Inverifi logo

ISO:27001

Annex A.17 - Information Security Aspects of Business Continuity Management

Get compliant with ISO:27001 – Annex A.17 and simplify compliance for your organisation.

This annex focuses on maintaining continuity on business management in relation to information security. Ensures that operations that rely on data and systems can be resumed and recovered after a disaster or systems failure.

A.17.1 – Information security continuity

 To ensure that the continuity of information security is integrated into the continuity of business management.

A.17.1.1 Planning information security continuity

To ensure that there is a plan, in case of adverse circumstances, to continue with the information security standards and consistent information security management. Management should ensure that security requirements remain the same.

A.17.1.2 Implementing information security continuity

To ensure that the organisation defines, documents and executes security controls. To make sure that a sufficient management structure is in place with the authority to plan and respond to adverse events. Once requirements have been identified, policies must be implemented.

A.17.1.3 Verify, review and evaluate information security continuity

The organisation must review on-going controls on information security in order to ensure they remain productive and effective during adverse circumstances. This would be done by exercising and testing the reliability and expertise of the systems, procedures and controls. This should happen on a regular and consistent schedule.

A.17.2 – Redundancies

To ensure that information processing facilities have availability. Redundancy in this case means the availability of a “backup”.

A.17.2.1 Availability of information processing facilities

To conduct regular tests to ensure the availability of backup copies continue to function. Redundant items should be stored at the same or higher level as the originals. It is recommended to use cloud storage to preserve these items.