Is business continuity mandatory under ISO 27001?
Yes, organizations must plan for continuity and disaster recovery as part of risk management controls. However, ISO 27001 business continuity requirement is a “generic requirements) and this it is not “prescriptive”. Each organization has the ability to choose a level of business continuity adherence within their own organizations risk tolerance, budget, resources unless they have a Legal, Regulatory or Contractual Agreement that defines the minimum business continuity requirement.
