I have a Business Continuity policy for the whole organisation. I want to certify to ISO 22301 for only PART of the organisation. Do I modify the existing policy or do I create a new one?
From my point of view it is not a problem for the standard ISO 22301, so you can maintain the Business Continuity Policy for the whole organization (as a best practice for all units, areas, departments, although the requirements of the ISO 22301 will be mandatory only for the part involved in the scope of the system). Keep also in mind that our recommendation is that in the future you expand the scope of your system implemented to all the organization, because generally it is more easy for the management. So, a Business Continuity Policy for the whole organization can be the first step for this scenario. Anyway, if your organization is not interested in the expansion of the system, the best for me would be to create a new document, based in the existing document, adapting it to the limited scope.