Is ISO 27001 risk assessment good enough for BCM?
Assign topic to the user
Answer: If the information security risk assessment took into account all the risks related to confidentiality, integrity and availability of information, then the chances are adjustments won't be necessary because the purpose of business continuity risk assessment is to find out potential risks related to continuity of operations, which is in most cases nothing else but availability of information. You can read more about this topic here: Can ISO 27001 risk assessment be used for ISO 22301?
I admit there are some exceptions to this rule - e.g. if you have certain equipment which does not contain information (e.g. in the manufacturing process) - this is where additional risk assessment should be made.
Comment as guest or Sign in
Jan 12, 2016