Guest
Application of control A.17.2.1
We’re still working on the Statement of Applicability. How do we need to handle the implementation method of control A.17.2.1? The template says: recovery-strategy for IT-infrastructure. No comment from your side and no template about it. Can you explain a bit more?
Assign topic to the user
ISO 27001/ISO 22301 DISASTER RECOVERY PLAN
Recovery plan for IT and communications.
Get it now 
ISO 27001/ISO 22301 DISASTER RECOVERY PLAN
Recovery plan for IT and communications.
Get it now
ISO 27001/ISO 22301 DISASTER RECOVERY PLAN
Recovery plan for IT and communications.
Get it now
Expert
Rhand Leal
Feb 06, 2019
Answer:
Reference to Recovery strategy for IT infrastructure in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the Recovery strategy for IT infrastructure because it will complicate the whole process - instead, for the control A.17.2.1 we recommend that you refer to Disaster Recovery Plan - you can find it in your toolkit in the folder 08 Annex A - A.17 Business continuity..
If you decide to go for Recovery strategy for IT infrastructure, you can find the template here: https://advisera.com/27001academy/documentation/business-continuity-strategy/
Comment as guest or Sign in
Feb 06, 2019
Feb 06, 2019
Feb 06, 2019