Welcome to the ninth issue of ISO 17799 News, designed to keep you abreast of developments and news with respect to ISO17799 and information security.
The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Included in this edition are the following topics:
ISO17799 SECTION 11: PREPARING FOR THE BUSINESS CONTINUITY PROCESS
For a business continuity plan to be successful, it is important that all members of staff have been trained properly and understand the business recovery process. In order for people to understand what will be required of them, it is important that the training itself is planned and delivered to the people on a structured basis. It is less likely that people will misunderstand their roles and responsibilities if they are able to digest the information given to them in advance.
Certainly, for larger organizations a formal training plan should exist. This plan should outline the scope, objectives and activities and should be assessed to make sure it is relevant for the procedures involved.
An example of a training objective could be “To train all staff in the particular procedures to be followed during the business recovery process”. An example of the scope for the training might be “The training must be carried out in a comprehensive and exhaustive manner so that staff becomes familiar with all aspects of the recovery process. The training will cover all aspects of the Business Recovery activities section of the BCP including IT systems recovery”.
Not too sure where to start? A template approach such as that used by The BCP Generator (http://www.bcpgenerator.com) can actually help you to generate your company’s business continuity plan from start to finish.