Expert Advice Community

Guest

Business continuity

  Quote
Guest
Guest user Created:   Jun 09, 2020 Last commented:   Jun 09, 2020

Business continuity

Hello hope all is well with your, I am a bit confused on Disaster Recovery from what I understand we have to document a disaster recovery plan , how substantive of a plan is required? Should we be completing all the a.17 annex sections and documents?  Or is the ISO requirement just to document a plan, not a strategy, continuity policy, test plan, rto, post disaster process, major incident plans, etc.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 09, 2020

1 - I am a bit confused about Disaster Recovery from what I understand we have to document a disaster recovery plan, how substantive of a plan is required?

Answer: ISO 27001 does not prescribe the detail level of any document, only that the organization ensures that it has enough information to provide confidence that the activities can be performed as expected. Considering that, it is essential that the personnel that will use the document is involved in its elaboration.

For further information see:
-  How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/

2 - Should we be completing all the a.17 annex sections and documents?  Or is the ISO requirement just to document a plan, not a strategy, continuity policy, test plan, rto, post-disaster process, major incident plans, etc.

Answer: The application of controls from section A.17 will depend on the results of risk assessment and legal requirements (e.g., laws, regulations, and contracts), so you must consult these information to know which controls from this section are applicable to your organization.

Regarding business continuity for ISO 27001, ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations, so a full Business Continuity Plan is not mandatory for this standard, and you will only need the DRP template included in your toolkit.

By the way, included in your toolkit there is a List of documents file that can show you information about mandatory documents in the List of documents.

This article will provide you a further explanation about DRP and BCP:
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/

 

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 09, 2020

Jun 09, 2020

Suggested Topics