We use cookies to give you the best experience and to help improve our website
Find out what cookies we use and how to disable them
Standards Development
The scope of this document is clearly delimited on information and communication technology (ICT) readiness for business continuity.
Readiness of ICT for business continuity means that ICT and its operational capabilities demonstrate the ability to achieve desired business continuity objectives in case of a disruption affecting ICT. ISO/IEC 27031 also extends the practices of information security incident management into ICT readiness planning, training and operation. The scope of the readiness of ICT for business continuity is delimited within Information Technology techniques and Information Security objectives that serves business continuity objectives such as MTPD – (maximum tolerable period of disruption) based upon ICT readiness objectives as Recovery Point Objective (RPO), Recovery Time Objective (RTO) as part of the ICT Business Continuity Plan.
ISO/IEC 27031 has been reaffirmed as part of the ISO/IEC 27000 series and complements the information security controls relating to Business Continuity in ISO/IEC 27002 along with aligning to support the information security risk management process as standardized in ISO/IEC 27005 (as part of an Information Security Management System (ISMS) according to ISO/IEC 27001).
Furthermore, the approach to ICT readiness for business continuity supports an organization having a Business Continuity Management System (BCMS) according to ISO 22301.
Being ICT specific, ISO/IEC 27031 covers the context of ICT together with the various phases of the ICT lifecycle, regardless of its format and may relate to other ICT standards within or outside the scope of SC27.
ISO/IEC 27031 applies to an ICT context serving a given activity context (private, governmental, and nongovernmental, irrespective of size).
ISO/IEC 27031 does NOT overlap with ISO 22300 series as it does NOT replace a business continuity management system (BCMS). It describes how ICT functions should plan and get ready to contribute to the resilience objectives desired by the organization. Furthermore, ICT readiness for business continuity is NOT a BCMS in the scope of ICT.
The initial Systematic Revision of ISO/IEC 27031 launched in 2016 resulted with lack of consensus.
From the learnings of this experience, the present terms of reference aim to reformulate and clarify the scope and the boundaries of the ISO/IEC 27031 revision, in the form of a PWI, first, to include contexts related to business disruption due to accidental causes or to cybersecurity deliberate risk sources.
The goal is now to initiate a consistent revision in light of this context and to achieve the desired consensus.
The initial Systematic Revision of ISO/IEC 27031 launched in 2016 resulted with lack of consensus.
From the learnings of this experience, the present terms of reference aim to reformulate and clarify the scope and the boundaries of the ISO/IEC 27031 revision, in the form of a PWI, first, to include contexts related to business disruption due to accidental causes or to cybersecurity deliberate risk sources.
The goal is now to initiate a consistent revision in light of this context and to achieve the desired consensus.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment on proposal
Required form fields are indicated by an asterisk (*) character.