Establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.

Include information security continuity in the organization’s business continuity management systems.