The standard clearly distinguishes between a disruptive event (e.g., a power surge or ransomware alert) and a business continuity incident (when the event exceeds the organization's tolerance for interruption). This distinction allows ICT teams to trigger predefined recovery procedures before the business officially declares a disaster.
According to the official ISO page, ISO/IEC 27031 provides guidelines for the . Specifically, the standard describes the concepts and principles of ICT readiness, including the identification of a range of possible events (disruptions) that could impact ICT infrastructure and systems. It offers a methodological framework for specifying, designing, implementing, and maintaining a documented management system for ICT readiness (ICTR) .
Would you like to know more about business continuity or information security management in general?