ISO 22301 question

1. Hi, my company purchased templates from you for 22301. As I look through some of the docs I'm seeing some discrepancy in how documents are named and referenced (eg, Business Continuity Management Policy v Business Continuity Policy).

Answer: Please note that Business Continuity Management Policy and Business Continuity Policy are similar terms, covering the practices to provide the capability to continue the business’ operations with a minimum agreed quality level in case of a disaster. The use of the term “Business Continuity Management Policy” is normally used when the policy is related to the ISO 22301 standard since this standard defines requirements for a business continuity management system.

2. I have a question on the "Risk Treatment Plan": according to 03.1, this document template should be in the 04 Toolkit Folder, but I do not see it in our package. Is this Plan just another title for the Methodology, or am I missing a document template? Thank you for your help!

03.1 Business Continuity Policy refers in Paragraph 3.3 to a Risk Treatment Plan, which I don’t see elsewhere in your list of documents. Is this the same as one of the documents in the 04 Risk Assessment and Treatment folder?

Answer: First of all, sorry for this confusion.

Please note that the risk treatment plan for ISO 22301 refers to a set of documents rather than a single document included in folder 07 Business Continuity Plan (i.e., the Business Continuity Plan and its annexes).

Its implementation is better explained in section 3.2 of template Business Continuity Strategy, located in folder 06 Business Continuity Strategy.

For further information, see:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/