What ISO 27001:2013 gives you is a best-practice method of implementing an information security management system (ISMS) to keep your organisation safe, and the data of your customers private. It’s imperative that as we move further into the 21st century that your organisation maintains a robust set of information security policies, and ensures it is making every possible effort to protect the organisation and its key stakeholders.
An ISO 27001 (ISMS) system includes all of the policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures that are used to protect information security.
ISO 27001 standard includes all of the elements that organizations use to manage and control their information security risks. ISMS 27001 covers a large management system, it would help you win government tenders, as you showcase your certification and information security, if implemented.
iso 27001 certification by best practice
ISO 27001 Controls: What Is Annex A:17?
Annex. A:17 Information security aspects of business continuity management
A:17 defines the information security aspects of business continuity management. This would mean, how you can continue working in the business even after the threat has recognized and eliminated. This is the recovery and continuity phase of planning ahead to protect the business. Let’s discuss this control in more depth now.
Annex. A: 17.1 Information Security Continuity
The main objective of this clause is to ensure the continuity of information security embedded in the organization’s systems. In this clause there are 3 main controls as follows:
Annex. A:17.1.1- Planning Information security Continuity:
This control defines that the organizations must prepare a recovery plan to avoid any uncertainties. Any organization looking to achieve ISO 27001, need to determine the requirements of information security. It is advisable that organizations can capture the security aspects and plan to protect information security.
Get Your Free Gap Analysis Checklist Here
Annex. A:17.1.2 Implementing Information Security Continuity:
The management needs to implement a series of policies, which help to maintain processes and procedures under a confidential document. The organization needs to establish, document, implement and maintain processes, procedures, and controls to ensure the required level of continuity for information security during a disruptive situation.
Annex. A:17.1.3 Verify, Review, and Evaluate Information Security Continuity:
ISO 27001 controls help an organization to establish a secure environment. The controls implemented for information security continuity must be tested, reviewed, and evaluated. These control policies and procedures are required to be available where:
- There are substantial threats to the safety or well-being of individuals or to the fabric or reputation of the institution and;
- The incident is likely or has the potential, to lead to the suspension of
normal operations.
You can control these threats by implementing the basic controls like manage emergency access, changing the password, testing the systems, etc.
“It is far better to foresee without certainty than not to foresee at all”
– Henri Poincare
Annex. A: 17.2 Redundancies:
Network redundancy is introduced to improve reliability and ensure availability. To maximize availability with minimal complexity. The purpose of redundancy is to prevent any disruption of system operation in the case of a technical failure or disaster by maintaining a continuity of service. To guarantee the uptime of the total IT environment redundancy of data and internet connectivity is very important.
