As you might of heard in the press, ISSA-UK have released a new security standard that is primarily aimed at small / medium sized businesses.

The intent of the standard is to ensure free, open and practical advice is available to business owners globally.

What sets this apart from other standards is that it is not assurance or certification related. You don't have to be Compliant to XXX or Certified to YYY in order to use this.

Tick box standards must be a thing of the past. It's far too easy for entities to misunderstand questions or just lie when they are faced with a piece of paper or audit questionnaire. In fact, studies have shown that people are far more likely to deceive a computer or piece of paper and the success of any check box standard relies heavily on an onsite presence of ‘an auditor'. Take PCI DSS for example and the notorious Self Assessment Questionnaires.

The draft has been published and is now available for consultation, see: .

If you would like to get involved, do let myself or any of the smesecurity@issa-uk.org team know – we are looking for volunteers to help with further developments within the standard and assist in it's promotion.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top