Business continuity management questions
Hola, trabajo en consultoría en sistemas de gestión y quiero informarme información en este manual de continuidad del negocio, consultas: que tipo de incidentes pueden disirumpir el negocio? solo hace referencia a la seguridad de la información? o se debe identificar riesgos asociados al negocio especifio. Teniendo en cuenta que viivimos en Uruguay pais donde no hay terremotos ni volcanes, ni nieve solo puede haber una tormenta fuerte, el alcance de esto esta orientado aplanes de emergencia y evacuación y seguridad de la información?
Assign topic to the user
Hello, I work in management systems consulting and I want to inform myself of information in this business continuity manual, queries:
1. what kind of incidents can disrupt the business?
A disruptive incident is any event that can prevent the business to deliver its products or services, or prevent it from achieving its objectives, for an unacceptable period of time. Considering that, without more information about business nature we cannot offer a more precise answer than a natural disaster, or loss of facilities or essential personnel.
For more precise identification, you should perform a risk assessment, to identify unacceptable risks relevant to your business.
For more information, see:
- How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
- Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
2. Does it only refer to information security? or risks associated with the specific business must be identified.
Business continuity refers to any risks that can compromise the business, so it covers not only information security risks but any other risks relevant to the organization (e.g., operational, environmental, etc).
3. Taking into account that we live in XXXX where there are no earthquakes or volcanoes, no snow, there can only be a strong storm is the scope of this oriented emergency planning and evacuation and information security?
Besides natural events, you also have to consider intentional and unintentional man-made events (e.g., strikes, terrorism, vandalism, accidents, etc.)
Comment as guest or Sign in
Feb 20, 2020