Part 36 - A17 Information Security Aspects of Business Continuity Management
Business continuity management (BCM) is a hot topic at the moment.
From Wikipedia: “Business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to permit ongoing operation, before and during execution of disaster recovery.”
The clause starts with information security continuity.
A.17.1 Information Security Continuity
So the objective here is to ensure information security continuity is embedded in your organisation’s business continuity planning systems.
Here at Mango we have a detailed business continuity planning system. We have created a Business Continuity Plan (BCP). We involved a wide range of employees and contractors to get the plan together.
The Mango BCP is quite comprehensive and covers the following topics:
- Company Employees
- Disaster Recovery Team
- Office Infrastructure
- Applications, Hardware and Data
- Post emergency process
- Servers and PC Details
Once in place we tested sections of the plan to ensure the details were correct and that people were prepared. With our Head Office in a major earthquake zone, business continuity is something we plan for with knowledge that things out of your control can happen at any time.
The Mango BCP is reviewed and tested annually. An event in Mango reminds us to conduct the review and the testing of the plan.
The objective here is to ensure the continued availability of information processing facilities. So you need to build in sufficient redundancy to meet your requirements if things go wrong.
Here at Mango we worked hard with our IT suppliers to build sufficient redundancy into our processing facilities. This redundancy was documented too in our BCP.
- Create a BCP.
- Involve as many people and contractors as you can to get the BCP in place.
- Test each area of the plan with your employees and contractors to ensure everyone is prepared.
- Work with your IT suppliers to ensure there is plenty of redundancy in your processing facilities.
View previous blogs in this series "ISO 27001 Information Security Management Standard":