APPENDIX B

Standards and Good Practice Guidelines

In this Appendix, we shall cover two areas that provide detailed information. The first area is that of Standards, which are divided into two principle types:

  • Specifications are directive in nature, and tell you what should be done.
  • Guidelines and recommendations are informative, and tell you how you should go about it.

In some cases, organizations can be independently assessed for compliance with requirement standards—for example ISO/IEC 27001, and the accreditation they then enjoy can be used as a benefit when tendering for business.

Standards are generally developed at a national or international level. For example, in the United States, the NIST is the body responsible; in the United Kingdom, ...

Get Business Continuity in a Cyber World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.