If you answered yes to the previous question, Do you run the drills at least annually which includes the recovery of scoped data?
A.17.1.2 Implementing information security continuityHas the Organization documented processes, procedures and controls that are regularly maintained and implemented to ensure an appropriate level of business continuity during an adverse situation?
A.17.1.3 Verify, review and evaluate information security continuityAre information security continuity controls reviewed at regular intervals to ensure that they are valid and effective during adverse situations?
A.17.2.1 Availability of information processing facilitiesHas consideration been given to the resilience of information systems and where availability cannot be guaranteed using existing systems architecture, redundant components or architecture to guarantee business continuity?
A.16.1.4 Assessment of and decision on information security eventsIs there a procedure for assessing information security problems and issues and classifying them as information security incidents?
A.16.1.5 Response to information security incidentsAre there documented procedures in place for responding to an information security incident?
A.16.1.7 Collection of evidenceAre procedures for the identification, collection, acquisition and preservation of information which can serve as evidence documented and known by staff?
A.17.1.1 Planning information security continuityHas the Organization determined its requirements for information security and the continuity of information security management in adverse situations?
A.16.1.1 Responsibilities and ProceduresHave management responsibilities and procedures been established to ensure a quick, effective and orderly response to information security incidents?
A.16.1.2 Reporting Information Security EventsDoes a formal reporting procedure exist to report security incidents through appropriate management channels as quickly as possible?