SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 22301 certification

  Quote
Guest
Guest user Created:   Jun 10, 2020 Last commented:   Jun 10, 2020

ISO 22301 certification

 I have two questions and I hope you can help finding the answers.

1. When looking for certification in *** I realize that there are not really a lot of people with experience in 22301. I talked to *** and they all struggle to find a proper contact to talk to. On the ISO Website, I saw the 2018 survey than resulted in a total of 1128 certifications worldwide and only 7 in ***. Do these numbers seem correct to you? Do you know German companies with a 22301 certification?

2. We realized that a cyber attack is a very likely threat. As Financial Services we rely heavily on our IT department (who is in the process of getting certified by 27001). How can we handle that in the scope of the BC Plan? Is it OK to delegate the responsibility to IT or do we have to come up with our own detailed plans? We need to come up with ideas and plans on what to do when such an incident occurs and how we e.g. bridge the first hours and days, but it is difficult to take ownership for fixing the IT part. How can that be handled?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 10, 2020

1. When looking for certification in *** I realize that there are not really a lot of people with experience in 22301. I talked to *** and they all struggle to find a proper contact to talk to. On the ISO Website, I saw the 2018 survey than resulted in a total of 1128 certifications worldwide and only 7 in ***. Do these numbers seem correct to you? Do you know German companies with a 22301 certification?

We do not know this country ISO 22301 environment well enough to provide an objective answer, but we can suggest you contact certification bodies in this country and ask for the number of companies they certified in this country.

2. We realized that a cyber attack is a very likely threat. As Financial Services we rely heavily on our IT department (who is in the process of getting certified by 27001). How can we handle that in the scope of the BC Plan? Is it OK to delegate the responsibility to IT or do we have to come up with our own detailed plans? We need to come up with ideas and plans on what to do when such an incident occurs and how we e.g. bridge the first hours and days, but it is difficult to take ownership for fixing the IT part. How can that be handled?

Please note that a BC Plan has to cover two major groups of activities: support activities and business activities. Considering that, although you can delegate the recovery of information systems to the IT department, there may be a need for other actions not related to IT to be executed. For example, in case of disruption of internal organization's communication services, an emergent alternative could be resuming activities through employees' cellphones, and such activity should be organized by the manager of each team until the IT can recover internal communications.

This article will provide you a further explanation about elaborating a BCP:

This material can also help:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 10, 2020

Jun 10, 2020

Suggested Topics