Information Backup: A backup policy is required. Backups should cover not only information, but software and configurations to ensure in the case of corruption, loss or unauthorised changes, the system can be rolled back either in entirety or piecemeal depending on the nature of the security incident.
Backup procedures should be tested not only for completion, but effectiveness. A date and time check is not enough, ensure files as part of the back up, even as test files can be retrieved, viewed and installed on dummy equipment to your satisfaction. Records of backups as part of a schedule should be kept as well as tests. Backups should be stored separately from the operation location to minimise correlated risks. The backups should be stored with same level of protection as the operating data. Where appropriate, backups should be encrypted. Retention of data should be consistent with the requirements of the business and any local regulations.
Business continuity plans should take account of the time required to perform full system restores, which may require a diverse operation across multiple sites.
Continue your reading onISO 27002 controls with Activity Logging and Monitoring here: https://activaconsulting.co.uk/iso-27002-controls/12-4-logging-monitoring/