Meeting ISO 27031 Requirements
The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the mandate for an infrastructure that supports business operations when an event or incident with its related disruptions affects the continuity of critical business functions. This includes security of crucial data as well as enterprise operations.
The ISO standard centers around fours areas; Plan, Do, Check, and Act.
- Plan – Establish a Disaster Recovery Business Continuity policy with objectives, metrics, and processes relevant to managing risk and improving the enterprise’s Information and Communication Technology ability and readiness to operate at the level defined within the parameters of the enterprise’s overall disaster recovery and business continuity objectives.
- Do – Implement and operate the Disaster Recovery and Business Continuity policies, procedures, controls, and processes.
- Check – Assess and monitor the performance metrics as defined within the Disaster Recovery and Business Continuity policy metrics and communicate the results to the management of the enterprise. This process can be done via an audit, a test of the plan, or an actual execution of the plan via a post event analysis session.
- Act – Modify the Disaster Recovery and Business Continuity policies, procedures, and metrics based on the “Check” (audit, test, or execution of the plan) in order to improve the Disaster Recovery and Business Continuity Policy.