Beruflich Dokumente
Kultur Dokumente
[ORGANIZATION LOGO]
1
[LOGO] Document ID: [ORGANIZATION] ISMS-L2-Procedure 17- Information Security aspects of Business Continuity
Management Procedure
DOCUMENT CONTROL
AUTHORIZATION:
Version 1.1
Version 1.2
Version 1.3
Version 1.4
DISTRIBUTION LIST:
The following persons hold copies of the document; all amendments and updates to the document must be distributed
to the Distribution List.
6 All third parties and vendors (when required) [ORGANIZATION], Soft Copy
[Location]
Confidentiality:
Internal 2
[LOGO] Document ID: [ORGANIZATION] ISMS-L2-Procedure 17- Information Security aspects of Business Continuity
Management Procedure
This document contains restricted information pertaining to [Organization]. The access level for the document is specified above. The addressee
should honour this access rights by preventing intentional or accidental access outside the access scope.
Disclaimer:
This document is solely for the information of [Organization] and should not be used, circulated, quoted or otherwise referred to for any other
purpose, nor included or referred to in whole or in part in any document without our prior written consent.
Contents
1 BUSINESS CONTINUITY MANAGEMENT.......................................................................................................... 4
1.1 INFORMATION SECURITY REQUIREMENTS........................................................................................................... 4
1.1.1 Including information security in the business continuity management process......................................4
1.1.2 Business continuity and risk assessment................................................................................................ 4
1.1.3 Developing and implementing continuity plans........................................................................................ 4
1.1.4 Business continuity planning framework.................................................................................................. 5
1.2 Testing, maintaining and re-assessing the business continuity plan..............................................................6
Internal 3
[LOGO] Document ID: [ORGANIZATION] ISMS-L2-Procedure 17- Information Security aspects of Business Continuity
Management Procedure
Internal 4
[LOGO] Document ID: [ORGANIZATION] ISMS-L2-Procedure 17- Information Security aspects of Business Continuity
Management Procedure
o Appropriate education of staff in the agreed procedures and processes, including crisis management.
The planning process should focus on the required business objectives, e.g. restoring of specific services to
customers in an acceptable amount of time.
The services and resources facilitating this should be identified, including staffing, non-information processing
resources, as well as fallback arrangements for information processing facilities. Such fallback arrangements
may include arrangements with third parties in the form of reciprocal agreements.
Business continuity plans should address organizational vulnerabilities and therefore may contain sensitive
information that needs to be appropriately protected.
Copies of business continuity plans should be stored in a remote location, at a sufficient distance to escape
any damage from a disaster at the main site.
Management should ensure copies of the business continuity plans are up-to-date and protected with the
same level of security as applied at the main site. Other material necessary to execute the continuity plans
should also be stored at the remote location.
Internal 5
[LOGO] Document ID: [ORGANIZATION] ISMS-L2-Procedure 17- Information Security aspects of Business Continuity
Management Procedure
References
Internal 6