Infosec responsibility for BCP from an IT perspective
is it logical to have the IT responsivity on BCP led by the Infosec team?
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that, in general, during the execution of a BCP, the infosec team and the IT team only have a limited number of shared responsibilities, so it does not make much sense to put the infosec team leading the IT response.
The infosec team is also responsible for information that is not on information systems (e.g., information on paper media, and information in the form of people’s knowledge), while the IT team is also responsible for running recovered systems and networks.
As you can see, in terms of a BCP, a better strategy would be for the infosec team to help define IT-related information security objectives to be achieved by the IT team.
For further information, see:
- Business Continuity Management vs. Information Security vs. IT Disaster Recovery https://advisera.com/27001academy/blog/2017/02/27/business-continuity-management-vs-information-security-vs-it-disaster-recovery/
Comment as guest or Sign in
Jul 18, 2023