1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27031-2025

ISO IEC 27031-2025 PDF

St ISO IEC 27031-2025

Name in English:
St ISO IEC 27031-2025

Name in Russian:
Ст ISO IEC 27031-2025

Description in English:

Original standard ISO IEC 27031-2025 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27031-2025 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25980
Choose Document Language:
€25

Full title and description

ISO/IEC 27031:2025 — Cybersecurity — Information and communication technology readiness for business continuity. Guidance and a framework for preparing information and communication technology (ICT) to support an organisation’s business continuity objectives, including methods to identify, specify and improve ICT readiness for disruptions.

Abstract

This second edition of ISO/IEC 27031 updates guidance on ICT readiness for business continuity (IRBC). It describes concepts, principles and a framework of processes to help organisations set ICT-related business continuity objectives (including MBCO, RPO and RTO), assess ICT dependencies (internal and third‑party), plan recovery arrangements, measure ICT readiness and integrate ICT continuity with information security and overall business continuity management. It is applicable to organisations of all types and sizes.

General information

  • Status: Published / Current
  • Publication date: 16 May 2025
  • Publisher: ISO and IEC (joint publication — ISO/IEC JTC 1/SC 27)
  • ICS / categories: 35.030 (IT security) — Business continuity / ICT readiness
  • Edition / version: Edition 2.0 (2025)
  • Number of pages: 33

Scope

Provides guidance on the concepts and principles of ICT readiness for business continuity and a framework of methods and processes to identify and specify aspects for improving an organisation’s ICT readiness. The standard supports setting ICT business continuity objectives such as minimum business continuity objective (MBCO), recovery point objective (RPO) and recovery time objective (RTO). It covers planning, proactive preparedness, recovery arrangements, testing and measurement and is applicable to all types and sizes of organisations and to ICT services provided internally or by external suppliers (including cloud services).

Key topics and requirements

  • Framework for ICT readiness aligned with business continuity objectives (MBCO, RPO, RTO).
  • Identification and mapping of ICT dependencies, critical systems and service relationships.
  • Integration of ICT continuity planning with information security (ISO/IEC 27001/27002) and organisational business continuity (ISO 22301).
  • Risk assessment and impact analysis specific to ICT services and infrastructures.
  • Requirements for recovery strategies, redundancy, backup and service restoration processes.
  • Third‑party and cloud provider considerations, contractual and assurance measures.
  • Testing, exercises, verification and continual improvement of ICT readiness arrangements.
  • Roles, responsibilities, governance and communication for ICT continuity activities.
  • Performance indicators, monitoring and reporting to demonstrate ICT readiness and recovery capability.

Typical use and users

Used by IT managers, business continuity managers, information security officers, CIOs/CISOs, resilience and risk teams, suppliers (including cloud and managed service providers), auditors and consultants. Typical applications include developing or improving ICT continuity plans, aligning ICT recovery objectives with business requirements, supplier assurance for continuity, designing recovery architectures and running ICT recovery exercises and audits.

Related standards

Commonly used with the ISO/IEC 27000 family (overview and vocabulary), ISO/IEC 27001 (information security management systems), ISO/IEC 27002 (security controls), ISO/IEC 27005 (information security risk management) and ISO 22301 (business continuity management). It also complements standards and guidance on supplier management, cloud security and incident response.

Keywords

ICT readiness, business continuity, recovery time objective (RTO), recovery point objective (RPO), minimum business continuity objective (MBCO), ICT resilience, disaster recovery, information security, continuity planning, cloud provider assurance.

FAQ

Q: What is this standard?

A: ISO/IEC 27031:2025 is an international standard that provides guidance and a framework for ensuring ICT is prepared to support organisational business continuity objectives.

Q: What does it cover?

A: It covers concepts, principles and processes for ICT readiness including identification of critical ICT services, setting MBCO/RPO/RTO, risk assessment for ICT, recovery strategies, third‑party dependencies, testing and measuring ICT readiness.

Q: Who typically uses it?

A: IT and continuity professionals — IT managers, business continuity managers, CISOs, resilience teams, auditors, suppliers and consultants — use it to design, validate and improve ICT continuity capabilities.

Q: Is it current or superseded?

A: Current. ISO/IEC 27031:2025 (Edition 2) was published on 16 May 2025 and replaces ISO/IEC 27031:2011, which has been withdrawn.

Q: Is it part of a series?

A: Yes. It is part of the ISO/IEC 27000 family addressing information security, and is intended to be used alongside ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005 and ISO 22301 for comprehensive resilience and security practices.

Q: What are the key keywords?

A: ICT readiness, business continuity, ICT resilience, RTO, RPO, MBCO, disaster recovery, information security, continuity planning.