Information Security During Disruption

It is an organizational control requiring organizations to plan and document how they will maintain information security at an appropriate level during an adverse event or business disruption.

It means that even during an outage, core security principles—confidentiality, integrity, and availability—cannot be abandoned. If normal controls fail, alternative or compensating controls must be activated immediately.

While traditional DR and BCP focus on restoring uptime and business operations, ISO 27001 A.5.29 specifically focuses on ensuring that the security of the information is not compromised while those recovery efforts are underway.

Auditors expect to see an information security business continuity plan, a network diagram showing failover states, and evidence of a recent tabletop exercise testing secure recovery procedures. Many organizations use WatchDog Security's Compliance Center to centralize this documentation, map it directly to ISO 27001 A.5.29, and identify missing evidence before the audit.

You must embed security requirements directly into disaster recovery runbooks, enforcing policies like multi-factor authentication and strict access control even in emergency break-glass scenarios.

If an automated physical access badge system fails, a compensating control would be posting a security guard to manually verify IDs and log entry times until the system is restored.

Ensure that backup systems and offline environments are pre-configured with centralized logging and role-based access control, so that emergency administrator actions remain fully auditable.

Incident response mitigates the immediate threat, business continuity maintains operations, and the ISMS ensures that security policies govern both phases so that recovery efforts do not inadvertently expose sensitive data.

Organizations should test their plans at planned intervals, typically annually or after significant organizational or infrastructure changes, using live restore tests or structured tabletop exercises.

Emergency changes must follow a documented emergency change management process, requiring post-incident review and retroactive formal approval by the risk owner to ensure full accountability.

During a disruption, it can be difficult to prove that security controls were maintained and tested as planned. Organizations often struggle to centralize tabletop exercise records, failover test results, and continuity plan approvals in a way that is audit-ready. WatchDog Security's Compliance Center helps by mapping ISO 27001 A.5.29 requirements to documented evidence, collecting artifacts like BCPs and DR test results, and highlighting gaps before an audit, so teams can clearly demonstrate how security is preserved during disruption.

Disruptions sometimes require temporary risk acceptances or emergency configuration changes to restore operations. Without structured tracking, these decisions can be forgotten or left unreviewed, creating lingering exposure. WatchDog Security's Risk Register enables teams to formally log emergency risks, assign owners, define treatment plans, and document post-incident reviews, ensuring accountability and board-level visibility even when decisions are made under pressure.