How to write business continuity plans?

Posted 3 years ago in NEWS.

ISO 27001 Certification in Bangalore you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans.

How to write business continuity plans?

ISO 27001 Certification in Bangalore you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans.  Well, you have to think of various scenarios under which a disaster can occur, and you have to think of a way to handle such exceptionally rare but potentially catastrophic incidents. The problems that people who write such plans usually have include what the plan should contain, how long it should be, what steps to include etc. ISO 27001 standard one of the best solutions to all these dilemmas is using the BS 25999-2 standard, which together with BS 25999-1 defines a framework as to how the plans should be written. According to those standards, the business continuity plans should consist of (1) incident response plan, and (2) recovery plans. An incident response plan is usually a single plan written for the whole organization, and described. 


ISO 27001 Certification has to be done immediately after a disaster occurs, reducing the effects of the incident, gathering at assembly points, communicating to emergency services, evacuating the building, organizing transport to alternative locations etc. Recovery plans are usually written separately for each critical activity, and the steps to be included in the recovery plans are usually the following: when and how to communicate with various stakeholders. 


how to assemble the team, how to recover the infrastructure, how to check which data is missing or has been corrupted by the disaster, how to recover the data, how to check whether the applications are functioning and whether the access rights are appropriate, and how to decide when the recovery is completed so that normal operations can begin.


Disaster recovery plans are the ones to be written with great care because they should describe how to set each system running within the recovery time objective of a particular critical activity. ISO 27001 Consultants in Saudi Arabia this is usually done by writing a detailed recovery plan for each system to be recovered. The rule of the thumb says that the level of details in all these plans should be such that other employees should be able to execute the plan if the people working with that critical activity are not available.use common sense when writing the plans – they should be understandable to anyone, not just you. ISO 27001 standard is the biggest challenge when writing these plans is that employees have to face something completely different, something they never had to think about. To overcome such a problem it is best to organize a workshop where, with or without a moderator, they could share their views about what would happen if.


Our advice, Go for it

Certvalue is one of the leading ISO 27001 Consultants in Bangalore to provide information security standards to all organizations. We are one of the well recognized firms with experts in every industry sector to implement the standard with a 100% track record of success. You can write to us at [email protected] or visit our official website at ISO Certification Consultant Companies in Saudi Arabia, Australia, Lebanon, Malaysia, Oman, Qatar, Jordan, Afghanistan, and India. Certvalue and provide your contact details so that one of our certification experts shall contact you at the earliest to understand your requirements better and provide best available service at market.