Expert Advice Community

Guest

Implementing ISMS and BCMS

  Quote
Guest
Guest user Created:   Mar 02, 2019 Last commented:   Mar 02, 2019

Implementing ISMS and BCMS

1. If I need to implement ISMS and BCMS, which one comes first ISMS or BCMS?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 02, 2019

Answer: The order of implementation will depend on your needs. If your priority is information protection, then you should go first for an ISMS. On the other hand, if your priority is to ensure processes and services delivery under disruptive conditions, then you should go first for a BCMS. It is important to note that if you use as basis for these systems the standards ISO 27001 (for information security) and ISO 22301(for business continuity), you can implement parts of these systems simultaneously, because the have many requirements in common.

These materials will provide further information:
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
- How to implement integrated management system https://advisera.com/blog/2015/10/05/how-to-implement-integrated-management-systems/
- Free webinar – ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001-iso-22301-better-implement-together-free-webinar-on-demand/

2 . What is Step by step guidelines if I need to implement both?

Answer: In a general manner, you have these steps:

- Obtain management support
- Develop a project plan
- Define scope (related to each standard)
- Define top level policies (related to each standard)
- Define basic management system procedures (common to both standard)
- Develop specific policies and procedures (related to each standard)
- Implement policies and procedures and train personnel
- Perform internal audit
- Perform management review
- Proceed with corrective actions

The following articles will provide you explanation of the steps to implement both standards:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 02, 2019

Mar 02, 2019

Suggested Topics