ISO 27001:2013 provides a best-practice method for implementing an Information Security Management System (ISMS) to keep your organisation secure and protect customer data. As we move further into the 21st century, maintaining robust information security policies is essential to safeguarding your organisation and its stakeholders.
An ISO 27001 (ISMS) system includes policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures used to protect information security. The ISO 27001 standard encompasses all elements organisations use to manage and control information security risks. Implementing ISMS 27001 can help you win government tenders by showcasing your certification and information security.
Annex A:17 – Information Security Aspects of Business Continuity Management
Annex A:17 defines the information security aspects of business continuity management. This section focuses on how you can continue operating after a threat has been identified and eliminated, covering the recovery and continuity phase of planning ahead to protect your business. Let’s explore this control in more depth.
Annex A:17.1 Information Security Continuity
The main objective of this clause is to ensure the continuity of information security within the organisation’s systems. It includes three main controls.
Annex A:17.1.1 – Planning Information Security Continuity:
Organisations must prepare a recovery plan to avoid uncertainties. To achieve ISO 27001 certification, determine the requirements for information security. Capture security aspects and plan to protect information security.
Annex A:17.1.2 – Implementing Information Security Continuity:
Management needs to implement policies to maintain processes and procedures confidentially. Establish, document, implement, and maintain processes, procedures, and controls to ensure information security continuity during disruptions.
Annex A:17.1.3 – Verify, Review, and Evaluate Information Security Continuity:
Ensure the controls implemented for information security continuity are tested, reviewed, and evaluated. These policies and procedures are necessary when:
- There are substantial threats to individuals’ safety or the institution’s fabric or reputation.
- The incident is likely or has the potential to lead to the suspension of normal operations.
Control these threats by managing emergency access, changing passwords, testing systems, etc.
“It is far better to foresee without certainty than not to foresee at all”
– Henri Poincare
Annex A:17.2 Redundancies
Network redundancy is introduced to improve reliability and ensure availability. The purpose of redundancy is to prevent system operation disruption in case of technical failure or disaster by maintaining service continuity. Ensuring data and internet connectivity redundancy is crucial to guarantee IT environment uptime.
Citation HR
HR Advice Line
HR Software
Citation Safety
Safety Advice Line
WHS Software
Citation Certification
ISO Certification
NDIS
Citation Legal
Workplace Law
Migration Services
HR & Safety Software 
