ISO/IEC 27031:2011
Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.
The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$343.00 NZD
|
|
| HardCopy |
$389.00 NZD
|
|
| Networkable PDF |
Price varies
|
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Overview
5.1 The role of IRBC in Business Continuity Management
5.2 The Principles of IRBC
5.3 The Elements of IRBC
5.4 Outcomes and benefits of IRBC
5.5 Establishing IRBC
5.6 Using Plan Do Check Act to establish IRBC
5.7 Management Responsibility
5.7.1 Management leadership and commitment
5.7.2 IRBC policy
6 IRBC Planning
6.1 General
6.2 Resources
6.2.1 General
6.2.2 Competency of IRBC staff
6.3 Defining requirements
6.3.1 General
6.3.2 Understanding critical ICT services
6.3.3 Identifying gaps between ICT Readiness capabilities and business continuity requirements
6.4 Determining IRBC Strategy Options
6.4.1 General
6.4.2 IRBC Strategy Options
6.4.2.1 Skills and Knowledge
6.4.2.2 Facilities
6.4.2.3 Technology
6.4.2.4 Data
6.4.2.5 Processes
6.4.2.6 Suppliers
6.5 Sign Off
6.6 Enhancing IRBC Capability
6.6.1 Enhancing Resilience
6.7 ICT Readiness Performance Criteria
6.7.1 Identification of performance criteria
7 Implementation and Operation
7.1 General
7.2 Implementing the Elements of the IRBC Strategies
7.2.1 Awareness, Skills and Knowledge
7.2.2 Facilities
7.2.3 Technology
7.2.4 Data
7.2.5 Processes
7.2.6 Suppliers
7.3 Incident Response
7.4 IRBC Plan Documents
7.4.1 General
7.4.2 Content of Plan Documents
7.4.3 The ICT Response and Recovery Plan Documentation
7.5 Awareness, competency and training program
7.6 Document Control
7.6.1 Control of IRBC records
7.6.2 Control of IRBC documentation
8 Monitor and Review
8.1 Maintaining IRBC
8.1.1 General
8.1.2 Monitoring, detection and analysis of threats
8.1.3 Test and exercise
8.1.3.1 General
8.1.3.2 Test and exercise program
8.1.3.3 The scope of exercises
8.1.3.4 Elements of service recovery
8.1.3.5 Planning an Exercise
8.1.3.6 Managing an Exercise
8.1.3.7 Review, Report and Follow-up
8.2 IRBC Internal Audit
8.3 Management Review
8.3.1 General
8.3.2 Review Input
8.3.3 Review Output
8.4 Measurement of ICT Readiness Performance Criteria
8.4.1 Monitoring and measurement of ICT Readiness
8.4.2 Quantitative and Qualitative Performance Criteria
9 IRBC improvement
9.1 Continual improvement
9.2 Corrective action
9.3 Preventive action
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27001:2023 A1
Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27035.1:2025
Information technology – Information security incident management – Part 1: Principles and process
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Overview
5.1 The role of IRBC in Business Continuity Management
5.2 The Principles of IRBC
5.3 The Elements of IRBC
5.4 Outcomes and benefits of IRBC
5.5 Establishing IRBC
5.6 Using Plan Do Check Act to establish IRBC
5.7 Management Responsibility
5.7.1 Management leadership and commitment
5.7.2 IRBC policy
6 IRBC Planning
6.1 General
6.2 Resources
6.2.1 General
6.2.2 Competency of IRBC staff
6.3 Defining requirements
6.3.1 General
6.3.2 Understanding critical ICT services
6.3.3 Identifying gaps between ICT Readiness capabilities and business continuity requirements
6.4 Determining IRBC Strategy Options
6.4.1 General
6.4.2 IRBC Strategy Options
6.4.2.1 Skills and Knowledge
6.4.2.2 Facilities
6.4.2.3 Technology
6.4.2.4 Data
6.4.2.5 Processes
6.4.2.6 Suppliers
6.5 Sign Off
6.6 Enhancing IRBC Capability
6.6.1 Enhancing Resilience
6.7 ICT Readiness Performance Criteria
6.7.1 Identification of performance criteria
7 Implementation and Operation
7.1 General
7.2 Implementing the Elements of the IRBC Strategies
7.2.1 Awareness, Skills and Knowledge
7.2.2 Facilities
7.2.3 Technology
7.2.4 Data
7.2.5 Processes
7.2.6 Suppliers
7.3 Incident Response
7.4 IRBC Plan Documents
7.4.1 General
7.4.2 Content of Plan Documents
7.4.3 The ICT Response and Recovery Plan Documentation
7.5 Awareness, competency and training program
7.6 Document Control
7.6.1 Control of IRBC records
7.6.2 Control of IRBC documentation
8 Monitor and Review
8.1 Maintaining IRBC
8.1.1 General
8.1.2 Monitoring, detection and analysis of threats
8.1.3 Test and exercise
8.1.3.1 General
8.1.3.2 Test and exercise program
8.1.3.3 The scope of exercises
8.1.3.4 Elements of service recovery
8.1.3.5 Planning an Exercise
8.1.3.6 Managing an Exercise
8.1.3.7 Review, Report and Follow-up
8.2 IRBC Internal Audit
8.3 Management Review
8.3.1 General
8.3.2 Review Input
8.3.3 Review Output
8.4 Measurement of ICT Readiness Performance Criteria
8.4.1 Monitoring and measurement of ICT Readiness
8.4.2 Quantitative and Qualitative Performance Criteria
9 IRBC improvement
9.1 Continual improvement
9.2 Corrective action
9.3 Preventive action