Guest user Created: Apr 12, 2018 Last commented: Apr 12, 2018

Applicability of control

The Dutch documentation set lists a.17 Rampen Opvang Plan (Disaster Recovery Plan) as mandatory. In the Declaration of Applicability, I have listed that making an appropriate backup plan is applicable. We have that backup plan in a separate document. Do you still think I should have a disaster recovery plan, or is that more for the business continuity standard?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 12, 2018

Answer: Controls from section A.17 requires more than a plan to be fulfilled (e.g., control A.17.1.2 requires processes, procedures and other controls for maintaining adequate level of continuity), so only a backup plan is not going to be enough to the requirements of section A.17 and you must consider the devrlopmrnte of a Disaster Recovery Plan.

This article will provide you further explanation about controls selection:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-inf ormation-security-work/

This material will also help you regarding controls selection:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 12, 2018

Expert Advice Community