Assign topic to the user
Need your advice on this. As i feel its not mandatory to have DRP.
Answer: Although ISO 22301 clause 8.4.4 requires procedures for responding to disruptive incidents (e.g. business continuity plan(s) and recovery plan(s), including the disaster recovery plans), neither this standard, nor ISO 27001, mention "badge access request", so you need to analyse the following issues to confirm if a DRP is required for this specific process:
- the results of the business impact analysis (can the time needed to recover minimal conditions for this process after a disruptive incident prevent the organization to achieve its objectives for recovery or continuity of the business?)
- legal requirements applicable to the organization (e.g., are there any laws or contracts demanding for this specific DRP?)
- top management decisions specifically related to the recovery or continuity of this process (regardless of any other conditions, does the top m anagement require a DRP for this process?)
If after verifying these issues you identify no reason to have a DRP for this process, then you can consider this DRP as no needed.
This article will provide you further explanation about mandatory ISO 22301 documentation:
- Mandatory documents required by ISO 22301 https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/
This material will also help you regarding mandatory ISO 22301 documentation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Nov 07, 2017