Indicator |
Risk description |
Possible solutions |
References |
Requirements for record keeping /archiving |
Inability to readily undertake an audit due to the loss of information or bad archiving. Lack of back-up routines. Lack of satisfactory procedures for the archiving of the applicant’s records and information. Deliberate destruction or loss of relevant information |
the presentation of an ISO 27001 certificate demonstrates high standards in IT security; procedures for back-up, recovery and data protection against damage or loss; contingency plans to cover systems disruption/failure; procedures for testing back-up and recovery; save the customs archives and commercial documents in secure premises; have a classification scheme; adhere to archive legal deadlines. Backups should be done daily, on either incremental or full basis. Full backups should be done at least once a week. Minimum of three latest consecutive backups should be available at all times. Backups are preferably done remotely through an electronically secure method on a storage facility located at least 300 meters away. Encryption key should also be backed up and stored away from the storage facility. |
ISO 9001:2015, section 6 ISO 27001:2013 ISO norms for standards in the IT security |