Who can access the Business continuity plan?
Assign topic to the user
* All employees?
* Only those involved ? This document contains procedures, phone numbers, sensible info...
* Third parties: For contract for instance, they need to know all content? or only that we have a system in charge.
Answer:
You should follow the Need-to-know basis rule - only those people (internal or external) that need to see a document should have the access to it.
Further, if you already don't have the Classification policy you should develop it and then classify your Business continuity plan accordingly. Here's an article that will help you: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016