ISO/IEC 27001 Control 5.30: ICT readiness for business continuity

ICT readiness should be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint can be used to quickly prepare replacement system in case of disruption. Pre-configure emergency access control can be used during incident response.

MidPoint is designed to work with systems (identity resources) that are not constantly available. Operations are re-tried, resource can be explicitly configured for maintenance mode, synchronization capability can be used to restore data consistency. Provisioning consistency capability of midPoint automatically corrects all inconsistencies it discovers, which can be used to gradually recover from disruption. Auto-scaling capability can provide resilience to unexpected load peaks. Should there be a need to create a replacement system during disruption, midPoint RBAC mechanisms together with efficient provisioning engine can be used to quickly and automatically grant access to the replacement system, maintaining appropriate access levels for individual users. E.g. midPoint can quickly provision access to a new application in case that an existing cloud application is disrupted. MidPoint identity repository contains copies of identity data, which can be used to quickly restore the data to any application. Policy-driven RBAC mechanism can be used to activate pre-configure emergency access control during disruption, providing controlled and panic-free elevation of privileges for incident responders.