LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Application of control A.17.2.1

  Quote
Guest
Guest user Created:   Feb 06, 2019 Last commented:   Feb 06, 2019

Application of control A.17.2.1

We’re still working on the Statement of Applicability. How do we need to handle the implementation method of control A.17.2.1? The template says: recovery-strategy for IT-infrastructure. No comment from your side and no template about it. Can you explain a bit more?
0 0

Assign topic to the user

ISO 27001/ISO 22301 DISASTER RECOVERY PLAN

Recovery plan for IT and communications.

ISO 27001/ISO 22301 DISASTER RECOVERY PLAN

Recovery plan for IT and communications.

Expert
Rhand Leal Feb 06, 2019

Answer:

Reference to Recovery strategy for IT infrastructure in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the Recovery strategy for IT infrastructure because it will complicate the whole process - instead, for the control A.17.2.1 we recommend that you refer to Disaster Recovery Plan - you can find it in your toolkit in the folder 08 Annex A - A.17 Business continuity..

If you decide to go for Recovery strategy for IT infrastructure, you can find the template here: https://advisera.com/27001academy/documentation/business-continuity-strategy/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 06, 2019

Feb 06, 2019