Annex A.17.1/2/3
To explain what Annex A.17.1/2/3 really means and what is required to show compliance
Assign topic to the user
I'm assuming you are referring only to controls from section A.17.1
Considering that, controls from ISO 27001 Annex A section A.17 (Information security aspects of business continuity management) aims to minimize risks that, in case of an event that disrupts business operations, the information will be kept protected, and operations that rely on them will be resumed as quickly as possible.
To show compliance with controls of this section an organization needs to:
- identify and include information security requirements in its reparations for business continuity
- ensure processes, procedures and controls required for information security are documented, implemented, and maintained
- regularly review its information security continuity elements to ensure its effectiveness and relevance to business
This article will provide you a further explanation about business continuity for ISO 27001:
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
These materials will also help you regarding business continuity for ISO 27001:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 14, 2020