Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Is ISO 27001 risk assessment good enough for BCM?

When the risk assessment for the BCM will performed by the ISRM (Information Security Risk Management) Department according to ISO 27001 for the BCM department followed the ISO 22301 and GPG (Good Practice Guide), some adjustments are necessary. Isn't it?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Answer: If the information security risk assessment took into account all the risks related to confidentiality, integrity and availability of information, then the chances are adjustments won't be necessary because the purpose of business continuity risk assessment is to find out potential risks related to continuity of operations, which is in most cases nothing else but availability of information. You can read more about this topic here: Can ISO 27001 risk assessment be used for ISO 22301?

I admit there are some exceptions to this rule - e.g. if you have certain equipment which does not contain information (e.g. in the manufacturing process) - this is where additional risk assessment should be made.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community