IT Governance, the leading provider of ISO 27001 and information security expertise, is delighted to announce that its executive director, Steve Watkins, has been appointed Chair of IST/33.
IST/33 is responsible for the UK’s contributions to revising the ISO 27000 series of international standards on information security management.
Steve Watkins said: “IT Governance has been dedicated to supporting the activities of various technical committees that draft British standards and contribute to the development of international standards for many years. Our most recent development in the standardisation community is an increase of our contribution to IST/33, the committee for IT Security techniques.
“This is a great opportunity for IT Governance to further contribute to and remain at the leading edge of developing standards in the information security arena.”
Working under the direction of the British Electrotechnical Committee and the Standards Policy and Strategy Committee, IST/33 is responsible for the UK’s input into ISO/IEC JTC 1/SC27, whose scope is the information security management system (ISMS) family of standards and recommending appropriate actions to be taken on issues relevant to ISO/IEC JTC 1 that concern the planning and coordination of IT security work.
IST/33 is also responsible for coordinating security standardisation activities within the scope of ICT and sustaining collaboration with other groups within and outside the British Standards Institution (BSI) concerned with security standardisation.
IST/33 consists of five sub-committees:
- Information Security Management Systems, IST/33/1. is responsible for the information security management systems (ISMS) family of standards. This includes ISMS requirements, guidelines, accreditation and auditing, and sector-specific ISMS standards.
- Cryptography and Security Mechanisms, IST/33/2, is responsible for cryptographic techniques, including cryptographic key management and entity authentication exchanges.
- Security Evaluation, Testing and Specification, IST/33/3, is responsible for inputs into standards addressing the security evaluation of IT systems, components and products, including the definition of security evaluation criteria and related issues, such as evaluation methodology and the administrative procedures for testing, evaluation, certification and accreditation. Its scope also includes associated issues such as the specification of security properties, security testing methodologies and processes, and vulnerability notification.
- Security Controls and Services, IST/33/4, is responsible for input into the development and maintenance of standards and guidelines addressing services and applications that support the implementation of control objectives and controls as defined in ISO 27001.
- Identity Management and Privacy Technologies, IST/33/5, is responsible for inputs into standards that cover the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics, privacy and the protection of personal data.
Steve is also a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for the ISO 27000 family of standards, and is involved with the UK standards technical committees: RM/1 (risk management) and RM/1/-/3 (responsible for BS 31111, providing guidance for boards and senior management on cyber risk and resilience, being published on 26 March 2018); IST/060/02 (IT service management) and IDT/001/0-/04 (data protection).
In addition, Steve is the Chair of the UK ISO 270001 User Group, and is a contracted technical assessor for UKAS: conducting assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He also undertakes information security assessments to the Forensic Science Regulator’s Code of Practice and Conduct.
Alongside Alan Calder, the founder and executive chairman of IT Governance, Steve led the first UK-based successful ISMS implementation compliant with BS 7799 (the forerunner of ISO 27001). He is also the co-author of IT Governance – An International Guide to Data Security and ISO27001/ISO27002, Sixth edition
, which is the basis for the UK Open University's postgraduate course on information security.
IT Governance provides support to organisations on implementing an ISO 27001-compliant ISMS
, enabling them to achieve certification through a wide range of affordable solutions, such as books
, staff awareness
and DIY packaged solutions
To find out more about IT Governance’s information security solutions, please visit the website
, email firstname.lastname@example.org or call +44 (0)333 800 7000.