Privacy & Information Security Law Blog

On April 30, 2013, the UK government announced guidance on its consultation on cybersecurity standards (the ”Consultation”). The Consultation was launched in March 2013, and follows the UK government’s recent announcement regarding a cybersecurity partnership initiative to facilitate information-sharing on cyber threats.

The Consultation invites organizations to submit evidence in support of their preferred organizational standard, be it a new standard, an existing standard or one standard comprising components of multiple existing standards. The guidance document provides further assistance for stakeholders intending to submit evidence, with the government stressing that it is “not [their] goal to create a new standard. … Our goal is to clarify which standard we feel best assures an [organization] that they are effectively managing their cyber risk - that might be a new one or it might be an existing and well-established one.”

A response template has been published alongside the guidance document and organizations are encouraged to submit evidence using this form. The evidence requested is split into three main sections: Market Accessibility/International Recognition, Organizational Outcomes and Auditable Requirements. Submissions for the call for evidence will be considered by a selection panel, which shall include representatives from industry, academia and government.

Organizations wishing to respond to the Consultation can contact cybersecurity@bis.gsi.gov.uk. The Consultation closes October 14, 2013.