标准摘要
[中文适用范围]: 本国际标准描述了信息和通信技术(ICT)业务连续性准备的概念和原则,并提供了方法和流程的框架来识别和指定所有方面(例如绩效标准、设计和实施),以提高组织的能力ICT 准备就绪,可确保业务连续性。 它适用于任何制定其 ICT 业务连续性准备 (IRBC) 计划的组织(私营、政府和非政府,无论规模大小),并要求其 ICT 服务/基础设施做好准备,以在出现新情况时支持业务运营。 可能影响关键业务功能连续性(包括安全性)的事件和事件以及相关中断。 它还使组织能够以一致且公认的方式衡量与其 IRBC 相关的绩效参数。 本国际标准的范围涵盖可能对 ICT 基础设施和系统产生影响的所有事件和事件(包括与安全相关的事件)。 它包括并扩展了信息安全事件处理和管理以及 ICT 就绪规划和服务的实践。 [外文原描述]: ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner. The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.
英文名称Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity