T9.2.2 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS Implementation Guidance
The entity shall implement for the established information security plans.
Back to T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS
An entity should ensure that:
- A. An adequate management structure is in place to prepare for, mitigate and respond to a disruptive event using personnel with the necessary authority, experience and competence
- B. Incident response personnel with the necessary responsibility, authority and competence to manage an incident and maintain information security is nominated
- C. Documented plans, response and recovery procedures are developed and approved, detailing how the entity will manage a disruptive event and will maintain its information security to a predetermined level, based on management-approved information security (continuity) objectives
According to the information security continuity requirements, the entity should establish, document, implement and maintain:
- A. information security controls within business continuity and/or disaster recovery processes, procedures and supporting (information- systems and tools
- B. processes, procedures and implementation changes to maintain existing information security controls during an adverse situation
- C. compensating controls for information security controls that cannot be maintained during an adverse situation
Back to T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS
