Continuity – Recovery of activity

Information System Security Governances and Advice

The links between ISO27001 – ISO22301
Continuity – Information Security

ISO27001 provides requirements for establishment and continuous improvement of an Information Security Management System (ISMS)

ISO 22301 specifies requirements for planning, deploying, implementing and improving a system to reduce the likelihood of a disastrous event (SMCA)

The requirements of ISO22301 in terms of business continuity and THOSE of ISO27001 in terms of information security and Business Impact Analysis are inseparable on this point.

Eg2si offers its expertise precisely on the Information System part of continuity

Thanks to a cross-cutting knowledge of different professions, an in-depth knowledge of the requirements of the ISO standard and an experience of more than 15 years in the management of IT services, we folow you in all these phases.

Key steps 

(Not exhaustive)

Develop its Information Security Management Plan
ISO 27001

Feedback on the keys success of implementing a ISMS :

  • Integrating operational operations into the management of security measures

  • Having a CISO 

  • Create a security committee

  • Establish  RACI matrix

  • Integrate head of compagny

More information
Choosing the perimeter of the ISMS (Plan)

Define the scope, activities and assets on which the SMSI applies, and justify, if necessary, the areas excluded from that perimeter. Identifying discrepancies

Statement of intent

Once the perimeter is delineated, define the information security strategy. This declaration of intent is formalized by a Security Policy drafted and signed by the Directorate General.

Risk analysis approach

Identify risks on the scope of activity by choosing a context-appropriate risk assessment method (Mehari, ebios, iso27005) Validation of the risk treatment plan.

Security Goals (Do)

The risk management plan guides the safety objectives to be achieved. Depending on the risks identified, the safety measures to be applied are framed by project monitoring and steering meetings.

Run ISMS (Check)

All safety measures are reviewed according to the Deming Wheel model: Plan, Do, Check, Act, the basis of continuous improvement.

Monitoring of The ISMS (Act)

Measure the health of WSIS and apply fixes in case.
-Internal aud
it-corrective actions on non-compliances -Man
agement review and approval of the SMSI -Audit
“white” in the event of a certification audit is planned.

Contact Us!

BCMS Methodology
Key steps

(Not exhaustive)

Develop its PCA-ISO 22301 Business Continuity Plan

Continuity management involves managing the resumption of activities in the event of an interruption, managing the process as a whole through the training of the stakeholders involved, exercises and revisions, ensuring the operationality of the BC. They apply the Plan-Do-Check-Act (PDCA) cycle to define, implement, control and improve the system.

More information
Defining a perimeter

This is an essential prerequisite for the implementation of an ACMS. It is organizational, functional, physical.
It allows for the support of the Directorate and to begin mobilizing the parties involved

Documentary control and management

These controls ensure that information is available:
Readable, easily identifiable and traceable,
Stored, protected and available.

Risk mapping

Allows the organization to understand the threats and vulnerabilities that weigh on its critical activities

Business Impact Analysis (BIA)

Identify the organization’s critical activities and the minimum resources needed to operate in degraded mode

Crisis management and continuity strategies

Implementation of the necessary arrangements to manage the crisis situation and resume operations within the target recovery time

Risk Treatment Strategies

For each of the critical activities, it is a matter of identifying measures to:
Reducing the likelihood of occurrence 
Avoiding a sudden halt
Limiting the impact of a shutdown on activities

Business continuity plan

Establish documented procedures to respond to a disruptive incident and continue or re-establish activities within a predetermined time frame.

Test – Continuous Improvement

The business continuity plan implemented has been validated by tests and exercises, updated based on the results obtained.
The tests are used to verify the suitability of the PCA with the requirements related to the activity.