Expert Advice Community

Guest

22301 implementation with scope of IT department only

  Quote
Guest
Guest user Created:   Feb 18, 2021 Last commented:   Feb 18, 2021

22301 implementation with scope of IT department only

Dejan, I have a client who would like to implement ISO 22301:2019 and certify but only within the IT department initially (they might want to extend the scope in the future). My question is: would they be able to do this if they only consider the products and services offered by the IT department to its internal customers within the rest of the company OR do they have to consider the products and services of that the company delivers to its external customers.

My question is about a process for conducting a BIA

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 18, 2021

First is important to note that certifying only IT department is very uncommon for ISO 22301, because in general it does not represent any business core activities (i.e., it does not deliver products and/or services to business customers).

To go for this approach of certifying only the IT department, you need to take into account all the services it provides as an IT department - to both internal and external users. 

So, in your BIA you need to consider all products and services provided to both internal and external users.

These articles can provide some tips about performing BIA:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/

These materials will also help you regarding BIA:
- Implementing Business Impact Analysis according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
- Book Becoming Resilient, The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Quote
0 0
Guest
Dave Dodge Feb 18, 2021

Thank you, that is very informative and really helpful.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 17, 2021

Feb 18, 2021

Suggested Topics

Guest user Created:   Mar 13, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   May 14, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 stakeholders

Guest user Created:   Jun 11, 2019 ISO 27001 & 22301
Replies: 1
0 0

Questions about ISO 22301