Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

ISO officially launches ISO/IEC 27035:2011

ISO has announced the official launch of the new International Standard ISO/IEC 27035:2011.

Entitled ‘Information technology – Security techniques – Information security incident management’, the standard gives ‘how to’ guidance on detecting, reporting and assessing information security incidents and vulnerabilities.

ISO says that ISO/IEC 27035:2011 will help organizations respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach.

Edward Humphreys, whose team developed the original version of the standard, ISO/IEC TR 18044:2004, commented: “Effective and timely handling of major incidents can make the difference between the survival or ‘death’ of an organization. The new ISO/IEC 27035 standard provides tried and tested advice on the processes and methods that need to be deployed for ensuring effective management of information security incidents.

“Incidents can vary from the minor, which may have an impact on an isolated business system to a major incident, which affects all business systems. Some incidents have the effect of disrupting an organization and the use of its business resources for 24-72 hours or more; some cause a serious loss and/or destruction of data and some can leave the organization with a serious crime on their hands. ISO/IEC 27035:2011 offers a solution.”

ISO/IEC 27035:2011, which replaces technical report ISO/IEC TR 18044:2004, supports the general concepts specified in ISO/IEC 27001:2005.

The new standard is applicable to any organization, irrespective of size. It covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means.

ISO/IEC 27035:2011 was developed by the joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques.


•Date: 21st October 2011 • Region: World •Type: Article • Topic: BC standards

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here