Redundancy of Information Processing Facilities. A detailed overview of what ISO/IEC 27001:2022 requires
In the world of information security, system availability is crucial for ensuring that business operations can continue seamlessly, even in the face of unexpected failures. ISO/IEC 27001 the standard which defines the requirements for an information security management (ISMS), addresses the subject through a control titled Redundancy of Information Processing Facilities. In this blog post, we will explore what this control requires, its purpose, the challenges organizations may face in its implementation and key aspects to consider when implementing it.
What the Control States
The control on redundancy in ISO/IEC 27001 requires that information processing facilities be implemented with sufficient redundancy to meet availability requirements. This means that organizations must design and implement systems that are resilient, ensuring that critical business operations can continue even if one or more components fail.
Redundancy can be achieved by duplicating components, such as servers, storage, networking, and power supplies, or even entire systems, to minimize the risk of downtime. The control emphasizes the importance of creating a backup for critical infrastructure and having a clear plan in place to activate these redundant systems when needed.
The Purpose of the Control
The primary purpose of this control is to ensure availability. The ISO/IEC 27k series of standards regard information security as built on three key pillars: confidentiality, integrity, and availability. Redundancy focuses on the availability aspect, ensuring that systems remain operational even when something goes wrong.
Imagine a scenario where a business-critical system, such as an online banking platform or a hospital’s patient management system, suddenly goes down. If these systems lack redundancy, business operations could come to a halt, resulting in lost revenue, reputational damage, or even putting lives at risk in the case of healthcare facilities. Implementing redundancy helps mitigate these risks by ensuring continuous access to important information and services.
Challenges in Implementing Redundancy
While redundancy is essential for availability, it presents several challenges for organizations, particularly in terms of cost and complexity.
- Resource Allocation: Duplicating entire systems or components can be expensive. For organizations that operate in highly regulated or mission-critical sectors (e.g., finance, healthcare, telecommunications), redundancy may require significant investments in infrastructure, including multiple data centers, redundant power supplies, and parallel networking paths. For smaller businesses, the high costs associated with redundancy can be a barrier to full implementation.
- Balancing Cost with Availability Needs: Not all organizations need “five nines” (99.999%) availability. For instance, a small business that operates primarily offline may not need the same level of redundancy as a bank or hospital. Organizations must carefully assess their availability requirements and allocate resources accordingly. It’s important to strike the right balance between the cost of redundancy and the potential losses from downtime.
- Complex Failover Systems: Having redundant components in place is only part of the solution. The organization must also implement failover procedures that allow for seamless transition to backup systems in case of failure. Ensuring that these failover mechanisms work flawlessly—and are regularly tested—adds another layer of complexity to the redundancy strategy.
- Security of Redundant Components: Another key challenge is ensuring that redundant components are just as secure as the primary ones. If the backup systems are less secure, they can become a weak point in the organization’s overall security posture, potentially exposing sensitive data to risk.
Key Considerations for Implementing Redundancy
When designing and implementing redundancy as part of an ISO/IEC 27001-compliant Information Security Management System (ISMS), organizations should follow the guidelines provided by another key standard, ISO/IEC 27002 and take the following aspects into consideration:
- Understanding Availability Requirements: Organizations need to assess their availability needs based on the nature of their operations. Sectors like banking, healthcare, and e-commerce often require close to 100% uptime, while others may have more flexibility in tolerating downtime. The organization’s availability requirements should dictate the level of redundancy needed.
- Critical Components: Redundancy should be applied to the most critical components—servers, storage, networks, and power supplies. Organizations should ensure that there is no single point of failure that could bring down critical systems.
- Geographic Separation and Redundant Data Centers: For businesses with high availability needs, geographically separated data centers with mirrored systems are a common solution. This ensures that if one data center is impacted by a disaster (such as an earthquake or flood), operations can continue from a backup location.
- Activation and Failover Procedures: It is important to establish clear procedures for activating redundant systems. Organizations should determine whether redundancy is active at all times, or if it is triggered automatically or manually in the event of an emergency. Regular testing of failover mechanisms should be conducted to ensure they work seamlessly in real-world scenarios.
- Monitoring and Alerts: Systems should be in place to monitor the status of information processing facilities and alert the organization in case of failure. This allows for prompt activation of redundant systems, minimizing service disruption.
- Cloud-Based Redundancy: Organizations using cloud services should assess how redundancy is managed within the cloud environment. Many cloud providers offer built-in redundancy features, such as load balancing and automatic failover between regions. It’s important for the organization to understand and evaluate these capabilities as part of its overall redundancy strategy.
- Risks Associated with Redundancy: While redundancy is aimed at ensuring availability, organizations must also consider risks related to data integrity and confidentiality. For example, errors can occur when data is copied between primary and redundant systems, potentially compromising data integrity. Likewise, if the redundant systems are less secure, they could introduce confidentiality risks.
Conclusion
Redundancy plays a vital role in ensuring the availability of critical systems and it requires careful planning, significant resources, and ongoing testing. By understanding its availability requirements, securing redundant components and ensuring failover systems are effective, an can design resilient systems that will keep its operations running smoothly, even in the face of unforeseen disruptions.
We have an online course detailing all the requirements for an information security management system according to ISO/IEC 27001:2022. The course is available on Udemy any you can access it from this link.
Additionally, if you are interested in the guidelines of ISO/IEC 27002 for implementing information security controls we have designed another online course that you can check out here.
If you want to prove your knowledge in the field of Information security management systems, then you should take a look at our online certification offers for ISMS auditors and implementers. All our certification programs are available here.