ISO 27031 and ISO 27036

For this reason we were also analyzing the implementation of additional ISOs. In particular, we are considering the 4 parts that make up the ISO 27036, specialized in supply chain security, and the ISO 27031 for the BC always in relation to this supply-chain.

As expressed and similarly to what you have already supplied, I wanted to ask you if there is a convenient integration of documentation for ISO 27036 and ISO 27031.

Answer: ISO 27036 (Information security for supplier relationships) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity) provide detailed information regarding implementation of controls from sections A.15 (Supplier relationships) and A.17 (Information security aspec ts of business continuity management) of ISO 27001 Annex A. So to integrate these standards to your implementation you just have to include the details you want in the templates related to these sections (you can find the information about which template covers which section in the List of Document file that comes with your toolkit).

Normally it is very difficult to implement several standards at the same time. I suggest you to start with 27001, and once this one is finished expand the implementation with other mentioned standards.

This article will provide you further explanation about ISO 27031:
- Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/