Expert Advice Community

Home / ISO 27001 & 22301 / Who can access the Business continuity plan?

Guest

Who can access the Business continuity plan?

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Who can access the Business continuity plan?

ISO 27001 & 22301
I have one question regarding the BCP document itself: The level of classification and the people who can access to it are:
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 12, 2016

* All employees?
* Only those involved ? This document contains procedures, phone numbers, sensible info...
* Third parties: For contract for instance, they need to know all content? or only that we have a system in charge.

Answer:

You should follow the Need-to-know basis rule - only those people (internal or external) that need to see a document should have the access to it.

Further, if you already don't have the Classification policy you should develop it and then classify your Business continuity plan accordingly. Here's an article that will help you: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Dec 03, 2021 ISO 27001 & 22301
Replies: 1
0 0

Controls A.17.1
Guest user Created:   Apr 03, 2017 ISO 27001 & 22301
Replies: 1
0 0

Implementing a Business Impact Analysis according ISO 22301
Rooh ullah Created:   Jan 14, 2024 ISO 27001 & 22301
Replies: 1
0 0

Business continuity plan, RTO and MTPD