PAS 555:2013

This standard PAS 555:2013 Cyber security risk. Governance and management. Specification is classified in these ICS categories:

• 35.030 IT Security

This PAS specifies a framework for the governance and management of cyber security risk.

The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance.

While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be achieved. PAS 555 does not specify such processes or actions – it allows any organization to choose how it achieves the specified outcomes, whether that be through the adoption of other standards and management systems, such as BS ISO/IEC 27001, or through its own defined processes.

Since the PAS 555 framework defines the outcomes of effective cyber security, it is less likely to change over time whereas the way in which the outcomes are achieved can change.

The PAS is intended for any organization that wishes to establish confidence in its cyber security governance and management. It is applicable to all organizations regardless of their size, type and the nature of their business.