ISO 22301 and the risk assessment

I am interesting in buying the ISO 22301 toolkit, but i am wondering why the Risk assessment is not included in the toolkit despite RA is essential part of Business Continuity.

Answer:
You are right, the Risk Assessment is essential part of Business continuity, but this does not mean that you need a specific document for example for the Risk Assessment methodology (in ISO 27001 it is mandatory). In ISO 22301 only is mandatory to have documented the results of risk assessment (clause 8.2.3), and you can merge it with the results of the Business impact analysis through the Business continuity strategy. If you want to know the list of mandatory documents of ISO 22301, this article can be interesting for you “Mandatory documents required by ISO 22301” : https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/

So, in our ISO 22301 Toolkit we do not have a specific template related to the Risk Assessment, but we reference the risk management in our template about the Business continuity strategy (section 3.2) . You can see a free version of our template here clicking on “Free Demo” tab “Business Continuity Strategy” : https://advisera.com/27001academy/documentation/business-continuity-strategy/ (you can summarize the results of the Business impact analysis and Risk assessment in the Business continuity strategy).

Anyway, if you are interested in the risk assessment, you can also use our Risk assessment methodology (included in the ISO 27001 Toolkit) “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/, and this article can be also interesting for you “Can ISO 27001 risk assessment be used for ISO 22301?” : https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/