Business continuity on ISO 27001 implementation
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Because in the statement of applicability it includes business continuity under A.17. Would I just find all of A.17 to be not applicable? We have a disaster recovery plan already. And from ISO we have the incident management procedure. We also have an RCA (root cause analysis) on incidents we have had in the past and the actions we took. Also, I cannot seem to find the Business Continuity procedure in comformio. Which business continuity document is mandatory if found applicable in the SOA?
Answer: There is no need to implement business continuity according ISO 22301 if you are doing only ISO 27001. The Information security aspects of business continuity management referred in the statement of applicability under section A.17, if such controls are deemed as necessary to your ISMS implementation, can be fulfilled by the disaster recovery plan included in your toolkit.
This article will provide you further explanation about business conti nuity and ISO 27001:
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
Comment as guest or Sign in
Jan 13, 2018