LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Conflicting management systems

  Quote
Guest
Guest user Created:   Sep 04, 2017 Last commented:   Sep 04, 2017

Conflicting management systems

One of the challenges I have seen in large organizations is when different stakeholder sponsor implementation of ISO22301 and ISO27001 and come up with different versions of policies for the same concept. Also the entire process becomes extremely cumbersome for employees that need to provide feedback multiple times for essentially the same concepts.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 04, 2017
Can there be a single choice between ISO22301 and 27001 for technology companies? Or which one takes the priority and should be implemented first?

Answer: The choice between ISO 22301 or ISO 27001, or which one to implement first will depend on organization's context and its objectives, so there is no definitive answer for this question.

If your scope is just supporting your business processes, you might get more by focusing on implementing ISO 22301.

If your scope handles just digital products, and information technology processes are the core of your organization, the implementing of ISO 27001 would be a better choice.

Regarding the concepts conflicts, the first thing would be for the spons ors to try to reach an agreement about a common version that would satisfy both sets of requirements. If this is not possible, then the situation should be taken to top management for evaluation what should be the best decision (e.g., to decide for a single concept to be used or accept the additional administrative effort that such difference will bring). But considering the current versions of ISO management standards releases after 2012, the integration of concepts shouldn't be hard to achieve.

This article will provide you further explanation about ISO 22301 and ISO 27001 implementation:
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

These materials will also help you regarding ISO 22301 and ISO 27001 implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01-iso-22301-better-implement-together-free-webinar-on-demand/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 04, 2017

Sep 04, 2017

Suggested Topics