ISO/IEC 27031 Information technology -- Security techniques -- Specification for ICT Readiness for Business Continuity (draft, title not yet approved)

ISO/IEC 27031 will describe the concepts and principles behind the role of information and communications technology in ensuring business continuity.

It will:

• Provide a framework (methods and processes) for any organization – private, governmental, and non-governmental
• Identify and specify all relevant aspects including performance criteria, design, and implementation details, for improving ICT readiness as part of the organization’s ISMS, helping to ensure business continuity.
• Enable an organization to measure its continuity, security and hence readiness to survive a disaster in a consistent and recognized manner.

The scope of this standard encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.

The SC27 team responsible for ISO/IEC 27031 is liaising with ISO Technical Committee 233, working on business continuity, to ensure alignment and avoid overlap or conflict.

The project is at WD stage.

ISO/IEC 27031 was originally going to be a multi-part standard but this was changed to two parts (a formal specification plus a guideline) and finally reduced to a single part (just the guideline) at the SC27 meeting in Kyoto in April 2008. 

Note:

A separate standard on ICT Disaster Recovery was released as ISO/IEC 24762:2008. For more information, see the other standards page.