(ISO: Geneva, Switzerland) -- With all organizations susceptible to cyber-attacks, a new international standard on business continuity management processes from the International Organization for Standardization (ISO) has a huge potential to improve security measures taken against hacking, denial of service, and malware attacks.
ISO/IEC 27031:2011—“Information technology—Security techniques—Guidelines for information and communication technology readiness for business continuity,” gives advice that will be useful for all types of security-conscious organizations, regardless of their size, complexity, and risks.
ADVERTISEMENT |
Information and communication technologies (ICT) have become an integral part of the critical infrastructure in all sectors, whether public, private, or voluntary. The proliferation of networking services, and the capabilities of systems and applications, has also meant that organizations are ever-more reliant on safe and secure ICT infrastructures. Failure of these systems will affect the continuity of business operations.
The critical functions that require business continuity are usually dependent upon ICT. This dependence means that ICT disruptions can constitute strategic risks to organizational reputation.
ISO/IEC 27031 will allow organizations to develop and implement a readiness plan for the ICT services to help ensure business continuity in times of disruptions.
The standard describes the concepts and principles of ICT readiness. It provides a framework of methods and processes to identify and specify all aspects, such as performance criteria, design, and implementation for improving an organization’s ICT readiness. It also enables an organization to measure performance parameters that correlate to its ICT readiness for business continuity program in a consistent and recognized manner.
“The business environment is constantly changing—along with threats to a company’s survival,” says Edward Humphreys, convener of the working group that developed the ISO/IEC 27001 standard. “Organizations need to be ahead of the game, and an excellent defense can be built around a risk-based information security management system founded on ISO/IEC 27001, together with business continuity management processes based on ISO/IEC 27031.”
ISO/IEC 27031 covers all events and incidents, including security related, that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information-security incident handling and management, and ICT readiness planning and services.
ISO/IEC 27031 is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat through the ISO Store.
Add new comment