Please note: We recently experienced some issues receiving emails - this has now been fixed

BS 31111:2018 Cyber risk and resilience - Guidance for the governing body and executive management


BS 31111:2018 Cyber risk and resilience - Guidance for the governing body and executive management


What is this standard about?

Organisations need to protect themselves and their stakeholders from the consequences of cyber-related failures and errors as well as malicious cyberattacks.

At the same time, there’s an increasing need for organisations to demonstrate to stakeholders that their operations and processes are protected, particularly since organisations are now held accountable by regulation and society in general.

This standard therefore exists to improve top management’s strategic understanding of the risks associated with IT activities and support decision making that ensures good cyber resilience.  

Who is this standard for?

This standard is written in user-friendly, non-technical language for all types and sizes of organisation. However it’s particularly targeted at:

  • Governing bodies
  • Executive management
  • Risk management professionals
  • Information technology professionals

Why should you use this standard?

It provides good practice for boards, senior executives and risk managers on cyber risk management by describing what cyber risk is and how to identify, assess, and mitigate these risks within the organisation’s overall risk management framework.

It provides strategic insight and guidance on where to focus to ensure that cyber resilience is built in across all levels and functions of the organisation. 

It provides management with an improved business understanding of the risks associated with information technology activities and supports effective decision-making.

It also helps the organisation demonstrate to external stakeholders and interested parties that its cyber security provisions are effective, resilient and mature.

A key factor is that cyber risk is not limited to the IT department but impacts the entire organisation. So the standard is applicable to all subject areas, focusing on risk, resilience and information security rather than just on technology aspects. 

Sign-up to our weekly bulletin

Twitter feed

Preparing your crisis management team for responding to a terror event

This week's bulletin has been written by guest author, Richard Duncan, who looks at the role of the crisis management team during and after a terror incident, and provides useful checklists for helping train and prepare the CMT.

15 February 2019

“An in-depth course that was well delivered, informative, and relevant.”

Andy Jeffery
Canterbury City Council
View further testimonials