We bought your set of documents for the ISO27001 certification and are missing a template for business continuity management.
The auditor requires it (more than the emergency recovery plan) according to A.17.1.
Do you have something we can use?
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First is important to note that, at the document level, to be compliant with ISO 27001:2013 Annex A.17 controls you only need to document disaster recovery plans. Controls from section A.17 do not require a business continuity management document.
In case you consider this auditor observation relevant to your business, the document you should consider is a Business Continuity Plan, and you can take a look at a demo of this document at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/
This article will provide you with a further explanation of Disaster Recovery:
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
Comment as guest or Sign in
Nov 10, 2022