ISO IEC 27031:2011 pdfダウンロード

ISO IEC 27031:2011 pdfダウンロード。Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
1 Scope
This International Standard describes the concepts and principles of information and communication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization’s ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity (IRBC) program, and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions.
It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner. The scope of this International Standard encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC TR 18044:2004 1 ) , Information technology — Security techniques — Information security incident management
ISO/IEC 27000, Information technology — Security techniques — Information security management systems — Overview and vocabulary
ISO/IEC 27001, Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27002, Information technology — Security techniques — Code of practice for information security management
ISO/IEC 27005, Information technology — Security techniques — Information security risk management
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC TR 18044, ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005 and the following apply.
3.1
alternate site
alternate operating location selected to be used by an organization when normal business operations cannot be carried out using the normal location after a disruption has occurred
3.2
business continuity management
BCM
holistic management process that identifies potential threats to an organization and the impacts to business operations whose threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders,reputation, brand and value-creating activities
3.3
business continuity plan
BCP
documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption
NOTE Typically this covers resources, services and activities required to ensure the continuity of critical business functions.
3.4
business impact analysis
BIA
process of analysing operational functions and the effect that a disruption might have upon them