Difference in business continuity in 27001:2005 and 27001:2013
Assign topic to the user
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The difference in business continuity between 2005 and 2013 revision of ISO 27001 is the following:
2005 revision required the business continuity to be implemented in the whole scope of the ISMS
2013 revision requires the business continuity to be implemented only to the information security aspects of the ISMS - i.e. only for security processes and technology - therefore, the new revision requires less work to be done for business continuity
It is true that by implementing business continuity for ISO 27001 the company does not automatically get ISO 22301, however it is my opinion that it does make sense to implement both of this standards together. The reason for this is that ISO 27001 does not provide any methodology for the business continuity implementation, while ISO 22301 offers very good methodology for it; further, these two standards are high ly compatible, and the implementation of ISO 22301 as part of the ISO 27001 requires perhaps only 10% extra effort.
See also this webinar: ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
Comment as guest or Sign in
Jan 12, 2016