ISO 27001 & 22301 / Data Backup and Restore
Does the backup and restore process should be encrypted?
I Mean the tapes itself.
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
According to ISO 27001, the need for encryption of backup tapes will depend on the results of risk assessment and identified legal requirements.
If you do not have risks, or legal requirements, that justify the implementation of encryption, you do not need to implement it.
These articles will provide you a further explanation about controls selection:- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/- Backup policy – How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/
HTML tags are not allowed