5.30 ICT Readiness for Business Continuity
Control
ICT readiness should be planned, implemented, maintained, and tested based on business continuity objectives and ICT continuity requirements.
Purpose
The control’s purpose is to emphasise the notion that a company should maintain a backup plan ensuring that Information & communication technology services are available even during a cyber security attack.
Implementation Guidance
This control should be implemented due to business impact analysis (BIA). The business impact analysis should be used to assess and identify impact types and criteria to evaluate the impacts over time resulting from the disruption of business activities that deliver products and services. It is beneficial for an organisation to establish and implement A business impact analysis document determining the recovery time objectives and the required resources to mitigate an attack.Once BIA is completed, the finalised objectives should be included briefly in the Business Continuity Policy to reflect better an organisation's strategic, operational, and tactical position during an attack. Organisation should ensure that:
- a. Adequate resources are available
- b. People in charge if an attack happens are well determined. Also, the steps required to be taken as a course of action are clearly identified and communicated. If possible, it is beneficial for an organisation to test its BIA result.
ISO 27001:2022
Organisational Controls
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
27002:2022 Related Controls
CLick to view control
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
