Communication plans requirements
Assign topic to the user
Answer: No. Both ISO 27001 and ISO 22301 require that communication requirements must be determined, but the implementation is up to the organization. So, in some cases you may have a single communication plan for multiple processes and teams (e.g., communication by Intranet), and in others you may have specific plans for specific situations (e.g., communication plan for a project or a communication plan that is part of a disaster recovery plan).
For smaller companies you can include rules for communication without emphasizing that this is a Communication plan - e.g. in the Incident management procedure you can simply define who has to notify whom through which means, and this will be completely enough.
These articles will provide you further explanation about communications requirements:
- How to create a Communication Plan according to ISO 27001 https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Enabling communication during disruptive incidents according to ISO 22301 https://advisera.com/27001academy/blog/2016/12/19/enabling-communication-during-disruptive-incidents-according-to-iso-22301/
These materials will also help you regarding communication:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Aug 04, 2017