BS 31111:2018 Cyber risk and resilience – Guidance for the governing body and executive management

BS 31111:2018

Cyber risk and resilience. Guidance for the governing body and executive management

Status : Current   Published : March 2018



What is this standard about?

Organizations need to protect themselves and their stakeholders from the consequences of cyber-related failures and errors as well as malicious cyberattacks.

At the same time, there’s an increasing need for organizations to demonstrate to stakeholders that their operations and processes are protected, particularly since organizations are now held accountable by regulation and society in general.

This standard therefore exists to improve top management’s strategic understanding of the risks associated with IT activities and support decision making that ensures good cyber resilience.  

Who is this standard for?

This standard is written in user-friendly, non-technical language for all types and sizes of organization. However it’s particularly targeted at:

  • Governing bodies
  • Executive management
  • Risk management professionals
  • Information technology professionals

Why should you use this standard?

It provides good practice for boards, senior executives and risk managers on cyber risk management by describing what cyber risk is and how to identify, assess, and mitigate these risks within the organization’s overall risk management framework.

It provides strategic insight and guidance on where to focus to ensure that cyber resilience is built in across all levels and functions of the organization. 

It provides management with an improved business understanding of the risks associated with information technology activities and supports effective decision-making.

It also helps the organization demonstrate to external stakeholders and interested parties that its cyber security provisions are effective, resilient and mature.

A key factor is that cyber risk is not limited to the IT department but impacts the entire organization. So the standard is applicable to all subject areas, focusing on risk, resilience and information security rather than just on technology aspects. 

Standard NumberBS 31111:2018
TitleCyber risk and resilience. Guidance for the governing body and executive management
Publication Date05 March 2018
Normative References(Required to achieve compliance to this standard)BS 65000, BS EN ISO/IEC 27000, PD ISO Guide 73, BS ISO 31000
Informative References(Provided for Information)BS ISO/IEC 27014, PAS 7000, PAS 555, BS 10012, BS 7799-3, BS EN ISO 22301, BS 16000, BS 11200, BS 13500, BS 31100, ISO 22316, BS ISO 31010, BS ISO/IEC 27032, BS EN ISO 22313, BS EN ISO/IEC 27001, BS EN ISO/IEC 27002, BS ISO/IEC 27031
DescriptorsResilience, Data security, Risk assessment, Enterprises, Computer networks, Security, Data storage protection, Risk analysis, Organizations, Data processing, Computers
ISBN978 0 580 94482 6
File Size1.901 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world

Customers who bought this product also bought

  • BS ISO 31000:2018
    Risk management. Guidelines
  • BS ISO/IEC 27035-2:2016
    Information technology. Security techniques. Information security incident management Guidelines to plan and prepare for incident response