Integration of 22301 and 27001 - common policies
We have already implemented ISMS in our organization and work on BCMS implementation. Is it a good idea to add selected BCM contents to existing ISMS policies? I mean to update create one main policy with general contents dedicated to IS and BCM (inc. context ect.) to have Information security and Business Continuity Policy - main document. Then one detailed policy for BCM and IS events, which clearly describes who and how manage such incidents. Our priority is to have one integrated system covering ISM and BCM, not two separated management systems. Thanks for your advice
Assign topic to the user
Considering ISO 27001 and ISO 22301, which have a lot of requirements in common, it is perfectly possible to integrate some documents. In fact, this can bring many benefits, like decreased costs in implementation, maintenance, and internal audits.
This article will provide you a further explanation about integrated implementation:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
This material will provide further information:
- Free webinar – ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
This material will provide information about overlaps:
- ISO 27001 vs. ISO 22301 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
Comment as guest or Sign in
Sep 24, 2020