ISO 27701 Clause 6.14: Safeguarding Information Security Continuity

Continuity planning, in a nutshell, means ensuring that an organisation is able to carry on doing business when problems arise and privacy information – or entire information processing facilities – becomes compromised or unavailable.

Business continuity is closely linked to backup and disaster recovery (BUDR) – a technical ICT concept that encompasses redundancy layers, backups, asset duplication and alerting.

What’s Covered in ISO 27701 Clause 6.14

ISO 27701 focuses on two key areas of continuity management, privacy information security and redundancy, across 4 sub-clauses:

  • ISO 27701 6.14.1.1 – Planning information security continuity (ISO 27002 Control 5.29)
  • ISO 27701 6.14.1.2 – Implementing information security continuity (ISO 27002 Control 5.29)
  • ISO 27701 6.14.1.3 – Verify, renew and evaluate information security continuity (ISO 27002 Control 5.29)
  • ISO 27701 6.14.2.1 – Availability of information processing facilities (ISO 27002 Control 8.14)

Each sub-clause contains guidance information from ISO 27002, applied within the context of privacy information security.




Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo



ISO 27701 Clause 6.14.1.1 – Planning Information Security Continuity

References ISO 27002 Control 5.29

Organisations should consider privacy information security as an integral part of broader business continuity management procedure.

ISO asks organisation to focus on two key areas when formulating business continuity plans:

  1. Loss of confidentiality
  2. The integrity of information

Privacy information security integrity should be maintained at all times. Should PII or privacy-related assets become compromised in any way, organisations should do as much as they can to restore them in a timely and efficient manner, and to the same pre-disruption levels.

Organisations should:

  • Operate with generalised privacy information security controls that work in harmony with business continuity plans.
  • Adhere to processes that maintain privacy information security controls throughout periods of disruption or loss of business.

If it’s not possible to sustain privacy information security controls at any given time (especially during periods of disruption), organisations should enact ‘compensating’ controls that strive to achieve as high a level of information security as is possible.

ISO 27701 Clause 6.14.1.2 – Implementing Information Security Continuity

References ISO 27002 Control 5.29

See ISO 27701 Clause 6.14.1.1

ISO 27701 Clause 6.14.1.3 – Verify, Renew and Evaluate Information Security

References ISO 27002 Control 5.29

See ISO 27701 Clause 6.14.1.1




Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo



ISO 27701 Clause 6.14.2.1 – Availability of Information Processing Facilities

References ISO 27002 Control 8.14

Organisations should strive to ensure that business services and privacy information systems are operable at all times.

ISO recommends duplication as a redundancy mechanism – organisations should keep an inventory of spare parts, duplicate hardware and software components, spare network devices and peripherals that are able to be swapped out for malfunctioning assets across the network.

Alerts should be setup to first identify failed privacy information processing facilities, and for alternate systems to be brought as quickly as possible.

Organisations should:

  • Ensure an ongoing relationship with two separate service providers, reducing the risk of downtime.
  • Consider redundancy measures when designing and implementing networks, such as multiple domain controllers and BUDR plans.
  • Use geographically separate locations for backups and associated data services.
  • Utilise well-known industry techniques such as load balancing and automatic failover between two identical redundant software components or systems.
  • Regularly test redundancy measures to ensure they’re able to meet business requirements when called upon.
  • Operate with duplicate storage components (RAID arrays, CPUs), and network devices with congruous firmware versions.

Supporting Controls From ISO 27002 and GDPR

ISO 27701 Clause Identifier ISO 27701 Clause Name ISO 27002 Requirement Associated GDPR Articles
6.14.1.1 Planning Information Security Continuity
5.29 – Information Security During Disruption for ISO 27002
None
6.14.1.2 Implementing Information Security Continuity
5.29 – Information Security During Disruption for ISO 27002
None
6.14.1.3 Verify, Renew and Evaluate Information Security Continuity
5.29 – Information Security During Disruption for ISO 27002
None
6.14.2.1 Availability of Information Processing Facilities
8.14 – Redundancy of Information Processing Facilities for ISO 27002
None

How ISMS.online Helps

Our ISMS.online solutions make it easy for organisations to achieve project oversight, ensuring that the data controller and processor policies and procedures are in line with the ISO standard.

Our online system also ensures that system implementers have a single place for reference and collaboration. Our Assured Results Method (ARM) enables you to be confident that you are ticking all the boxes you need to comply with the standard.

Find out more by booking a hands on demo.


Jump to topic

Max Edwards

Max works as part of the ISMS.online marketing team and ensures that our website is updated with useful content and information about all things ISO 27001, 27002 and compliance.

ISMS Platform Tour

Interested in an ISMS.online platform tour?

Start your free 2-minute interactive demo now and experience the magic of ISMS.online in action!

Try it for free

We’re a Leader in our Field

Users Love Us
Leader Winter 2025
Leader Winter 2025 United Kingdom
Best ROI Winter 2025
Fastest Implementation Winter 2025
Most Implementable Winter 2025

"ISMS.Online, Outstanding tool for Regulatory Compliance"

-Jim M.

"Makes external audits a breeze and links all aspects of your ISMS together seamlessly"

-Karen C.

"Innovative solution to managing ISO and other accreditations"

-Ben H.

DORA is here! Supercharge your digital resilience today with our powerful new solution!