Guest user Created: Apr 13, 2016 Last commented: Apr 13, 2016

Certify ISO 22301 methodology?

I do have one question though, as a former auditor have you come across an organization that only wanted to certify their ISO 22301 methodology? From what I understand it's the whole company that is being certified. In other words, could an auditor certify just a process (eg. BCP)/methodology being used to implement BCP?

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Apr 13, 2016

Answer:
I am not sure if I have understood your question but an organization cannot certify only a methodology, for example their ISO 22301 methodology, can certify a system (Business Continuity Management System - BCMS) based on ISO 22301, which is used for the management of the continuity of products, services, and all related activities of the business, so, really you can certify products, services and all related activities of the business of the organization, using ISO 22301 and their elements (BCP, BIA, RA, etc).

And effectively, you can certify the whole organization, although it is not mandatory, I mean you can also limit the scope (what products, services, activities will be included in the scope).

For the definition of the scope you need to identify other elements (internal and external issues, interfaces and dependencies, etc.), so this article can help you (talks about ISO 27001 but is similar to ISO 22301) “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 13, 2016

Expert Advice Community