Information security aspects of business continuity management Audit Checklist

Information security aspects of business continuity management Audit Checklist
Clause 14.1 ISO 17025

1. Including information security in the business continuity management process

• Whether there is a managed process in place that ‎addresses the information security requirements for ‎developing and maintaining business continuity ‎throughout the organization.

• Whether this process understands the risks the ‎organization is facing, identify business critical assets, ‎identify incident impacts, consider the implementation ‎of additional preventative controls and documenting ‎the business continuity plans addressing the security ‎requirements.‎

2. Business continuity and risk assessement

• Whether events that cause interruption to business ‎process is identified along with the probability and ‎impact of such interruptions and their consequence for ‎information security.‎

3. Developing and implementing continuity plans including information security

• Whether plans were developed to maintain and restore ‎business operations, ensure availability of information ‎within the required level in the required time frame ‎following an interruption or failure to business ‎processes.

• Whether the plan considers identification and ‎agreement of responsibilities, identification of ‎acceptable loss, implementation of recovery and ‎restoration procedure, documentation of procedure and ‎regular testing.‎

4. Business continuity planning framework

• Whether there is a single framework of Business ‎continuity plan.

• Whether this framework is maintained to ensure that ‎all plans are consistent and identify priorities for ‎testing and maintenance.

• Whether business continuity plan addresses the ‎identified information security requirement. ‎

5. Testing maintaining and re-assessing business continuity plans

• Whether Business continuity plans are tested regularly ‎to ensure that they are up to date and effective.‎

• Whether business continuity plan tests ensure that all ‎members of the recovery team and other relevant staff ‎are aware of the plans and their responsibility for ‎business continuity and information security and know ‎their role when plan is evoked. ‎

Related documents

ISO 27001 checklist

Advertisement

Sponsor sites:

1. Phrases For Performance Appraisals.

2. Interview questions and answers.
This entry was posted on Wednesday, November 25th, 2009 at 6:37 am and is filed under ISO 27001 checklist. You can leave a response, or trackback from your own site.

Leave a Reply

CAPTCHA Image
*

Comment moderation is enabled. Your comment may take some time to appear.