14. Business Continuity Management


14.1 Information Security Aspects of Business Continuity Management

Control objective: to counteract interruptions to business activities, to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption

    14.1.1 Including information security in the business continuity management process
    A managed process, set out in DOC 14.1, has been developed and is maintained for business continuity throughout the Organisation; it addresses the information security requirements needed for the Organisation’s business continuity

    14.1.2 Business continuity and risk assessment

    Events that can cause interruptions to business processes are identified as set out in DOC 14.2, along with the probability and impact of such interruptions, and the risk assessment process (DOC 4.4) is extended to apply to business continuity risks. These risk assessments drive the business continuity planning framework (DOC 14.3)

    14.1.3 Developing and implementing continuity plans including information security

    The Organisation’s Business Continuity Plan is developed in line with DOC 14.1 and is set out in DOC 14.3. It enables the Organisation to maintain or restore operations and ensure availability of information at the required level and in the required time scales following interruption to, or failure of, critical business processes

    14.1.4 Business continuity planning framework
    A single framework (as described in DOC 14.1) of business continuity plans is maintained to ensure that the plan and all its sub-plans are consistent, to consistently address information security requirements, and to identify priorities for testing and maintenance

    14.1.5 Testing, maintaining and re-assessing business continuity plans
    Business continuity plans are tested and updated regularly, in line with the requirements of DOC 14.4, to ensure that they are up to date and effective

    Shaikh Salman Mohammed Al-Khalifa Mohammed Al-Amer
    Director General of IT President of CIO

    ____________________________ _______________________________


    08 November, 2007
    ____________________________ _______________________________

    Change history

    Issue 1 08 November, 2007 Initial issue