top of page

life-is-patissier_新グループ

公開·2名のメンバー
Mateo Collins
Mateo Collins

IEC INTERNATIONAL 27031 STANDARD.pdf ##HOT##


ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.




IEC INTERNATIONAL 27031 STANDARD.pdf



The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.


ISO/IEC 27031 was originally intended to be a multi-part standard but changed to two parts (a formal specification plus a guideline) and finally produced a single part (just the guideline) which was published in 2011.


ISO 27031 is applicable to any organization requiring its ICT services and infrastructures to be ready to support business operations in the event of disruption. It also allows an organization to assess if performance parameters correlate to its IRBC in a consistent and recognized manner.


The scope of ISO 27031 encompasses all events and incidents that could have an impact on ICT infrastructure and systems in organizations of all kinds (whether private, governmental or non-governmental) and regardless of size. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.


A disaster recovery plan (DRP) details all the actions you, your management team, and your personnel must take to make sure your employees and your business are safe. Depending on the size and complexity of your business or organization, you may want to have a DRP for each department which the managers retain copies of at all times. The managers may be responsible for adapting and revising these plans regularly or when necessary to stay abreast of current ISO standards like ISO 27031 and other business and safety standards.


In addition, ISO 27031 requires the following processes be defined and included in your DRP: a website disaster planning form, a work plan, an audit plan, preventative measures, an incident communication plan, a social networking checklist, and a pandemic checklist.


ISO 27031 is a standard for IT disaster recovery. It's an international standard that specifies how to plan, implement, and maintain disaster recovery systems. The purpose of ISO 27031 is to help organisations ensure that their business continuity plans are able to deal with any type of disaster. The standard also helps companies develop a consistent approach to planning and implementing their disaster recovery plans.


A management systems approach to ICT in support of a business continuity management system, as stated in ISO 22301, is introduced in ISO 27031. This system is known as a ICT readiness for business continuity (IRBC) management system.


Although organisations cannot be certified in ISO 27031 like they can in ISO 22301, the management system follows many of the same procedures that experienced preparation experts are used to adopting with business continuity planning.


ISO 27031 is based on the ISO 22301 PDCA management system but is tailored to the more technical aspects of IRBC. ISO 27031 depends on the results of the Business Impact Analysis (BIA) performed and accepted as part of the larger BCMS for an organisation in addition to the technical adjustments to PDCA. The PDCA management system at IRBC is summarised as follows:


ICT is widely used among organisations that rely heavily on it to perform critical business functions. Some of the activities that ICT supports are incident management, business continuity, disaster recovery and emergency management. The importance of ISO 27031 is that it sets guidelines to implement these activities as a part of your organisation's continuity plan.


ISO 27031 specifies that the aforementioned IRBC plans need to have six components to effectively monitor for, respond to, and recover from interruptions to information and communication technologies. These six factors are:


ISO 27031 provides guidance for an IRBC programme that helps IT and business continuity experts keep their ICT systems resilient. Organisations would better prepare for, respond to, and recover from an information and communication technology outage. ICT and business continuity are both vulnerable to interruptions, however ISO 27031 utilises and modifies the BCM ideas established in ISO 22301 to help mitigate this risk.


ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.


Genorma.com is the first single pan-European information point for standards and legislation in Europe. Genorma is your website for European and international standards, harmonised standards and compliance issues, launched in collaboration with BDS and other National Standardization Bodies. Genorma complies with the relevant policies on dissemination, sales and copyright of national, European and International standards.


ISO 27031 provides additional recommendations specifically for ICT continuity management when aligning to ISO 27001 or ISO 22301 and covers all events and incidents (including security-related events) that could impact ICT infrastructure and systems.


Figure 1 depicts the IT disaster recovery lifecycle, and is adapted from ISO 27031. It shows where maintenance and auditing fit into the overall IT DR lifecycle. Continuous improvement ideally occurs at all points in the DR planning lifecycle, and can be implemented through effective programme management and periodic programme reviews and assessments.


Why is ISO/IEC 27001 certification important? Compliance with ISO/IEC 27001, certified by an accredited auditor, demonstrates that Azure uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its services. The certificate validates that Microsoft has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.


The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.


ServiceNow is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation since 2011 (SSAE 18 superseded SSAE 16 in 2017). SSAE 18 is aligned with international standard ISAE3402 and replaced the now-deprecated SAS70.


IT Governance is authorised by BSI to distribute British and international standards, and is authorised by IEC to distribute international standards. All international standards supplied by IT Governance are either the BSI or other official standard body adoptions of international standards, or the IEC co-published versions.


グループについて

グループへようこそ!他のメンバーと交流したり、最新情報を入手したり、動画をシェアすることができます。

メンバー

bottom of page