Content library
Digital security overview
24: Jatkuvuudenhallinnan kuvaus

How to fill the requirement

Digital security overview

24: Jatkuvuudenhallinnan kuvaus

Task name
Priority
Status
Theme
Policy
Other requirements
Creating and documenting continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
34
requirements

Task is fulfilling also these other security requirements

T05: Jatkuvuuden hallinta
Katakri
17.1.2: Implementing information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-9: Response and recovery plans
NIST
RC.RP-1: Recovery plan
NIST
1. Task description

Sometimes an unexpected event, such as a fire, flood, or equipment failure, can cause downtime. In order to be able to continue operations as quickly and smoothly as possible, continuity planning is carried out, i.e. planning the operations in advance for these exceptional situations.

Each continuity plan shall contain at least the following information:

  • Event for which the plan has been made
  • Goal for recovery time
  • Responsible persons and related stakeholders and contact information
  • Planned immediate actions
  • Planned recovery steps
Defining the organization's continuity strategy
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
6
requirements

Task is fulfilling also these other security requirements

VAR-03: Jatkuvuussuunnitelmat
Julkri
24: Jatkuvuudenhallinnan kuvaus
Sec overview
Article 11: Response and recovery
DORA
5.2.8: IT service continuity planning
TISAX
1. Task description

The organization must maintain a top-level strategy for continuity planning. The strategy should include at least:

  • Guidelines for defining continuity planning recovery time objectives and the adverse events requiring continuity plans
  • Management commitment to continuity planning and improvement
  • Description of the organization's risk appetite

In order to develop a strategy, it may be necessary to make use of general good practices, such as ISO 22300.

Requirements about information security continuity
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
7
requirements

Task is fulfilling also these other security requirements

17.1.1: Planning information security continuity
ISO27 Full
VAR-02: Jatkuvuusvaatimusten määrittely
Julkri
5.29: Information security during disruption
ISO27k1 Full
24: Jatkuvuudenhallinnan kuvaus
Sec overview
1. Task description

The organization should define requirements for the continuity of information security management during a crisis or disaster.

Information security management can either assume that the requirements are the same in adverse situations as in normal operating conditions, or seek to determine separately the security requirements applicable to adverse situations.

No items found.