Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Information Security Policy and Business Continuity Management Policy

  Quote
Guest
Guest user Created:   Jan 03, 2019 Last commented:   Jan 03, 2019

Information Security Policy and Business Continuity Management Policy

Can you please assist with this query. We currently have a lot of confusion between the Information Security Policy prescribing a Business Continuity Management Policy and Annexe A.17 Business Recovery Plan.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 03, 2019

1 - Your Information Security Policy relates to the BCMP, (red below), but can you please advise where is this template?

Answer: You do not have to keep section 4.4 of the Information Security Policy if you don't have business continuity management implemented in your company, or you do not have plans to implement it together with ISO 27001. The Business Continuity Management Policy is not mandatory for ISO 27001 certification (even if controls from section A.17 of Annex A are applicable), so to not increase unnecessarily customers effort on managing the ISMS, this template is not included in the toolkit you bought.

2 - During Certification, we are concerned the Business Recovery Plan may be too simplistic even for our small business. We have reviewed your tutorials, but still remain very unclear. We would appreciate your explana tion here to help us move forward please.

Answer: The Disaster Recovery Plan template included in your toolkit includes all requirements a certification auditor will look for during the certification audit, so if you followed all recommendations in the comments included in the template your document will be fine for the certification audit. In any case, included in your toolkit you have the possibility to send us some of your documents so one of our experts can evaluate them and provide guidance on which adjustments you have to make, if any, so your document is fully compliant with the standard.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 03, 2019

Jan 03, 2019

Suggested Topics