We bought your set of documents for the ISO27001 certification and are missing a template for business continuity management.
The auditor requires it (more than the emergency recovery plan) according to A.17.1.
Do you have something we can use?
Assign topic to the user
First is important to note that, at the document level, to be compliant with ISO 27001:2013 Annex A.17 controls you only need to document disaster recovery plans. Controls from section A.17 do not require a business continuity management document.
In case you consider this auditor observation relevant to your business, the document you should consider is a Business Continuity Plan, and you can take a look at a demo of this document at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/
This article will provide you with a further explanation of Disaster Recovery:
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
Comment as guest or Sign in
Nov 10, 2022