Availability is a fundamental principle of information security. It ensures that authorised users have timely and uninterrupted access to information and associated assets when they are needed. Availability is one of the three core pillars of the CIA Triad (Confidentiality, Integrity, and Availability).
Examples
- System Uptime: Ensuring a website or application is always accessible and not down for maintenance during business hours.
- Data Recovery: Having a robust backup and recovery plan so that if data is lost or corrupted, it can be restored quickly.
- Redundancy: Using multiple servers or networks so that if one fails, the service can seamlessly switch to another, preventing downtime.
- Denial-of-Service (DoS) Protection: Implementing controls to protect against attacks that are designed to make a service unavailable to its users.
ISO 27001 Context
While many people focus on data breaches (Confidentiality), an organisation’s ability to operate and provide its services is directly tied to the availability of its information systems. ISO 27001 requires organisations to identify and manage risks that could impact availability, ensuring business continuity and operational resilience. The ISO 27001 standard covers the requirement to have a business response (ISO 27001 Annex A 5.29 Information Security During Disruption) and a technical response (ISO 27001 Annex A 5.30 ICT Readiness For Business Continuity).
