I'm working in the IT department and I have my friend working in the cyber security department, and we are now in the preparation processes to obtain ISO 22301 CERTIFICATE before this objective my friend in cybersecurity prepare all documents as part of ISO 27001 Preparation but it covers only cybersecurity department, I need your advice is that okay or it should cover all IT activities due to he tells me the main reason to disruptive the services in IT is the cybersecurity?
please advise who is right we have prepared a BCM plan, Risk management, BIA, BC community, and response structural DR but it focuses on cybersecurity.
Assign topic to the user
For ISO 22301 certification you need to include all the activities in your company (i.e., also business activities, not only IT or cybersecurity activities).
For further information, see:
- How to implement ISO 22301 in 17 steps https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/
Comment as guest or Sign in
May 17, 2023