Could you kindly confirm me that for obtaining the ISO 27001 CERTIFICATION for organization Business impact analysis and BCP document aligned to IT service and recovery is mandatory.
Answer:
The Business Impact Analysis is not mandatory in the implementation of an ISO 27001 (although can be a best practice), regarding the BCP document, yes, is mandatory to have Business continuity procedures, and you can include on this a Business Continuity Plan, or a Disaster Recovery. You can also use ISO 22301 for the implementation of business continuity in ISO 27001, so this article can be interesting for you How to use ISO 22301 for the implementation of business continuity in ISO 27001 : https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
And there is a list of mandatory document, you can see it here List of mandatory documents required by ISO 27001 (201 3 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Comment as guest or Sign in
Jan 13, 2016