The hardware and software required to meet recovery goals.
However, there is often a disconnect:
Organizations certified to ISO 27001 must address continuity of information security (Annex A.17). ISO 27031 is the primary implementation guide for that clause. iso 27031 ict readiness for business continuity
ISO 27031: A Comprehensive Guide to ICT Readiness for Business Continuity The hardware and software required to meet recovery goals
1. Introduction - Purpose and scope of ICT continuity 2. Roles and responsibilities - ICT recovery team, BC coordinator, vendor contacts 3. ICT service inventory and criticality - List of services with RTO/RPO/MBCC 4. Incident declaration criteria - When to activate ICT recovery (e.g., outage > 30 min) 5. Recovery procedures - Step-by-step for each service (failover, restore, manual mode) 6. Data backup and replication schedules - Location, frequency, retention, restoration method 7. Alternate site / cloud failover configuration - Activation steps and network routing changes 8. Escalation and communication - Internal and external (vendors, customers, regulators) 9. Testing schedule and results 10. Plan maintenance and version control ISO 27031: A Comprehensive Guide to ICT Readiness
| Standard | Relationship | |----------|---------------| | (BCMS) | ISO 27031 provides ICT-specific guidance to meet ISO 22301 requirements. | | ISO 27001 (ISMS) | ICT readiness depends on security controls; incidents (e.g., ransomware) trigger both. | | ISO 27035 (Incident Mgt) | ICT readiness integrates incident detection and response. | | ISO 27013 (Guidance on 27001 + 20000-1) | Aligns ICT service continuity (ISO 20000) with security continuity. |