ISO/IEC 27031:2011 - Lead Implementer

Certification Overview

ISO/IEC 27031:2011 - Lead Implementer

Exam Code: ISO-27031-LI

ISO/IEC 27031 provides guidance on the concepts and principles behind the role of information and communications technology (ICT) in ensuring business continuity.

The standard:

Suggests a structure or framework (a coherent set or suite of methods and processes) for any organization – private, governmental, and non-governmental;

Identifies and specifies all relevant aspects including performance criteria, design, and implementation details, for improving ICT readiness as part of the organization’s ISMS, helping to ensure business continuity;

Enables an organization to measure its ICT continuity, security and hence readiness to survive a disaster in a consistent and recognized manner.

Scope and purpose

The standard encompasses all events and incidents (not just information security related) that could have an impact on ICT infrastructure and systems. It therefore extends the practices of information security incident handling and management, ICT readiness planning and services.

ICT Readiness for Business Continuity (IRBC) [a general term for the processes described in the standard] supports Business Continuity Management (BCM) “by ensuring that the ICT services are as resilient as appropriate and can be recovered to pre-determined levels within timescales required and agreed by the organization.”

ICT readiness is important for business continuity purposes because:

  • ICT is prevalent and many organizations are highly dependent on ICT supporting critical business processes;
  • ICT also supports incident, business continuity, disaster and emergency response, and related management processes;
  • Business continuity planning is incomplete without adequately considering and protecting ICT availability and continuity.

ICT readiness encompasses:

Preparing the organization’s ICT (i.e. the IT infrastructure, operations and applications), plus the associated processes and people, against unforeseeable events that could change the risk environment and impact ICT and business continuity;

Leveraging and streamlining resources among business continuity, disaster recovery, emergency response and ICT security incident response and management activities.

ICT readiness should of course reduce the impact (meaning the extent, duration and/or consequences) of information security incidents on the organization.

The standard incorporates the cyclical PDCA approach, extending the conventional business continuity planning process to take greater account of ICT. It incorporates ‘failure scenario assessment methods’ such as FMEA (Failure Modes and Effects Analysis), with a focus on identifying ‘triggering events’ that could precipitate more or less serious incidents.

The SC 27 team responsible for ISO/IEC 27031 liaised with ISO Technical Committee 233 on business continuity, to ensure alignment and avoid overlap or conflict. The FCD advised: “If an organization is using ISO/IEC 27001 to establish Information Security Management System (ISMS), and/or using ISO 2239PAS or ISO 23301 to establish Business Continuity Management System (BCMS), the establishment of IRBC should preferably take into consideration existing or intended processes linked to these standards. This linkage may support the establishment of IRBC and also avoid any dual processes for the organization.”

The mapping of this certificate against the e-Competence Framework. To know more on e-Competence Framework (e-CF) visit, ECF



Exam Information

The exam comprises of 100 Multiple Choice Questions out of which the candidate needs to score 70% (70 out of 100 correct) to pass the exam.

Exams are online and proctored based, using a webcam and a reliable internet connection exams can be taken anywhere and anytime.

The total duration of the exam is 2 hours (120 Minutes).

No external sources of information may be accessed during the exam held via ProctorU. Further details of the materials permitted are provided:

  • Identification Proof

If a Candidate does not pass the exam in the second (2nd) attempt, the candidate must wait for a period of at least fourteen (14) calendar days from the date of their attempt to retake the exam for third (3rd) time or any subsequent time.

The exam can be taken any number of times

The ISO/IEC 27031 - Lead Implementer Certificate is valid for four (4) years.

Displaying your certificate

  • Remember, when labelling a product or system as certified to an ISO standard:
  • Don't say: "ISO certified" or "ISO certification"
  • DO say: "ISO 9001:2008 certified" or "ISO 9001:2008 certification" (for example).

N/A

N/A

The ISO/IEC 27031 Lead Implementer Certification has no pre-requisites (Completion of an E-Course is not mandatory from GAQMBok portal), but we highly recommend doing the E-Course as maximum number of questions are drawn from the E-Course in the actual exam.

Course Outline

Module 1 - Foundation

  • The role of IRBC in BCM
  • The Principles 
  • The Elements
  • Outcomes and Benifits
  • Establishing 
  • Plan, Do, Check and Act
  • Management Responsibility

Module 2 - Planning

  • General
  • Resources
  • Defining Requirements
  • Determining IRBC Strategy Options
  • Sign Off
  • Enhancing IRBC Capability
  • ICT Readiness Performance Criteria

Module 3 - Implementation and Operation

  • General
  • Implementing the Elements
  • Incident Respnose
  • IRBC Plan Documents
  • Awaremness, Competency and training Program
  • Document Control

Module 4 - Monitor and Review

  • Maintaining IRBC
  • IRBC Internal Audit
  • Management Review
  • Measurements

Module 5 - Improvement

  • Continual Improvement
  • Corrective action
  • Preventive action

Target Audience

  • Information and communication technology managers
  • Information technology managers
  • Personnel involved with risk assessment and risk analysis
  • Software engineers
  • Network engineers and managers

Registration Process for E-Course and Exam

Exam
Voucher

  • Validity: 180 Days
  • Price: 170 USD
  • Please Read Carefully:

    1) Please Purchase the Second Voucher from our E-Voucher Store to Schedule the exam via ProctorU.

    2) One Voucher can be used by one person, one time, for one exam discount/fee only.

Visit E-Voucher Store

Exam Registration

  • To Register for an Exam
Click Here