Expert Advice Community

Guest

Business Continuity policy for the whole organization

  Quote
Guest
Guest user Created:   Jan 09, 2016 Last commented:   Jan 09, 2016

Business Continuity policy for the whole organization

0 0

Assign topic to the user

Assign

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Jan 09, 2016
I have a Business Continuity policy for the whole organisation. I want to certify to ISO 22301 for only PART of the organisation. Do I modify the existing policy or do I create a new one?

Answer:
From my point of view it is not a problem for the standard ISO 22301, so you can maintain the Business Continuity Policy for the whole organization (as a best practice for all units, areas, departments, although the requirements of the ISO 22301 will be mandatory only for the part involved in the scope of the system). Keep also in mind that our recommendation is that in the future you expand the scope of your system implemented to all the organization, because generally it is more easy for the management. So, a Business Continuity Policy for the whole organization can be the first step for this scenario. Anyway, if your organization is not interested in the expansion of the system, the best for me would be to create a new document, based in the existing document, adapting it to the limited scope.

This article can be interesting for you (altho ugh is related to ISO 27001, the most of the article can be also applied to ISO 22301) “Problems with defining the scope in ISO 27001” : http://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 09, 2016

Jan 09, 2016