Assign topic to the user
Just a correction to the previous question, The backup will be done a third party and they store in their location. Backup site is different and working site is different.
Neither ISO 27001 nor ISO 22301 require you to have a disaster recovery site. However, what both of these standards require you is to define how you will be able to recover your activities if your primary location is not available any more.
Therefore, if your arrangement with a backup stored at a third party enables you to recover within the Recovery Time Objective (RTO), than this is fine. Of course, your agreement with this third party must reflect all the security risks - see this article: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
See also these articles:
Disaster recovery vs business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/
Backup policy How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/
Comment as guest or Sign in
Jan 12, 2016