Business Continuity Plan
ISO27001 requires you to have a Business Continuity Plan (BCP) in place.
You should have define the requirements for such a system, considering adverse situations (e.g. during crisis or disaster).
You should have procedures in place that can address those situations.
And you should test these procedures.
The norm does not describe what should be in your BCP and what risks you can accept, that will be upto your discretion. You will need to prove that you have assessed situations and defined what you will have in place. One the most important components of your BCP is a Disaster Recovery Plan (DRP) –
However, BCP is more then a DRP – in your BCP you will need to proof that you are in control of the entire business.
In the Docoumentation Toolkit, you can find the a template “procedure for writing Business Continuity Plan”. In this template a number of questions you will need to ask yourself. All these answers together are your BCP.
We advise you to perform the assessment after you have implemented your ISMS – and get prepared for your Certification. Or perform this assessment twice: one if you just start implementing your ISMS and one before your external audit. In this way you can realy assess if your are more in control of your Business Continuity.
Remember : all your assessments (ISMS, Supplier, GDPR etc.) together with improvements and regular security meetings, will give you a good insight on how much you are in control of your business continuity.
|
Field Name |
Description |
Example |
|
Details |
|
|
|
Business Continuity Plan info |
free text for the title or description |
BCP Jan 2022 |
|
Templates: |
N/A: templates not available yet |
|
|
Documents: |
+ upload the document |
[upload the BCP Jan 2022 document] |
|
Assessment finding |
|
|
|
+ Add new assessment |
Assessment date: select date |
1st of February, 2022. Finding: not all high risk suppliers were assessed this year |
|
Approvals of assessment & findings |
|
|
|
+ Add new review |
approval date: select + click approve |
|