CIR Related Standards
ISO 27031
1. Introduction
ISO 27031 (NoticeBored, 2011) contains guidelines regarding how an organisation’s Information and Communication Technology (ICT) can play a role in ensuring business continuity excellence (Kosutic, 2015). ICT is part of the organisation’s ISMS involved when preparing and responding (NoticeBored, 2011) to cyber security incidents. Hence, relevant aspects of ICT are specified in the Standard so that CBFs can be resumed during a cyber security incident.
2. Scope
The Standard covers the various types of events/incidents that impact ICT infrastructure and recommended practices (ISO 27031, 2011) on managing these cyber security events/incidents to minimise impact and improve recovery times so CBFs can resume swiftly. The term ICT Readiness for Business Continuity (IRBC) which supports BCM, is introduced. Hence, organisations that choose to adopt this Standard will be able to improve the resiliency of their ICT infrastructures and manage cyber security incidents so that the downtime observed will be minimal.
3. Elements
3.1 Key competencies and knowledge
Before an organisation can respond or prepare against cyber security incidents, it must first identify the information necessary for ICT infrastructures to function and who possesses them. As ICT infrastructures have become an integral component of daily operations, resuming these ICT infrastructures becomes a top priority for organisations. Hence, the availability of the information necessary for ICT infrastructures to function needs to be established.
3.2 Facilities
Having up-to-date facilities minimises vulnerabilities that cybercriminals can use to exploit. The organisation has to develop a schedule for when updates are installed for their ICT infrastructures to ensure that they are on the latest versions so that the patches implemented reduce the risk of a cyber security attack.
3.3 Technology
An organisation must determine which ICT infrastructures are required for CBFs to operate. This is related to the first point. Certain CBFs require ICT infrastructures to be performed so that services/products can continue to be provided to customers. Therefore, organisations must determine which infrastructures are necessary to operate CBFs during peacetimes.
3.4 Data
This is not related to the first point. Information refers to knowledge of operating the ICT infrastructure, whereas data refers to customer/employee information, organisational information, etc. Similarly, data required for ICT infrastructures need to be identified for the resumption of business functions. Prevention of exploitation of organisational data can be performed through measures such as access control.
3.5 Processes
Measures and procedures must be developed and implemented to manage cybersecurity incidents. The organisation has to establish how elements from 1 to 4 can work together to perform the organisation’s operations. This includes prevention and response measures.
3.6 Suppliers
Organisations have to constantly engage with their suppliers concerning their ICT infrastructures. An example would be the supplier notifying the organisation of a patch being released so that the organisation can create a schedule for patching their infrastructures that minimise the impact on daily operations.
(See Appendix 21 for details on PDCA Model)
ISO Standards Related to CIR
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 16 Appendix 6: ISO 27031
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.