Information Security Management Standard

Document Information

GSC Classification OFFICIAL
Access Policy Open
Reference bps94781-0000-00
Alt. Reference
Digital Intelligence and Investigation DII S&R 029
International Standards Organisation 27001
Document Status Current
Primary Classification
Author Organisation International Standards Organisation
Sponsor OrganisationNot Known
Trustee NPTC Standards Working Group,

Copyright Notice Copyright (c) 2016 National Police Technology Council (NPTC) group and the persons identified as the document authors. All rights reserved.


The focus of ISO 27001 is to protect the confidentiality, integrity and availability of the information in a company. This is done by finding out what potential problems could happen to the information (i.e., risk assessment), and then defining what needs to be done to prevent such problems from happening (i.e., risk mitigation or risk treatment). Therefore, the main philosophy of ISO 27001 is based on managing risks: find out where the risks are, and then systematically treat them. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.


This gives guidance on how to appropriately protect the confidentiality, integrity and availability of information within any company. This standard is also referenced in the FSR Code of Conduct as organisations must establish and document a policy and procedure for the management of electronic information based on business and security requirements and include this in the schedule of regular audit and review.

Normative References

bps94781-0000-00 link



2018-10-22Digital Intelligence and InvestigationInternal assurance through the DPP programme.

Obsoleted By



Standards | DII Programme IntegrationActive


We’d love you to discuss this item but please be aware that these discussions are publicly accessible.