Assign topic to the user
While as per ISO 27001:2013-BCP to be implemented in information security aspect of ISMS.
Could you please give example so that i could understand above statement .
Answer: ISO 27001:2005 A.14 controls had the objective to ensure the continuity of business operations in case the failure of information systems and to ensure their timely resumption, and these controls basically refer to the same approach of ISO 22301, the ISO standard for business continuity management. On the other hand, ISO 27001:2013 A.17 controls have the objective to ensure only the continuity of the information security capabilities (confidentiality, integrity and availability) in case of a disruptive event.
So, while the old version had a higher objective (continuity of business operations), requiring the development of a full business continuity management, the new version covers only the set of capabilities required to ensure continuity of information security capabilities, which can be achiev ed by the elaboration of a business continuity plan that may not depend of a organizational business continuity approach (ideally it is better to be integrated to a organizational approach).
As a practical example, if a data center has access control based on electronic locks and it is hit by a disruptive event that makes all energy sources unavailable, one solution to ensure information security continuity, in this case protected by access control, is to designate a security guard to protect the data center entrance until the electronic locks start to work again. Another example is the use of backup media to protect information availability.
Comment as guest or Sign in
Jan 14, 2017