard for a BCMS (business continuity management system). It focuses not only on responding to and recovering from disasters but also on maintaining access to, and security of, information, which is crucial when attempting to return to full and secure functionality.

Buy the standard

ISO/IEC 27031:2011

ISO 27031 is the international standard for ICT readiness for business continuity. It offers guidance to help your organisation prepare for incidents affecting its ICT assets and services so that they can continue to function and support your business continuity arrangements. It forms a key link in the chain of cyber resilience.

Buy the standard


The CSA (Cloud Security Alliance)’s CCM (Cloud Controls Matrix) is a set of controls designed to maximise information security for users of Cloud technologies. The matrix offers organisations a set of guidelines to help them maximise the security of their information without relying solely on the Cloud provider’s assurances.

Learn more about the CSA CCM >>

NIST CSF (Cybersecurity Framework)

The NIST CSF was designed to help organisations identify their cyber security capabilities and needs, and to develop a pathway to achieving their cyber security objectives.

The framework is divided into three parts: the Framework Core, Framework Implementation Tiers and Framework Profiles. These elements coordinate the security controls and the organisation’s approach to implementing them.

Learn more about the NIST CSF >>

Discover our full range of cyber security standards >>

This website uses cookies. View our cookie policy