Disaster recovery site
Assign topic to the user
In the Annex A of the ISO 27001 you can see a set of controls related to the disaster recovery (A.17 Information security aspects of business continuity management), but really you only need to implement them depending on the results of the risk assessment, this means that if there are risks maybe you need to implement the A.17 to reduce them. Anyway, ISO 27001 does not require a disaster recovery site; disaster recovery site is only one of the ways to comply with A.17.2.1.
If you want to know more about the risk management, please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Jan 12, 2016