Information Security Policy and Business Continuity Management Policy
Assign topic to the user
1 - Your Information Security Policy relates to the BCMP, (red below), but can you please advise where is this template?
Answer: You do not have to keep section 4.4 of the Information Security Policy if you don't have business continuity management implemented in your company, or you do not have plans to implement it together with ISO 27001. The Business Continuity Management Policy is not mandatory for ISO 27001 certification (even if controls from section A.17 of Annex A are applicable), so to not increase unnecessarily customers effort on managing the ISMS, this template is not included in the toolkit you bought.
2 - During Certification, we are concerned the Business Recovery Plan may be too simplistic even for our small business. We have reviewed your tutorials, but still remain very unclear. We would appreciate your explana tion here to help us move forward please.
Answer: The Disaster Recovery Plan template included in your toolkit includes all requirements a certification auditor will look for during the certification audit, so if you followed all recommendations in the comments included in the template your document will be fine for the certification audit. In any case, included in your toolkit you have the possibility to send us some of your documents so one of our experts can evaluate them and provide guidance on which adjustments you have to make, if any, so your document is fully compliant with the standard.
Comment as guest or Sign in
Jan 03, 2019