search

13. Information Security Aspects of Business Continuity Management

hashtag
This category focuses on the integration of information security into the organization's business continuity management (BCM) framework. It ensures that information security continuity is embedded into BCM practices to protect critical business processes and information assets during disruptions.

hashtag
Controls (A.17):

  • A.17.1.1: Planning Information Security Continuity

  • A.17.1.2: Implementing Information Security Continuity

  • A.17.1.3: Verify, Review, and Evaluate Information Security Continuity

  • A.17.2.1: Availability of Information Processing Facilities

hashtag
Control A.17.1.1: Planning Information Security Continuity

Audit Questions:

  • Are there documented plans for information security continuity?

  • How are these plans aligned with the organization's overall business continuity plans?

Common Non-Conformities (NC):

  • Lack of documented information security continuity plans.

  • Poor alignment between information security and business continuity plans.

hashtag
Control A.17.1.2: Implementing Information Security Continuity

Audit Questions:

  • How are information security continuity plans implemented?

  • Are there procedures for maintaining information security during disruptions?

Common Non-Conformities (NC):

  • Inadequate implementation of continuity plans.

  • Lack of procedures for maintaining security during disruptions.

hashtag
Control A.17.1.3: Verify, Review, and Evaluate Information Security Continuity

Audit Questions:

  • How often are information security continuity plans reviewed and tested?

  • What processes are in place to evaluate the effectiveness of these plans?

Common Non-Conformities (NC):

  • Infrequent reviews and tests of continuity plans.

  • Ineffective evaluation of continuity plans.

hashtag
Control A.17.2.1: Availability of Information Processing Facilities

Audit Questions:

  • What measures are in place to ensure the availability of information processing facilities during disruptions?

  • How are these measures monitored and maintained?

Common Non-Conformities (NC):

  • Lack of measures to ensure facility availability.

  • Inadequate monitoring and maintenance of availability measures.

Previous12: Information Security Incident ManagementNext14. Compliance

Last updated