For any organisation looking to provide services to the UK Government, consideration of the Security Policy Framework (SPF) is essential and for most Government contracts audited compliance is required.

Unfortunately, compliance with the SPF (and List X Status) doesnt often carry much weight in the wider world where customers and service partners will often demand internationally recognised security management certifications – of which, ISO27001 is pretty much the de facto standard.

Recognising that lots of organisations will want, or need, to comply with both ISO27001 and the Mandatory Requirements of the SPF, we have produced an easy to use tool which allows you to see how controls for each standard map across to each other.

You can download the SPF – ISO27001 Control Mapping Tool [XLSX file] now from our security resources & downloads section.

This tool can be especially useful for organisations considering tendering for UK Government work as it gives an indication of how you can use your existing Security Controls (especially if you are currently compliant with ISO27001) to meet the Government requirements. In our experience, this provides a definite advantage when it comes to determine the costs and timescales compliance will require.

Please note, this security tool is in DRAFT format and as such it may contain errors and omissions. We welcome any feedback from security practitioners and will continue to hone this tool based on user experiences.

It should also be kept in mind that this tool is only ever designed to assist you in determining which controls can apply to cross-standard requirements. It does not in any way replace the need to have advice from a security professional on what controls are suitable and we can not guarantee that Government security assessors will agree with our mapping. We suggest that you use the tool to give yourself a baseline from which a full compliance project is driven, seeking professional advice at every stage.

If you would like to discuss more about how you can get your business compliant with either the Government Security Policy Framework or ISO 27001 then get in touch with our security specialists who will be happy to work with you.