Control mapping document

Even though ISO 22301 lists no controls, upon results of the BIA and business continuity risk assessment, practically all controls described in ISO 27001 Annex A may be applicable to ISO 22301 business continuity plans (the exact mapping will depend upon results of the BIA and business continuity risk assessment).

ISO 27001 Annex A has a specific section to ensure the continuity of information security management during adverse situations, as well as the availability of information systems (controls from section A.17).

For more details on this subject, please take a look at these articles:

• Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
• How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
• How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

These materials will also help you regarding ISO 27001 and ISO 22301:

• ISO 27001 vs. ISO 22301 matrix Download a free matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/