Exam focus
A.5.29 asks whether security remains appropriate during disruption. A.5.30 asks whether ICT can recover against business continuity objectives.
Topic Summary
A.5.29 and A.5.30 are related but not interchangeable. One protects security during disruption; the other ensures ICT availability and recovery capability.
Key Concepts
| Control | Exam cue |
|---|---|
| A.5.29 | Security requirements must be built into crisis, continuity, and recovery planning |
| A.5.30 | ICT continuity must be planned, implemented, maintained, and tested |
Common Exam Traps
- Treating continuity as availability only.
- Treating backups as sufficient ICT readiness.
- Ignoring supplier continuity arrangements.
- Defining RTO/RPO values without business input.
- Restoring services without preserving confidentiality, integrity, access control, logging, and evidence.
Related Notes
- Iso27001
- Exam
- Continuity
Note Metadata
Source: 09-Exam-Preparation/EXAM-012-Continuity-Security-and-ICT-Readiness.md