In May 2025, an updated ISO/IEC 27031:2025 – Cybersecurity – Information and communication technology preparedness for business continuity was released.
What is ISO/IEC 27031?
ISO/IEC 27031 provides guidelines for ensuring information and communication technology (ICT) readiness to support business continuity. It establishes a framework for ICT preparedness that aligns with broader business continuity objectives and helps organizations prevent, respond to, and recover from ICT disruptions that could impact critical operations.
Why is ISO/IEC 27031 important?
In today’s digital world, organisations rely heavily on information and communications technology (ICT) systems to operate, deliver services and maintain stakeholder trust, and disruption due to failure or cyber-attack can have serious consequences.
ISO/IEC 27031 helps organizations ensure the resilience of their ICT by integrating response planning into their business continuity and information security practices. It ensures that ICT services can be restored within specified timeframes, protecting operations, reputation and customer confidence. This preparedness applies not only to internal systems but also to relevant third-party services such as cloud providers.
Benefits
- Supports business operations during ICT disruptions
- Strengthens alignment between ICT, security and continuity strategies
- Reduces recovery time and data loss after major incidents
- Increases organisational resilience and trust with the public, customers, business partners and other stakeholders
- Seamlessly integrates with ISO/IEC 27001 and ISO 22301 procedures