Why are SRPS A.L2.003:2025 and SRPS ISO/IEC 27001:2022 standards the best-sellers in Serbia?

The most famous standard, SRPS ISO 9001:2015, Quality management systems – Requirements, was the best-selling standard on the domestic market for years. Its leading position was primarily justified by the fact that it is the fundamental standard for Quality Management Systems (QMS). However, today, in the era of digitalization and frequent cyber attacks, standards that deal with safety and security are taking the lead.

In 2024, the best-selling standard was SRPS ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection - Information security management systems - Requirements. However, at the beginning of this year, the newly published standard, SRPS A.L2.003:2025, Security and resilience - Risk assessment - Requirements and guidance for conformity assessment, took over the position of the best-selling standard.

Why these two standards?

Both of these standards directly address the biggest challenge of today: the protection of information, assets, and business operations. In a world where a single cyber attack can lead to millions in losses or even the collapse of a company, organizations no longer see standards as mere “paperwork” but as a crucial tool for survival and development.

SRPS A.L2.003:2025, Security and resilience - Risk assessment - Requirements and guidance for conformity assessment, provides clear rules on how to assess risk and improve an organization's resilience. It offers a methodology, processes, and practical guidelines for implementing the results of a risk assessment. It is particularly important for public institutions, private security agencies, insurance companies, and any organization that wants to seriously manage risks. 

SRPS ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, is a standard that establishes requirements for risk assessment, an international framework, and rules for information security management. It is applicable to everyone, from small startups to large corporations, and defines how to systematically organize data protection, assess and handle information security risks, and respond to incidents.

Who uses these standards?

The users are very diverse:

• State bodies
• Companies that provide or use private security services
• Organizations with their own security departments
• Insurance companies
• Consulting and educational institutions
• Everyone for whom the protection of data, assets, and business continuity is important
• All organizations, regardless of type or size, for whom information security management is a priority

A look into the future: Security first

The development of artificial intelligence will only increase the need for standards in this field. These standards will be the main tools for preventing abuse and for the responsible use of new technologies.

Therefore, it is no surprise that SRPS A.L2.003:2025 and SRPS ISO/IEC 27001:2022 are the most sought-after standards in Serbia. They are practical guides that help organizations become safer, more resilient, and better prepared for the challenges of the digital age. And challenges there will certainly be.