Referring to the Business continuity policy from the ISMS documentation
Assign topic to the user
Answer:
Business continuity is required in the Annex A of ISO 27001, section A.17 - so if you select those business continuity controls as applicable in your Statement of Applicability, then yes - you should refer to your Business continuity policy in your ISMS documentation.
If the ISO 27001 certification auditor sees that you have implemented business continuity in a proper way, he will certainly look at that fact in a positive way - he will assess your business continuity documentation, and how you performed your exercising and testing, but he probably won't go any deeper.
These articles will help you:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
Jun 28, 2016