In the context of digitization, smoothly functioning information and communications technology (ICT) is essential for maintaining business processes. Even the shortest outages and disruptions are often accompanied by severe financial losses. Hackers exploit this damage potential when they encrypt data and systems in sophisticated ransomware attacks and only release them after paying high ransoms.
Updates to the international standards for information security, ISO 27001 and ISO 27002, are now intended to put a stop to this development: Security Measure (Control) 5.30 "ICT readiness for business continuity" in Annex A requires companies to ensure the availability of ICT even in the event of a disruption. The new ISO 27001:2022 sends a strong signal here with the controls and helps companies to arm their organizational structures and security architectures against threat scenarios in line with the times. Read what Control 5.30 means for your information security management system and how it will affect future audits in the following blog post.