Guest user Created: Nov 29, 2018 Last commented: Nov 29, 2018

ISO 22301 toolkit

1 - I recently purchased your product for ISO 22301 compliance, but am finding that much of the guidance points to ISO 27001 compliance. As a SaaS provider, there is logic that would say I should do both, but is that required?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 29, 2018

Answer:

ISO 22301 does not require 27001 implementation, and vice versa. What may happen is that because of business objectives and needs, or legal and contractual requirements, your organization may need to be compliant with both standards.

This article will provide you further explanation about requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

2- Or if I do both, should I focus on ISO 27001 first?

Answer:

In case there is a need for both standards, to decide for which you should go first you have to consider:
- If your organization faces a multitude of non-IT threats capable to stop operations, then you should go for ISO 22301 first.
- If your organiz ation deals with digital products, and information technology processes are the heart of your organization, first you should go for ISO 27001.

This article will provide you further explanation about ISO 27001 and ISO 22301:
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 29, 2018

Expert Advice Community