Guest user Created: Feb 06, 2019 Last commented: Feb 06, 2019

Application of control A.17.2.1

We’re still working on the Statement of Applicability. How do we need to handle the implementation method of control A.17.2.1? The template says: recovery-strategy for IT-infrastructure. No comment from your side and no template about it. Can you explain a bit more?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 06, 2019

Answer:

Reference to Recovery strategy for IT infrastructure in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the Recovery strategy for IT infrastructure because it will complicate the whole process - instead, for the control A.17.2.1 we recommend that you refer to Disaster Recovery Plan - you can find it in your toolkit in the folder 08 Annex A - A.17 Business continuity..

If you decide to go for Recovery strategy for IT infrastructure, you can find the template here: https://advisera.com/27001academy/documentation/business-continuity-strategy/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 06, 2019

Expert Advice Community