Information technology – Security techniques – Code of practice for information security management.

Document Information

GSC Classification OFFICIAL
Access Policy Open
Reference bps53076-2017-03
Alt. Reference
Digital Intelligence and Investigation DII S&R 047
International Standards Organisation 27002
Document Status Current
Primary Classification
Author Organisation International Standards Organisation
Sponsor OrganisationNot Known
Trustee NPTC Standards Working Group,

Copyright Notice Copyright (c) 2016 National Police Technology Council (NPTC) group and the persons identified as the document authors. All rights reserved.


As part of the FSR code of conduct it states that organisations must establish and document a policy and procedure for the management of electronic information based on business and security requirements and include this in the schedule of regular audit and review. This guidance gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s).

It is designed to be used by organizations that intend to: select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001; implement commonly accepted information security controls; develop their own information security management guidelines.


This document supplements ISO 27001, and is referenced in the FSR code of conduct. It gives the code of practice around managing information security within an organisation.

Normative References

bps53076-2017-03 link



2018-10-22Digital Intelligence and InvestigationInternal assurance through the DPP programme.

Obsoleted By



Standards | DII Programme IntegrationActive


We’d love you to discuss this item but please be aware that these discussions are publicly accessible.