Just read some reports on the roadmap and numbering of the ISO/IEC 2700x series of standards at the ISO 27001 Report blog site: "ISO 27001 Report: ISO 2703n: Latest Developments". Also noted that there are some interest in the infosec community about this recent development - "ISO Standards - What's the future?."

While it is true that the series of numbers, 27031 to 27040, has been allocated for standards that WG4 is currently developing, and that WG4 has in the May 2007 meeting held in Russia, attempted to align the first few numbers to the standards that are currently being developed, they have not been formally approved by JTC1. As such, it is still pre-mature to use these numbers to refer to the new series of standards in WG4. In the meantime, WG4 will be putting up a resolution for these new allocations to be balloted by National Bodies at JTC1, which should take place within 2007 or early 2008. I should report the outcome of the ballot then.

Another more important (than numbering) thing that I want to highlight briefly here relates to the "ICT Readiness for Business Continuity" standards. The "Compliance Portal" reports that "ISO 27031 will be a Business Continuity standard". This is not entirely correct. What the members of WG4 have in mind and is really emphasizing is "ICT Readiness for Business Continuity", but not just "Business Continuity". It is important to focus on the complete title, but not only one part of it, which is what many others have misunderstood the intention of this standard for. Business Continuty is something that TC 223 is working on. Also, as this standard materializes, we should also see a more encompassing scope for "Business Continuity" here (in the ICT domain), in which our ICT systems (including people, process, and technology) need to be prepared to respond as the related events emerge. I have in my recent blog, "Football match in Mandrogi, Russia", reflected on some of the principles of readiness. As this standard evolves, I will report more about it then.</div>