T9 Information Systems Continuity Management

Dozuki System Automated Release

08/17/2022 by Dozuki System

Printed Copies Are Uncontrolled

Wiki ID: 90

Author: Dozuki System

Release: Dozuki System Automated Release [Minor]

Revision ID: 1411

Revision Date: 07-26-19

Author: Petr Roupec (and 2 other contributors)

OBJECTIVE

To maintain an information continuity management policy covering the continuity and redundancy of information based on their level of criticality

PERFORMANCE INDICATOR

Percentage of organizational units with an established information continuity plan in accordance with the information continuity management policy

AUTOMATION GUIDANCE

Not applicable

RELEVANT THREATS AND VULNERABILITIES

Unsuitable information systems continuity management policy
Unawareness of information systems continuity management policy among IT staff

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T9.9.1 - P4 - INFORMATION SYSTEMS CONTINUITY PLANNING POLICY

OBJECTIVE

To counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption

PERFORMANCE INDICATOR

Percentage of organizational units with information continuity plans that have been adequately documented and proven by suitable testing

AUTOMATION GUIDANCE

Not applicable

RELEVANT THREATS AND VULNERABILITIES

Destruction of equipment or media
Corruption of data

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T9.2.1 - P3 - DEVELOPING INFORMATION SYSTEMS CONTINUITY PLANS

T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS

T9.3 TESTING, MAINTAINING AND REASSESSING PLANS

OBJECTIVE

To ensure the effectiveness of the information systems continuity management plans and they are always up-to-date

PERFORMANCE INDICATOR

Percentage of information systems that went through an annual testing

AUTOMATION GUIDANCE

An automated solution to plan tests and to keep track of the results and the improvement areas should be considered.

RELEVANT THREATS AND VULNERABILITIES

Unperformed information systems continuity management testing
Outdated information systems continuity management plan

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T9.3.1 - P3 - TESTING, MAINTAINING AND RE-ASSESSING INFORMATION SYSTEMS CONTINUITY PLANS SYSTEMS CONTINUITY PLANS

Release Notes

T9 Information Systems Continuity Management

T9.1 INFORMATION SYSTEMS CONTINUITY MANAGEMENT POLICY

T9.2 INFORMATION SECURITY ASPECTS OF INFORMATION CONTINUITY MANAGEMENT

T9.3 TESTING, MAINTAINING AND REASSESSING PLANS