I m currently setting up our QMS(ISO9001) toward ISO22301. Currently, I m focusing on Clause 8 due to BCMS requirement. I want to simplify this system as much as possible and yet we are still implementing risk management to our system. For risk assessment, we are using SWOT but if needed we will use the Risk matrix system. Using our risk management system, we can check if we need to go further if it hit on the high-risk scale.
1 - Question, am I going on the right path, and what are the pitfalls I may encounter. Some of our processes are relying on digitalize information system and if system fail we rely back to our manual system. We have not decided to go for ISO27001 yet.
2 - Question, am I right to say that we only select such key cases on doing our BCMS and use those cases for the certification of ISO22301.
3 - Final question, I saw the BIA template, it may be complicated for my staff to understand and use them effectively. Question is there any simpler template to use.