在ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
**17.2.1 Availability of information processing facilities
Control 控制措施
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.
資訊處理設施宜實作足夠的容錯以符合可用性的要求
Implementation guidance實作指引**
Organizations should identify business requirements for the availability of information systems. Where the availability cannot be guaranteed using the existing systems architecture, redundant components or architectures should be considered.
Where applicable, redundant information systems should be tested to ensure the failover from one component to another component works as intended.
Other information
The implementation of redundancies can introduce risks to the integrity or confidentiality of information and information systems, which need to be considered when designing information systems.
新版的ISO 27001/27002提及要針對資訊處理設施實作足夠的容錯, 以符合可用性的要求. 包括分析業務需求, 如果可用性無法被保證時, 要實作容錯元件或架構, 並確保能容錯移轉(failover).