Hello, I am looking for laws and regulations on 'industry sector' and business continuity in EU
I am interested in BC of critical infrastructures in a industrial big organisation.
Is this the right document template from the Toolkit for the mandatory document required by ISO 27001 for Business continuity procedures (A.17.1.2.):
A.17.4_Business_Continuity_Plan_Premium_EN_WL.docx
Hi guys. I just bought the Disaster Recovery Plan and want to use it with combined ISO27k/22301/GDPR documentation that I'm working on. I noticed there are four documents. Which one would you recommend for this?
Regarding the theft of a laptop form a car, while the policy can prohibit leaving a laptop in a car, thus preventing probability of theft, how does a backup or encryption lower the probability of theft? It merely lowers the impact when the theft occurs, but not the probability of theft. The thief does not know the data is backed up or encrypted, and usually doesn´t care because he most often is after the hardware for resale, not the data.
Where can I find details on what has been programmed into the excel templates, and where is maintenance documented? Specifically, in risk treatment, how change method, coloring and warning messages? Thanks.
Hi!
I was really happy when I found the "Checklist of ISO22301:2019 mandatory documentation" since that contains what is mandatory and what is not.
However, when looking at chapter 2 in the list, it says that a post-exercise report is not mandatory.
When I look in the corresponding clause in the standard (8.5), it says:
"The organization shall conduct exercises and tests that:
...
e) produce formalized post-exercise reports that contain outcomes, recommendations and actions to implement improvements;"
To me, this implies that a post-exercise report IS mandatory...
Please elaborate your way of interpretation.
I need to know what are the components and structure required to document a BCP from ISO 22301: 2019 perspective I am not interested in certification at this stage I am more interested what does my organisation requires to assert what is required as a structure to document BCP though we already have a BCP plan in place etc but we need to know from ISO 22301: 2019 what it requires to document a BCP and accordingly I will revisit what we have in house already ok.
I have a question regarding the statement of acceptance document. It is stated that all employees need to sign this document, is this including the managing director and also non-IT employees? Also board members? Or do only IT employees of the organization sign the document
My registrar is telling me I have to have my recertification in December. My ISO cert will expire on Feb 13, 2021. We don't want an audit in the middle of the holidays due to limited availability (so much vacation). Why does it have to be two months prior if my cert is good through February?
I would like to clarify on document required against Annexure A ControlsA-12.5.1 and A-12.6.2
We have a written document against A.12.6.2 which specifies
Users cannot install any software
Only IT can install software
All software to be approved by IT
Software installation by end-users requires exception with risk impact.
Is there a separate document required against A.12.5.1?
