Information Security Continuity Process
Details
| Date | Version | Status | Information Classification | Document Template ID | Document No |
|---|---|---|---|---|---|
| 10-01-2020 | 1.0 | Approved | Internal | AMS DOC |
Revision History
| Date | Version | Description | Author | Reviewed by | Approved by | Approved date |
|---|---|---|---|---|---|---|
| 30-10-2019 | 1.0 | Initial Version | Shaila | Shaila, Usha | Suresh | 20-01-2020 |
Acronym Used
| Acronym | Expanded Form |
|---|---|
| AMF | Antares Management Forum |
| CISO | Chief Information Security Officer |
Introduction
The purpose of this standard is to establish ASL's obligation to ensure information continuity within its business continuity management systems and processes.
Scope
It is the responsibility of any ASL departmental representative developing or contributing to business continuity plans for their area to ensure that the continuity of information security is embedded within those plans
ISO27001 Control Reference
A.17.1.1 Planning information security continuity
A.17.1.2 Implementing information security continuity
A.17.1.3 Verify, review and evaluate information security continuity
A.17.2.1 Availability of information processing facilities
Key Practices & Responsibility
The key practices and responsibilities are as follows:
| Srl. | Key Practice | Responsibility |
|---|---|---|
| Planning information security continuity | AMF | |
| Implementing information security continuity | AMF | |
| Verify, review and evaluate information security continuity | CISO | |
| Redundancies | Head-IT |
Key Practice Details
Planning information security continuity
- Information security management will remain the same in adverse situations as in normal operational conditions and these requirements will be considered when planning for business continuity and disaster recovery.
Implementing information security continuity
ASL Business continuity plan will contain processes and procedures to ensure the continuity of information security which include:
Having an adequate management structure in place to prepare for, mitigate and respond to a disruptive event using personnel with necessary authority, experience and competence;
Establishing incident response personnel with necessary responsibility, authority and competence to manage an incident and maintain information security;
Documenting and obtaining approval for a plan, response and recovery procedures that detail how the department or other entity will manage a disruptive event and will maintain its information security;
Developing mitigation steps for information security controls that cannot be maintained during an adverse situation.
Verify, review and evaluate information security continuity
- The company as a whole and departments individually will verify information security continuity controls at regular intervals to ensure that they are valid and effective during adverse situations. Information security continuity will be verified by conducting exercises and testing.
Redundancies
- Information redundancy will help ensure that availability requirements meet the needs of the company. Redundancies will be tested to ensure the failover from one component to another works as intended. Because redundancies can introduce additional risks to the integrity and confidentiality of information systems, appropriate controls will be considered in the design of these systems.
References
| Srl. | Document/Section Name |
| ASL Business Continuity Plan |