ISO 27001 Information security during disruption is a guideline about keeping information safe when things go wrong. It’s about being ready for problems like a power outage or a bad storm. The main goal is to make sure your work can still get done and that your important information doesn’t get lost or stolen, even during an emergency. This rule helps companies make a plan to deal with disruptions.
Examples
- A big storm hits the area. The company can’t get to their office. The plan would tell them how to work from home and get to their computer files on the internet.
- A computer virus attacks the network. The plan would tell the company how to quickly disconnect the infected computers so the virus can’t spread. It would also explain how to use a backup to get things working again.
Context
This rule is a small part of a bigger set of rules called ISO 27001. This bigger set of rules is all about keeping information secure. Think of it like a guidebook for a company to follow so they can protect their information. ISO 27001 Information security during disruption is one chapter in that guidebook, specifically for when things go wrong.
Relevant ISO 27001 Controls
The following controls from the ISO/IEC 27001:2022 standard are related to information security during disruption:
- ISO 27001 Annex A 5.29 Information Security During Disruption: this is the main ISO 27001 control for Information security during disruption.