Assign topic to the user
I'm assuming you are referring to controls A.17.1.1 and A.17.1.2.
Considering that, controls from ISO 27001 Annex A section A.17 (Information security aspects of business continuity management) aims to minimize risks that, in case of an event that disrupts business operations, the information will be kept protected, and operations that rely on them will be resumed as quickly as possible.
To show compliance with control A.17.1.1, an organization needs to identify and include information security requirements in its reparations for business continuity. To do that the organization should ensure that the information security requirements are included when planning for business continuity and disaster recovery. One way to do that is by performing a business impact analysis for information security aspects to verify if the information security requirements being covered in adverse situations.
To show compliance with control A.17.1.2, an organization needs to ensure processes, procedures, and controls required for information security are documented, implemented, and maintained. To do that the organization should:
- put in place a management structure to prepare for, mitigate and respond to a disruptive event using proper resources and competence;
- nominate competent personnel to manage incidents
- documented and approve plans, response and recovery procedures to handle incidents
This article will provide you a further explanation about business continuity for ISO 27001:
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
This material will also help you regarding business continuity for ISO 27001:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 21, 2020