Standards and Good Practice Guidelines

In this Appendix, we shall cover two areas that provide detailed information. The first area is that of Standards, which are divided into two principle types:

  • Specifications are directive in nature, and tell you what should be done.
  • Guidelines and recommendations are informative, and tell you how you should go about it.

In some cases, organizations can be independently assessed for compliance with requirement standards—for example ISO/IEC 27001, and the accreditation they then enjoy can be used as a benefit when tendering for business.

Standards are generally developed at a national or international level. For example, in the United States, the NIST is the body responsible; in the United Kingdom, ...

Get Business Continuity in a Cyber World now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.