Business Continuity Procedure
Question --> ISO 27001 ver 2013 has a "Business Continuity Procedure" listed as a mandatory document (clause A.17.1.2). However the Advisera Toolkit for ISO 27001 only contains 1 document in the "Business Continuity" folder (under General Policies) and it is a " Disaster Recovery Procedure" -- NOT a BC procedure ?? Since 'Business Continuity' and 'Disaster Recovery' are two separate contingency plans, is there another location in the Toolkit where the BC Procedure is located?
Thank you for your outstanding support.
Complementary question: This document is listed as a mandatory document in Advisera "List of Required Docs for ISO 27001 / 2013, but the only document included in the Toolkit under the "Business Continuity" folder is a "Disaster Recovery Procedure" ???
Assign topic to the user
Please note that ISO 27001 control A.17.1.2 Implementing information security continuity does not require a "Business Continuity Procedure", only “…processes, procedures, and controls to ensure the required level of continuity for information security…”.
Considering that, a less complex document like the Disaster Recovery Plan is sufficient to be compliant with this control.
In the 2022 version the standard, the control A.17.1.2 is now A.5.30 ICT readiness for business continuity. For further information, see:
- List of mandatory documents according to the ISO 27001 2022 revision https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-revision
Regarding the "List of Required Docs for ISO 27001 / 2013”, it is not clear to which document you are referring to. Could you please send us the link to it, so we can check it?
Comment as guest or Sign in
Jun 27, 2023