I've received this question: When implementing ISO 27001, how deep we have to go in Business Continuity (16)?. Is it the same as implementing a hole Business Continuity Project, or something lighter?.
Answer: When implementing business continuity according to ISO 27001, you could implement a "lighter" version that would focus only on developing a disaster recovery plan (for recovering your IT infrastructure), and a recovery plan for your information security functions. This means you do not have to implement the whole business continuity project according to ISO 22301.
However, I would argue that it would make much more sense to implement a full business continuity project according to ISO 22301 as part of your ISO 27001 project - this is because of the following:
1) This would add perhaps only 10% of additional effort to your ISO 27001 project
2) You would implement two standards (both ISO 27001 and ISO 22301) with only little additional cost
3) You can ensure the continuity of your business operations only by doing this full business continuity project - complying wi th the minimum that is set in ISO 27001 wouldn't be enough.
You can find out more in this webinar: ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
By the way, ISO 27001:2013 defines the controls for business continuity in Annex A, section A.17.
Answer: When implementing business continuity according to ISO 27001, you could implement a "lighter" version that would focus only on developing a disaster recovery plan (for recovering your IT infrastructure), and a recovery plan for your information security functions. This means you do not have to implement the whole business continuity project according to ISO 22301.
However, I would argue that it would make much more sense to implement a full business continuity project according to ISO 22301 as part of your ISO 27001 project - this is because of the following:
1) This would add perhaps only 10% of additional effort to your ISO 27001 project
2) You would implement two standards (both ISO 27001 and ISO 22301) with only little additional cost
3) You can ensure the continuity of your business operations only by doing this full business continuity project - complying wi th the minimum that is set in ISO 27001 wouldn't be enough.
You can find out more in this webinar: ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
By the way, ISO 27001:2013 defines the controls for business continuity in Annex A, section A.17.
Assign topic to the user
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016