Expert Advice Community

ISO27001 - How to meet the requirement of A.17.1 and A.17.1.2

  Quote
Cisco007 Created:   Jul 17, 2020 Last commented:   Jul 21, 2020

ISO27001 - How to meet the requirement of A.17.1 and A.17.1.2

Organisation has a DR network but no policies such as BCP nor DRP - What steps/approch should be taken to achieve compliance for the following A.17.1 & A.17.1.2    
0 0

Assign topic to the user

ISO 27001/ISO 22301 BUSINESS CONTINUITY PLAN

Define the steps for recovering your business from disruption.

ISO 27001/ISO 22301 BUSINESS CONTINUITY PLAN

Define the steps for recovering your business from disruption.

Expert
Rhand Leal Jul 21, 2020

I'm assuming you are referring to controls A.17.1.1 and A.17.1.2.

Considering that, controls from ISO 27001 Annex A section A.17 (Information security aspects of business continuity management) aims to minimize risks that, in case of an event that disrupts business operations, the information will be kept protected, and operations that rely on them will be resumed as quickly as possible.

To show compliance with control A.17.1.1, an organization needs to identify and include information security requirements in its reparations for business continuity. To do that the organization should ensure that the information security requirements are included when planning for business continuity and disaster recovery. One way to do that is by performing a business impact analysis for information security aspects to verify if the information security requirements being covered in adverse situations.

To show compliance with control A.17.1.2, an organization needs to ensure processes, procedures, and controls required for information security are documented, implemented, and maintained. To do that the organization should:

  • put in place a management structure to prepare for, mitigate and respond to a disruptive event using proper resources and competence;
  • nominate competent personnel to manage incidents
  • documented and approve plans, response and recovery procedures to handle incidents

This article will provide you a further explanation about business continuity for ISO 27001:

This material will also help you regarding business continuity for ISO 27001:

Quote
0 2

Comment as guest or Sign in

HTML tags are not allowed

Jul 17, 2020

Jul 21, 2020