BS 31111:2018

BS 31111:2018 Cyber risk and resilience. Guidance for the governing body and executive management

Stock status: Available to Order (Stock Due)

(No VAT Payable)

Publication Details

Details: A4, 28 pages.

Publication date: 05/03/2018

Publisher: BSI

ISBN: 9780580944826

Publication Status: Active

Publication Description

Official BSI Distributor

What is this standard about?

Organizations need to protect themselves and their stakeholders from the consequences of cyber-related failures and errors as well as malicious cyberattacks.

At the same time, there’s an increasing need for organizations to demonstrate to stakeholders that their operations and processes are protected, particularly since organizations are now held accountable by regulation and society in general.

This standard therefore exists to improve top management’s strategic understanding of the risks associated with IT activities and support decision making that ensures good cyber resilience.  

Who is this standard for?

This standard is written in user-friendly, non-technical language for all types and sizes of organization. However it’s particularly targeted at:

  • Governing bodies
  • Executive management
  • Risk management professionals
  • Information technology professionals

Why should you use this standard?

It provides good practice for boards, senior executives and risk managers on cyber risk management by describing what cyber risk is and how to identify, assess, and mitigate these risks within the organization’s overall risk management framework.

It provides strategic insight and guidance on where to focus to ensure that cyber resilience is built in across all levels and functions of the organization. 

It provides management with an improved business understanding of the risks associated with information technology activities and supports effective decision-making.

It also helps the organization demonstrate to external stakeholders and interested parties that its cyber security provisions are effective, resilient and mature.

A key factor is that cyber risk is not limited to the IT department but impacts the entire organization. So the standard is applicable to all subject areas, focusing on risk, resilience and information security rather than just on technology aspects. 

Read more



Connect with us

Sign up to our newsletter

Looking for volume discounts?

If you require five or more copies of any title, call us on

01380 820 003

and we will do our best to give you additional discounts