We are in the process of getting ready for ISO 27001.
We have an Internet link . Lot of our business has dependency on
Internet link being up.
The ISO consultant helping us has been insisting that I buy a spare
router and get a backup Internet link. That obviously means I need to
put some money.
I am not convinced about this need because
- Last 4 years the router has not failed. I am convinced about its resilience
- Internet link service provider has been meeting his SLAs consistently
My question is
- Is the ISO 27001 auditor going to question my above conviction. Is
redundancy a mandatory requirement or can I document that as an
acceptable risk[ or something else]?
We are in the process of getting ready for ISO 27001.
We have an Internet link . Lot of our business has dependency on
Internet link being up.
The ISO consultant helping us has been insisting that I buy a spare
router and get a backup Internet link. That obviously means I need to
put some money.
I am not convinced about this need because
- Last 4 years the router has not failed. I am convinced about its resilience
- Internet link service provider has been meeting his SLAs consistently
My question is
- Is the ISO 27001 auditor going to question my above conviction. Is
redundancy a mandatory requirement or can I document that as an
acceptable risk[ or something else]?
[ reply ]