Taking the ISO 27001 certification exam?
Get a bundle with FREE Live Virtual Training
(regular price US$ 199)
LIMITED-TIME OFFER – EXPIRES ON MAY 17, 2022

Expert Advice Community

Guest

ISO 22301 question

  Quote
Guest
Guest user Created:   Nov 23, 2021 Last commented:   Nov 23, 2021

ISO 22301 question

1. Hi, my company purchased templates from you for 22301. As I look through some of the docs I'm seeing some discrepancy in how documents are named and referenced (eg, Business Continuity Management Policy v Business Continuity Policy). 2. I have a question on the "Risk Treatment Plan": according to 03.1, this document template should be in the 04 Toolkit Folder, but I do not see it in our package. Is this Plan just another title for the Methodology, or am I missing a document template? Thank you for your help! 03.1 Business Continuity Policy refers in Paragraph 3.3 to a Risk Treatment Plan, which I don’t see elsewhere in your list of documents. Is this the same as one of the documents in the 04 Risk Assessment and Treatment folder?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 23, 2021

1. Hi, my company purchased templates from you for 22301. As I look through some of the docs I'm seeing some discrepancy in how documents are named and referenced (eg, Business Continuity Management Policy v Business Continuity Policy).

Answer: Please note that Business Continuity Management Policy and Business Continuity Policy are similar terms, covering the practices to provide the capability to continue the business’ operations with a minimum agreed quality level in case of a disaster. The use of the term “Business Continuity Management Policy” is normally used when the policy is related to the ISO 22301 standard since this standard defines requirements for a business continuity management system.

2. I have a question on the "Risk Treatment Plan": according to 03.1, this document template should be in the 04 Toolkit Folder, but I do not see it in our package. Is this Plan just another title for the Methodology, or am I missing a document template? Thank you for your help!

03.1 Business Continuity Policy refers in Paragraph 3.3 to a Risk Treatment Plan, which I don’t see elsewhere in your list of documents. Is this the same as one of the documents in the 04 Risk Assessment and Treatment folder?

Answer: First of all, sorry for this confusion.

Please note that the risk treatment plan for ISO 22301 refers to a set of documents rather than a single document included in folder 07 Business Continuity Plan (i.e., the Business Continuity Plan and its annexes).

Its implementation is better explained in section 3.2 of template Business Continuity Strategy, located in folder 06 Business Continuity Strategy.

For further information, see:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Nov 23, 2021

Nov 23, 2021

Suggested Topics