SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 22301 - 4.2.2

  Quote
Guest
Guest user Created:   Feb 21, 2022 Last commented:   Feb 21, 2022

ISO 22301 - 4.2.2

I have attended a number of your webinars and on many occasions, you have provided additional references for the implementing ISO 22301/27001.  We are in the process of implementing ISO 22301. In my experience, I have not implemented or worked on the full scope of an ISO 22301 implementation as we are doing now at ***.  The Project Manager here has requested: Activate your network to seek for someone working in a company that is ISO 22301 (preferably) or 27001 certified who'd accept to tell us how 4.2.2 was implemented 4.2.2 Legal and regulatory requirements The organization shall: a)   implement and maintain a process to identify, have access to, and assess the applicable legal and regulatory requirements related to the continuity of its products and services, activities and resources; b)   ensure that these applicable legal, regulatory and other requirements are taken into account in implementing and maintaining its BCMS; c)   document this information and keep it up to date. I have not worked for a company that has achieved certifications. In my experience this information was identified as we worked through BIAs, BCPs, DRPs, etc. We have already done some identification of legal and regulatory requirements in an initial discovery for developing the Context of the Organization. Obviously this is not a one-and-done effort, but we have not developed a process. Would you be able to share any insights/information on this?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 21, 2022

To see a procedure that covers the identification of requirements compliant with ISO 22301, please take a look at this demo: Procedure for Identification of Requirements https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/

The purpose of this document is to define the process of identification of interested parties, as well as statutory, regulatory, contractual, and other requirements related to information security and business continuity, and responsibilities for their fulfillment.

This article will provide you a further explanation about the identification of requirements (the same concepts apply to ISO 22301):

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 21, 2022

Feb 21, 2022

Suggested Topics