The organisation should plan how to maintain information security at an appropriate level during disruption.
To protect information and other associated assets including physical items such as hardware, firmware, computing platform, network device, or other technology intangible components such as humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation during disruption.
This control should be included in your Business Continuity Plan (BCP). The lack of BCP documents is a major non-conformity. The organisation should consider a fallback plan at strategic, operational, and tactical levels. A well-established BCP enables a resilient organisation, the lack of a fallback plan results in serious disruption hurting the confidentiality, integrity, and availability of information security at all levels. It is highly suggested that a business should test the effectiveness of BCP. A short, precise, practical tested plan is way better than having a long, theoretically sophisticated one. Moreover, the BCP requires continuous review and modification from time to time even if proven to be effective. Reasonably, it is crucial to consider the recent threat and methods of attack. Therefore, it is important to introduce appropriate, updated, and effective security measures.
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk