Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Legal requirements for ISO 22301

  Quote
Guest
Guest user Created:   Jun 20, 2019 Last commented:   Jun 20, 2019

Legal requirements for ISO 22301

I have recently taken the role of a BCM Coordinator. According to the ISO 22301 clause 4.2.2, an org needs to document the legal and regulatory requirements of the org. Please can you let me know what documents can be considered as a evidence of this? Or what details are relevant from the legal aspect if I have to include them in the BC Strategy document itself? Any help on this or a sample document etc. will greatly help me please.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2019

Answer:

Examples of legal and regulatory requirements for ISO 22301 are:
- Service agreements with customers or suppliers
- NFA Compliance Rule 2-38: Business Continuity and Disaster Recovery Plan (CFTC – Commodity Futures Trading Commission) (regulation)
- IDA By-Law 17.19 – Business Continuity Plan Requirement (OSC (Ontario Securities Commission))

Regarding details to be considered, you have to identify items like: requirements for the recovery time to be achieved (e.g., minimal business activities must return after no more then 3 hours after a disruption), technologies or infrastructure to be used, etc.

To see how a list of requirements looks like I suggest you to take a look at the free demo of this List of Legal, Regulatory, Contractual and Other Requirements at this link: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/

These articles will provide you further explanation about identification of legal requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ (although this article is about ISO 27001, the concept also applies to ISO 22301)
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2019

Jun 20, 2019