ISO/IEC 27031:2011 信息技术 安全技术 业务连续的信息和通信技术准备就绪指南

标准编号：ISO/IEC 27031:2011

中文名称：信息技术 安全技术 业务连续的信息和通信技术准备就绪指南

英文名称：Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity

发布日期：2011-03

标准范围

ISO/IEC 27031:2011描述了信息和通信技术（ICT）为业务连续性做好准备的概念和原则，并提供了一个方法和流程框架，以确定和规定所有方面（如绩效标准、设计和实施），以提高组织的ICT准备度，确保业务连续性。它适用于任何组织（私营、政府和非政府组织，无论规模大小），制定其ICT业务连续性准备计划（IRBC），并要求其ICT服务/基础设施在出现事件和事件以及相关中断时准备好支持业务运营，这可能会影响关键业务功能的连续性（包括安全性）。它还使组织能够以一致且公认的方式测量与其IRBC相关的绩效参数。ISO/IEC 27031:2011的范围包括可能对ICT基础设施和系统产生影响的所有事件和事件（包括安全相关）。它包括并扩展了信息安全事件处理和管理以及ICT准备计划和服务的实践。

ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.

标准预览图