Smoothly functioning information and communication technology (ICT) is essential for maintaining business processes in the context of digitalization. Even the shortest outages and disruptions are often accompanied by severe financial losses. Hackers exploit this potential for damage when they encrypt data and systems in sophisticated ransomware attacks and only release them after high ransoms have been paid.
The updates to the international standards for information security, ISO 27001 and ISO 27002, are now intended to put a stop to this development: Security measure (control) 5.30 "ICT readiness for business continuity" in Annex A obliges companies to ensure the availability of ICT even in the event of a disruption. The new ISO 27001:2022 sets a strong signal here with the controls and helps companies to arm their organizational structures and security architectures against threat scenarios in a timely manner. Read the following blog post to find out what control 5.30 means for your information security management system and how it will affect future audits.