Cyber and information security is an ongoing hot topic, but as a business, there are lots of standards and they all mean different things to you and your marketplace! Which one to chose?
I've worked with ISO and other standards for over 15 years. Although there are a variety of standards across a range of topics, without a doubt product safety standards and Cyber/Information Security standards seem to be in an arms race, to create the biggest array of standards.
Having recently been posed the question I've had a run-through of all the standards and terminology in an attempt to clarify all the different options and what they mean to you.
With reference to the Data Protection Act 2018 (GDPR) All of the standards will address some of the requirements of compliance, however, ISO27001 is likely the most through followed by Cyber Essentials. PCI-DSS doesn't cover data relating to anything other than payment card data (unless you want it to).