ICT continuity plans should be given a great deal of attention, including regular testing and evaluations, and approval by senior management.Organisational structures need to be up to date and widely communicated, to facilitate adequate communication and speed up recovery times. Organisations need to maintain a robust chain of command that includes competent individuals with the ability to make authoritative decisions on technical matters related to business continuity and RTO adherence. ICT incidents often require quick decisions to be made relating to information security by senior members of staff, in order to expedite recovery.Within the scope of ICT continuity plans, Control 5.30 outlines three main guidance points: Once a strategy has been agreed, specific processes and plans should be put in place to ensure that ICT services are resilient and adequate enough to contribute towards recovery of critical processes and systems, before, during and after disruption. Organisations should undergo a risk assessment that evaluates their ICT systems and forms the basis of an ICT continuity strategy (or strategies) that bolsters recovery prior to, during and following a period of disruption. Within their BIA, organisations should be able to specify precisely what ICT services and functions are required to achieve recovery, including individual performance and capacity requirements. Organisations should use two key variables to formulate an agreed-upon RTO, that sets clear goals for resumption of normal operations:
Processes and procedures created through Control 5.30 should be drafted following a thorough BIA, that considers how an organisation needs to react when experiencing operational disruption.Ī BIA should make use of differing impact types and organisation-specific variables to gauge how business continuity will be affected, should any or all products and services be rendered unavailable or inoperable, due to any level of disruption.
0 kommentar(er)
