Control A.17.1.1 in ISO 27001
Assign topic to the user
disaster recovery." It's not clear to me if its enough with Polices and Procedures and BIA, or is needed something else (some kind of controls), Could please put some light in my doubts?
Answer:
ISO 27001 nor ISO 27002 are not very clear when it comes to business continuity. But yes - BCM policy, business impact analysis, but also identification of context and interested parties should be enough to identify all the requirements for business continuity.
It seems to me you are referring to your question to ISO 27002, so you should primarily read what ISO 27001 says in its clause 4.
See also these articles:
Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 12, 2016