Standard of Good Practice for Information Security

The 2024 edition is the first that will have incremental updates via the ISF Live website, ahead of its biennial refresh due in 2026.

It covers information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing.

The Standard is aligned with the requirements for an Information Security Management System (ISMS) set out in ISO/IEC 27000-series standards, and provides wider and deeper coverage of ISO/IEC 27002 control topics, as well as cloud computing, information leakage, consumer devices and security governance.

Computer Installations and Networks address the underlying IT infrastructure on which Critical Business Applications run.

The End-User Environment covers the arrangements associated with protecting corporate and workstation applications at the endpoint in use by individuals.