top of page


Public·27 members
Daniel Bennett
Daniel Bennett


ISO 27001 is the leading international standard focused on information security. It was published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC). Both are leading international organizations that develop international standards.


ISO/IEC 27031 provides guidelines on what to consider when developing business continuity for information and communication technologies (ICT). This standard is a great link between information security and business continuity practices.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how AWS perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that AWS do the following:

AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2019. These certifications are performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that the AWS security program is in accordance with industry leading best practices.

A disaster recovery plan (DRP) details all the actions you, your management team, and your personnel must take to make sure your employees and your business are safe. Depending on the size and complexity of your business or organization, you may want to have a DRP for each department which the managers retain copies of at all times. The managers may be responsible for adapting and revising these plans regularly or when necessary to stay abreast of current ISO standards like ISO 27031 and other business and safety standards.

Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT.

As a guidance standard, organizations cannot be certified in ISO 27031 like ISO 22301, but the management system follows many of the same steps that experienced preparedness professionals are used to implementing with business continuity planning. The following diagram displays IRBC management system detailed in ISO 27031.

The standards, however, are not specific to any industry and this makes them able to be applied in any business, regardless of size and industry. Standardisation is a product of ISO/IEC JTC1 SC27, an international body that meets formally twice a year.

ServiceNow is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation since 2011 (SSAE 18 superseded SSAE 16 in 2017). SSAE 18 is aligned with international standard ISAE3402 and replaced the now-deprecated SAS70. 041b061a72


Welcome to the group! You can connect with other members, ge...
bottom of page