Legal & Regulatory Requirements
Assign topic to the user
The key term in this ISO 22301 requirement is "relevant parties" (to your business). You do not have to identify requirements for all customers. Your organization may already have criteria to identify which ones are most important to you (e.g., total sales per customer, frequency of purchase, time of relationship, etc.), and you can use these criteria to sort the clients from whom you will have to identify needs and legal requirements.
For these clients identified as relevant according your criteria, you have to go through all the agreements you have with them and see if there are requirements related to business continuity.
ISO 27001 has a similar requirement and this article will provide you explanation that also can be applicable to ISO 22301:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
This material will also help you regarding ISO 22301 requirements identification:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Jul 12, 2018