Hi
I have implemented BCMS with one department/business unit as the scope and got certified as well. Now I am increasing my BCMS scope and I am done with the BIA with another dept. and now I am ready to make the strategy and plan for them. I need clarification on below points. I have initially made the BC strategy document for the business unit and is specific to them
Do I need to edit the same BC strategy document and add BC strategy for a new business unit or can I create a new BC strategy document for each department?
Do I need to write the workaround of the processes/activities which I recognise in BIA conducted with the departments, in the BC plan?
Can I have a single document of both the BC strategy and plan in a single document for each business unit?
Please advice
Thanks
Assign topic to the user
Do I need to edit the same BC strategy document and add BC strategy for a new business unit or can I create a new BC strategy document for each department?
ISO 22301 does not prescribe how documents need to be developed, so organizations are free to develop them as best to fulfill their needs.
You can create a new BC strategy document for the new department, but you should evaluate if the effort to review and maintain two separate documents are worthy.
Both single and separated documents are accepted approaches. A single document is better to centralize strategies and make systemic review easier, but it can become too big and complex document to handle, while separated documents are easier to handle, but increases the administrative effort to review and maintain them.
A mixed approach would be to create a document with parts that are common for all strategies and then create separate documents with only the specifics of each department.
This article will provide you an idea about developing one o several documents:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
This material can also help you with the business continuity strategy:
- Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/
Do I need to write the workaround of the processes/activities which I recognize in BIA conducted with the departments, in the BC plan?
I'm assuming that by "workaround" you mean a temporary fix to be used as a bypass of a recognized problem.
ISO 22301 requires you to create strategy/solutions and BC plans based on the BIA results - therefore, this should not be a workaround, rather it should be the update of those documents (if you already have them).
These articles will provide you an idea about developing BCPs:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
- How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
This material can also help you with the business continuity plan:
- Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
Can I have a single document of both the BC strategy and plan in a single document for each business unit?
This is acceptable considering compliance with ISO 22301, but during a disruption, you will need rather short and clear documents to execute (i.e. the BC plans), and if such documents also include the BCP strategy they will become unnecessarily complex and will be difficult to execute.
Additionally, you also should evaluate if the effort to review and maintain two separate documents is worthy, and sometimes the business continuity strategy contains sensitive information that should not be shared together with the BCP document.
Comment as guest or Sign in
Mar 18, 2020