Legal requirements for ISO 22301
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
Examples of legal and regulatory requirements for ISO 22301 are:
- Service agreements with customers or suppliers
- NFA Compliance Rule 2-38: Business Continuity and Disaster Recovery Plan (CFTC – Commodity Futures Trading Commission) (regulation)
- IDA By-Law 17.19 – Business Continuity Plan Requirement (OSC (Ontario Securities Commission))
Regarding details to be considered, you have to identify items like: requirements for the recovery time to be achieved (e.g., minimal business activities must return after no more then 3 hours after a disruption), technologies or infrastructure to be used, etc.
To see how a list of requirements looks like I suggest you to take a look at the free demo of this List of Legal, Regulatory, Contractual and Other Requirements at this link: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/
These articles will provide you further explanation about identification of legal requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ (although this article is about ISO 27001, the concept also applies to ISO 22301)
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Comment as guest or Sign in
Jun 20, 2019