ID: A.6.1.3
Column: implementation method
If our company doesn’t implement the operational continuity management and Dejan says: we should mention the person which is responsible for. Is it enough just to fill in the person which is responsible for? Without a plan or guideline where this person is mentioned in?
Answer: If your company does not implement business continuity, but assigns personnel to contact authorities as required by control A.6.1.3, then you must fill in in the implementation method, not only the responsible person, but also to which authority this person can contact with. For example, Head of Facilities can contact with Policy and Emergency services, CISO can contact with security experts, etc.
Comment as guest or Sign in
Aug 03, 2018