Standards and Governance

A technical standard, in general terms, refers to a set of recommendations by which the objectives of a
governing body can be fulfilled. A standard will define 'good practice' which should be followed to create
a system which adheres to the overall objective.

Standards are developed by independent parties who are not the only beneficiaries of the standards
they are contributing to. Parties can be involved from a range of organisations in the creation of a
standard to achieve a diversity of opinions and perspectives. This helps to ensure that the standards
which are produced are in the best interests of all.

A number of standardisation bodies exist to support the practice of EIT: The W3C is the World Wide
Web Consortium and was founded in 1994. It is led by Tim Berners-Lee, who is credited as being the
inventor of the World Wide Web. The W3C standards support application development, and the
standard proposals contribute to an Open Web Platform of recommendations.

The Internet Society, ISOC, founded by Vint Cerf and Robert Khan, contributes to standards on how
the internet can be developed and used. Examples of standards from ISOC include the Network Time
Security Protocol which ensures that time on the internet is synchronised. This is important when our
devices are becoming increasingly distributed and services originate from remote destinations.
The Internet Engineering Task Force is responsible for contributing protocols which govern the ways in
which networked systems operate and communicate with one another. The IETF is one of the most
influential standards bodies operating on internet operations today.
The Institute of Electrical and Electronics Engineers carries out significant research in relation to
network operations and practices.

The International Organisation for Standardisation (ISO) and the International Electrotechnical
Commission (IEC) contribute to standards on information technology in general, and to information and
communications technology in particular. It is broad in its contributions, with standards ranging from the
domain of smart cities to software and systems engineering and the encoding of audio and picture.

Page 1 of 2

University of Essex Online Page 1 of 2

An example of a key ISO standard is ISO/IEC 27000:2018: the umbrella document for the 27000 family
of Information Security Management Systems standards. Standard ISO/IEC 27001 is of particular
interest and is perhaps the most well known, being promoted as supporting all types of organisations in
their management of sensitive data. This standard requires that organisations carry out risk
assessments as part of their routine, that the top management demonstrate commitment to the
programme of security, that the security goals are well defined, and that the required resources are
available. The ISO/IEC 27001 standard considers security from the perspective of human resource
security, asset control, cryptography, environmental security and communications security, among
others.

Page 2 of 2

University of Essex Online Page 2 of 2