Skip to main content

BSI Standards

1

Please be advised that a New Work Item Proposal has been loaded to the BSI Standards Development Portal for comment. We hope this will assist in increasing awareness of the Standards Development Portfolio.
Any comments received will be submitted to IST/33 - Information security, cybersecurity and privacy protection, for consideration when deciding the UK response to CEN.

Proposal: CEN/CLC/JTC 13 N 556, EN TS ISO/IEC 27006-2 Requirements for bodies providing audit and certification of information security management systems — Part 2: Privacy information management systems.
Please visit http://standardsdevelopment.bsigroup.com/projects/9021-06247
Comment period end date: 24/10/2021

Scope

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.

The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.

Purpose

This technical specification is a fundamental basis for the certification of privacy information management systems which supports the EU General Data Protection Regulation GDPR. Therefore, this standard is of high importance for the European market and should be adopted as European Standard.

2

Please be advised that a New Work Item Proposal has been loaded to the BSI Standards Development Portal for comment. We hope this will assist in increasing awareness of the Standards Development Portfolio.

Any comments received will be submitted to IST/33 - Information security, cybersecurity and privacy protection, for consideration when deciding the UK response to CEN.

Proposal: CEN/CLC/JTC13 N 551, EN ISO/IEC 19896-1 IT security techniques — Competence requirements for information security testers and evaluators — Part 1: Introduction, concepts and general requirements.
Please visit http://standardsdevelopment.bsigroup.com/projects/9021-06244
Comment period end date: 24/10/2021

Scope

This document defines terms and establishes an organized set of concepts and relationships to understand the competency requirements for information security assurance conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities. It provides fundamental information to users of the ISO/IEC 19896 series.

Purpose

This standard is referenced by the candidate EUCC scheme published by ENISA (https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme-v1-1.1), and constitutes an integral part of the accreditation requirements for Information Technology Security Evaluation Facilities (ITSEFs), hence it becomes important that can be made available as an European standard.

If you have any comment or need more information, please contact Sami Ortiz at sami.ortiz@mta.org.uk