Control application
Regarding A.17.2.1, our business is to provide services to our customers via cloud resources. Would this annex apply to all our customer-facing services as well or can it apply only to our corporate environment and part of our corporate business continuity strategy?
Trying to determine if we can write our policy to only include corporate and not customer resources.
Assign topic to the user
For this decision, you have to verify the ISMS scope document. Since the ISMS scope defines what is part of your ISMS and what is not, it will help you define what to include in the Disaster Recovery plan.
These articles will provide you further explanation about scope definition and disaster recovery:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
Comment as guest or Sign in
Jan 13, 2020