Content library
Julkri: TL IV-I
VAR-03: Jatkuvuussuunnitelmat

How to fill the requirement

Julkri: TL IV-I

VAR-03: Jatkuvuussuunnitelmat

Task name
Priority
Status
Theme
Policy
Other requirements
Creating and documenting continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

T05: Jatkuvuuden hallinta
Katakri
17.1.2: Implementing information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-9: Response and recovery plans
NIST
RC.RP-1: Recovery plan
NIST
1. Task description

Sometimes an unexpected event, such as a fire, flood, or equipment failure, can cause downtime. In order to be able to continue operations as quickly and smoothly as possible, continuity planning is carried out, i.e. planning the operations in advance for these exceptional situations.

Each continuity plan shall contain at least the following information:

  • Event for which the plan has been made
  • Goal for recovery time
  • Responsible persons and related stakeholders and contact information
  • Planned immediate actions
  • Planned recovery steps
Communication to stakeholders on continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

VAR-03: Jatkuvuussuunnitelmat
Julkri
34: Sidosryhmien välisen viestinnän mahdollistaminen
Sec overview
21.2.c: Business continuity and backups
NIS2
CC2.3: Communication with external parties
SOC 2
CC7.5: Recovery from security incidents
SOC 2
1. Task description

The organization shall have procedures in place to communicate effectively with stakeholders and other participants during continuity plans and survival procedures.

Communication plans related to continuity plans shall include:

  • Responsible persons, related stakeholders and other necessary contact information
  • Clear criteria for the situation where continuity communication will be implemented
  • A clear description of the staff implementing the continuity communication in each situation and the recipients to whom the communication will be sent
  • References to the templates and tools to be used
Defining the organization's continuity strategy
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

VAR-03: Jatkuvuussuunnitelmat
Julkri
24: Jatkuvuudenhallinnan kuvaus
Sec overview
Article 11: Response and recovery
DORA
5.2.8: IT service continuity planning
TISAX
1. Task description

The organization must maintain a top-level strategy for continuity planning. The strategy should include at least:

  • Guidelines for defining continuity planning recovery time objectives and the adverse events requiring continuity plans
  • Management commitment to continuity planning and improvement
  • Description of the organization's risk appetite

In order to develop a strategy, it may be necessary to make use of general good practices, such as ISO 22300.

No items found.