ISO 27301 (Definition)

ISO 27301 is an information and communication technology (ICT) specific Business Continuity standard.

It is intended to provide concepts and principles behind improving the resilience of an organization IT structure to support business continuity objectives. It is intended to cover all types of incident that could have an effect on the availability of the ICT infrastructure and systems, and includes best practices and metrics.

ISO 27301 is notable in that it includes security-related incidents and security incident handling.

See also:

You are welcome to use these definitions for any purpose provided that an acknowledgement is made
to www.RiskyThinking.com and (if you're using HTML) you provide a link back to this site.
If you are an industry professional, consider subscribing to the free Risky Thinking Newsletter for articles, insights, and commentary on risk, business continuity, and security. It's low volume: we don't send out the newsletter unless there is something interesting to say!

Errors or Omissions? Contact us and let us know!