This article provides an overview of security and business continuity as part of  ISO 27002 compliance.

The objective of information security continuity is to ensure that information security continuity is embedded in the organisation’s business continuity management systems.
Information security continuity:

  1. Planning information security continuity – the organisation should determine its requirements for information security and the continuity of information security management in adverse situations – i.e. during a crisis or disaster.
  2. Implementing information security continuity – organisations should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during adverse situations.
  3. Verify, review and evaluate information security continuity – organisations should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.


Availability of information processing facilities – information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

For more information please contact Morland-Austin at