A security standard for small and medium sized enterprises

I’m delighted to announce the launch of the first information security standard for small and medium sized enterprises (SMEs, or SMBs as they’re known in the USA). SMEs represent 99.9% of the businesses in the UK, so it’s an important breakthrough in securing our critical infrastructure and supply chains.

The standard is published by the UK Chapter of the Information Systems Security Association (ISSA). It has been under development for a year by a working group of around 30 experienced security practitioners. The initiative was inspired by a 2010 research report on SME security advice for the UK Information Commissioner’s Office.

The name of the standard and working group is “5173” chosen by former ISSA UK President Geoff Harris, as it resembles the letters “SME”.   

The standard is a much more compelling, relevant and simpler guide to security for small organisations than existing standards such as ISO 27001. The working group aims to develop further guidance material over the coming years. We hope that practitioners across the world will adopt the standard, though we recognise that other countries and industry sectors will wish to develop their own implementation guidance, as this will vary across jurisdictions and sectors.

The standard is a free document and a draft one. Over the coming months, ISSA UK is encouraging everyone to take a look at the standard and provide feedback to [email protected]  ISSA UK will publish the findings in the summer.