CAN/CSA-ISO/IEC 27031:13 (R2017)
Current
The latest, up-to-date edition.
Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity (Adopted ISO/IEC 27031:2011, first edition, 2011-03-01)
Hardcopy , PDF
English, French
01-01-2013
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Overview
6 IRBC Planning
7 Implementation and Operation
8 Monitor and Review
9 IRBC improvement
Annex A (informative) - IRBC and milestones during
a disruption
Annex B (informative) - High availability embedded
system
Annex C (informative) - Assessing Failure Scenarios
Annex D (informative) - Developing Performance
Criteria
Bibliography
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). At the time of publication, ISO/IEC 27031:2011 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard describes the concepts and principles of information and communication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization\'s ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity (IRBC) program, and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner. The scope of this International Standard encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.
DocumentType |
Standard
|
ISBN |
978-1-77139-089-7
|
Pages |
0
|
ProductNote |
Reconfirmed EN
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Supersedes |
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). At the time of publication, ISO/IEC 27031:2011 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard describes the concepts and principles of information and communication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization\'s ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity (IRBC) program, and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner. The scope of this International Standard encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.
Standards | Relationship |
ISO/IEC 27031:2011 | Identical |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC 18043:2006 | Information technology Security techniques Selection, deployment and operations of intrusion detection systems |
ISO/IEC 27003:2017 | Information technology — Security techniques — Information security management systems — Guidance |
ISO/IEC 27004:2016 | Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation |
BS 25999-1:2006 | BUSINESS CONTINUITY MANAGEMENT - PART 1: CODE OF PRACTICE |
IEC/ISO 31010:2009 | Risk management - Risk assessment techniques |
ISO 22301:2012 | Societal security Business continuity management systems Requirements |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC TR 18044:2004 | Information technology Security techniques Information security incident management |
ISO/IEC 20000-1:2011 | Information technology Service management Part 1: Service management system requirements |
ISO/IEC 20000-2:2012 | Information technology Service management Part 2: Guidance on the application of service management systems |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ISO 9000:2015 | Quality management systems — Fundamentals and vocabulary |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO/IEC 24762:2008 | Information technology Security techniques Guidelines for information and communications technology disaster recovery services |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.